CVE-2019-10501

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon Auto versions MDM9150 through MDM9650 Qualcomm Snapdragon Compute versions QCS405 through QCS605 Qualcomm Snapdragon Consumer IOT versions SD 210/SD 212/SD 205 through SD 439 / SD 429 Qualcomm Snapdragon Industrial IOT versions SD 210/SD 212/SD 205 through SD 439 / SD 429 Qualcomm Snapdragon Mobile versions MSM8909W through SD 855 Qualcomm Snapdragon Voice & Music versions SD 410 through SD 660 Qualcomm Snapdragon Wearables versions SD 210/SD 212/SD 205 through SD 439 / SD 429

Description The issue is related to a possible use after free problem due to improper input validation in the volume listener library. This could potentially lead to exploitation.

Recommendations For Qualcomm Snapdragon Auto version MDM9150, update to a version that includes the fix for the improper input validation issue. For Qualcomm Snapdragon Compute version QCS405, restrict access to the volume listener library until a patch is available. For Qualcomm Snapdragon Consumer IOT version SD 210/SD 212/SD 205, avoid using the vulnerable volume listener library until the issue is resolved. For Qualcomm Snapdragon Industrial IOT version SD 210/SD 212/SD 205, consider disabling the volume listener library as a temporary workaround. For Qualcomm Snapdragon Mobile version MSM8909W, update to a newer version that includes the fix for the improper input validation issue. For Qualcomm Snapdragon Voice & Music version SD 410, restrict access to the volume listener library until a patch is available. For Qualcomm Snapdragon Wearables version SD 210/SD 212/SD 205, avoid using the vulnerable volume listener library until the issue is resolved.