CVE-2019-10537

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon Auto versions (affected versions not specified) Qualcomm Snapdragon Consumer Electronics Connectivity versions (affected versions not specified) Qualcomm Snapdragon Consumer IOT versions (affected versions not specified) Qualcomm Snapdragon Industrial IOT versions (affected versions not specified) Qualcomm Snapdragon Mobile versions (affected versions not specified) Qualcomm Snapdragon Voice & Music versions (affected versions not specified) MDM9607 versions (affected versions not specified) Nicobar versions (affected versions not specified) QCA6574AU versions (affected versions not specified) QCN7605 versions (affected versions not specified) QCS405 versions (affected versions not specified) QCS605 versions (affected versions not specified) SDM660 versions (affected versions not specified) SDM845 versions (affected versions not specified) SDX55 versions (affected versions not specified) SM6150 versions (affected versions not specified) SM7150 versions (affected versions not specified) SM8150 versions (affected versions not specified) SM8250 versions (affected versions not specified) SXR1130 versions (affected versions not specified) SXR2130 versions (affected versions not specified)

Description The issue arises from improper validation of an event buffer extracted from a firmware response. This can lead to an integer overflow, allowing the bypass of a length check. As a result, it can cause a buffer overwrite when event data is copied to a context buffer.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.