PT-2019-11942 · Qualcomm · Snapdragon Iot+7
Published
2019-12-18
·
Updated
2019-12-22
·
CVE-2019-10600
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Qualcomm Snapdragon Auto versions APQ8009 through SDM845
Qualcomm Snapdragon Consumer IOT versions APQ8009 through SDM845
Qualcomm Snapdragon Industrial IOT versions APQ8009 through SDM845
Qualcomm Snapdragon IoT versions APQ8009 through SDM845
Qualcomm Snapdragon Mobile versions APQ8009 through SDM845
Qualcomm Snapdragon Voice & Music versions APQ8009 through SDM845
Qualcomm Snapdragon Wearables versions APQ8009 through SDM845
Qualcomm Snapdragon Wired Infrastructure and Networking versions APQ8009 through SDM845
Description
The issue arises from the use of a local variable as an argument to a netlink CB callback, which goes out of scope when the callback is triggered, leading to invalid stack memory. This affects various Qualcomm Snapdragon products, including Auto, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables, and Wired Infrastructure and Networking.
Recommendations
For Qualcomm Snapdragon Auto versions APQ8009 through SDM845, update to a version that includes a fix for this issue.
For Qualcomm Snapdragon Consumer IOT versions APQ8009 through SDM845, update to a version that includes a fix for this issue.
For Qualcomm Snapdragon Industrial IOT versions APQ8009 through SDM845, update to a version that includes a fix for this issue.
For Qualcomm Snapdragon IoT versions APQ8009 through SDM845, update to a version that includes a fix for this issue.
For Qualcomm Snapdragon Mobile versions APQ8009 through SDM845, update to a version that includes a fix for this issue.
For Qualcomm Snapdragon Voice & Music versions APQ8009 through SDM845, update to a version that includes a fix for this issue.
For Qualcomm Snapdragon Wearables versions APQ8009 through SDM845, update to a version that includes a fix for this issue.
For Qualcomm Snapdragon Wired Infrastructure and Networking versions APQ8009 through SDM845, update to a version that includes a fix for this issue.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Snapdragon Auto
Snapdragon Consumer Iot
Snapdragon Industrial Iot
Snapdragon Iot
Snapdragon Mobile
Snapdragon Voice & Music
Snapdragon Wearables
Snapdragon Wired Infrastructure/Networking