PT-2019-11943 · Qualcomm · Sdm630+21

Published

2019-12-18

Updated

2019-12-22

CVE-2019-10601

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon versions (affected versions not specified)

Description The issue is related to out of bound access that can occur while processing firmware events due to a lack of validation of WMI messages received from firmware. This affects various Qualcomm Snapdragon products, including Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, and Snapdragon Wired Infrastructure and Networking, in specific chipsets such as APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MSM8996AU, Nicobar, QCA6574AU, QCN7605, QCS405, SDM630, SDM636, SDM660, SDM845, SM6150, SM7150, and SM8150.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Validation of Array Index

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-129

Related Identifiers

CVE-2019-10601

Affected Products

Apq8096Au

Ipq4019

Ipq8064

Ipq8074

Msm8996Au

Nicobar

Qca6574Au

Qcn7605

Qcs405

Sdm630

Sdm636

Sdm660

Sdm845

Sm6150

Sm7150

Sm8150

Snapdragon Auto

Snapdragon Consumer Electronics Connectivity

Snapdragon Industrial Iot

Snapdragon Mobile

Snapdragon Voice & Music

Snapdragon Wired Infrastructure/Networking

PT-2019-11943 · Qualcomm · Sdm630+21

CVE-2019-10601

Weakness Enumeration

Related Identifiers

Affected Products

References · 2