PT-2019-16315 · Qualcomm · Qualcomm Snapdragon Wired Infrastructure/Networking+8

Published

2019-07-25

·

Updated

2019-07-29

·

CVE-2019-2235

CVSS v2.0

4.6

Medium

VectorAV:L/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon Auto versions MDM9206 through SD 8CX Qualcomm Snapdragon Compute versions MDM9206 through SD 8CX Qualcomm Snapdragon Connectivity versions MDM9206 through SD 8CX Qualcomm Snapdragon Consumer Electronics Connectivity versions MDM9206 through SD 8CX Qualcomm Snapdragon Consumer IOT versions MDM9206 through SD 8CX Qualcomm Snapdragon Industrial IOT versions MDM9206 through SD 8CX Qualcomm Snapdragon Mobile versions MDM9206 through SD 8CX Qualcomm Snapdragon Voice & Music versions MDM9206 through SD 8CX Qualcomm Snapdragon Wired Infrastructure and Networking versions MDM9206 through SD 8CX
Description A buffer overflow issue occurs due to sector size assumptions in the TA rollback protection logic when emulated RPMB is used. This issue affects various Qualcomm Snapdragon products.
Recommendations For Qualcomm Snapdragon Auto, update to a version that includes the fix for the TA rollback protection logic. For Qualcomm Snapdragon Compute, update to a version that includes the fix for the TA rollback protection logic. For Qualcomm Snapdragon Connectivity, update to a version that includes the fix for the TA rollback protection logic. For Qualcomm Snapdragon Consumer Electronics Connectivity, update to a version that includes the fix for the TA rollback protection logic. For Qualcomm Snapdragon Consumer IOT, update to a version that includes the fix for the TA rollback protection logic. For Qualcomm Snapdragon Industrial IOT, update to a version that includes the fix for the TA rollback protection logic. For Qualcomm Snapdragon Mobile, update to a version that includes the fix for the TA rollback protection logic. For Qualcomm Snapdragon Voice & Music, update to a version that includes the fix for the TA rollback protection logic. For Qualcomm Snapdragon Wired Infrastructure and Networking, update to a version that includes the fix for the TA rollback protection logic. As a temporary workaround, consider disabling the emulated RPMB feature until a patch is available.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2019-2235

Affected Products

Qualcomm Snapdragon Auto
Qualcomm Snapdragon Compute
Qualcomm Snapdragon Connectivity
Qualcomm Snapdragon Consumer Electronics Connectivity
Qualcomm Snapdragon Consumer Iot
Qualcomm Snapdragon Industrial Iot
Qualcomm Snapdragon Mobile
Qualcomm Snapdragon Voice & Music
Qualcomm Snapdragon Wired Infrastructure/Networking