CVE-2019-2258

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon Auto versions MDM9150 through MDM9655 Qualcomm Snapdragon Compute versions MDM9150 through MDM9655 Qualcomm Snapdragon Consumer IOT versions MDM9150 through MDM9655 Qualcomm Snapdragon Industrial IOT versions MDM9150 through MDM9655 Qualcomm Snapdragon IoT versions MDM9150 through MDM9655 Qualcomm Snapdragon Mobile versions MDM9150 through MDM9655 Qualcomm Snapdragon Voice & Music versions MDM9150 through MDM9655 Qualcomm Snapdragon Wearables versions MDM9150 through MDM9655 Qualcomm MDM9150 Qualcomm MDM9607 Qualcomm MDM9615 Qualcomm MDM9625 Qualcomm MDM9635M Qualcomm MDM9640 Qualcomm MDM9650 Qualcomm MDM9655 Qualcomm MSM8909W Qualcomm MSM8996AU Qualcomm QCS605 Qualcomm 215 Qualcomm SD 210 Qualcomm SD 212 Qualcomm SD 205 Qualcomm SD 425 Qualcomm SD 427 Qualcomm SD 430 Qualcomm SD 435 Qualcomm SD 439 Qualcomm SD 429 Qualcomm SD 450 Qualcomm SD 615 Qualcomm SD 16 Qualcomm SD 415 Qualcomm SD 625 Qualcomm SD 632 Qualcomm SD 636 Qualcomm SD 650 Qualcomm SD 52 Qualcomm SD 665 Qualcomm SD 675 Qualcomm SD 712 Qualcomm SD 710 Qualcomm SD 670 Qualcomm SD 730 Qualcomm SD 820 Qualcomm SD 820A Qualcomm SD 835 Qualcomm SD 845 Qualcomm SD 850 Qualcomm SD 855 Qualcomm SD 8CX Qualcomm SDA660 Qualcomm SDM439 Qualcomm SDM630 Qualcomm SDM660 Qualcomm SDX20 Qualcomm Snapdragon High Med 2016 Qualcomm SXR1130

Description The issue is caused by improper validation of array index, leading to out-of-bounds write and subsequent memory corruption in MMCP. This affects various Qualcomm Snapdragon products, including Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, and Wearables, across a range of chipsets.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.