PT-2019-16348 · Qualcomm · Sd 730+36

Published

2019-07-25

·

Updated

2019-07-29

·

CVE-2019-2273

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon Auto versions prior to the fixed version Qualcomm Snapdragon Compute versions prior to the fixed version Qualcomm Snapdragon Connectivity versions prior to the fixed version Qualcomm Snapdragon Consumer IOT versions prior to the fixed version Qualcomm Snapdragon Industrial IOT versions prior to the fixed version Qualcomm Snapdragon Mobile versions prior to the fixed version Qualcomm Snapdragon Voice & Music versions prior to the fixed version Qualcomm Snapdragon Wearables versions prior to the fixed version MSM8909W (affected versions not specified) QCS605 (affected versions not specified) Qualcomm 215 (affected versions not specified) SD 210/SD 212/SD 205 (affected versions not specified) SD 425 (affected versions not specified) SD 427 (affected versions not specified) SD 430 (affected versions not specified) SD 435 (affected versions not specified) SD 439 / SD 429 (affected versions not specified) SD 450 (affected versions not specified) SD 625 (affected versions not specified) SD 650/52 (affected versions not specified) SD 665 (affected versions not specified) SD 675 (affected versions not specified) SD 712 / SD 710 / SD 670 (affected versions not specified) SD 730 (affected versions not specified) SD 820 (affected versions not specified) SD 845 / SD 850 (affected versions not specified) SD 855 (affected versions not specified) SD 8CX (affected versions not specified) SDM439 (affected versions not specified) Snapdragon High Med 2016 (affected versions not specified) SXR1130 (affected versions not specified)
Description The issue occurs when an IOMMU page fault happens while playing an h265 video file, leading to a denial of service. This affects various Qualcomm Snapdragon products, including Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, and Wearables, as well as several specific SD and MSM models.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2019-2273

Affected Products

Msm8909W
Qcs605
Qualcomm 215
Qualcomm Snapdragon Auto
Qualcomm Snapdragon Compute
Qualcomm Snapdragon Connectivity
Qualcomm Snapdragon Consumer Iot
Qualcomm Snapdragon Industrial Iot
Qualcomm Snapdragon Mobile
Qualcomm Snapdragon Voice & Music
Qualcomm Snapdragon Wearables
Sd 205
Sd 210
Sd 212
Sd 425
Sd 427
Sd 429
Sd 430
Sd 435
Sd 439
Sd 450
Sd 625
Sd 650
Sd 652
Sd 665
Sd 670
Sd 675
Sd 710
Sd 712
Sd 730
Sd 820
Sd 845
Sd 850
Sd 855
Sd 8Cx
Sdm439
Sxr1130