CVE-2019-2277

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon versions in MSM8996AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX24

Description The issue is related to an out of bound read that can occur due to a lack of NULL termination on user-controlled data in WLAN. This affects various Qualcomm Snapdragon products, including Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, and Snapdragon Voice & Music.

Recommendations For each of the affected Qualcomm Snapdragon versions, apply the necessary patches or updates to ensure NULL termination on user-controlled data in WLAN to prevent out of bound read. At the moment, there is no information about a newer version that contains a fix for this vulnerability.