CVE-2019-2288

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon versions (affected versions not specified)

Description The issue is related to an out of bound write in the TZ while copying the secure dump structure on the HLOS provided buffer as part of the memory dump. This affects various Snapdragon products, including Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking, in multiple chipsets such as APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8996, MSM8996AU, MSM8998, QCA8081, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, Snapdragon High Med 2016, SXR1130.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.