CVE-2019-2301

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon Auto versions (affected versions not specified) Qualcomm Snapdragon Compute versions (affected versions not specified) Qualcomm Snapdragon Consumer IOT versions (affected versions not specified) Qualcomm Snapdragon Industrial IOT versions (affected versions not specified) Qualcomm Snapdragon Mobile versions (affected versions not specified) Qualcomm Snapdragon Wearables versions (affected versions not specified) Qualcomm Snapdragon Wired Infrastructure and Networking versions (affected versions not specified) Qualcomm IPQ4019 versions (affected versions not specified) Qualcomm IPQ8064 versions (affected versions not specified) Qualcomm MSM8909W versions (affected versions not specified) Qualcomm MSM8996AU versions (affected versions not specified) Qualcomm QCA9980 versions (affected versions not specified) Qualcomm QCS605 versions (affected versions not specified) Qualcomm 215 versions (affected versions not specified) Qualcomm SD 425 versions (affected versions not specified) Qualcomm SD 439 / SD 429 versions (affected versions not specified) Qualcomm SD 450 versions (affected versions not specified) Qualcomm SD 625 versions (affected versions not specified) Qualcomm SD 632 versions (affected versions not specified) Qualcomm SD 636 versions (affected versions not specified) Qualcomm SD 712 / SD 710 / SD 670 versions (affected versions not specified) Qualcomm SD 820A versions (affected versions not specified) Qualcomm SD 845 / SD 850 versions (affected versions not specified) Qualcomm SD 855 versions (affected versions not specified) Qualcomm SDM439 versions (affected versions not specified) Qualcomm SDM660 versions (affected versions not specified) Qualcomm SDX24 versions (affected versions not specified)

Description The issue is related to the possibility of an out-of-bound read if the id received from SPI is not in the range of FIFO. This affects various Qualcomm Snapdragon products and chipsets, including Auto, Compute, Consumer IOT, Industrial IOT, Mobile, Wearables, Wired Infrastructure and Networking, as well as specific chipsets like IPQ4019, IPQ8064, MSM8909W, and others.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.