CVE-2019-2332

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon Auto versions MDM9150 through MDM9650 Qualcomm Snapdragon Compute versions QCS405 through QCS605 Qualcomm Snapdragon Consumer IOT versions SD 210/SD 212/SD 205 through SD 665 Qualcomm Snapdragon Industrial IOT versions SD 210/SD 212/SD 205 through SD 665 Qualcomm Snapdragon IoT versions SD 210/SD 212/SD 205 through SD 665 Qualcomm Snapdragon Mobile versions MSM8909W through SD 855 Qualcomm Snapdragon Voice & Music versions SD 410 through SD 660 Qualcomm Snapdragon Wearables versions SD 210/SD 212/SD 205 through SD 429

Description The issue is related to memory corruption that occurs when accessing memory without validating the payload size. This can lead to potential security risks. The estimated number of potentially affected devices is not provided.

Recommendations For Qualcomm Snapdragon Auto versions MDM9150 through MDM9650, update to a version that includes payload size validation. For Qualcomm Snapdragon Compute versions QCS405 through QCS605, apply configuration changes to restrict memory access. For Qualcomm Snapdragon Consumer IOT versions SD 210/SD 212/SD 205 through SD 665, restrict access to vulnerable modules until a patch is available. For Qualcomm Snapdragon Industrial IOT versions SD 210/SD 212/SD 205 through SD 665, consider disabling vulnerable functions to minimize risk. For Qualcomm Snapdragon IoT versions SD 210/SD 212/SD 205 through SD 665, avoid using vulnerable parameters in API endpoints. For Qualcomm Snapdragon Mobile versions MSM8909W through SD 855, update to a version with improved memory validation. For Qualcomm Snapdragon Voice & Music versions SD 410 through SD 660, apply workarounds to limit the impact of memory corruption. For Qualcomm Snapdragon Wearables versions SD 210/SD 212/SD 205 through SD 429, temporarily disable vulnerable components until a fix is available.