CVE-2019-2321

Name of the Vulnerable Software and Affected Versions Qualcomm QSEE microprogram software versions (affected versions not specified)

Description The issue is related to a buffer copy without input size validation in the logging mechanism of Qualcomm's QSEE microprogram software. This could allow an attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability affects various Snapdragon products, including Auto, Compute, Connectivity, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables, and Wired Infrastructure and Networking, in multiple chipsets such as APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ4019, IPQ8074, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA8081, QCS404, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, Snapdragon High Med 2016, SXR1130, SXR2130.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.