PT-2019-8267 · Qualcomm · Snapdragon Automobile+2
Published
2019-05-06
·
Updated
2019-05-07
·
CVE-2017-18274
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Snapdragon Automobile versions MDM9206
Snapdragon Mobile versions MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835
Snapdragon Wear versions MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835
Description
A buffer overflow issue occurs in the actData structure due to an incorrect number of models stored, which is greater than the size of the array. This happens while iterating through the models contained in a fixed-size array.
Recommendations
For Snapdragon Automobile version MDM9206, update the actData structure to store the correct number of models.
For Snapdragon Mobile versions MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, update the actData structure to store the correct number of models.
For Snapdragon Wear versions MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, update the actData structure to store the correct number of models.
Fix
Improper Validation of Array Index
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Snapdragon Automobile
Snapdragon Mobile
Snapdragon Wear