CVE-2019-10527

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon Auto versions APQ8009 through SM8250 Qualcomm Snapdragon Compute versions APQ8009 through SM8250 Qualcomm Snapdragon Connectivity versions APQ8009 through SM8250 Qualcomm Snapdragon Consumer Electronics Connectivity versions APQ8009 through SM8250 Qualcomm Snapdragon Consumer IOT versions APQ8009 through SM8250 Qualcomm Snapdragon Industrial IOT versions APQ8009 through SM8250 Qualcomm Snapdragon Mobile versions APQ8009 through SM8250 Qualcomm Snapdragon Voice & Music versions APQ8009 through SM8250 Qualcomm Snapdragon Wearables versions APQ8009 through SM8250 Qualcomm Snapdragon Wired Infrastructure and Networking versions APQ8009 through SM8250

Description The SMEM partition can be manipulated in case of any compromise on HLOS, thus resulting in access to memory outside of SMEM address range which could lead to memory corruption.

Recommendations For Qualcomm Snapdragon Auto versions APQ8009 through SM8250, restrict access to the SMEM partition to prevent memory corruption. For Qualcomm Snapdragon Compute versions APQ8009 through SM8250, consider disabling the SMEM partition manipulation functionality until a patch is available. For Qualcomm Snapdragon Connectivity versions APQ8009 through SM8250, avoid using the SMEM partition in sensitive operations to minimize the risk of exploitation. For Qualcomm Snapdragon Consumer Electronics Connectivity versions APQ8009 through SM8250, restrict access to the SMEM partition to minimize the risk of exploitation. For Qualcomm Snapdragon Consumer IOT versions APQ8009 through SM8250, consider implementing additional security measures to prevent HLOS compromise. For Qualcomm Snapdragon Industrial IOT versions APQ8009 through SM8250, restrict access to the SMEM partition to prevent memory corruption. For Qualcomm Snapdragon Mobile versions APQ8009 through SM8250, avoid using the SMEM partition in sensitive operations to minimize the risk of exploitation. For Qualcomm Snapdragon Voice & Music versions APQ8009 through SM8250, consider disabling the SMEM partition manipulation functionality until a patch is available. For Qualcomm Snapdragon Wearables versions APQ8009 through SM8250, restrict access to the SMEM partition to minimize the risk of exploitation. For Qualcomm Snapdragon Wired Infrastructure and Networking versions APQ8009 through SM8250, consider implementing additional security measures to prevent HLOS compromise. At the moment, there is no information about a newer version that contains a fix for this vulnerability.