CVE-2019-10549

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon versions MSM8905 through SM8150

Description A null pointer dereference issue can occur due to improper validation of the CSEQ header response received from the network. This issue affects various Qualcomm Snapdragon products, including Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, and Snapdragon Wearables.

Recommendations For versions MSM8905 through SM8150, consider disabling the reception of CSEQ header responses from the network as a temporary workaround until a patch is available. Restrict access to the vulnerable network reception module to minimize the risk of exploitation. Avoid using the CSEQ header in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.