PT-2020-9072 · Qualcomm · Snapdragon Connectivity+9
Published
2020-03-05
·
Updated
2021-07-21
·
CVE-2019-10552
CVSS v2.0
9.4
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Snapdragon Auto versions APQ8009 through SXR1130
Snapdragon Compute versions APQ8009 through SXR1130
Snapdragon Connectivity versions APQ8009 through SXR1130
Snapdragon Consumer IOT versions APQ8009 through SXR1130
Snapdragon Industrial IOT versions APQ8009 through SXR1130
Snapdragon IoT versions APQ8009 through SXR1130
Snapdragon Mobile versions APQ8009 through SXR1130
Snapdragon Voice & Music versions APQ8009 through SXR1130
Snapdragon Wearables versions APQ8009 through SXR1130
Snapdragon Wired Infrastructure and Networking versions APQ8009 through SXR1130
Description
A Multiple Buffer Over-read issue can occur due to improper length checks while decoding Service Reject/RAU Reject/PTMSI Realloc cmd. This issue affects various Snapdragon products, including Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables, and Wired Infrastructure and Networking.
Recommendations
For all affected versions, consider implementing proper length checks while decoding Service Reject/RAU Reject/PTMSI Realloc cmd to prevent Buffer Over-read issues.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Out of bounds Read
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Snapdragon Auto
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Consumer Iot
Snapdragon Industrial Iot
Snapdragon Iot
Snapdragon Mobile
Snapdragon Voice & Music
Snapdragon Wearables
Snapdragon Wired Infrastructure/Networking