CVE-2019-10554

Name of the Vulnerable Software and Affected Versions Snapdragon Auto versions APQ8009 through SXR1130 Snapdragon Compute versions APQ8009 through SXR1130 Snapdragon Connectivity versions APQ8009 through SXR1130 Snapdragon Consumer IOT versions APQ8009 through SXR1130 Snapdragon Industrial IOT versions APQ8009 through SXR1130 Snapdragon IoT versions APQ8009 through SXR1130 Snapdragon Mobile versions APQ8009 through SXR1130 Snapdragon Voice & Music versions APQ8009 through SXR1130 Snapdragon Wearables versions APQ8009 through SXR1130 Snapdragon Wired Infrastructure and Networking versions APQ8009 through SXR1130

Description The issue is related to multiple Read overflows due to improper length checks while decoding Identity Request in CS domain, Authentication Reject in CS domain, PRAU accept, and while logging DL message. This affects various Snapdragon products.

Recommendations For Snapdragon Auto, update to a version that includes the fix for the improper length check issue. For Snapdragon Compute, update to a version that includes the fix for the improper length check issue. For Snapdragon Connectivity, update to a version that includes the fix for the improper length check issue. For Snapdragon Consumer IOT, update to a version that includes the fix for the improper length check issue. For Snapdragon Industrial IOT, update to a version that includes the fix for the improper length check issue. For Snapdragon IoT, update to a version that includes the fix for the improper length check issue. For Snapdragon Mobile, update to a version that includes the fix for the improper length check issue. For Snapdragon Voice & Music, update to a version that includes the fix for the improper length check issue. For Snapdragon Wearables, update to a version that includes the fix for the improper length check issue. For Snapdragon Wired Infrastructure and Networking, update to a version that includes the fix for the improper length check issue. As a temporary workaround, consider restricting access to the affected CSdomain and PRAU accept components until a patch is available.