CVE-2019-10556

Name of the Vulnerable Software and Affected Versions Snapdragon Auto versions APQ8009 through SM8250 Snapdragon Compute versions APQ8009 through SM8250 Snapdragon Consumer Electronics Connectivity versions APQ8009 through SM8250 Snapdragon Consumer IOT versions APQ8009 through SM8250 Snapdragon Industrial IOT versions APQ8009 through SM8250 Snapdragon Mobile versions APQ8009 through SM8250 Snapdragon Voice & Music versions APQ8009 through SM8250 Snapdragon Wearables versions APQ8009 through SM8250

Description A missing length check before copying data from kernel space to userspace through the copy function can lead to buffer overflow in some cases. This issue affects various Snapdragon products, including Auto, Compute, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, and Wearables.

Recommendations For all affected versions, consider applying configuration changes to restrict access to the copy function until a patch is available. As a temporary workaround, restrict the use of the copy function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.