CVE-2019-10558

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon versions APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM6150, SM8150, SM8250, SXR1130, SXR2130

Description The issue arises during data transfer from APPS to DSP, where an out-of-bounds condition occurs in the FastRPC HLOS Driver due to a controllable data buffer by DSP. This affects various Snapdragon products, including Auto, Compute, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, and Wearables.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.