CVE-2019-10577

Name of the Vulnerable Software and Affected Versions Snapdragon Auto versions APQ8009 through SM8250 Snapdragon Compute versions APQ8009 through SM8250 Snapdragon Consumer IOT versions APQ8009 through SM8250 Snapdragon Industrial IOT versions APQ8009 through SM8250 Snapdragon IoT versions APQ8009 through SM8250 Snapdragon Mobile versions APQ8009 through SM8250 Snapdragon Voice & Music versions APQ8009 through SM8250 Snapdragon Wearables versions APQ8009 through SM8250

Description The issue arises from improper input validation while processing SIP URI received from the network, leading to buffer over-read and then to denial of service.

Recommendations For all affected versions, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the processing of SIP URI received from the network until a patch is available. Avoid using the vulnerable SIP URI processing functionality in the affected Snapdragon products until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.