CVE-2019-10578

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon versions APQ8009 through SM8250

Description A null pointer dereference can occur while parsing a nonstandard clip in various Qualcomm Snapdragon products, including Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, and Snapdragon Wearables.

Recommendations For Qualcomm Snapdragon versions APQ8009 through SM8250, consider disabling the clip parsing functionality until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.