CVE-2019-10581

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon versions in APQ8009, APQ8053, MDM9206, MDM9207C, MDM9607, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8998, Nicobar, QCS605, Rennell, SA6155P, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

Description The issue arises when NULL is assigned to a local instance of an audio device pointer after it has been freed, instead of assigning it to a global static pointer. This can lead to a use-after-free issue in various Snapdragon products, including Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, and Snapdragon Wearables.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.