CVE-2019-10590

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon Auto versions APQ8009 through SM8250 Qualcomm Snapdragon Compute versions APQ8009 through SM8250 Qualcomm Snapdragon Connectivity versions APQ8009 through SM8250 Qualcomm Snapdragon Consumer IOT versions APQ8009 through SM8250 Qualcomm Snapdragon Industrial IOT versions APQ8009 through SM8250 Qualcomm Snapdragon IoT versions APQ8009 through SM8250 Qualcomm Snapdragon Mobile versions APQ8009 through SM8250 Qualcomm Snapdragon Voice & Music versions APQ8009 through SM8250 Qualcomm Snapdragon Wearables versions APQ8009 through SM8250

Description The issue is related to out of bound access while parsing dts atom, which is non-standard as it does not have a valid number of tracks. This affects various Qualcomm Snapdragon products.

Recommendations For Qualcomm Snapdragon Auto versions APQ8009 through SM8250, update to a version that includes the fix for the out of bound access issue. For Qualcomm Snapdragon Compute versions APQ8009 through SM8250, update to a version that includes the fix for the out of bound access issue. For Qualcomm Snapdragon Connectivity versions APQ8009 through SM8250, update to a version that includes the fix for the out of bound access issue. For Qualcomm Snapdragon Consumer IOT versions APQ8009 through SM8250, update to a version that includes the fix for the out of bound access issue. For Qualcomm Snapdragon Industrial IOT versions APQ8009 through SM8250, update to a version that includes the fix for the out of bound access issue. For Qualcomm Snapdragon IoT versions APQ8009 through SM8250, update to a version that includes the fix for the out of bound access issue. For Qualcomm Snapdragon Mobile versions APQ8009 through SM8250, update to a version that includes the fix for the out of bound access issue. For Qualcomm Snapdragon Voice & Music versions APQ8009 through SM8250, update to a version that includes the fix for the out of bound access issue. For Qualcomm Snapdragon Wearables versions APQ8009 through SM8250, update to a version that includes the fix for the out of bound access issue.