PT-2020-9101 · Qualcomm · Snapdragon Wearables+25
Published
2020-03-05
·
Updated
2020-03-05
·
CVE-2019-10603
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Snapdragon Auto versions prior to the fixed version
Snapdragon Compute versions prior to the fixed version
Snapdragon Consumer Electronics Connectivity versions prior to the fixed version
Snapdragon Consumer IOT versions prior to the fixed version
Snapdragon Industrial IOT versions prior to the fixed version
Snapdragon Mobile versions prior to the fixed version
Snapdragon Voice & Music versions prior to the fixed version
Snapdragon Wearables versions prior to the fixed version
Description
A use after free issue occurs when the real device interface goes down and a route lookup is performed while sending a raw IPv6 message. This issue affects various Snapdragon products, including Auto, Compute, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, and Wearables, in specific chipsets such as APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8917, MSM8937, MSM8996AU, QCN7605, SDA845, SDM630, SDM636, SDM660, SDX20, and SXR1130.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apq8053
Apq8096Au
Apq8098
Mdm9206
Mdm9207C
Mdm9607
Mdm9640
Mdm9650
Msm8917
Msm8937
Msm8996Au
Qcn7605
Sda845
Sdm630
Sdm636
Sdm660
Sdx20
Sxr1130
Snapdragon Auto
Snapdragon Compute
Snapdragon Consumer Electronics Connectivity
Snapdragon Consumer Iot
Snapdragon Industrial Iot
Snapdragon Mobile
Snapdragon Voice & Music
Snapdragon Wearables