CVE-2019-10616

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon versions in APQ8009, APQ8016, MDM9150, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8998, SA6155P, SDX24

Description The issue is related to the possibility of null pointer access if the SPDM commands are executed in a non-standard way in the Trust Zone (TZ). This affects various Qualcomm Snapdragon products, including Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, and Snapdragon Wired Infrastructure and Networking.

Recommendations For the affected Qualcomm Snapdragon versions in APQ8009, APQ8016, MDM9150, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8998, SA6155P, SDX24, consider disabling the execution of SPDM commands in non-standard ways in the Trust Zone (TZ) as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.