CVE-2019-10622

Name of the Vulnerable Software and Affected Versions Snapdragon Auto versions APQ8009 through SM8250 Snapdragon Compute versions APQ8009 through SM8250 Snapdragon Consumer Electronics Connectivity versions APQ8009 through SM8250 Snapdragon Consumer IOT versions APQ8009 through SM8250 Snapdragon Industrial IOT versions APQ8009 through SM8250 Snapdragon Mobile versions APQ8009 through SM8250 Snapdragon Wired Infrastructure and Networking versions APQ8009 through SM8250

Description Out of bound memory access can happen while parsing ADSP message due to lack of check of size of payload received from userspace. This issue affects various Snapdragon products.

Recommendations For all affected versions, consider implementing a check for the size of the payload received from userspace to prevent out of bound memory access. As a temporary workaround, consider restricting access to the ADSP message parsing functionality until a patch is available. Avoid using the payload variable in the affected code until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.