PT-2020-9116 · Qualcomm · Sdm710+16

Published

2020-04-16

Updated

2021-07-21

CVE-2019-10624

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon versions in APQ8096AU, MSM8996AU, QCA6574AU, QCN7605, Rennell, SC8180X, SDM710, SDX55, SM7150, SM8150, SM8250, SXR2130

Description The issue arises from an integer truncation problem when handling vendor commands, potentially leading to a buffer overflow. This occurs due to the copying of int data type to u8 data type. The affected components include Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, and Snapdragon Mobile.

Recommendations For versions in APQ8096AU, MSM8996AU, QCA6574AU, QCN7605, Rennell, SC8180X, SDM710, SDX55, SM7150, SM8150, SM8250, SXR2130, consider restricting access to the vulnerable vendor command handling functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-681CWE-119

Related Identifiers

CVE-2019-10624

Affected Products

Apq8096Au

Msm8996Au

Qca6574Au

Qcn7605

Rennell

Sc8180X

Sdm710

Sdx55

Sm7150

Sm8150

Sm8250

Sxr2130

Snapdragon Auto

Snapdragon Compute

Snapdragon Consumer Electronics Connectivity

Snapdragon Industrial Iot

Snapdragon Mobile

PT-2020-9116 · Qualcomm · Sdm710+16

CVE-2019-10624

Weakness Enumeration

Related Identifiers

Affected Products

References · 3