CVE-2019-13999

Name of the Vulnerable Software and Affected Versions: Snapdragon Auto versions APQ8009 through SM8250 Snapdragon Compute versions APQ8009 through SM8250 Snapdragon Connectivity versions APQ8009 through SM8250 Snapdragon Consumer Electronics Connectivity versions APQ8009 through SM8250 Snapdragon Consumer IOT versions APQ8009 through SM8250 Snapdragon Industrial IOT versions APQ8009 through SM8250 Snapdragon Mobile versions APQ8009 through SM8250 Snapdragon Voice & Music versions APQ8009 through SM8250 Snapdragon Wearables versions APQ8009 through SM8250 Snapdragon Wired Infrastructure and Networking versions APQ8009 through SM8250

Description: The issue is related to a lack of check for integer overflow for round up and addition operations, which can result in memory corruption and potential information leakage.

Recommendations: For all affected versions, apply the necessary patches or updates to resolve the issue. As a temporary workaround, consider restricting access to sensitive operations to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.