Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-10616

Possibility of null pointer access if the SPDM commands are executed in the non-standard way in TZ. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8016, MDM9150, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8998, SA6155P, SDX24

Published

2020-03-05T09:15:16.437

Last Modified

2024-11-21T04:19:35.810

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:N/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

6.9

Weaknesses

Type: Primary
CWE-476

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	qualcomm	apq8009_firmware	-	Yes
Hardware	qualcomm	apq8009	-	No
Operating System	qualcomm	apq8016_firmware	-	Yes
Hardware	qualcomm	apq8016	-	No
Operating System	qualcomm	mdm9150_firmware	-	Yes
Hardware	qualcomm	mdm9150	-	No
Operating System	qualcomm	mdm9607_firmware	-	Yes
Hardware	qualcomm	mdm9607	-	No
Operating System	qualcomm	mdm9650_firmware	-	Yes
Hardware	qualcomm	mdm9650	-	No
Operating System	qualcomm	msm8905_firmware	-	Yes
Hardware	qualcomm	msm8905	-	No
Operating System	qualcomm	msm8909_firmware	-	Yes
Hardware	qualcomm	msm8909	-	No
Operating System	qualcomm	msm8909w_firmware	-	Yes
Hardware	qualcomm	msm8909w	-	No
Operating System	qualcomm	msm8998_firmware	-	Yes
Hardware	qualcomm	msm8998	-	No
Operating System	qualcomm	sa6155p_firmware	-	Yes
Hardware	qualcomm	sa6155p	-	No
Operating System	qualcomm	sdx24_firmware	-	Yes
Hardware	qualcomm	sdx24	-	No
Operating System	qualcomm	mdm9206_firmware	-	Yes
Hardware	qualcomm	mdm9206	-	No

References

https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin Vendor Advisory ([email protected])
https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)