Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-10624

While handling the vendor command there is an integer truncation issue that could yield a buffer overflow due to int data type copied to u8 data type in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8096AU, MSM8996AU, QCA6574AU, QCN7605, Rennell, SC8180X, SDM710, SDX55, SM7150, SM8150, SM8250, SXR2130

Published

2020-04-16T11:15:14.103

Last Modified

2024-11-21T04:19:36.737

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Primary
CWE-119
CWE-681

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	qualcomm	apq8096au_firmware	-	Yes
Hardware	qualcomm	apq8096au	-	No
Operating System	qualcomm	msm8996au_firmware	-	Yes
Hardware	qualcomm	msm8996au	-	No
Operating System	qualcomm	qca6574au_firmware	-	Yes
Hardware	qualcomm	qca6574au	-	No
Operating System	qualcomm	qcn7605_firmware	-	Yes
Hardware	qualcomm	qcn7605	-	No
Operating System	qualcomm	rennell_firmware	-	Yes
Hardware	qualcomm	rennell	-	No
Operating System	qualcomm	sc8180x_firmware	-	Yes
Hardware	qualcomm	sc8180x	-	No
Operating System	qualcomm	sdm710_firmware	-	Yes
Hardware	qualcomm	sdm710	-	No
Operating System	qualcomm	sdx55_firmware	-	Yes
Hardware	qualcomm	sdx55	-	No
Operating System	qualcomm	sm7150_firmware	-	Yes
Hardware	qualcomm	sm7150	-	No
Operating System	qualcomm	sm8150_firmware	-	Yes
Hardware	qualcomm	sm8150	-	No
Operating System	qualcomm	sm8250_firmware	-	Yes
Hardware	qualcomm	sm8250	-	No
Operating System	qualcomm	sxr2130_firmware	-	Yes
Hardware	qualcomm	sxr2130	-	No

References

https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin Patch, Vendor Advisory ([email protected])
https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)