Main Vulnerability Database SB2019072219

SB2019072219 - Out-of-bounds read in Qualcomm SDX24

Published: July 22, 2019 Updated: July 25, 2019

Security Bulletin ID SB2019072219

Severity

High

Patch available

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Out-of-bounds read (CVE-ID: CVE-2019-2277)

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to lack of NULL termination on user controlled data in WLAN. A local authenticated attacker can trigger out-of-bounds read error and disclose information, disrupt service and modificate the target applications.

The vulnerability exists in: Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

Vulnerable Software

SDX24: All versions
SDM660: All versions
SDM630: All versions
SDA660: All versions
SD855: All versions
SD850: All versions
SD845: All versions
SD835: All versions
SD820A: All versions
SD730: All versions
SD710: All versions
SD712: All versions
SD670: All versions
SD675: All versions
SD665: All versions
SD636: All versions
SD625: All versions
SD450: All versions
SD435: All versions
SD430: All versions
SD427: All versions
SD425: All versions
SD205: All versions
SD212: All versions
SD210: All versions
QCS605: All versions
QCS405: All versions
MSM8996AU: All versions