Share:

CVE-2019-10595

Critical 7.8

Possible buffer overwrite in message handler due to lack of validation of tid value calculated from packets received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, APQ8064, APQ8096AU, IPQ4019, IPQ8064, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909, MSM8909W, MSM8939, MSM8996AU, QCA4531, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCA9558, QCA9880, QCA9886, QCA9980, SDA660, SDM630, SDM636, SDM660, SDX20, SDX24

Published December 18, 2019.

Affected software

Qualcomm Ipq8064 Firmware

Qualcomm Qca6574au Firmware

Qualcomm Sdx24 Firmware

Qualcomm Qca9558 Firmware

Qualcomm Mdm9615 Firmware

Qualcomm Mdm9640 Firmware

Qualcomm Mdm9207c Firmware

Qualcomm Mdm9607 Firmware

Qualcomm Sdx20 Firmware

Qualcomm Sdm630 Firmware

Qualcomm Msm8939 Firmware

Qualcomm Qca9886 Firmware

Qualcomm Qca9377 Firmware

Qualcomm Qca4531 Firmware

Qualcomm Qca9379 Firmware

Qualcomm Ipq4019 Firmware

Qualcomm Sdm636 Firmware

Qualcomm Apq8009 Firmware

Qualcomm Qca9980 Firmware

Qualcomm Apq8053 Firmware

Qualcomm Qca9880 Firmware

Qualcomm Apq8064 Firmware

Qualcomm Sda660 Firmware

Qualcomm Msm8909 Firmware

Qualcomm Apq8096au Firmware

Qualcomm Sdm660 Firmware

Qualcomm Msm8996au Firmware

Qualcomm Mdm9650 Firmware

Qualcomm Qca6174a Firmware

Qualcomm Mdm9206 Firmware

Get alerts for Qualcomm Ipq8064 Firmware

Reference links

https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin