First published: Mon Nov 04 2019(Updated: )
Use after free issue occurs when command destructors access dynamically allocated response buffer which is already deallocated during previous command teardwon sequence in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8098, MSM8909W, Nicobar, QCS405, QCS605, SDA845, SDM660, SDM670, SDM710, SDM845, SDX24, SM6150, SM7150, SM8150, SM8250, SXR2130
Credit: product-security@qualcomm.com
Affected Software | Affected Version | How to fix |
---|---|---|
Android | ||
Qualcomm 8098 Firmware | ||
Qualcomm APQ8098 | ||
Qualcomm 8909 Firmware | ||
Qualcomm Snapdragon 8909 | ||
Qualcomm Nicobar | ||
Qualcomm Nicobar | ||
Qualcomm QCS405 Firmware | ||
Qualcomm QCS405 Firmware | ||
Qualcomm QCS605 | ||
Qualcomm QCS605 Firmware | ||
Qualcomm SD 845 Firmware | ||
Qualcomm Snapdragon 845 | ||
Qualcomm SD660 Firmware | ||
Qualcomm Snapdragon 660 | ||
Qualcomm SD 670 Firmware | ||
Qualcomm SDM670 Firmware | ||
Qualcomm SD 710 Firmware | ||
Qualcomm Snapdragon 710 | ||
Qualcomm SDA/SDM845 Firmware | ||
Qualcomm Snapdragon 845 | ||
Qualcomm SDX24 | ||
Qualcomm SDX24 | ||
Qualcomm SM6150P firmware | ||
Qualcomm SM6150P | ||
qualcomm SM7150P firmware | ||
qualcomm SM7150 firmware | ||
Qualcomm SM8150P Firmware | ||
Qualcomm SM8150 Fusion | ||
Qualcomm SM8250 | ||
qualcomm SM8250 firmware | ||
Qualcomm SXR2130P Firmware | ||
Qualcomm SXR2130 Firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-10484 is classified as a serious vulnerability due to a use-after-free issue.
To fix CVE-2019-10484, update your devices with the latest security patches provided by Qualcomm or your device manufacturer.
CVE-2019-10484 is caused by command destructors accessing a deallocated response buffer during the command teardown sequence.
CVE-2019-10484 affects multiple Qualcomm firmware and devices including various Snapdragon products.
As of now, there are no reports confirming active exploitation of CVE-2019-10484.