CVE-2019-10484: Use After Free
First published: Mon Nov 04 2019(Updated: )
Use after free issue occurs when command destructors access dynamically allocated response buffer which is already deallocated during previous command teardwon sequence in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8098, MSM8909W, Nicobar, QCS405, QCS605, SDA845, SDM660, SDM670, SDM710, SDM845, SDX24, SM6150, SM7150, SM8150, SM8250, SXR2130
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| qualcomm APQ8098 firmware | ||
| qualcomm APQ8098 | ||
| Qualcomm MSM8909W | ||
| Qualcomm MSM8909W | ||
| qualcomm Nicobar firmware | ||
| qualcomm Nicobar | ||
| Qualcomm QCS405 Firmware | ||
| Qualcomm QCS405 Firmware | ||
| Qualcomm QCS605 firmware | ||
| Qualcomm QCS605 | ||
| qualcomm sda845 firmware | ||
| qualcomm sda845 | ||
| qualcomm SDM660 firmware | ||
| qualcomm SDM660 | ||
| qualcomm sdm670 firmware | ||
| qualcomm sdm670 | ||
| qualcomm sdm710 firmware | ||
| qualcomm sdm710 | ||
| qualcomm SDM845 firmware | ||
| qualcomm SDM845 | ||
| Qualcomm sdx24 firmware | ||
| Qualcomm sdx24 | ||
| Qualcomm SM6150 | ||
| Qualcomm SM6150 Firmware | ||
| Qualcomm SM7150 Firmware | ||
| qualcomm SM7150 firmware | ||
| qualcomm SM8150 firmware | ||
| qualcomm SM8150 | ||
| qualcomm SM8250 firmware | ||
| Qualcomm SM8250 | ||
| qualcomm SXR2130 firmware | ||
| qualcomm SXR2130 | ||
| Android |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-10484?
CVE-2019-10484 is classified as a serious vulnerability due to a use-after-free issue.
How do I fix CVE-2019-10484?
To fix CVE-2019-10484, update your devices with the latest security patches provided by Qualcomm or your device manufacturer.
What causes the vulnerability CVE-2019-10484?
CVE-2019-10484 is caused by command destructors accessing a deallocated response buffer during the command teardown sequence.
Which devices are affected by CVE-2019-10484?
CVE-2019-10484 affects multiple Qualcomm firmware and devices including various Snapdragon products.
Is CVE-2019-10484 being actively exploited?
As of now, there are no reports confirming active exploitation of CVE-2019-10484.
- agent/type
- agent/first-publish-date
- agent/author
- agent/description
- agent/references
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/last-modified-date
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- vendor/qualcomm
- canonical/qualcomm apq8098 firmware
- canonical/qualcomm apq8098
- canonical/qualcomm msm8909w
- canonical/qualcomm nicobar firmware
- canonical/qualcomm nicobar
- canonical/qualcomm qcs405 firmware
- canonical/qualcomm qcs605 firmware
- canonical/qualcomm qcs605
- canonical/qualcomm sda845 firmware
- canonical/qualcomm sda845
- canonical/qualcomm sdm660 firmware
- canonical/qualcomm sdm660
- canonical/qualcomm sdm670 firmware
- canonical/qualcomm sdm670
- canonical/qualcomm sdm710 firmware
- canonical/qualcomm sdm710
- canonical/qualcomm sdm845 firmware
- canonical/qualcomm sdm845
- canonical/qualcomm sdx24 firmware
- canonical/qualcomm sdx24
- canonical/qualcomm sm6150
- canonical/qualcomm sm6150 firmware
- canonical/qualcomm sm7150 firmware
- canonical/qualcomm sm8150 firmware
- canonical/qualcomm sm8150
- canonical/qualcomm sm8250 firmware
- canonical/qualcomm sm8250
- canonical/qualcomm sxr2130 firmware
- canonical/qualcomm sxr2130
- vendor/google
- canonical/android