First published: Mon Aug 05 2019(Updated: )
Improper validation of read and write index of tx and rx fifo`s before using for data copy from fifo can lead to out-of-bound access. in Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, QCS405, SD 665, SD 675, SD 730, SD 855
Credit: product-security@qualcomm.com
Affected Software | Affected Version | How to fix |
---|---|---|
Qualcomm Ipq4019 Firmware | ||
Qualcomm Ipq4019 | ||
Qualcomm Ipq8064 Firmware | ||
Qualcomm Ipq8064 | ||
Qualcomm Ipq8074 Firmware | ||
Qualcomm Ipq8074 | ||
Qualcomm Qcs405 Firmware | ||
Qualcomm Qcs405 | ||
Qualcomm Sd 665 Firmware | ||
Qualcomm Sd 665 | ||
Google Android | ||
Qualcomm Sd 675 | ||
Qualcomm Sd 730 Firmware | ||
Qualcomm Sd 730 | ||
Qualcomm Sd 855 Firmware | ||
Qualcomm Sd 855 | ||
Google Android |
https://www.codeaurora.org/security-bulletin/2019/08/05/august-2019-code-aurora-security-bulletin
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2019-10499 is high, with a severity value of 7.8.
Qualcomm Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, QCS405, SD 665, SD 675, SD 730, SD 855 are affected by CVE-2019-10499.
Improper validation of read and write index of tx and rx fifo's before using for data copy from fifo can lead to out-of-bound access in Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking.
Apply the security patches and firmware updates provided by Qualcomm or Google for the affected software.
More information about CVE-2019-10499 can be found at the following sources: [source.codeaurora.org](https://source.codeaurora.org/quic/la/kernel/msm-4.14/commit/?id=e5f79b37300b6562c479f96fb3b590d84d03ce96), [source.android.com](https://source.android.com/docs/security/bulletin/2019-08-01), [codeaurora.org](https://www.codeaurora.org/security-bulletin/2019/08/05/august-2019-code-aurora-security-bulletin).