CVE-2019-10510: Null Pointer Dereference
First published: Mon Aug 05 2019(Updated: )
BT process died and BT toggled due to null pointer dereference when invalid vendor pass through command sent from remote in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS405, QCS605, SD 636, SD 675, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Qualcomm Qcs405 Firmware | ||
| Google Android | ||
| Qualcomm Qcs605 Firmware | ||
| Google Android | ||
| Qualcomm Sd 636 Firmware | ||
| Qualcomm Sd 636 | ||
| Google Android | ||
| Qualcomm Sd 675 | ||
| Qualcomm Sd 730 Firmware | ||
| Qualcomm Sd 730 | ||
| Qualcomm Sd 820a Firmware | ||
| Qualcomm Sd 820a | ||
| Qualcomm Sd 835 Firmware | ||
| Qualcomm Sd 835 | ||
| Qualcomm Sd 845 Firmware | ||
| Qualcomm Sd 845 | ||
| Qualcomm Sd 850 Firmware | ||
| Qualcomm Sd 850 | ||
| Qualcomm Sd 855 Firmware | ||
| Qualcomm Sd 855 | ||
| Qualcomm Sdm630 Firmware | ||
| Qualcomm Sdm630 | ||
| Qualcomm Sdm660 Firmware | ||
| Qualcomm Sdm660 | ||
Remedy
https://www.codeaurora.org/security-bulletin/2019/08/05/august-2019-code-aurora-security-bulletin
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-10510?
CVE-2019-10510 is a vulnerability that can cause the BT process to crash and BT to toggle due to a null pointer dereference when an invalid vendor pass through command is sent from a remote device.
Which software is affected by CVE-2019-10510?
CVE-2019-10510 affects Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS405, QCS605, SD 636, SD 675, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM63.
What is the severity of CVE-2019-10510?
The severity of CVE-2019-10510 is high, with a CVSS score of 8.2.
How can I fix CVE-2019-10510?
To fix CVE-2019-10510, update your software to the latest version provided by Qualcomm or the respective vendor.
Can I find more information about CVE-2019-10510?
Yes, you can find more information about CVE-2019-10510 in the references provided: [Link to Source Code Aurora](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/system/bt/commit/?id=d005a97b4daa188a15696c46c72b67e5f49f7fc6), [Link to Android Security Bulletin](https://source.android.com/docs/security/bulletin/2019-08-01), [Link to Code Aurora Security Bulletin](https://www.codeaurora.org/security-bulletin/2019/08/05/august-2019-code-aurora-security-bulletin).
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/author
- agent/severity
- agent/weakness
- agent/remedy
- agent/references
- agent/description
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/qualcomm
- canonical/qualcomm qcs405 firmware
- canonical/google android
- canonical/qualcomm qcs605 firmware
- canonical/qualcomm sd 636 firmware
- canonical/qualcomm sd 636
- canonical/qualcomm sd 675
- canonical/qualcomm sd 730 firmware
- canonical/qualcomm sd 730
- canonical/qualcomm sd 820a firmware
- canonical/qualcomm sd 820a
- canonical/qualcomm sd 835 firmware
- canonical/qualcomm sd 835
- canonical/qualcomm sd 845 firmware
- canonical/qualcomm sd 845
- canonical/qualcomm sd 850 firmware
- canonical/qualcomm sd 850
- canonical/qualcomm sd 855 firmware
- canonical/qualcomm sd 855
- canonical/qualcomm sdm630 firmware
- canonical/qualcomm sdm630
- canonical/qualcomm sdm660 firmware
- canonical/qualcomm sdm660
- vendor/google