First published: Thu Dec 12 2019(Updated: )
An unprivileged application can allocate GPU memory by calling memory allocation ioctl function and can exhaust all the memory which results in out of memory in Snapdragon Mobile, Snapdragon Voice & Music in QCS405, SD 210/SD 212/SD 205, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855
Credit: product-security@qualcomm.com
Affected Software | Affected Version | How to fix |
---|---|---|
Qualcomm Qcs405 Firmware | ||
Qualcomm Qcs405 | ||
Qualcomm Sd 210 Firmware | ||
Qualcomm Sd 210 | ||
Qualcomm Sd 212 Firmware | ||
Qualcomm Sd 212 | ||
Qualcomm Sd 205 Firmware | ||
Qualcomm Sd 205 | ||
Qualcomm Sd 665 Firmware | ||
Qualcomm Sd 665 | ||
Google Android | ||
Qualcomm Sd 675 | ||
Qualcomm Sd 712 Firmware | ||
Qualcomm Sd 712 | ||
Qualcomm Sd 710 Firmware | ||
Qualcomm Sd 710 | ||
Qualcomm Sd 670 Firmware | ||
Qualcomm Sd 670 | ||
Qualcomm Sd 730 Firmware | ||
Qualcomm Sd 730 | ||
Qualcomm Sd 845 Firmware | ||
Qualcomm Sd 845 | ||
Qualcomm Sd 850 Firmware | ||
Qualcomm Sd 850 | ||
Qualcomm Sd 855 Firmware | ||
Qualcomm Sd 855 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-10520 is a vulnerability that allows an unprivileged application to allocate GPU memory and exhaust all the memory, resulting in an out of memory condition in Snapdragon Mobile, Snapdragon Voice & Music in QCS405, SD 210/SD 212/SD 205, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850 / SD 855 devices.
CVE-2019-10520 has a severity rating of 5.5 out of 10 (medium severity).
CVE-2019-10520 affects Snapdragon Mobile, Snapdragon Voice & Music in QCS405, SD 210/SD 212/SD 205, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850 / SD 855 devices.
An unprivileged application can exploit CVE-2019-10520 by calling memory allocation ioctl function to allocate GPU memory and exhaust all the memory on the affected devices.
No, Google Android is not vulnerable to CVE-2019-10520.