CVE-2019-10580: Use After Free
First published: Mon Jul 06 2020(Updated: )
When kernel thread unregistered listener, Use after free issue happened as the listener client`s private data has been already freed in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9607, MSM8909W, Nicobar, QCM2150, QCS405, QCS605, Saipan, SC8180X, SDM429W, SDX55, SM8150, SM8250, SXR2130
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Android | ||
| Google Android | ||
| Qualcomm Mdm9607 | ||
| Qualcomm Msm8909w Firmware | ||
| Qualcomm Msm8909w | ||
| Google Android | ||
| Qualcomm Nicobar | ||
| Qualcomm Qcm2150 Firmware | ||
| Google Android | ||
| Qualcomm Qcs405 Firmware | ||
| Qualcomm Qcs405 | ||
| Qualcomm Qcs605 Firmware | ||
| Google Android | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Sc8180x Firmware | ||
| Qualcomm Sc8180x | ||
| Qualcomm Sdm429w Firmware | ||
| Qualcomm Sdm429w | ||
| Qualcomm Sdx55 Firmware | ||
| Qualcomm Sdx55 | ||
| Qualcomm Sm8150 Firmware | ||
| Qualcomm Sm8150 | ||
| Qualcomm Sm8250 Firmware | ||
| Qualcomm SM8250 | ||
| Qualcomm Sxr2130 Firmware | ||
| Qualcomm Sxr2130 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.qualcomm.com/company/product-security/bulletins/july-2020-bulletin
- https://www.qualcomm.com/company/product-security/bulletins/july-2020-security-bulletin
- https://source.codeaurora.org/quic/la/kernel/msm-4.14/commit/?id=a215c96a48843a731efc084d25c680c1cdb3bde2
- https://source.android.com/docs/security/bulletin/2020-07-01 (Advisory)
Frequently Asked Questions
What is CVE-2019-10580?
CVE-2019-10580 is a vulnerability that occurs when kernel thread unregistered listener Use after free issue happened as the listener client`s private data has been already freed in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9607.
Which software is affected by CVE-2019-10580?
Qualcomm Mdm9607, Qualcomm Nicobar, Qualcomm Qcm2150 Firmware, Qualcomm Qcs405 Firmware, Qualcomm Qcs605 Firmware, Qualcomm Saipan, Qualcomm Sc8180x Firmware, Qualcomm Sdm429w Firmware, Qualcomm Sdx55 Firmware, Qualcomm Sm8150 Firmware, Qualcomm Sm8250 Firmware, and Qualcomm Sxr2130 Firmware are affected by CVE-2019-10580.
What is the severity of CVE-2019-10580?
CVE-2019-10580 has a severity value of 7.8 (high).
How do I fix CVE-2019-10580?
To fix CVE-2019-10580, it is recommended to apply the latest security patches provided by Qualcomm.
Where can I find more information about CVE-2019-10580?
More information about CVE-2019-10580 can be found on the Qualcomm Product Security Bulletins for July 2020: [Link](https://www.qualcomm.com/company/product-security/bulletins/july-2020-bulletin)
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/event
- agent/type
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/android-source
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/google
- canonical/google android
- vendor/qualcomm
- canonical/qualcomm mdm9607
- canonical/qualcomm msm8909w firmware
- canonical/qualcomm msm8909w
- canonical/qualcomm nicobar
- canonical/qualcomm qcm2150 firmware
- canonical/qualcomm qcs405 firmware
- canonical/qualcomm qcs405
- canonical/qualcomm qcs605 firmware
- canonical/qualcomm sc8180x firmware
- canonical/qualcomm sc8180x
- canonical/qualcomm sdm429w firmware
- canonical/qualcomm sdm429w
- canonical/qualcomm sdx55 firmware
- canonical/qualcomm sdx55
- canonical/qualcomm sm8150 firmware
- canonical/qualcomm sm8150
- canonical/qualcomm sm8250 firmware
- canonical/qualcomm sm8250
- canonical/qualcomm sxr2130 firmware
- canonical/qualcomm sxr2130