medium
5.5
CWE
476
Advisory Published
CVE Published
Updated

CVE-2019-10616: Null Pointer Dereference

First published: Mon Mar 02 2020(Updated: )

Possibility of null pointer access if the SPDM commands are executed in the non-standard way in TZ. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8016, MDM9150, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8998, SA6155P, SDX24

Credit: product-security@qualcomm.com

Affected SoftwareAffected VersionHow to fix
Google Android
Google Android
Qualcomm Apq8009
Qualcomm Apq8016 Firmware
Google Android
Google Android
Google Android
Google Android
Qualcomm Mdm9607
Qualcomm Mdm9650 Firmware
Qualcomm Mdm9650
Qualcomm Msm8905 Firmware
Qualcomm Msm8905
Google Android
Qualcomm Msm8909
Qualcomm Msm8909w Firmware
Qualcomm Msm8909w
Google Android
Qualcomm MSM8998
Google Android
Qualcomm Sa6155p
Qualcomm Sdx24 Firmware
Google Android
Qualcomm Mdm9206 Firmware
Qualcomm Mdm9206

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2019-10616?

    CVE-2019-10616 is a vulnerability that allows null pointer access if the SPDM commands are executed in a non-standard way in certain Qualcomm products running Google Android.

  • Which products are affected by CVE-2019-10616?

    CVE-2019-10616 affects Google Android on Qualcomm products such as Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile.

  • How severe is CVE-2019-10616?

    CVE-2019-10616 has a severity rating of 5.5 (high).

  • How can I mitigate the CVE-2019-10616 vulnerability?

    To mitigate the CVE-2019-10616 vulnerability, it is recommended to apply the security updates provided by Google and Qualcomm.

  • Where can I find more information about CVE-2019-10616?

    More information about CVE-2019-10616 can be found in the Android Security Bulletin for March 2020 and the Qualcomm Product Security Bulletins.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203