First published: Thu Jul 25 2019(Updated: )
Possibility of out-of-bound read if id received from SPI is not in range of FIFO in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9980, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SD 855, SDM439, SDM660, SDX24
Credit: product-security@qualcomm.com
Affected Software | Affected Version | How to fix |
---|---|---|
Qualcomm IPQ4019 | ||
Qualcomm IPQ4019 Firmware | ||
Qualcomm IPQ8064 Firmware | ||
Qualcomm IPQ8064 Firmware | ||
Qualcomm 8909 Firmware | ||
Qualcomm Snapdragon 8909 | ||
qualcomm MSM8996AU firmware | ||
Qualcomm MSM8996AU Firmware | ||
Qualcomm QCA9980 Firmware | ||
Qualcomm QCA9980 Firmware | ||
Qualcomm QCS605 | ||
Qualcomm QCS605 Firmware | ||
Qualcomm 215 Mobile Firmware | ||
Qualcomm 215 Firmware | ||
Qualcomm SDR425 Firmware | ||
Qualcomm Snapdragon 425 | ||
qualcomm SDM439 firmware | ||
Qualcomm PM439 | ||
Qualcomm SDA429W Firmware | ||
Qualcomm SD 429 Firmware | ||
Qualcomm SDM450 Firmware | ||
Qualcomm SDM450 | ||
Qualcomm SD 625 Firmware | ||
Qualcomm Snapdragon 625 | ||
Qualcomm SD632 Firmware | ||
Qualcomm SD 632 firmware | ||
Qualcomm SDM636 Firmware | ||
Qualcomm Snapdragon 636 | ||
Qualcomm Snapdragon 712 Firmware | ||
Qualcomm Snapdragon 712 | ||
Qualcomm SD710 Firmware | ||
Qualcomm Snapdragon 710 | ||
Qualcomm SD 670 | ||
Qualcomm SDM670 | ||
Qualcomm SD820A Firmware | ||
Qualcomm SD820A Firmware | ||
Qualcomm SDA845 Firmware | ||
Qualcomm SD845 | ||
Qualcomm SD850 Firmware | ||
Qualcomm SD850 | ||
Qualcomm SD855 Firmware | ||
Qualcomm SD855 Firmware | ||
Qualcomm SDM439 Firmware | ||
Qualcomm SDM439 Firmware | ||
Qualcomm SD660 Firmware | ||
Qualcomm Snapdragon 660 | ||
Qualcomm SDX24 | ||
Qualcomm SDX24 |
https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2019-2301 is high with a severity value of 7.8.
CVE-2019-2301 affects Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, MSM8909W, MSM8996A.
To fix CVE-2019-2301, apply the necessary firmware updates provided by Qualcomm.
The Common Weakness Enumeration (CWE) ID of CVE-2019-2301 is 125.
More information about CVE-2019-2301 can be found at the Code Aurora Security Bulletin: https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin