CVE-2019-2308
First published: Mon Jul 01 2019(Updated: )
User application could potentially make RPC call to the fastrpc driver and the driver will allow the message to go through to the remote subsystem in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Android | ||
| Google Android | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Mdm9607 | ||
| Qualcomm Mdm9650 Firmware | ||
| Qualcomm Mdm9650 | ||
| Qualcomm Msm8909w Firmware | ||
| Qualcomm Msm8909w | ||
| Qualcomm Msm8996au Firmware | ||
| Qualcomm Msm8996au | ||
| Qualcomm Qcs405 Firmware | ||
| Qualcomm Qcs405 | ||
| Qualcomm Qcs605 Firmware | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Qualcomm 215 | ||
| Qualcomm Sd 425 Firmware | ||
| Qualcomm Sd 425 | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Sd 430 Firmware | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Sd 435 | ||
| Qualcomm Sd 439 Firmware | ||
| Qualcomm Sd 439 | ||
| Qualcomm Sd 429 Firmware | ||
| Qualcomm Sd 429 | ||
| Qualcomm Sd 450 Firmware | ||
| Qualcomm Sd 450 | ||
| Qualcomm Sd 625 Firmware | ||
| Qualcomm Sd 625 | ||
| Qualcomm Sd 632 Firmware | ||
| Qualcomm Sd 632 | ||
| Qualcomm Sd 636 Firmware | ||
| Qualcomm Sd 636 | ||
| Qualcomm Sd 665 Firmware | ||
| Qualcomm Sd 665 | ||
| Google Android | ||
| Qualcomm Sd 675 | ||
| Qualcomm Sd 712 Firmware | ||
| Qualcomm Sd 712 | ||
| Qualcomm Sd 710 Firmware | ||
| Qualcomm Sd 710 | ||
| Qualcomm Sd 670 Firmware | ||
| Qualcomm Sd 670 | ||
| Qualcomm Sd 730 Firmware | ||
| Qualcomm Sd 730 | ||
| Qualcomm Sd 820a Firmware | ||
| Qualcomm Sd 820a | ||
| Qualcomm Sd 835 Firmware | ||
| Qualcomm Sd 835 | ||
| Qualcomm Sd 845 Firmware | ||
| Qualcomm Sd 845 | ||
| Qualcomm Sd 850 Firmware | ||
| Qualcomm Sd 850 | ||
| Qualcomm Sd 855 Firmware | ||
| Qualcomm Sd 855 | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Sdm439 Firmware | ||
| Qualcomm Sdm439 | ||
| Qualcomm Sdm630 Firmware | ||
| Qualcomm Sdm630 | ||
| Qualcomm Sdm660 Firmware | ||
| Qualcomm Sdm660 | ||
| Qualcomm Sdx20 Firmware | ||
| Qualcomm Sdx20 | ||
| Qualcomm Sdx24 Firmware | ||
| Google Android |
Remedy
https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-2308?
The severity of CVE-2019-2308 is critical (7.8).
How does CVE-2019-2308 impact users?
CVE-2019-2308 allows user applications to make unauthorized RPC calls to the fastrpc driver, potentially leading to security breaches.
Which products are affected by CVE-2019-2308?
Google Android, Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650
Is Qualcomm Mdm9150 vulnerable to CVE-2019-2308?
Yes, Qualcomm Mdm9150 is vulnerable to CVE-2019-2308.
How can I fix CVE-2019-2308?
Apply the security patches provided by Google and Qualcomm to fix CVE-2019-2308.
- collector/android-source
- agent/software-canonical-lookup-request
- agent/type
- agent/first-publish-date
- collector/nvd-index
- agent/last-modified-date
- agent/references
- agent/author
- agent/severity
- agent/remedy
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- vendor/google
- canonical/google android
- vendor/qualcomm
- canonical/qualcomm mdm9607
- canonical/qualcomm mdm9650 firmware
- canonical/qualcomm mdm9650
- canonical/qualcomm msm8909w firmware
- canonical/qualcomm msm8909w
- canonical/qualcomm msm8996au firmware
- canonical/qualcomm msm8996au
- canonical/qualcomm qcs405 firmware
- canonical/qualcomm qcs405
- canonical/qualcomm qcs605 firmware
- canonical/qualcomm qualcomm 215
- canonical/qualcomm sd 425 firmware
- canonical/qualcomm sd 425
- canonical/qualcomm sd 430 firmware
- canonical/qualcomm sd 435
- canonical/qualcomm sd 439 firmware
- canonical/qualcomm sd 439
- canonical/qualcomm sd 429 firmware
- canonical/qualcomm sd 429
- canonical/qualcomm sd 450 firmware
- canonical/qualcomm sd 450
- canonical/qualcomm sd 625 firmware
- canonical/qualcomm sd 625
- canonical/qualcomm sd 632 firmware
- canonical/qualcomm sd 632
- canonical/qualcomm sd 636 firmware
- canonical/qualcomm sd 636
- canonical/qualcomm sd 665 firmware
- canonical/qualcomm sd 665
- canonical/qualcomm sd 675
- canonical/qualcomm sd 712 firmware
- canonical/qualcomm sd 712
- canonical/qualcomm sd 710 firmware
- canonical/qualcomm sd 710
- canonical/qualcomm sd 670 firmware
- canonical/qualcomm sd 670
- canonical/qualcomm sd 730 firmware
- canonical/qualcomm sd 730
- canonical/qualcomm sd 820a firmware
- canonical/qualcomm sd 820a
- canonical/qualcomm sd 835 firmware
- canonical/qualcomm sd 835
- canonical/qualcomm sd 845 firmware
- canonical/qualcomm sd 845
- canonical/qualcomm sd 850 firmware
- canonical/qualcomm sd 850
- canonical/qualcomm sd 855 firmware
- canonical/qualcomm sd 855
- canonical/qualcomm sdm439 firmware
- canonical/qualcomm sdm439
- canonical/qualcomm sdm630 firmware
- canonical/qualcomm sdm630
- canonical/qualcomm sdm660 firmware
- canonical/qualcomm sdm660
- canonical/qualcomm sdx20 firmware
- canonical/qualcomm sdx20
- canonical/qualcomm sdx24 firmware