CVE-2019-2329: Use After Free
First published: Mon Oct 07 2019(Updated: )
Use after free issue in cleanup routine due to missing pointer sanitization for a failed start of a trusted application. in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, QCS404, QCS605, SDA845, SDM670, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Android | ||
| Qualcomm 9205 Firmware | ||
| Qualcomm 9205 | ||
| Qualcomm QCS404 Firmware | ||
| Qualcomm QCS404 Firmware | ||
| Qualcomm ZZ QCS605 firmware | ||
| Qualcomm QCS605 Firmware | ||
| Qualcomm SD845 Firmware | ||
| Qualcomm Snapdragon 845 | ||
| Qualcomm SD 670 Firmware | ||
| Qualcomm SDM670 Firmware | ||
| Qualcomm SD710 Firmware | ||
| Qualcomm Snapdragon 710 | ||
| Qualcomm SDA/SDM845 Firmware | ||
| Qualcomm Snapdragon 845 | ||
| Qualcomm SDX55M Firmware | ||
| Qualcomm SDX55 Firmware | ||
| qualcomm SM6150P firmware | ||
| Qualcomm SM6150P | ||
| qualcomm SM7150 firmware | ||
| qualcomm SM7150 firmware | ||
| Qualcomm SM8150P Firmware | ||
| Qualcomm SM8150 Fusion | ||
| Qualcomm SXR1130 | ||
| Qualcomm SXR1130 Firmware | ||
| qualcomm SXR2130P firmware | ||
| Qualcomm SXR2130 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-2329?
CVE-2019-2329 is considered a high-severity vulnerability due to the potential for exploitation through use after free issues.
How do I fix CVE-2019-2329?
To fix CVE-2019-2329, ensure that you have installed the latest firmware updates provided by Qualcomm or your device manufacturer.
Which devices are affected by CVE-2019-2329?
CVE-2019-2329 affects various Snapdragon products including MDM9205, QCS404, QCS605, SDA845, and several firmware versions.
What is a use after free vulnerability as illustrated in CVE-2019-2329?
A use after free vulnerability occurs when a program continues to access memory after it has been freed, potentially allowing an attacker to execute arbitrary code.
Is CVE-2019-2329 an ongoing risk for users of affected devices?
Yes, CVE-2019-2329 poses an ongoing risk until the affected devices are updated with the appropriate security patches.
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/last-modified-date
- agent/source
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/google
- canonical/android
- vendor/qualcomm
- canonical/qualcomm 9205 firmware
- canonical/qualcomm 9205
- canonical/qualcomm qcs404 firmware
- canonical/qualcomm zz qcs605 firmware
- canonical/qualcomm qcs605 firmware
- canonical/qualcomm sd845 firmware
- canonical/qualcomm snapdragon 845
- canonical/qualcomm sd 670 firmware
- canonical/qualcomm sdm670 firmware
- canonical/qualcomm sd710 firmware
- canonical/qualcomm snapdragon 710
- canonical/qualcomm sda/sdm845 firmware
- canonical/qualcomm sdx55m firmware
- canonical/qualcomm sdx55 firmware
- canonical/qualcomm sm6150p firmware
- canonical/qualcomm sm6150p
- canonical/qualcomm sm7150 firmware
- canonical/qualcomm sm8150p firmware
- canonical/qualcomm sm8150 fusion
- canonical/qualcomm sxr1130
- canonical/qualcomm sxr1130 firmware
- canonical/qualcomm sxr2130p firmware
- canonical/qualcomm sxr2130