CVE-2019-10484
MEDIUMQualcomm Snapdragon Firmware - Use-After-Free in Command Destructor
Title source: llmDescription
Use after free issue occurs when command destructors access dynamically allocated response buffer which is already deallocated during previous command teardwon sequence in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8098, MSM8909W, Nicobar, QCS405, QCS605, SDA845, SDM660, SDM670, SDM710, SDM845, SDX24, SM6150, SM7150, SM8150, SM8250, SXR2130
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.qualcomm.com/company/product-security/bulletins/november-2019-bulletin
Scores
CVSS v3
5.5
EPSS
0.0005
EPSS Percentile
15.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-416
Status
published
Products (16)
qualcomm/apq8098_firmware
qualcomm/msm8909w_firmware
qualcomm/nicobar_firmware
qualcomm/qcs405_firmware
qualcomm/qcs605_firmware
qualcomm/sda845_firmware
qualcomm/sdm660_firmware
qualcomm/sdm670_firmware
qualcomm/sdm710_firmware
qualcomm/sdm845_firmware
... and 6 more
Published
Dec 12, 2019
Tracked Since
Feb 18, 2026