CVE-2019-10520

MEDIUM

Qualcomm Qcs405 Firmware - Resource Leak

Title source: rule

Description

An unprivileged application can allocate GPU memory by calling memory allocation ioctl function and can exhaust all the memory which results in out of memory in Snapdragon Mobile, Snapdragon Voice & Music in QCS405, SD 210/SD 212/SD 205, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855

References (1)

[Patch, Third Party Advisory] https://source.android.com/security/bulletin/pixel/2019-11-01

Scores

CVSS v3 5.5

EPSS 0.0004

EPSS Percentile 12.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-772

Status published

Affected Products (13)

qualcomm/qcs405_firmware

qualcomm/sd_210_firmware

qualcomm/sd_212_firmware

qualcomm/sd_205_firmware

qualcomm/sd_665_firmware

qualcomm/sd_675_firmware

qualcomm/sd_712_firmware

qualcomm/sd_710_firmware

qualcomm/sd_670_firmware

qualcomm/sd_730_firmware

qualcomm/sd_845_firmware

qualcomm/sd_850_firmware

qualcomm/sd_855_firmware

Timeline

Published Dec 12, 2019

Tracked Since Feb 18, 2026