CVE-2019-10528

CRITICAL

Qualcomm Multiple Chipsets Firmware - Use-After-Free in Kernel MDLog Session Handling

Title source: llm

Description

Use after free issue in kernel while accessing freed mdlog session info and its attributes after closing the session in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 730, SD 820, SD 820A, SD 835, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_confirm

https://source.android.com/security/bulletin/

Scores

CVSS v3 9.8

EPSS 0.0040

EPSS Percentile 60.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (28)

qualcomm/mdm9206_firmware

qualcomm/mdm9607_firmware

qualcomm/mdm9640_firmware

qualcomm/mdm9650_firmware

qualcomm/msm8909w_firmware

qualcomm/msm8996au_firmware

qualcomm/qcs405_firmware

qualcomm/sd_205_firmware

qualcomm/sd_210_firmware

qualcomm/sd_212_firmware

... and 18 more

Published Nov 06, 2019

Tracked Since Feb 18, 2026