CVE-2019-10529

HIGH

Qualcomm Snapdragon Firmware - Use-After-Free via Race Condition in set_page_dirty()

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-10529. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates a use-after-free (UAF) vulnerability in the Linux kernel's KGSL driver (CVE-2019-10529), where `kgsl_mem_entry_destroy()` unsafely calls `set_page_dirty()` without proper locking, leading to a race condition and kernel crash. The PoC includes a kernel patch to widen the race window and a user-space program to trigger the bug.

Description

Possible use after free issue due to race condition while attempting to mark the entry pages as dirty using function set_page_dirty() in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosandroid

https://www.exploit-db.com/exploits/46941

View Code ZIP pw:eip

This exploit demonstrates a use-after-free (UAF) vulnerability in the Linux kernel's KGSL driver (CVE-2019-10529), where `kgsl_mem_entry_destroy()` unsafely calls `set_page_dirty()` without proper locking, leading to a race condition and kernel crash. The PoC includes a kernel patch to widen the race window and a user-space program to trigger the bug.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Racy

Target: Linux kernel 4.4 (Android msm-wahoo branch)

No auth needed

Prerequisites: Kernel with KASAN enabled · Pixel 2 (walleye) or similar device · Custom kernel build with provided patch

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_confirm

https://source.android.com/security/bulletin/

Scores

CVSS v3 8.1

EPSS 0.0174

EPSS Percentile 74.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-362 CWE-416

Status published

Products (41)

qualcomm/mdm9150_firmware

qualcomm/mdm9206_firmware

qualcomm/mdm9607_firmware

qualcomm/mdm9640_firmware

qualcomm/mdm9650_firmware

qualcomm/msm8909w_firmware

qualcomm/msm8996au_firmware

qualcomm/qcs405_firmware

qualcomm/qcs605_firmware

qualcomm/qualcomm_215_firmware

... and 31 more

Published Nov 06, 2019

Tracked Since Feb 18, 2026