Description
Improper validation of event buffer extracted from FW response can lead to integer overflow, which will allow to pass the length check and eventually will lead to buffer overwrite when event data is copied to context buffer in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, Nicobar, QCA6574AU, QCN7605, QCS405, QCS605, SDM660, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin
Scores
CVSS v3
7.8
EPSS
0.0003
EPSS Percentile
10.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-190
Status
published
Products (15)
qualcomm/mdm9607_firmware
qualcomm/nicobar_firmware
qualcomm/qca6574au_firmware
qualcomm/qcn7605_firmware
qualcomm/qcs405_firmware
qualcomm/qcs605_firmware
qualcomm/sdm660_firmware
qualcomm/sdm845_firmware
qualcomm/sdx55_firmware
qualcomm/sm6150_firmware
... and 5 more
Published
Dec 18, 2019
Tracked Since
Feb 18, 2026