CVE-2019-10556

HIGH

Qualcomm Snapdragon Firmware - Buffer Overflow via Kernel to Userspace Copy

Title source: llm
STIX 2.1

Description

Missing length check before copying the data from kernel space to userspace through the copy function can lead to buffer overflow in some cases in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, MSM8909W, MSM8917, MSM8953, Nicobar, QCN7605, QCS405, QCS605, QM215, Rennell, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

References (1)

Core 1
Core References

Scores

CVSS v3 7.8
EPSS 0.0019
EPSS Percentile 8.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-120
Status published
Products (31)
qualcomm/apq8009_firmware
qualcomm/apq8053_firmware
qualcomm/apq8096au_firmware
qualcomm/msm8909w_firmware
qualcomm/msm8917_firmware
qualcomm/msm8953_firmware
qualcomm/nicobar_firmware
qualcomm/qcn7605_firmware
qualcomm/qcs405_firmware
qualcomm/qcs605_firmware
... and 21 more
Published Apr 16, 2020
Tracked Since Feb 18, 2026