CVE-2019-10612
CRITICALQualcomm Multiple Chipsets Firmware - Out-of-bounds Write via UTCB Object Function Pointer
Title source: llmDescription
UTCB object has a function pointer called by the reaper to deallocate its memory resources and this address can potentially be corrupted by stack overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, MDM9650, QCS605, SA6155P, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin
Scores
CVSS v3
9.8
EPSS
0.0036
EPSS Percentile
58.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (17)
qualcomm/mdm9205_firmware
qualcomm/mdm9650_firmware
qualcomm/qcs605_firmware
qualcomm/sa6155p_firmware
qualcomm/sc8180x_firmware
qualcomm/sda845_firmware
qualcomm/sdm670_firmware
qualcomm/sdm710_firmware
qualcomm/sdm845_firmware
qualcomm/sdm850_firmware
... and 7 more
Published
Mar 05, 2020
Tracked Since
Feb 18, 2026