Description
While handling the vendor command there is an integer truncation issue that could yield a buffer overflow due to int data type copied to u8 data type in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8096AU, MSM8996AU, QCA6574AU, QCN7605, Rennell, SC8180X, SDM710, SDX55, SM7150, SM8150, SM8250, SXR2130
Scores
CVSS v3
7.8
EPSS
0.0005
EPSS Percentile
16.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
CWE-681
Status
published
Products (12)
qualcomm/apq8096au_firmware
qualcomm/msm8996au_firmware
qualcomm/qca6574au_firmware
qualcomm/qcn7605_firmware
qualcomm/rennell_firmware
qualcomm/sc8180x_firmware
qualcomm/sdm710_firmware
qualcomm/sdx55_firmware
qualcomm/sm7150_firmware
qualcomm/sm8150_firmware
... and 2 more
Published
Apr 16, 2020
Tracked Since
Feb 18, 2026