CVE-2019-10624
HIGHQualcomm APQ8096AU Firmware - Buffer Overflow via Integer Truncation in Vendor Command Handling
Title source: llmDescription
While handling the vendor command there is an integer truncation issue that could yield a buffer overflow due to int data type copied to u8 data type in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8096AU, MSM8996AU, QCA6574AU, QCN7605, Rennell, SC8180X, SDM710, SDX55, SM7150, SM8150, SM8250, SXR2130
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin
Scores
CVSS v3
7.8
EPSS
0.0019
EPSS Percentile
8.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
CWE-681
Status
published
Products (12)
qualcomm/apq8096au_firmware
qualcomm/msm8996au_firmware
qualcomm/qca6574au_firmware
qualcomm/qcn7605_firmware
qualcomm/rennell_firmware
qualcomm/sc8180x_firmware
qualcomm/sdm710_firmware
qualcomm/sdx55_firmware
qualcomm/sm7150_firmware
qualcomm/sm8150_firmware
... and 2 more
Published
Apr 16, 2020
Tracked Since
Feb 18, 2026