Description
Possible use after free issue while CRM is accessing the link pointer from device private data due to lack of resource protection in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, MDM9206, MDM9207C, MDM9607, QCS605, SDM429W, SDX24, SM8150, SXR1130
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin
Third Party Advisory, VDB Entry x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-20-199/
Scores
CVSS v3
7.8
EPSS
0.0004
EPSS Percentile
13.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (9)
qualcomm/apq8009_firmware
qualcomm/mdm9206_firmware
qualcomm/mdm9207c_firmware
qualcomm/mdm9607_firmware
qualcomm/qcs605_firmware
qualcomm/sdm429w_firmware
qualcomm/sdx24_firmware
qualcomm/sm8150_firmware
qualcomm/sxr1130_firmware
Published
Feb 07, 2020
Tracked Since
Feb 18, 2026