CVE-2019-2238

HIGH

Snapdragon Auto/Snapdragon Compute/Snapdragon Consumer Electronics ...

Title source: llm
STIX 2.1

Description

Lack of check of data type can lead to subsequent loop-expression potentially go negative and the condition will still evaluate to true leading to buffer underflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 8CX, SXR1130

References (1)

Core 1
Core References

Scores

CVSS v3 7.8
EPSS 0.0004
EPSS Percentile 13.3%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (17)
qualcomm/mdm9206_firmware
qualcomm/mdm9607_firmware
qualcomm/mdm9650_firmware
qualcomm/mdm9655_firmware
qualcomm/qcs605_firmware
qualcomm/sd_205_firmware
qualcomm/sd_210_firmware
qualcomm/sd_212_firmware
qualcomm/sd_410_firmware
qualcomm/sd_412_firmware
... and 7 more
Published Jul 25, 2019
Tracked Since Feb 18, 2026