CVE-2019-2247

HIGH

Qualcomm Snapdragon - Memory Corruption

Title source: llm

Description

Possibility of double free issue while running multiple instances of smp2p test because of proper protection is missing while using global variable in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24

References (1)

[Patch, Third Party Advisory] https://www.codeaurora.org/security-bulletin/2019/04/01/april-2019-code-aurora-security-bulletin

Scores

CVSS v3 7.8

EPSS 0.0004

EPSS Percentile 12.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-415

Status published

Affected Products (38)

qualcomm/mdm9150_firmware

qualcomm/mdm9206_firmware

qualcomm/mdm9607_firmware

qualcomm/mdm9640_firmware

qualcomm/mdm9650_firmware

qualcomm/msm8909w_firmware

qualcomm/msm8996au_firmware

qualcomm/qcs605_firmware

qualcomm/sd_210_firmware

qualcomm/sd_212_firmware

qualcomm/sd_205_firmware

qualcomm/sd_425_firmware

qualcomm/sd_439_firmware

qualcomm/sd_429_firmware

qualcomm/sd_450_firmware

... and 23 more

Timeline

Published May 24, 2019

Tracked Since Feb 18, 2026