Description
Kernel can do a memory read from arbitrary address passed by user during execution of a syscall in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9205, MDM9650, QCA8081, QCS605, SD 427, SD 435, SD 450, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/
Scores
CVSS v3
9.8
EPSS
0.0048
EPSS Percentile
65.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-125
Status
published
Products (27)
qualcomm/ipq8074_firmware
qualcomm/mdm9205_firmware
qualcomm/mdm9650_firmware
qualcomm/qca8081_firmware
qualcomm/qcs605_firmware
qualcomm/sd_427_firmware
qualcomm/sd_435_firmware
qualcomm/sd_450_firmware
qualcomm/sd_625_firmware
qualcomm/sd_636_firmware
... and 17 more
Published
Nov 06, 2019
Tracked Since
Feb 18, 2026