CVE-2019-2249

CRITICAL

Qualcomm IPQ8074 Firmware - Out-of-bounds Read via Syscall Execution

Title source: llm
STIX 2.1

Description

Kernel can do a memory read from arbitrary address passed by user during execution of a syscall in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9205, MDM9650, QCA8081, QCS605, SD 427, SD 435, SD 450, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/

Scores

CVSS v3 9.8
EPSS 0.0143
EPSS Percentile 69.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-125
Status published
Products (27)
qualcomm/ipq8074_firmware
qualcomm/mdm9205_firmware
qualcomm/mdm9650_firmware
qualcomm/qca8081_firmware
qualcomm/qcs605_firmware
qualcomm/sd_427_firmware
qualcomm/sd_435_firmware
qualcomm/sd_450_firmware
qualcomm/sd_625_firmware
qualcomm/sd_636_firmware
... and 17 more
Published Nov 06, 2019
Tracked Since Feb 18, 2026