CVE-2019-2294

CRITICAL

Qualcomm Snapdragon - Memory Corruption

Title source: llm
STIX 2.1

Description

Usage of hard-coded magic number for calculating heap guard bytes can allow users to corrupt heap blocks without heap algorithm knowledge in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.qualcomm.com/company/product-security/bulletins

Scores

CVSS v3 9.8
EPSS 0.0091
EPSS Percentile 55.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-330
Status published
Products (47)
qualcomm/mdm9205_firmware
qualcomm/mdm9206_firmware
qualcomm/mdm9607_firmware
qualcomm/mdm9615_firmware
qualcomm/mdm9625_firmware
qualcomm/mdm9635m_firmware
qualcomm/mdm9655_firmware
qualcomm/msm8909w_firmware
qualcomm/msm8996au_firmware
qualcomm/qcs605_firmware
... and 37 more
Published Sep 30, 2019
Tracked Since Feb 18, 2026