CVE-2019-2338
HIGHSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapd...
Title source: llmDescription
Crafted image that has a valid signature from a non-QC entity can be loaded which can read/write memory that belongs to the secure world in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, MSM8998, QCS404, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.qualcomm.com/company/product-security/bulletins/november-2019-bulletin
Scores
CVSS v3
7.1
EPSS
0.0004
EPSS Percentile
13.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Details
Status
published
Products (19)
qualcomm/mdm9205_firmware
qualcomm/msm8998_firmware
qualcomm/qcs404_firmware
qualcomm/qcs605_firmware
qualcomm/sda660_firmware
qualcomm/sda845_firmware
qualcomm/sdm630_firmware
qualcomm/sdm636_firmware
qualcomm/sdm660_firmware
qualcomm/sdm670_firmware
... and 9 more
Published
Dec 12, 2019
Tracked Since
Feb 18, 2026