CVE-2019-2339

HIGH

Snapdragon - Memory Corruption

Title source: llm

Description

Out of bound access due to lack of check of whiltelist array size while reading the image elf segments. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, QCS404, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin

Scores

CVSS v3 7.8

EPSS 0.0009

EPSS Percentile 26.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-129

Status published

Products (15)

qualcomm/mdm9205_firmware

qualcomm/qcs404_firmware

qualcomm/qcs605_firmware

qualcomm/sda845_firmware

qualcomm/sdm670_firmware

qualcomm/sdm710_firmware

qualcomm/sdm845_firmware

qualcomm/sdm850_firmware

qualcomm/sdx24_firmware

qualcomm/sdx55_firmware

... and 5 more

Published Nov 21, 2019

Tracked Since Feb 18, 2026