CyberSec.Space Logo
Back to CVE Browser

CVE-2019-2309

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1340%
EPSS Percentile18.75th
PublishedJul 25, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

While storing calibrated data from firmware in cache, An integer overflow may occur since data length received may exceed real data length. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SDM660, SDX20

Affected Platforms (CPE)

πŸ’»
Qualcomm

Mdm9150 Firmware

All versions
πŸ’»
Qualcomm

Mdm9206 Firmware

All versions
πŸ’»
Qualcomm

Mdm9607 Firmware

All versions
πŸ’»
Qualcomm

Mdm9640 Firmware

All versions
πŸ’»
Qualcomm

Mdm9650 Firmware

All versions
πŸ’»
Qualcomm

Msm8996au Firmware

All versions
πŸ’»
Qualcomm

Qca6174a Firmware

All versions
πŸ’»
Qualcomm

Qca6574au Firmware

All versions
πŸ’»
Qualcomm

Qca9377 Firmware

All versions
πŸ’»
Qualcomm

Qca9379 Firmware

All versions
πŸ’»
Qualcomm

Sd 210 Firmware

All versions
πŸ’»
Qualcomm

Sd 212 Firmware

All versions
πŸ’»
Qualcomm

Sd 205 Firmware

All versions
πŸ’»
Qualcomm

Sd 425 Firmware

All versions
πŸ’»
Qualcomm

Sd 625 Firmware

All versions
πŸ’»
Qualcomm

Sd 636 Firmware

All versions
πŸ’»
Qualcomm

Sd 712 Firmware

All versions
πŸ’»
Qualcomm

Sd 710 Firmware

All versions
πŸ’»
Qualcomm

Sd 670 Firmware

All versions
πŸ’»
Qualcomm

Sd 820a Firmware

All versions
πŸ’»
Qualcomm

Sd 845 Firmware

All versions
πŸ’»
Qualcomm

Sd 850 Firmware

All versions
πŸ’»
Qualcomm

Sdm660 Firmware

All versions
πŸ’»
Qualcomm

Sdx20 Firmware

All versions

References & Advisories

πŸ”— https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin
πŸ”— https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin

Related Vulnerabilities

CVE-2019-22879.8

Improper validation for inputs received from firmware can lead to an out of bound write issue in video driver. in Snapdragon Auto,...

CVE-2019-105429.8

Buffer over-read may occur when downloading a corrupted firmware file that has chunk length in header which doesn`t match the cont...

CVE-2018-119277.8

Improper input validation on input which is used as an array index will lead to an out of bounds issue while processing AP find ev...

CVE-2019-105077.8

Lack of check of extscan change results received from firmware can lead to an out of buffer read in Snapdragon Auto, Snapdragon Co...

CVE-2019-2309 Detail & Impact Analysis | CVSS 9.8 (CRITICAL) | Cyber-Sec.Space | Cyber-Sec.Space