Out-of-bounds read in Qualcomm SDX24

Published: 2019-07-22 | Updated: 2019-07-25

Risk	High
Patch available	NO
Number of vulnerabilities	1
CVE-ID	CVE-2019-2277
CWE-ID	CWE-125
Exploitation vector	Local
Public exploit	N/A
Vulnerable software Subscribe	SDX24 Hardware solutions / Firmware SDM660 Hardware solutions / Firmware SDM630 Hardware solutions / Firmware SDA660 Hardware solutions / Firmware SD855 Hardware solutions / Firmware SD850 Hardware solutions / Firmware SD845 Hardware solutions / Firmware SD835 Hardware solutions / Firmware SD820A Hardware solutions / Firmware SD730 Hardware solutions / Firmware SD710 Hardware solutions / Firmware SD712 Hardware solutions / Firmware SD670 Hardware solutions / Firmware SD675 Hardware solutions / Firmware SD665 Hardware solutions / Firmware SD636 Hardware solutions / Firmware SD625 Hardware solutions / Firmware SD450 Hardware solutions / Firmware SD435 Hardware solutions / Firmware SD430 Hardware solutions / Firmware SD427 Hardware solutions / Firmware SD425 Hardware solutions / Firmware SD205 Hardware solutions / Firmware SD212 Hardware solutions / Firmware SD210 Hardware solutions / Firmware QCS605 Hardware solutions / Firmware QCS405 Hardware solutions / Firmware MSM8996AU Hardware solutions / Firmware
Vendor	Qualcomm

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Out-of-bounds read

EUVDB-ID: #VU19362

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2019-2277

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to lack of NULL termination on user controlled data in WLAN. A local authenticated attacker can trigger out-of-bounds read error and disclose information, disrupt service and modificate the target applications.

The vulnerability exists in: Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

SDX24: All versions

SDM660: All versions

SDM630: All versions

SDA660: All versions

SD855: All versions

SD850: All versions

SD845: All versions

SD835: All versions

SD820A: All versions

SD730: All versions

SD710: All versions

SD712: All versions

SD670: All versions

SD675: All versions

SD665: All versions

SD636: All versions

SD625: All versions

SD450: All versions

SD435: All versions

SD430: All versions

SD427: All versions

SD425: All versions

SD205: All versions

SD212: All versions

SD210: All versions

QCS605: All versions

QCS405: All versions

MSM8996AU: All versions

External links

http://www.codeaurora.org/security-bulletin/2019/06/03/june-2019-code-aurora-security-bulletin
http://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=477...

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.