Improper Authentication in Qualcomm products - CVE-2019-10562
Published: May 17, 2025
Vulnerability identifier: #VU109307
CSH Severity:
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:
CVE-ID: CVE-2019-10562
CWE-ID: CWE-287
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Qualcomm
Affected software:
IPQ6018
QCS404
QCS610
SA415M
SC7180
SDM850
Kamorta
MSM8998
Nicobar
QCS605
Rennell
SA6155P
SDA660
SDA845
SDM630
SDM636
SDM660
SDM670
SDM710
SDM845
SDX24
SDX55
SM6150
SM7150
SM8150
SM8250
SXR1130
SXR2130
IPQ6018
QCS404
QCS610
SA415M
SC7180
SDM850
Kamorta
MSM8998
Nicobar
QCS605
Rennell
SA6155P
SDA660
SDA845
SDM630
SDM636
SDM660
SDM670
SDM710
SDM845
SDX24
SDX55
SM6150
SM7150
SM8150
SM8250
SXR1130
SXR2130
Detailed vulnerability description
The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in QTEE. #AV# #AU# can #EXT_IMPACT#.
How to mitigate CVE-2019-10562
Install security update from vendor's website.