#VU109308 Improper Validation of Array Index in Qualcomm products - CVE-2019-10628

Vulnerability identifier: #VU109308

Vulnerability risk:

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

CVE-ID: CVE-2019-10628

CWE-ID: CWE-129

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
APQ8098
MDM9650
MSM8998
Nicobar
QCN7605
QCS405
QCS605
Rennell
SA6155P
Saipan
SC8180X
SDA660
SDA845
SDM630
SDM636
SDM660
SDM670
SDM710
SDM845
SDX20
SDX24
SDX55
SM6150
SM7150
SM8150
SM8250
SXR1130
SXR2130
Bitra
MDM9205
QCA6390
QCS404
QCS610
SA415M
SC7180
SDM850

Software vendor:
Qualcomm

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Kernel. #AV# #AU# can #EXT_IMPACT#.

Install security update from vendor's website.

• https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin