Out-of-bounds read in Qualcomm products - CVE-2019-2277
Published: July 25, 2019
Vulnerability identifier: #VU19362
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2019-2277
CWE-ID: CWE-125
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Qualcomm
Affected software:
SDX24
SDM660
SDM630
SDA660
SD855
SD850
SD845
SD835
SD820A
SD730
SD710
SD712
SD670
SD675
SD665
SD636
SD625
SD450
SD435
SD430
SD427
SD425
SD205
SD212
SD210
QCS605
QCS405
MSM8996AU
SDX24
SDM660
SDM630
SDA660
SD855
SD850
SD845
SD835
SD820A
SD730
SD710
SD712
SD670
SD675
SD665
SD636
SD625
SD450
SD435
SD430
SD427
SD425
SD205
SD212
SD210
QCS605
QCS405
MSM8996AU
Detailed vulnerability description
The vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to lack of NULL termination on user controlled data in WLAN. A local authenticated attacker can trigger out-of-bounds read error and disclose information, disrupt service and modificate the target applications.
The vulnerability exists in: Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
How to mitigate CVE-2019-2277
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.