Use-after-free in Qualcomm products - CVE-2019-10580
Published: July 10, 2020 / Updated: March 3, 2021
Vulnerability identifier: #VU29648
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-10580
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Qualcomm
Affected software:
MDM9607
SXR2130
SM8250
SM8150
SDX55
SDM429W
SC8180X
Saipan
QCS605
QCS405
QCM2150
Nicobar
MSM8909W
MDM9607
SXR2130
SM8250
SM8150
SDX55
SDM429W
SC8180X
Saipan
QCS605
QCS405
QCM2150
Nicobar
MSM8909W
Detailed vulnerability description
The vulnerability allows a local attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in HLOS. A local attacker can gain elevated privileges on the target system.
How to mitigate CVE-2019-10580
Install updates from vendor's website.