Main Vulnerability Database Vulnerabilities #VU92775

Out-of-bounds read in Linux kernel - CVE-2019-10557

Published: December 18, 2019 / Updated: December 23, 2019

Vulnerability identifier: #VU92775

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-10557

CWE-ID: CWE-125

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Linux Foundation

Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Out-of-bound read in the wireless driver in the Linux kernel due to lack of check of buffer length. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDX20, SDX55, SXR1130

How to mitigate CVE-2019-10557

Install update from vendor's repository.

Sources

https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin

Out-of-bounds read in Linux kernel - CVE-2019-10557

Detailed vulnerability description

How to mitigate CVE-2019-10557

Sources

Please verify you're human