#VU109311 Integer overflow in Qualcomm products - CVE-2019-13998


Vulnerability identifier: #VU109311

Vulnerability risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2019-13998

CWE-ID: CWE-190

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
APQ8009
Hardware solutions / Firmware
APQ8017
Hardware solutions / Firmware
APQ8053
Hardware solutions / Firmware
APQ8096AU
Hardware solutions / Firmware
APQ8098
Hardware solutions / Firmware
IPQ8074
Hardware solutions / Firmware
Kamorta
Hardware solutions / Firmware
MDM9150
Hardware solutions / Firmware
MDM9206
Hardware solutions / Firmware
MDM9607
Hardware solutions / Firmware
MDM9640
Hardware solutions / Firmware
MDM9650
Hardware solutions / Firmware
MSM8905
Hardware solutions / Firmware
MSM8917
Hardware solutions / Firmware
MSM8920
Hardware solutions / Firmware
MSM8937
Hardware solutions / Firmware
MSM8940
Hardware solutions / Firmware
MSM8953
Hardware solutions / Firmware
MSM8996
Hardware solutions / Firmware
MSM8996AU
Hardware solutions / Firmware
MSM8998
Hardware solutions / Firmware
Nicobar
Hardware solutions / Firmware
QCM2150
Hardware solutions / Firmware
QCN7605
Hardware solutions / Firmware
QCS405
Hardware solutions / Firmware
QCS605
Hardware solutions / Firmware
QM215
Hardware solutions / Firmware
Rennell
Hardware solutions / Firmware
SA6155P
Hardware solutions / Firmware
Saipan
Hardware solutions / Firmware
SC8180X
Hardware solutions / Firmware
SDA660
Hardware solutions / Firmware
SDA845
Hardware solutions / Firmware
SDM429
Hardware solutions / Firmware
SDM429W
Hardware solutions / Firmware
SDM439
Hardware solutions / Firmware
SDM450
Hardware solutions / Firmware
SDM630
Hardware solutions / Firmware
SDM632
Hardware solutions / Firmware
SDM636
Hardware solutions / Firmware
SDM660
Hardware solutions / Firmware
SDM670
Hardware solutions / Firmware
SDM710
Hardware solutions / Firmware
SDM845
Hardware solutions / Firmware
SDX20
Hardware solutions / Firmware
SDX24
Hardware solutions / Firmware
SDX55
Hardware solutions / Firmware
SM6150
Hardware solutions / Firmware
SM7150
Hardware solutions / Firmware
SM8150
Hardware solutions / Firmware
SM8250
Hardware solutions / Firmware
SXR1130
Hardware solutions / Firmware
SXR2130
Hardware solutions / Firmware
Bitra
Mobile applications / Mobile firmware & hardware
IPQ6018
Mobile applications / Mobile firmware & hardware
MDM9205
Mobile applications / Mobile firmware & hardware
MDM9645
Mobile applications / Mobile firmware & hardware
MDM9655
Mobile applications / Mobile firmware & hardware
MSM8909
Mobile applications / Mobile firmware & hardware
QCA8081
Mobile applications / Mobile firmware & hardware
QCS404
Mobile applications / Mobile firmware & hardware
QCS610
Mobile applications / Mobile firmware & hardware
SA415M
Mobile applications / Mobile firmware & hardware
SA515M
Mobile applications / Mobile firmware & hardware
SC7180
Mobile applications / Mobile firmware & hardware
SDM850
Mobile applications / Mobile firmware & hardware

Vendor: Qualcomm

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Qualcomm IPC. #AV# #AU# can #EXT_IMPACT#.

Mitigation
Install security update from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8017: All versions

APQ8053: All versions

APQ8096AU: All versions

APQ8098: All versions

Bitra: All versions

IPQ6018: All versions

IPQ8074: All versions

Kamorta: All versions

MDM9150: All versions

MDM9205: All versions

MDM9206: All versions

MDM9607: All versions

MDM9640: All versions

MDM9645: All versions

MDM9650: All versions

MDM9655: All versions

MSM8905: All versions

MSM8909: All versions

MSM8917: All versions

MSM8920: All versions

MSM8937: All versions

MSM8940: All versions

MSM8953: All versions

MSM8996: All versions

MSM8996AU: All versions

MSM8998: All versions

Nicobar: All versions

QCA8081: All versions

QCM2150: All versions

QCN7605: All versions

QCS404: All versions

QCS405: All versions

QCS605: All versions

QCS610: All versions

QM215: All versions

Rennell: All versions

SA415M: All versions

SA515M: All versions

SA6155P: All versions

Saipan: All versions

SC7180: All versions

SC8180X: All versions

SDA660: All versions

SDA845: All versions

SDM429: All versions

SDM429W: All versions

SDM439: All versions

SDM450: All versions

SDM630: All versions

SDM632: All versions

SDM636: All versions

SDM660: All versions

SDM670: All versions

SDM710: All versions

SDM845: All versions

SDM850: All versions

SDX20: All versions

SDX24: All versions

SDX55: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

SM8250: All versions

SXR1130: All versions

SXR2130: All versions

External links
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Qualcomm chipsets