#VU109311 Integer overflow in Qualcomm products - CVE-2019-13998
Published: May 17, 2025
Vulnerability identifier: #VU109311
Vulnerability risk:
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:
CVE-ID: CVE-2019-13998
CWE-ID: CWE-190
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
APQ8009
APQ8017
APQ8053
APQ8096AU
APQ8098
IPQ8074
Kamorta
MDM9150
MDM9206
MDM9607
MDM9640
MDM9650
MSM8905
MSM8917
MSM8920
MSM8937
MSM8940
MSM8953
MSM8996
MSM8996AU
MSM8998
Nicobar
QCM2150
QCN7605
QCS405
QCS605
QM215
Rennell
SA6155P
Saipan
SC8180X
SDA660
SDA845
SDM429
SDM429W
SDM439
SDM450
SDM630
SDM632
SDM636
SDM660
SDM670
SDM710
SDM845
SDX20
SDX24
SDX55
SM6150
SM7150
SM8150
SM8250
SXR1130
SXR2130
Bitra
IPQ6018
MDM9205
MDM9645
MDM9655
MSM8909
QCA8081
QCS404
QCS610
SA415M
SA515M
SC7180
SDM850
APQ8009
APQ8017
APQ8053
APQ8096AU
APQ8098
IPQ8074
Kamorta
MDM9150
MDM9206
MDM9607
MDM9640
MDM9650
MSM8905
MSM8917
MSM8920
MSM8937
MSM8940
MSM8953
MSM8996
MSM8996AU
MSM8998
Nicobar
QCM2150
QCN7605
QCS405
QCS605
QM215
Rennell
SA6155P
Saipan
SC8180X
SDA660
SDA845
SDM429
SDM429W
SDM439
SDM450
SDM630
SDM632
SDM636
SDM660
SDM670
SDM710
SDM845
SDX20
SDX24
SDX55
SM6150
SM7150
SM8150
SM8250
SXR1130
SXR2130
Bitra
IPQ6018
MDM9205
MDM9645
MDM9655
MSM8909
QCA8081
QCS404
QCS610
SA415M
SA515M
SC7180
SDM850
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in Qualcomm IPC. #AV# #AU# can #EXT_IMPACT#.
Remediation
Install security update from vendor's website.