CVE-2019-10538

Lack of check of address range received from firmware response allows modem to respond arbitrary pages into its address range which can compromise HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM660, SDX20, SDX24

Published : 2019-09-30 16:15 Updated : 2019-10-02 16:10

10.0
CVSS Score More info
Score 10.0 / 10
10.0
Vendor Product Version URI
Qualcomm Msm8909w Firmware - cpe:/o:qualcomm:msm8909w_firmware:-
Qualcomm Msm8996au Firmware - cpe:/o:qualcomm:msm8996au_firmware:-
Qualcomm Qcs405 Firmware - cpe:/o:qualcomm:qcs405_firmware:-
Qualcomm Qcs605 Firmware - cpe:/o:qualcomm:qcs605_firmware:-
Qualcomm Qualcomm 215 Firmware - cpe:/o:qualcomm:qualcomm_215_firmware:-
Qualcomm Sd 425 Firmware - cpe:/o:qualcomm:sd_425_firmware:-
Qualcomm Sd 429 Firmware - cpe:/o:qualcomm:sd_429_firmware:-
Qualcomm Sd 439 Firmware - cpe:/o:qualcomm:sd_439_firmware:-
Qualcomm Sd 450 Firmware - cpe:/o:qualcomm:sd_450_firmware:-
Qualcomm Sd 625 Firmware - cpe:/o:qualcomm:sd_625_firmware:-
Qualcomm Sd 632 Firmware - cpe:/o:qualcomm:sd_632_firmware:-
Qualcomm Sd 636 Firmware - cpe:/o:qualcomm:sd_636_firmware:-
Qualcomm Sd 665 Firmware - cpe:/o:qualcomm:sd_665_firmware:-
Qualcomm Sd 670 Firmware - cpe:/o:qualcomm:sd_670_firmware:-
Qualcomm Sd 675 Firmware - cpe:/o:qualcomm:sd_675_firmware:-
Qualcomm Sd 710 Firmware - cpe:/o:qualcomm:sd_710_firmware:-
Qualcomm Sd 712 Firmware - cpe:/o:qualcomm:sd_712_firmware:-
Qualcomm Sd 730 Firmware - cpe:/o:qualcomm:sd_730_firmware:-
Qualcomm Sd 820a Firmware - cpe:/o:qualcomm:sd_820a_firmware:-
Qualcomm Sd 845 Firmware - cpe:/o:qualcomm:sd_845_firmware:-
Qualcomm Sd 850 Firmware - cpe:/o:qualcomm:sd_850_firmware:-
Qualcomm Sd 855 Firmware - cpe:/o:qualcomm:sd_855_firmware:-
Qualcomm Sda660 Firmware - cpe:/o:qualcomm:sda660_firmware:-
Qualcomm Sdm439 Firmware - cpe:/o:qualcomm:sdm439_firmware:-
Qualcomm Sdm660 Firmware - cpe:/o:qualcomm:sdm660_firmware:-
Qualcomm Sdx20 Firmware - cpe:/o:qualcomm:sdx20_firmware:-
Qualcomm Sdx24 Firmware - cpe:/o:qualcomm:sdx24_firmware:-
  1. Qualcomm (27) Search CVE
    1. Sd 675 Firmware (1) Search CVE
      1. -
    2. Sd 670 Firmware (1) Search CVE
      1. -
    3. Sd 439 Firmware (1) Search CVE
      1. -
    4. Sdx20 Firmware (1) Search CVE
      1. -
    5. Sdx24 Firmware (1) Search CVE
      1. -
    6. Qualcomm 215 Firmware (1) Search CVE
      1. -
    7. Qcs605 Firmware (1) Search CVE
      1. -
    8. Sd 429 Firmware (1) Search CVE
      1. -
    9. Sd 636 Firmware (1) Search CVE
      1. -
    10. Sd 845 Firmware (1) Search CVE
      1. -
    11. Qcs405 Firmware (1) Search CVE
      1. -
    12. Sd 632 Firmware (1) Search CVE
      1. -
    13. Sdm660 Firmware (1) Search CVE
      1. -
    14. Sdm439 Firmware (1) Search CVE
      1. -
    15. Sd 855 Firmware (1) Search CVE
      1. -
    16. Sd 425 Firmware (1) Search CVE
      1. -
    17. Sd 820a Firmware (1) Search CVE
      1. -
    18. Msm8909w Firmware (1) Search CVE
      1. -
    19. Msm8996au Firmware (1) Search CVE
      1. -
    20. Sd 710 Firmware (1) Search CVE
      1. -
    21. Sda660 Firmware (1) Search CVE
      1. -
    22. Sd 712 Firmware (1) Search CVE
      1. -
    23. Sd 625 Firmware (1) Search CVE
      1. -
    24. Sd 850 Firmware (1) Search CVE
      1. -
    25. Sd 450 Firmware (1) Search CVE
      1. -
    26. Sd 730 Firmware (1) Search CVE
      1. -
    27. Sd 665 Firmware (1) Search CVE
      1. -

CWE

ID Name Description Links
CWE-20 Improper Input Validation The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program. CVE

History of changes

Date Event
2019-10-02 16:10
2019-09-30 16:15

New CVE