CVE-2019-10520
Last modified
CVE-2019-10520 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. An unprivileged application can allocate GPU memory by calling memory allocation ioctl function and can exhaust all the memory which results in out of memory in Snapdragon Mobile, Snapdragon Voice & Music in QCS405, SD 210/SD 212/SD 205, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855. EPSS estimates a 0.17% chance of exploitation in the next 30 days.
Description
An unprivileged application can allocate GPU memory by calling memory allocation ioctl function and can exhaust all the memory which results in out of memory in Snapdragon Mobile, Snapdragon Voice & Music in QCS405, SD 210/SD 212/SD 205, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Qcs405 Firmware | All versions |
| Qualcomm | Sd 210 Firmware | All versions |
| Qualcomm | Sd 212 Firmware | All versions |
| Qualcomm | Sd 205 Firmware | All versions |
| Qualcomm | Sd 665 Firmware | All versions |
| Qualcomm | Sd 675 Firmware | All versions |
| Qualcomm | Sd 712 Firmware | All versions |
| Qualcomm | Sd 710 Firmware | All versions |
| Qualcomm | Sd 670 Firmware | All versions |
| Qualcomm | Sd 730 Firmware | All versions |
| Qualcomm | Sd 845 Firmware | All versions |
| Qualcomm | Sd 850 Firmware | All versions |
| Qualcomm | Sd 855 Firmware | All versions |
References
- https://source.android.com/security/bulletin/pixel/2019-11-01Patch, Third Party Advisory
- https://source.android.com/security/bulletin/pixel/2019-11-01Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-10520?
How severe is CVE-2019-10520?
How do I fix CVE-2019-10520?
Are you affected by CVE-2019-10520?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST