CVE-2019-10606
Last modified
CVE-2019-10606 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Out-of-bound access will occur in USB driver due to lack of check to validate the frame size passed by user in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, QCS605, SDX24. EPSS estimates a 0.20% chance of exploitation in the next 30 days.
Description
Out-of-bound access will occur in USB driver due to lack of check to validate the frame size passed by user in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, QCS605, SDX24
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Mdm9607 Firmware | All versions |
| Qualcomm | Msm8909w Firmware | All versions |
| Qualcomm | Msm8917 Firmware | All versions |
| Qualcomm | Msm8920 Firmware | All versions |
| Qualcomm | Msm8937 Firmware | All versions |
| Qualcomm | Msm8940 Firmware | All versions |
| Qualcomm | Qcs605 Firmware | All versions |
| Qualcomm | Sdx24 Firmware | All versions |
References
- https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletinPatch, Vendor Advisory
- https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletinPatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-10606?
How severe is CVE-2019-10606?
How do I fix CVE-2019-10606?
Are you affected by CVE-2019-10606?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST