CVE-2019-10537 (mdm9607_firmware, nicobar_firmware, qca6574au_firmware, qcn7605_firmware, qcs405_firmware, qcs605_firmware, sdm660_firmware, sdm845_firmware, sdx55_firmware, sm6150_firmware, sm7150_firmware, sm8150_firmware, sm8250_firmware, sxr1130_firmware, sxr2130_firmware)

Improper validation of event buffer extracted from FW response can lead to integer overflow, which will allow to pass the length check and eventually will lead to buffer overwrite when event data is copied to context buffer in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, Nicobar, QCA6574AU, QCN7605, QCS405, QCS605, SDM660, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

View Full Alert