TROYANOSYVIRUS
Retour aux CVEs

CVE-2019-10536

HIGH
7.8

Description

Potential double free scenario if driver receives another DIAG_EVENT_LOG_SUPPORTED event from firmware as the pointer is not set to NULL on first call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6174A, QCA6574AU, QCA8081, QCA9377, QCA9379, QCN7605, QCS405, QCS605, SDA660, SDA845, SDM450, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Details CVE

Score CVSS v3.17.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie12/18/2019
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0

Produits affectes

qualcomm:apq8009qualcomm:apq8009_firmwarequalcomm:apq8017qualcomm:apq8017_firmwarequalcomm:apq8053qualcomm:apq8053_firmwarequalcomm:apq8096auqualcomm:apq8096au_firmwarequalcomm:apq8098qualcomm:apq8098_firmwarequalcomm:ipq4019qualcomm:ipq4019_firmwarequalcomm:ipq8064qualcomm:ipq8064_firmwarequalcomm:ipq8074qualcomm:ipq8074_firmwarequalcomm:mdm9206qualcomm:mdm9206_firmwarequalcomm:mdm9207cqualcomm:mdm9207c_firmwarequalcomm:mdm9607qualcomm:mdm9607_firmwarequalcomm:mdm9640qualcomm:mdm9640_firmwarequalcomm:mdm9650qualcomm:mdm9650_firmwarequalcomm:msm8917qualcomm:msm8917_firmwarequalcomm:msm8920qualcomm:msm8920_firmwarequalcomm:msm8937qualcomm:msm8937_firmwarequalcomm:msm8940qualcomm:msm8940_firmwarequalcomm:msm8953qualcomm:msm8953_firmwarequalcomm:msm8996auqualcomm:msm8996au_firmwarequalcomm:msm8998qualcomm:msm8998_firmwarequalcomm:nicobarqualcomm:nicobar_firmwarequalcomm:qca6174aqualcomm:qca6174a_firmwarequalcomm:qca6574auqualcomm:qca6574au_firmwarequalcomm:qca8081qualcomm:qca8081_firmwarequalcomm:qca9377qualcomm:qca9377_firmwarequalcomm:qca9379qualcomm:qca9379_firmwarequalcomm:qcn7605qualcomm:qcn7605_firmwarequalcomm:qcs405qualcomm:qcs405_firmwarequalcomm:qcs605qualcomm:qcs605_firmwarequalcomm:sda660qualcomm:sda660_firmwarequalcomm:sda845qualcomm:sda845_firmwarequalcomm:sdm450qualcomm:sdm450_firmwarequalcomm:sdm630qualcomm:sdm630_firmwarequalcomm:sdm636qualcomm:sdm636_firmwarequalcomm:sdm660qualcomm:sdm660_firmwarequalcomm:sdm670qualcomm:sdm670_firmwarequalcomm:sdm710qualcomm:sdm710_firmwarequalcomm:sdm845qualcomm:sdm845_firmwarequalcomm:sdx20qualcomm:sdx20_firmwarequalcomm:sdx24qualcomm:sdx24_firmwarequalcomm:sdx55qualcomm:sdx55_firmwarequalcomm:sm6150qualcomm:sm6150_firmwarequalcomm:sm7150qualcomm:sm7150_firmwarequalcomm:sm8150qualcomm:sm8150_firmwarequalcomm:sm8250qualcomm:sm8250_firmwarequalcomm:sxr1130qualcomm:sxr1130_firmwarequalcomm:sxr2130qualcomm:sxr2130_firmware

Faiblesses (CWE)

CWE-415

References

https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin(product-security@qualcomm.com)
https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.