Skip to main content

Apq8096Au Firmware CVE-2019-10481

HIGH
Improper Validation of Array Index (CWE-129)
2019-12-18 product-security@qualcomm.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 18, 2019 - 06:15 nvd
HIGH 7.8

DescriptionNVD

Out of bound access occurs while handling the WMI FW event due to lack of check of buffer argument which comes directly from the WLAN FW in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MDM9607, MSM8996AU, QCA6574AU, QCA8081, QCN7605, SDX55, SM6150, SM7150, SM8150

AnalysisAI

Out of bound access occurs while handling the WMI FW event due to lack of check of buffer argument which comes directly from the WLAN FW in Snapdragon Auto, Snapdragon Consumer Electronics. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-129. Out of bound access occurs while handling the WMI FW event due to lack of check of buffer argument which comes directly from the WLAN FW in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MDM9607, MSM8996AU, QCA6574AU, QCA8081, QCN7605, SDX55, SM6150, SM7150, SM8150 Affected products include: Qualcomm Apq8096Au Firmware, Qualcomm Ipq4019 Firmware, Qualcomm Ipq8064 Firmware, Qualcomm Ipq8074 Firmware, Qualcomm Mdm9607 Firmware.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-25748 CRITICAL
9.8 Oct 19

Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. Rated critical severity (

CVE-2022-25720 CRITICAL
9.8 Oct 19

Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute

CVE-2022-25718 CRITICAL
9.8 Oct 19

Cryptographic issue in WLAN due to improper check on return value while authentication handshake in Snapdragon Auto, Sna

CVE-2022-25687 CRITICAL
9.8 Oct 19

memory corruption in video due to buffer overflow while parsing asf clips in Snapdragon Auto, Snapdragon Compute, Snapdr

CVE-2022-25688 CRITICAL
9.8 Sep 16

Memory corruption in video due to buffer overflow while parsing ps video clips in Snapdragon Auto, Snapdragon Compute, S

CVE-2022-22105 CRITICAL
9.8 Sep 16

Memory corruption in bluetooth due to integer overflow while processing HFP-UNIT profile in Snapdragon Auto, Snapdragon

CVE-2022-25668 CRITICAL
9.8 Sep 02

Memory corruption in video driver due to double free while parsing ASF clip in Snapdragon Auto, Snapdragon Compute, Snap

CVE-2022-25659 CRITICAL
9.8 Sep 02

Memory corruption due to buffer overflow while parsing MKV clips with invalid bitmap size in Snapdragon Auto, Snapdragon

CVE-2022-25658 CRITICAL
9.8 Sep 02

Memory corruption due to incorrect pointer arithmetic when attempting to change the endianness in video parser function

CVE-2022-25651 CRITICAL
9.8 Jun 14

Memory corruption in bluetooth host due to integer overflow while processing BT HFP-UNIT profile in Snapdragon Auto, Sna

CVE-2022-22087 CRITICAL
9.8 Jun 14

memory corruption in video due to buffer overflow while parsing mkv clip with no codechecker in Snapdragon Auto, Snapdra

CVE-2022-22086 CRITICAL
9.8 Jun 14

Memory corruption in video due to double free while parsing 3gp clip with invalid meta data atoms in Snapdragon Auto, Sn

Share

CVE-2019-10481 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy