Skip to main content

Ipq4019 Firmware CVE-2019-10499

HIGH
Improper Validation of Array Index (CWE-129)
2019-09-30 product-security@qualcomm.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 30, 2019 - 16:15 nvd
HIGH 7.8

DescriptionNVD

Improper validation of read and write index of tx and rx fifo`s before using for data copy from fifo can lead to out-of-bound access. in Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, QCS405, SD 665, SD 675, SD 730, SD 855

AnalysisAI

Improper validation of read and write index of tx and rx fifo`s before using for data copy from fifo can lead to out-of-bound access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-129. Improper validation of read and write index of tx and rx fifo`s before using for data copy from fifo can lead to out-of-bound access. in Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, QCS405, SD 665, SD 675, SD 730, SD 855 Affected products include: Qualcomm Ipq4019 Firmware, Qualcomm Ipq8064 Firmware, Qualcomm Ipq8074 Firmware, Qualcomm Qcs405 Firmware, Qualcomm Sd 665 Firmware.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2020-11117 CRITICAL POC
9.8 Sep 08

u'In the lbd service, an external user can issue a specially crafted debug command to overwrite arbitrary files with arb

CVE-2024-21473 CRITICAL
9.8 Apr 01

Memory corruption while redirecting log file to any file location with any file name. Rated critical severity (CVSS 9.8)

CVE-2023-33083 CRITICAL
9.8 Dec 05

Memory corruption in WLAN Host while processing RRM beacon on the AP. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2023-33082 CRITICAL
9.8 Dec 05

Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO IE. Rated critical seve

CVE-2021-1976 CRITICAL
9.8 Sep 17

A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snap

CVE-2021-1972 CRITICAL
9.8 Sep 08

Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Com

CVE-2021-1965 CRITICAL POC
9.8 Jul 13

Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto, Snapdrago

CVE-2020-3657 CRITICAL
9.8 Nov 02

u'Remote code execution can happen by sending a carefully crafted POST query when Device configuration is accessed from

CVE-2020-11172 CRITICAL
9.8 Nov 02

u'fscanf reads a string from a file and stores its contents on a statically allocated stack memory which leads to stack

CVE-2022-22062 CRITICAL
9.1 Sep 02

An out-of-bounds read can occur while parsing a server certificate due to improper length check in Snapdragon Auto, Snap

CVE-2021-1980 CRITICAL
9.1 Oct 20

Possible buffer over read due to lack of length check while parsing beacon IE response in Snapdragon Auto, Snapdragon Co

CVE-2025-47339 HIGH
7.8 Jan 07

Memory corruption while deinitializing a HDCP session. [CVSS 7.8 HIGH]

Share

CVE-2019-10499 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy