Skip to main content

Qcs605 Firmware CVE-2019-10545

MEDIUM
NULL Pointer Dereference (CWE-476)
2019-12-12 product-security@qualcomm.com
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 12, 2019 - 09:15 nvd
MEDIUM 5.5

DescriptionNVD

Null pointer dereference issue in kernel due to missing check related to LLC support in GPU in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS605, SDM670, SDM710, SM6150, SM7150, SM8150

AnalysisAI

Null pointer dereference issue in kernel due to missing check related to LLC support in GPU in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Technical ContextAI

This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. Null pointer dereference issue in kernel due to missing check related to LLC support in GPU in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS605, SDM670, SDM710, SM6150, SM7150, SM8150 Affected products include: Qualcomm Qcs605 Firmware, Qualcomm Sdm670 Firmware, Qualcomm Sdm710 Firmware, Qualcomm Sm6150 Firmware, Qualcomm Sm7150 Firmware.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.

CVE-2020-11208 HIGH POC
7.8 Nov 12

Out of Bound issue in DSP services while processing received arguments due to improper validation of length received as

CVE-2020-11202 HIGH POC
7.8 Nov 12

Buffer overflow/underflow occurs when typecasting the buffer passed by CPU internally in the library which is not aligne

CVE-2020-11201 HIGH POC
7.8 Nov 12

Arbitrary access to DSP memory due to improper check in loaded library for data received from CPU side' in Snapdragon Au

CVE-2023-28543 CRITICAL
9.8 Sep 05

A malformed DLC can trigger Memory Corruption in SNPE library due to out of bounds read, such as by loading an untrusted

CVE-2022-33234 CRITICAL
9.8 Nov 15

Memory corruption in video due to configuration weakness. Rated critical severity (CVSS 9.8), this vulnerability is remo

CVE-2022-25748 CRITICAL
9.8 Oct 19

Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. Rated critical severity (

CVE-2022-25720 CRITICAL
9.8 Oct 19

Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute

CVE-2022-25687 CRITICAL
9.8 Oct 19

memory corruption in video due to buffer overflow while parsing asf clips in Snapdragon Auto, Snapdragon Compute, Snapdr

CVE-2022-25688 CRITICAL
9.8 Sep 16

Memory corruption in video due to buffer overflow while parsing ps video clips in Snapdragon Auto, Snapdragon Compute, S

CVE-2022-25668 CRITICAL
9.8 Sep 02

Memory corruption in video driver due to double free while parsing ASF clip in Snapdragon Auto, Snapdragon Compute, Snap

CVE-2022-25659 CRITICAL
9.8 Sep 02

Memory corruption due to buffer overflow while parsing MKV clips with invalid bitmap size in Snapdragon Auto, Snapdragon

CVE-2022-25658 CRITICAL
9.8 Sep 02

Memory corruption due to incorrect pointer arithmetic when attempting to change the endianness in video parser function

Share

CVE-2019-10545 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy