Skip to main content

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 30, 2019 - 16:15 nvd
CRITICAL 9.8

DescriptionNVD

Usage of hard-coded magic number for calculating heap guard bytes can allow users to corrupt heap blocks without heap algorithm knowledge in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

AnalysisAI

Usage of hard-coded magic number for calculating heap guard bytes can allow users to corrupt heap blocks without heap algorithm knowledge in Snapdragon Auto, Snapdragon Compute, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-330. Usage of hard-coded magic number for calculating heap guard bytes can allow users to corrupt heap blocks without heap algorithm knowledge in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 Affected products include: Qualcomm Mdm9205 Firmware, Qualcomm Mdm9206 Firmware, Qualcomm Mdm9607 Firmware, Qualcomm Mdm9615 Firmware, Qualcomm Mdm9625 Firmware.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-25727 CRITICAL
9.8 Nov 15

Memory Corruption in modem due to improper length check while copying into memory in Snapdragon Consumer IOT, Snapdragon

CVE-2022-25674 CRITICAL
9.8 Nov 15

Cryptographic issues in WLAN during the group key handshake of the WPA/WPA2 protocol in Snapdragon Consumer IOT, Snapdra

CVE-2022-25718 CRITICAL
9.8 Oct 19

Cryptographic issue in WLAN due to improper check on return value while authentication handshake in Snapdragon Auto, Sna

CVE-2021-1975 CRITICAL
9.8 Nov 12

Possible heap overflow due to improper length check of domain while parsing the DNS response in Snapdragon Auto, Snapdra

CVE-2021-1920 CRITICAL
9.8 Sep 08

Integer underflow can occur due to improper handling of incoming RTCP packets in Snapdragon Auto, Snapdragon Compute, Sn

CVE-2021-1916 CRITICAL
9.8 Sep 08

Possible buffer underflow due to lack of check for negative indices values when processing user provided input in Snapdr

CVE-2019-10516 CRITICAL
9.8 Dec 18

Multiple read overflows in MM while decoding service accept,service reject,attach reject and MT detach in Snapdragon Aut

CVE-2019-10500 CRITICAL
9.8 Dec 18

While processing MT Secondary PDP request, Buffer overflow will happen due to incorrect calculation of buffer size in Sn

CVE-2019-10487 CRITICAL
9.8 Dec 18

Buffer over read can happen while parsing SMS OTA messages at transport layer if network sends un-intended values in Sna

CVE-2019-2320 CRITICAL
9.8 Dec 12

Possible out of bounds write in a MT SMS/SS scenario due to improper validation of array index in Snapdragon Auto, Snapd

CVE-2019-10511 CRITICAL
9.8 Dec 12

Possibility of memory overflow while decoding GSNDCP compressed mode PDU in Snapdragon Auto, Snapdragon Compute, Snapdra

CVE-2019-2303 CRITICAL
9.8 Nov 21

SNDCP module may access array out side its boundary when it receives malformed XID message. Rated critical severity (CVS

Share

CVE-2019-2294 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy