This security bulletin is intended to help Qualcomm Technologies, Inc. (QTI) customers incorporate security updates in launched or upcoming devices. This document includes (i) a description of security vulnerabilities that have been addressed in QTI’s proprietary code and (ii) links to related code that has been contributed to Code Aurora Forum (CAF), a Linux Foundation Collaborative Project, to address security vulnerabilities for customers who incorporate Linux-based software from CAF into their devices.
Please reach out to securitybulletin@qti.qualcomm.com for any questions related to this bulletin.
We have discontinued publication of the open source public bulletin at https://www.codeaurora.org/security-advisories/security-bulletins. Starting from September 2019, we will have one single monthly bulletin listing both open-source and closed-source vulnerabilities
We would like to thank these researchers for their contributions in reporting these issues to us.
| CVE-2019-10520 | Seyed Mohammadjavad Seyed Talebi (mjavad) |
| CVE-2019-10513 | Lee Harrison and Hayawardh Vijayakumar, Samsung Knox Security |
| CVE-2019-10502 | Pengfei Ding(丁鹏飞) of Huawei Mobile Security Lab |
| CVE-2019-10504 | Mathieu Cunche, Célestin Matte, Mathy Vanhoef |
| CVE-2019-10521,CVE-2019-10530 | Reported to us through Google Android Security team; please see Android Security Bulletins for individual credit information. For issues rated medium or lower, the individual credit information may appear in a future Android major release bulletin. |
| CVE-2019-10529 | Jann Horn of Google Project Zero |
| CVE-2019-10542 | Gengjia Chen ( @chengjia4574 ), pjf (weibo.com/jfpan) of IceSword Lab, Qihoo 360 Technology Co. Ltd. |
| CVE-2019-2258 | heidada (heiheidada) |
| CVE-2019-2324, CVE-2019-2325 |
Peter Pi of Tencent |
This table summarizes security vulnerabilities that were addressed through proprietary software
|
Public ID |
Security Rating |
Technology Area |
Date Reported |
|
High |
Video |
Internal |
|
|
High |
Video |
Internal |
|
|
High |
Video |
Internal |
|
|
High |
WLAN Firmware |
02/22/2017 |
|
|
High |
Video |
Internal |
|
|
Critical |
Video |
Internal |
|
|
High |
Video |
Internal |
|
|
High |
Video |
Internal |
|
|
High |
KERNEL |
Internal |
|
|
High |
KERNEL |
Internal |
|
|
Critical |
1x |
09/04/2018 |
|
|
High |
HLOS |
Internal |
|
|
High |
Video |
Internal |
|
CVE ID |
CVE-2019-10488 |
|
Title |
Null Pointer Dereference Issue in Video |
|
Description |
Null pointer dereference can occur while parsing invalid chunks while playing the nonstandard clip |
|
Technology Area |
Video |
|
Vulnerability Type |
CWE-476 NULL Pointer Dereference |
|
Access Vector |
Remote |
|
Security Rating |
High |
|
Date Reported |
Internal |
|
Customer Notified Date |
05/06/2019 |
|
Affected Chipsets |
MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20 |
|
CVE ID |
CVE-2019-10495 |
|
Title |
Improper Input Validation issue in Video |
|
Description |
Arbitrary buffer write issue while processing sequence header during HEVC or AVC encoding. |
|
Technology Area |
Video |
|
Vulnerability Type |
CWE-20 Improper Input Validation |
|
Access Vector |
Local |
|
Security Rating |
High |
|
Date Reported |
Internal |
|
Customer Notified Date |
05/06/2019 |
|
Affected Chipsets |
MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 |
|
CVE ID |
CVE-2019-10496 |
|
Title |
Integer Overflow to Buffer Overflow Issue in Video |
|
Description |
Lack of checking a variable received from driver and populating in Firmware data structure leads to buffer overflow |
|
Technology Area |
Video |
|
Vulnerability Type |
CWE-680 Integer Overflow to Buffer Overflow |
|
Access Vector |
Local |
|
Security Rating |
High |
|
Date Reported |
Internal |
|
Customer Notified Date |
05/06/2019 |
|
Affected Chipsets |
MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 |
|
CVE ID |
CVE-2019-10504 |
|
Title |
Uncontrolled Resource Consumption Issue in WLAN Module |
|
Description |
Firmware not able to send EXT scan response to host within 1 sec due to resource consumption issue |
|
Technology Area |
WLAN Firmware |
|
Vulnerability Type |
CWE-310 Cryptographic Issues, CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion') |
|
Access Vector |
Remote |
|
Security Rating |
High |
|
Date Reported |
02/22/2017 |
|
Customer Notified Date |
06/03/2019 |
|
Affected Chipsets |
MDM9206, MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016 |
|
CVE ID |
CVE-2019-10522 |
|
Title |
Buffer Copy Without Checking Size of Input issue in Video |
|
Description |
While playing the clip which is nonstandard buffer overflow can occur while parsing |
|
Technology Area |
Video |
|
Vulnerability Type |
CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow') |
|
Access Vector |
Remote |
|
Security Rating |
High |
|
Date Reported |
Internal |
|
Customer Notified Date |
06/03/2019 |
|
Affected Chipsets |
MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20 |
|
CVE ID |
CVE-2019-10533 |
|
Title |
Improper Validation of Array Index in Video |
|
Description |
Out of bound access due to improper validation of array index cause the index table entry to get corrupt |
|
Technology Area |
Video |
|
Vulnerability Type |
CWE-129 Improper Validation of Array Index |
|
Access Vector |
Remote |
|
Security Rating |
Critical |
|
Date Reported |
Internal |
|
Customer Notified Date |
06/03/2019 |
|
Affected Chipsets |
MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20 |
|
CVE ID |
CVE-2019-10534 |
|
Title |
Null Pointer Dereference Issue in Video |
|
Description |
Null-pointer dereference can occur while accessing the super index entry when it is not been allocated |
|
Technology Area |
Video |
|
Vulnerability Type |
CWE-476 NULL Pointer Dereference |
|
Access Vector |
Remote |
|
Security Rating |
High |
|
Date Reported |
Internal |
|
Customer Notified Date |
06/03/2019 |
|
Affected Chipsets |
MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20 |
|
CVE ID |
CVE-2019-10541 |
|
Title |
Use of Uninitialized Variable in Video |
|
Description |
Dereference on uninitialized buffer can happen when parsing FLV clip with corrupted codec specific data |
|
Technology Area |
Video |
|
Vulnerability Type |
CWE-457 Use of Uninitialized Variable |
|
Access Vector |
Remote |
|
Security Rating |
High |
|
Date Reported |
Internal |
|
Customer Notified Date |
06/03/2019 |
|
Affected Chipsets |
MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20 |
|
CVE ID |
CVE-2019-2246 |
|
Title |
Improper Input Validation in Kernel |
|
Description |
Thread start can cause invalid memory writes to arbitrary memory location since the argument is passed by user to kernel |
|
Technology Area |
KERNEL |
|
Vulnerability Type |
CWE-20 Improper Input Validation |
|
Access Vector |
Local |
|
Security Rating |
High |
|
Date Reported |
Internal |
|
Customer Notified Date |
03/04/2019 |
|
Affected Chipsets |
MDM9205, MDM9640, MSM8996AU, QCA6574, QCS605, Qualcomm 215, SD 425, SD 427, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016, SXR1130 |
|
CVE ID |
CVE-2019-2249 |
|
Title |
Improper Input Validation in Kernel |
|
Description |
Kernel can do a memory read from arbitrary address passed by user during execution of a syscall |
|
Technology Area |
KERNEL |
|
Vulnerability Type |
CWE-20 Improper Input Validation |
|
Access Vector |
Local |
|
Security Rating |
High |
|
Date Reported |
Internal |
|
Customer Notified Date |
05/06/2019 |
|
Affected Chipsets |
IPQ8074, MDM9205, MDM9650, QCA8081, QCS605, SD 427, SD 435, SD 450, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130 |
|
CVE ID |
CVE-2019-2258 |
|
Title |
Improper Validation of Array Index in MMCP |
|
Description |
Improper validation of array index causes OOB write and then leads to memory corruption in MMCP |
|
Technology Area |
1x |
|
Vulnerability Type |
CWE-129 Improper Validation of Array Index |
|
Access Vector |
Remote |
|
Security Rating |
Critical |
|
Date Reported |
09/04/2018 |
|
Customer Notified Date |
02/04/2019 |
|
Affected Chipsets |
MDM9150, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130 |
|
CVE ID |
CVE-2019-2275 |
|
Title |
Possible Buffer Overflow in Keymaster Key Deserialization |
|
Description |
While deserializing any key blob during key operations, buffer overflow could occur exposing partial key information if any key operations are invoked(Depends on CVE-2018-13907) |
|
Technology Area |
HLOS |
|
Vulnerability Type |
CWE-20 Improper Input Validation |
|
Access Vector |
Local |
|
Security Rating |
High |
|
Date Reported |
Internal |
|
Customer Notified Date |
03/04/2019 |
|
Affected Chipsets |
MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS404, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 |
|
CVE ID |
CVE-2019-2285 |
|
Title |
Improper Restriction of Operation Within the Bounds of a memory Buffer in Video |
|
Description |
Out of bound write issue is observed while giving information about properties that have been set so far for playing video |
|
Technology Area |
Video |
|
Vulnerability Type |
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer |
|
Access Vector |
Local |
|
Security Rating |
High |
|
Date Reported |
Internal |
|
Customer Notified Date |
05/06/2019 |
|
Affected Chipsets |
MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 |
This table summarizes security vulnerabilities that were addressed through open source software located at the corresponding open source project links
|
Public ID |
Security Rating |
Technology Area |
Date Reported |
|
High |
Audio |
Internal |
|
|
Medium |
Multimedia |
02/13/2019 |
|
|
High |
WLAN HOST, IoT Platform |
Internal |
|
|
High |
Audio |
Internal |
|
|
High |
Core Services |
Internal |
|
|
Medium |
Graphics |
02/20/2019 |
|
|
Medium |
Kernel |
02/20/2019 |
|
|
Medium |
GPS HLOS Driver |
03/07/2019 |
|
|
High |
Multimedia |
Internal |
|
|
Medium |
Core Services |
Internal |
|
|
High |
Graphics |
04/24/2019 |
|
|
Medium |
Kernel |
01/03/2019 |
|
|
High |
HLOS |
Internal |
|
|
Medium |
WLAN HOST |
08/23/2018 |
|
|
High |
Qualcomm IPC |
Internal |
|
|
High |
HLOS |
Internal |
|
|
High |
Audio |
12/04/2018 |
|
|
High |
Audio |
12/04/2018 |
|
|
High |
Audio |
Internal |
|
|
High |
Audio |
Internal |
|
CVE ID |
CVE-2019-10491 |
|
Title |
Buffer Copy Without Checking Size of Input in Audio |
|
Description |
ADSP can be compromised since it`s a general-purpose CPU processing untrusted data |
|
Technology Area |
Audio |
|
Vulnerability Type |
CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow') |
|
Access Vector |
Local |
|
Security Rating |
High |
|
Date Reported |
Internal |
|
Customer Notified Date |
05/06/2019 |
|
Affected Chipsets |
IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 |
|
Patch |
|
CVE ID |
CVE-2019-10502 |
|
Title |
Use of Out-of-range Pointer Offset in Automotive Multimedia |
|
Description |
Possible stack overflow when an index equal to io buffer size is accessed in camera module |
|
Technology Area |
Multimedia |
|
Vulnerability Type |
CWE-823 Use of Out-of-range Pointer Offset |
|
Access Vector |
Local |
|
Security Rating |
Medium |
|
Date Reported |
02/13/2019 |
|
Customer Notified Date |
06/03/2019 |
|
Affected Chipsets |
MSM8909W, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855, SDM439, SDX24 |
|
Patch |
|
CVE ID |
CVE-2019-10505 |
|
Title |
Buffer Over-read in WLAN |
|
Description |
Out of bound access while processing a non-standard IE measurement request with length crossing past the size of frame |
|
Technology Area |
WLAN HOST, IoT Platform |
|
Vulnerability Type |
CWE-126 Buffer Over-read |
|
Access Vector |
Remote |
|
Security Rating |
High |
|
Date Reported |
Internal |
|
Customer Notified Date |
05/06/2019 |
|
Affected Chipsets |
MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS405, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 |
|
Patch |
|
CVE ID |
CVE-2019-10512 |
|
Title |
Improper Validation of Array Index in Audio |
|
Description |
Payload size is not checked before using it as array index in audio |
|
Technology Area |
Audio |
|
Vulnerability Type |
CWE-129 Improper Validation of Array Index |
|
Access Vector |
Local |
|
Security Rating |
High |
|
Date Reported |
Internal |
|
Customer Notified Date |
06/03/2019 |
|
Affected Chipsets |
IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SXR1130 |
|
Patch |
|
CVE ID |
CVE-2019-10515 |
|
Title |
Use After Free Issue in DIAG Services |
|
Description |
DCI client which might be preemptively freed up might be accessed for transferring packets leading to kernel error |
|
Technology Area |
Core Services |
|
Vulnerability Type |
CWE-416 Use After Free |
|
Access Vector |
Local |
|
Security Rating |
High |
|
Date Reported |
Internal |
|
Customer Notified Date |
06/03/2019 |
|
Affected Chipsets |
MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 |
|
Patch |
|
CVE ID |
CVE-2019-10519 |
|
Title |
Use of Out-of-range Pointer Offset in Graphics |
|
Description |
Integer truncation issue leads to kernel error in kernel memory allocation when receiving large size without bound check |
|
Technology Area |
Graphics |
|
Vulnerability Type |
CWE-823 Use of Out-of-range Pointer Offset |
|
Access Vector |
Local |
|
Security Rating |
Medium |
|
Date Reported |
02/20/2019 |
|
Customer Notified Date |
06/03/2019 |
|
Affected Chipsets |
MDM9640, SD 210/SD 212/SD 205, SD 615/16/SD 415, SD 820A |
|
Patch |
|
CVE ID |
CVE-2019-10520 |
|
Title |
Uncontrolled Resource Consumption in Kernel Memory |
|
Description |
An unprivileged application can allocate GPU memory by calling memory allocation ioctl function and can exhaust all the memory which results in out of memory |
|
Technology Area |
Kernel |
|
Vulnerability Type |
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion') |
|
Access Vector |
Local |
|
Security Rating |
Medium |
|
Date Reported |
02/20/2019 |
|
Customer Notified Date |
06/03/2019 |
|
Affected Chipsets |
QCS405, SD 210/SD 212/SD 205, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855 |
|
Patch |
|
CVE ID |
CVE-2019-10521 |
|
Title |
Integer Overflow To Buffer Overflow Issue in GPS |
|
Description |
By passing an APN name that is INT_MAX in size to int will lead to integer overflow and then to buffer overflow |
|
Technology Area |
GPS HLOS Driver |
|
Vulnerability Type |
CWE-680 Integer Overflow to Buffer Overflow |
|
Access Vector |
Local |
|
Security Rating |
Medium |
|
Date Reported |
03/07/2019 |
|
Customer Notified Date |
06/03/2019 |
|
Affected Chipsets |
MDM9150, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX24 |
|
Patch |
|
CVE ID |
CVE-2019-10524 |
|
Title |
Use After Free Issue in Camera |
|
Description |
Lack of check for a negative value returned for get_clk is wrongly interpreted as valid pointer and lead to use after free in clk driver |
|
Technology Area |
Multimedia |
|
Vulnerability Type |
CWE-416 Use After Free |
|
Access Vector |
Local |
|
Security Rating |
High |
|
Date Reported |
Internal |
|
Customer Notified Date |
06/03/2019 |
|
Affected Chipsets |
MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 |
|
Patch |
|
CVE ID |
CVE-2019-10528 |
|
Title |
Use After Free Issue in Diag Services |
|
Description |
Use after free issue in kernel while accessing freed mdlog session info and its attributes after closing the session |
|
Technology Area |
Core Services |
|
Vulnerability Type |
CWE-416 Use After Free |
|
Access Vector |
Local |
|
Security Rating |
Medium |
|
Date Reported |
Internal |
|
Customer Notified Date |
06/03/2019 |
|
Affected Chipsets |
MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 730, SD 820, SD 820A, SD 835, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24 |
|
Patch |
|
CVE ID |
CVE-2019-10529 |
|
Title |
Use After Free Issue in Graphics |
|
Description |
Possible use after free issue due to race condition while attempting to mark the entry pages as dirty using function set_page_dirty() |
|
Technology Area |
Graphics |
|
Vulnerability Type |
CWE-416 Use After Free |
|
Access Vector |
Local |
|
Security Rating |
High |
|
Date Reported |
04/24/2019 |
|
Customer Notified Date |
06/03/2019 |
|
Affected Chipsets |
MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 |
|
Patch |
|
CVE ID |
CVE-2019-10530 |
|
Title |
Integer Overflow to Buffer Overflow Issue in Kernel |
|
Description |
Lack of check of data truncation on user supplied data in kernel leads to buffer overflow |
|
Technology Area |
Kernel |
|
Vulnerability Type |
CWE-680 Integer Overflow to Buffer Overflow |
|
Access Vector |
Local |
|
Security Rating |
Medium |
|
Date Reported |
01/03/2019 |
|
Customer Notified Date |
06/03/2019 |
|
Affected Chipsets |
MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 |
|
Patch |
|
CVE ID |
CVE-2019-10531 |
|
Title |
Improper Input Validation in HLOS |
|
Description |
Incorrect reading of system image resulting in buffer overflow when size of system image is increased |
|
Technology Area |
HLOS |
|
Vulnerability Type |
CWE-20 Improper Input Validation |
|
Access Vector |
Local |
|
Security Rating |
High |
|
Date Reported |
Internal |
|
Customer Notified Date |
06/03/2019 |
|
Affected Chipsets |
MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SDM439 |
|
Patch |
https://source.codeaurora.org/quic/le/kernel/lk/commit/?id=3b25c436f664c8a48be09c595690055ac9dc74d2 https://source.codeaurora.org/quic/le/kernel/lk/commit/?id=5c317dc1ff2d6f305398bfa4c4e5078984a73215 |
|
CVE ID |
CVE-2019-10542 |
|
Title |
Buffer Copy Without Checking Size of Input in WLAN HOST |
|
Description |
Buffer over-read may occur when downloading a corrupted firmware file that has chunk length in header which doesn`t match the contents |
|
Technology Area |
WLAN HOST |
|
Vulnerability Type |
CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow') |
|
Access Vector |
Local |
|
Security Rating |
Medium |
|
Date Reported |
08/23/2018 |
|
Customer Notified Date |
06/03/2019 |
|
Affected Chipsets |
MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 845 / SD 850, SDX20 |
|
Patch |
|
CVE ID |
CVE-2019-2283 |
|
Title |
Improper Input Validation in KERNEL |
|
Description |
Improper validation of read and write index of tx and rx fifo`s before calculating pointer can lead to out-of-bound access |
|
Technology Area |
Qualcomm IPC |
|
Vulnerability Type |
CWE-20 Improper Input Validation |
|
Access Vector |
Local |
|
Security Rating |
High |
|
Date Reported |
Internal |
|
Customer Notified Date |
03/04/2019 |
|
Affected Chipsets |
MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 |
|
Patch |
|
CVE ID |
CVE-2019-2323 |
|
Title |
Improper Input Validation Issue in HLOS |
|
Description |
Lack of check to ensure crypto engine data passed by user is initialized can result in bus error. |
|
Technology Area |
HLOS |
|
Vulnerability Type |
CWE-20 Improper Input Validation |
|
Access Vector |
Local |
|
Security Rating |
High |
|
Date Reported |
Internal |
|
Customer Notified Date |
05/06/2019 |
|
Affected Chipsets |
MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 |
|
Patch |
|
CVE ID |
CVE-2019-2324 |
|
Title |
Improper Validation of Array Index in Audio |
|
Description |
When ADSP is compromised, the audio port index that`s returned from ADSP might be out of the valid range and leads to out of boundary access |
|
Technology Area |
Audio |
|
Vulnerability Type |
CWE-129 Improper Validation of Array Index |
|
Access Vector |
Local |
|
Security Rating |
High |
|
Date Reported |
12/04/2018 |
|
Customer Notified Date |
05/06/2019 |
|
Affected Chipsets |
MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 845 / SD 850, SD 855, SDX20, SDX24 |
|
Patch |
|
CVE ID |
CVE-2019-2325 |
|
Title |
Improper Validation of Array Index in Audio Driver |
|
Description |
Out of boundary access due to token received from ADSP and is used without validation as an index into the array |
|
Technology Area |
Audio |
|
Vulnerability Type |
CWE-129 Improper Validation of Array Index |
|
Access Vector |
Local |
|
Security Rating |
High |
|
Date Reported |
12/04/2018 |
|
Customer Notified Date |
05/06/2019 |
|
Affected Chipsets |
MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 |
|
Patch |
|
CVE ID |
CVE-2019-2331 |
|
Title |
Integer Overflow or Wraparound Issue in Audio |
|
Description |
Possible Integer overflow because of subtracting two integers without checking if the result would overflow or not |
|
Technology Area |
Audio |
|
Vulnerability Type |
CWE-190 Integer Overflow or Wraparound |
|
Access Vector |
Local |
|
Security Rating |
High |
|
Date Reported |
Internal |
|
Customer Notified Date |
05/06/2019 |
|
Affected Chipsets |
MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 |
|
Patch |
|
CVE ID |
CVE-2019-2332 |
|
Title |
Improper Validation of Array Index in Audio |
|
Description |
Memory corruption while accessing the memory as payload size is not validated before access |
|
Technology Area |
Audio |
|
Vulnerability Type |
CWE-129 Improper Validation of Array Index |
|
Access Vector |
Local |
|
Security Rating |
High |
|
Date Reported |
Internal |
|
Customer Notified Date |
05/06/2019 |
|
Affected Chipsets |
MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 |
|
Patch |
Security ratings of issues included in Android security bulletins and these bulletins match in the most common scenarios but may differ in some cases due to one of the following reasons:
Version History
|
Version |
Date |
Comments |
|
1.0 |
September 3, 2019 |
Bulletin Published |
All Qualcomm products mentioned herein are products of Qualcomm Technologies, Inc. and/or its subsidiaries.
Qualcomm is a trademark of Qualcomm Incorporated, registered in the United States and other countries. Other product and brand names may be trademarks or registered trademarks of their respective owners.
This technical data may be subject to U.S. and international export, re-export, or transfer (“export”) laws. Diversion contrary to U.S. and international law is strictly prohibited.
©2020 Qualcomm Technologies, Inc. and/or its affiliated companies.