CVE-2019-10520

CVE Database · CVE-2019-10520

CVE-2019-10520

· MEDIUMModified

CVSS v3.1

5.5

EPSS

0.17%

Published

Dec 12, 2019

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An unprivileged application can allocate GPU memory by calling memory allocation ioctl function and can exhaust all the memory which results in out of memory in Snapdragon Mobile, Snapdragon Voice & Music in QCS405, SD 210/SD 212/SD 205, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Weaknesses (CWE)

CWE-772

Affected Products (26)

qualcomm · qcs405_firmwarevulnerable

qualcomm · qcs405

qualcomm · sd_210_firmwarevulnerable

qualcomm · sd_210

qualcomm · sd_212_firmwarevulnerable

qualcomm · sd_212

qualcomm · sd_205_firmwarevulnerable

qualcomm · sd_205

qualcomm · sd_665_firmwarevulnerable

qualcomm · sd_665

qualcomm · sd_675_firmwarevulnerable

· sd_675

References (2)

https://source.android.com/security/bulletin/pixel/2019-11-01

PatchThird Party Advisory

https://source.android.com/security/bulletin/pixel/2019-11-01

PatchThird Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs