CVE-2019-2249

CVE Database · CVE-2019-2249

CVE-2019-2249

· CRITICALModified

CVSS v3.1

9.8

EPSS

1.43%

Published

Nov 6, 2019

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Kernel can do a memory read from arbitrary address passed by user during execution of a syscall in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9205, MDM9650, QCA8081, QCS605, SD 427, SD 435, SD 450, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-125

Affected Products (54)

qualcomm · ipq8074_firmwarevulnerable

qualcomm · ipq8074

qualcomm · mdm9205_firmwarevulnerable

qualcomm · mdm9205

qualcomm · mdm9650_firmwarevulnerable

qualcomm · mdm9650

qualcomm · qca8081_firmwarevulnerable

qualcomm · qca8081

qualcomm · qcs605_firmwarevulnerable

qualcomm · qcs605

qualcomm · sd_427_firmwarevulnerable

· sd_427

References (2)

https://source.android.com/security/bulletin/

Vendor Advisory

https://source.android.com/security/bulletin/

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs