CVE-2019-2309

CVE Database · CVE-2019-2309

CVE-2019-2309

· N/AModified

CVSS v3.1

N/A

EPSS

0.74%

Published

Jul 25, 2019

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

While storing calibrated data from firmware in cache, An integer overflow may occur since data length received may exceed real data length. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SDM660, SDX20

Weaknesses (CWE)

CWE-190

Affected Products (48)

qualcomm · mdm9150_firmwarevulnerable

qualcomm · mdm9150

qualcomm · mdm9206_firmwarevulnerable

qualcomm · mdm9206

qualcomm · mdm9607_firmwarevulnerable

qualcomm · mdm9607

qualcomm · mdm9640_firmwarevulnerable

qualcomm · mdm9640

qualcomm · mdm9650_firmwarevulnerable

qualcomm · mdm9650

qualcomm · msm8996au_firmwarevulnerable

· msm8996au

References (2)

https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin

PatchThird Party Advisory

https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin

PatchThird Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs