Buffer overflow due to improper validation of buffer size while IPA driver processing to perform read operation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24
Vector
LOCAL
Complexity
LOW
Authentication
NONE
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL
Qualcomm Mdm9150 firmware - (not an official CPE)
Qualcomm Mdm9607 firmware - (not an official CPE)
Qualcomm Mdm9650 firmware - (not an official CPE)
Qualcomm Msm8909w firmware - (not an official CPE)
Qualcomm Msm8996au firmware - (not an official CPE)
Qualcomm Qcs605 firmware - (not an official CPE)
Qualcomm Qualcomm 215 firmware - (not an official CPE)
Qualcomm Sd 205 firmware - (not an official CPE)
Qualcomm Sd 210 firmware - (not an official CPE)
Qualcomm Sd 212 firmware - (not an official CPE)
Qualcomm Sd 425 firmware - (not an official CPE)
Qualcomm Sd 427 firmware - (not an official CPE)
Qualcomm Sd 429 firmware - (not an official CPE)
Qualcomm Sd 430 firmware - (not an official CPE)
Qualcomm Sd 435 firmware - (not an official CPE)
Qualcomm Sd 439 firmware - (not an official CPE)
Qualcomm Sd 450 firmware - (not an official CPE)
Qualcomm Sd 625 firmware - (not an official CPE)
Qualcomm Sd 632 firmware - (not an official CPE)
Qualcomm Sd 636 firmware - (not an official CPE)
Qualcomm Sd 665 firmware - (not an official CPE)
Qualcomm Sd 670 firmware - (not an official CPE)
Qualcomm Sd 675 firmware - (not an official CPE)
Qualcomm Sd 710 firmware - (not an official CPE)
Qualcomm Sd 712 firmware - (not an official CPE)
Qualcomm Sd 730 firmware - (not an official CPE)
Qualcomm Sd 820 firmware - (not an official CPE)
Qualcomm Sd 820a firmware - (not an official CPE)
Qualcomm Sd 835 firmware - (not an official CPE)
Qualcomm Sd 845 firmware - (not an official CPE)
Qualcomm Sd 850 firmware - (not an official CPE)
Qualcomm Sd 855 firmware - (not an official CPE)
Qualcomm Sda660 firmware - (not an official CPE)
Qualcomm Sdm439 firmware - (not an official CPE)
Qualcomm Sdm630 firmware - (not an official CPE)
Qualcomm Sdm660 firmware - (not an official CPE)
Qualcomm Sdx20 firmware - (not an official CPE)
Qualcomm Sdx24 firmware - (not an official CPE)
Qualcomm - Mdm9150 firmware
Qualcomm - Mdm9607 firmware
Qualcomm - Mdm9650 firmware
Qualcomm - Msm8909w firmware
Qualcomm - Msm8996au firmware
Qualcomm - Qcs605 firmware
Qualcomm - Qualcomm 215 firmware
Qualcomm - Sd 205 firmware
Qualcomm - Sd 210 firmware
Qualcomm - Sd 212 firmware
Qualcomm - Sd 425 firmware
Qualcomm - Sd 427 firmware
Qualcomm - Sd 429 firmware
Qualcomm - Sd 430 firmware
Qualcomm - Sd 435 firmware
Qualcomm - Sd 439 firmware
Qualcomm - Sd 450 firmware
Qualcomm - Sd 625 firmware
Qualcomm - Sd 632 firmware
Qualcomm - Sd 636 firmware
Qualcomm - Sd 665 firmware
Qualcomm - Sd 670 firmware
Qualcomm - Sd 675 firmware
Qualcomm - Sd 710 firmware
Qualcomm - Sd 712 firmware
Qualcomm - Sd 730 firmware
Qualcomm - Sd 820 firmware
Qualcomm - Sd 820a firmware
Qualcomm - Sd 835 firmware
Qualcomm - Sd 845 firmware
Qualcomm - Sd 850 firmware
Qualcomm - Sd 855 firmware
Qualcomm - Sda660 firmware
Qualcomm - Sdm439 firmware
Qualcomm - Sdm630 firmware
Qualcomm - Sdm660 firmware
Qualcomm - Sdx20 firmware
Qualcomm - Sdx24 firmware
Advisory | Patch | Confirmed | Link |
---|---|---|---|
https://www.codeaurora.org/security-bulletin/2019/08/05/... |
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (ID 120)
Related CAPEC 13
Buffer Overflow via Environment Variables (CAPEC-ID 10)
Overflow Buffers (CAPEC-ID 100)
Client-side Injection-induced Buffer Overflow (CAPEC-ID 14)
Filter Failure through Buffer Overflow (CAPEC-ID 24)
MIME Conversion (CAPEC-ID 42)
Overflow Binary Resource File (CAPEC-ID 44)
Buffer Overflow via Symbolic Links (CAPEC-ID 45)
Overflow Variables and Tags (CAPEC-ID 46)
Buffer Overflow via Parameter Expansion (CAPEC-ID 47)
String Format Overflow in syslog() (CAPEC-ID 67)
Buffer Overflow in an API Call (CAPEC-ID 8)
Buffer Overflow in Local Command-Line Utilities (CAPEC-ID 9)
Forced Integer Overflow (CAPEC-ID 92)