Vulnerability Description
An unprivileged application can allocate GPU memory by calling memory allocation ioctl function and can exhaust all the memory which results in out of memory in Snapdragon Mobile, Snapdragon Voice & Music in QCS405, SD 210/SD 212/SD 205, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Qcs405 Firmware | - |
| Qualcomm | Qcs405 | - |
| Qualcomm | Sd 210 Firmware | - |
| Qualcomm | Sd 210 | - |
| Qualcomm | Sd 212 Firmware | - |
| Qualcomm | Sd 212 | - |
| Qualcomm | Sd 205 Firmware | - |
| Qualcomm | Sd 205 | - |
| Qualcomm | Sd 665 Firmware | - |
| Qualcomm | Sd 665 | - |
| Qualcomm | Sd 675 Firmware | - |
| Qualcomm | Sd 675 | - |
| Qualcomm | Sd 712 Firmware | - |
| Qualcomm | Sd 712 | - |
| Qualcomm | Sd 710 Firmware | - |
| Qualcomm | Sd 710 | - |
| Qualcomm | Sd 670 Firmware | - |
| Qualcomm | Sd 670 | - |
| Qualcomm | Sd 730 Firmware | - |
| Qualcomm | Sd 730 | - |
Related Weaknesses (CWE)
References
- https://source.android.com/security/bulletin/pixel/2019-11-01PatchThird Party Advisory
- https://source.android.com/security/bulletin/pixel/2019-11-01PatchThird Party Advisory
FAQ
What is CVE-2019-10520?
CVE-2019-10520 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An unprivileged application can allocate GPU memory by calling memory allocation ioctl function and can exhaust all the memory which results in out of memory in Snapdragon Mobile, Snapdragon Voice & M...
How severe is CVE-2019-10520?
CVE-2019-10520 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-10520?
Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Qcs405 Firmware, Qualcomm Qcs405, Qualcomm Sd 210 Firmware, Qualcomm Sd 210, Qualcomm Sd 212 Firmware.