Vulnerability Description
Lack of length check of response buffer can lead to buffer over-flow while GP command response buffer handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8017, APQ8053, APQ8098, MDM9206, MDM9607, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, QM215, SDA660, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Apq8017 Firmware | - |
| Qualcomm | Apq8017 | - |
| Qualcomm | Apq8053 Firmware | - |
| Qualcomm | Apq8053 | - |
| Qualcomm | Apq8098 Firmware | - |
| Qualcomm | Apq8098 | - |
| Qualcomm | Mdm9206 Firmware | - |
| Qualcomm | Mdm9206 | - |
| Qualcomm | Mdm9607 Firmware | - |
| Qualcomm | Mdm9607 | - |
| Qualcomm | Msm8917 Firmware | - |
| Qualcomm | Msm8917 | - |
| Qualcomm | Msm8920 Firmware | - |
| Qualcomm | Msm8920 | - |
| Qualcomm | Msm8937 Firmware | - |
| Qualcomm | Msm8937 | - |
| Qualcomm | Msm8940 Firmware | - |
| Qualcomm | Msm8940 | - |
| Qualcomm | Msm8953 Firmware | - |
| Qualcomm | Msm8953 | - |
Related Weaknesses (CWE)
References
- https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletinVendor Advisory
- https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletinVendor Advisory
FAQ
What is CVE-2019-10589?
CVE-2019-10589 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Lack of length check of response buffer can lead to buffer over-flow while GP command response buffer handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,...
How severe is CVE-2019-10589?
CVE-2019-10589 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-10589?
Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Apq8017 Firmware, Qualcomm Apq8017, Qualcomm Apq8053 Firmware, Qualcomm Apq8053, Qualcomm Apq8098 Firmware.