Vulnerability Description
Out-of-bound access will occur in USB driver due to lack of check to validate the frame size passed by user in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, QCS605, SDX24
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Mdm9607 Firmware | - |
| Qualcomm | Mdm9607 | - |
| Qualcomm | Msm8909W Firmware | - |
| Qualcomm | Msm8909W | - |
| Qualcomm | Msm8917 Firmware | - |
| Qualcomm | Msm8917 | - |
| Qualcomm | Msm8920 Firmware | - |
| Qualcomm | Msm8920 | - |
| Qualcomm | Msm8937 Firmware | - |
| Qualcomm | Msm8937 | - |
| Qualcomm | Msm8940 Firmware | - |
| Qualcomm | Msm8940 | - |
| Qualcomm | Qcs605 Firmware | - |
| Qualcomm | Qcs605 | - |
| Qualcomm | Sdx24 Firmware | - |
| Qualcomm | Sdx24 | - |
Related Weaknesses (CWE)
References
- https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletiPatchVendor Advisory
- https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletiPatchVendor Advisory
FAQ
What is CVE-2019-10606?
CVE-2019-10606 is a vulnerability with a CVSS score of 7.8 (HIGH). Out-of-bound access will occur in USB driver due to lack of check to validate the frame size passed by user in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, S...
How severe is CVE-2019-10606?
CVE-2019-10606 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-10606?
Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Mdm9607 Firmware, Qualcomm Mdm9607, Qualcomm Msm8909W Firmware, Qualcomm Msm8909W, Qualcomm Msm8917 Firmware.