Vulnerability Description
Out of bound memory access can happen while parsing ADSP message due to lack of check of size of payload received from userspace in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8096AU, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, QCN7605, QCS605, SC8180X, SDM710, SDX24, SDX55, SM8150, SM8250, SXR2130
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Apq8009 Firmware | - |
| Qualcomm | Apq8009 | - |
| Qualcomm | Apq8096Au Firmware | - |
| Qualcomm | Apq8096Au | - |
| Qualcomm | Ipq4019 Firmware | - |
| Qualcomm | Ipq4019 | - |
| Qualcomm | Ipq6018 Firmware | - |
| Qualcomm | Ipq6018 | - |
| Qualcomm | Ipq8064 Firmware | - |
| Qualcomm | Ipq8064 | - |
| Qualcomm | Ipq8074 Firmware | - |
| Qualcomm | Ipq8074 | - |
| Qualcomm | Mdm9206 Firmware | - |
| Qualcomm | Mdm9206 | - |
| Qualcomm | Mdm9207C Firmware | - |
| Qualcomm | Mdm9207C | - |
| Qualcomm | Mdm9607 Firmware | - |
| Qualcomm | Mdm9607 | - |
| Qualcomm | Mdm9640 Firmware | - |
| Qualcomm | Mdm9640 | - |
Related Weaknesses (CWE)
References
- https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletinPatchVendor Advisory
- https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletinPatchVendor Advisory
FAQ
What is CVE-2019-10622?
CVE-2019-10622 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Out of bound memory access can happen while parsing ADSP message due to lack of check of size of payload received from userspace in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics...
How severe is CVE-2019-10622?
CVE-2019-10622 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-10622?
Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Apq8009 Firmware, Qualcomm Apq8009, Qualcomm Apq8096Au Firmware, Qualcomm Apq8096Au, Qualcomm Ipq4019 Firmware.