CVE-2019-2263 — HIGH (7.8) — White Hats Nepal

Vulnerability Description

Access to freed memory can happen while reading from diag driver due to use after free issue in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA9531, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDM660, SDX20, Snapdragon_High_Med_2016

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Qualcomm	Ipq4019 Firmware	-
Qualcomm	Ipq4019	-
Qualcomm	Ipq8064 Firmware	-
Qualcomm	Ipq8064	-
Qualcomm	Mdm9206 Firmware	-
Qualcomm	Mdm9206	-
Qualcomm	Mdm9607 Firmware	-
Qualcomm	Mdm9607	-
Qualcomm	Mdm9640 Firmware	-
Qualcomm	Mdm9640	-
Qualcomm	Mdm9650 Firmware	-
Qualcomm	Mdm9650	-
Qualcomm	Msm8909W Firmware	-
Qualcomm	Msm8909W	-
Qualcomm	Msm8996Au Firmware	-
Qualcomm	Msm8996Au	-
Qualcomm	Qca9531 Firmware	-
Qualcomm	Qca9531	-
Qualcomm	Qca9980 Firmware	-
Qualcomm	Qca9980	-

Related Weaknesses (CWE)

CWE-416

References

https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-sePatchVendor Advisory
https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-sePatchVendor Advisory

FAQ

What is CVE-2019-2263?

CVE-2019-2263 is a vulnerability with a CVSS score of 7.8 (HIGH). Access to freed memory can happen while reading from diag driver due to use after free issue in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon...

How severe is CVE-2019-2263?

CVE-2019-2263 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-2263?

Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Ipq4019 Firmware, Qualcomm Ipq4019, Qualcomm Ipq8064 Firmware, Qualcomm Ipq8064, Qualcomm Mdm9206 Firmware.