Vulnerability Description
Usage of hard-coded magic number for calculating heap guard bytes can allow users to corrupt heap blocks without heap algorithm knowledge in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Mdm9205 Firmware | - |
| Qualcomm | Mdm9205 | - |
| Qualcomm | Mdm9206 Firmware | - |
| Qualcomm | Mdm9206 | - |
| Qualcomm | Mdm9607 Firmware | - |
| Qualcomm | Mdm9607 | - |
| Qualcomm | Mdm9615 Firmware | - |
| Qualcomm | Mdm9615 | - |
| Qualcomm | Mdm9625 Firmware | - |
| Qualcomm | Mdm9625 | - |
| Qualcomm | Mdm9635M Firmware | - |
| Qualcomm | Mdm9635M | - |
| Qualcomm | Mdm9655 Firmware | - |
| Qualcomm | Mdm9655 | - |
| Qualcomm | Msm8909W Firmware | - |
| Qualcomm | Msm8909W | - |
| Qualcomm | Msm8996Au Firmware | - |
| Qualcomm | Msm8996Au | - |
| Qualcomm | Qcs605 Firmware | - |
| Qualcomm | Qcs605 | - |
Related Weaknesses (CWE)
References
- https://www.qualcomm.com/company/product-security/bulletinsPatchVendor Advisory
- https://www.qualcomm.com/company/product-security/bulletinsPatchVendor Advisory
FAQ
What is CVE-2019-2294?
CVE-2019-2294 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Usage of hard-coded magic number for calculating heap guard bytes can allow users to corrupt heap blocks without heap algorithm knowledge in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivit...
How severe is CVE-2019-2294?
CVE-2019-2294 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-2294?
Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Mdm9205 Firmware, Qualcomm Mdm9205, Qualcomm Mdm9206 Firmware, Qualcomm Mdm9206, Qualcomm Mdm9607 Firmware.