Vulnerability Description
Information disclosure due to lack of address range check done on the SysDBG buffers in SDI code. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, MDM9205, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCS404, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, Snapdragon_High_Med_2016, SXR1130
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Apq8009 Firmware | - |
| Qualcomm | Apq8009 | - |
| Qualcomm | Apq8017 Firmware | - |
| Qualcomm | Apq8017 | - |
| Qualcomm | Apq8053 Firmware | - |
| Qualcomm | Apq8053 | - |
| Qualcomm | Mdm9205 Firmware | - |
| Qualcomm | Mdm9205 | - |
| Qualcomm | Msm8905 Firmware | - |
| Qualcomm | Msm8905 | - |
| Qualcomm | Msm8909 Firmware | - |
| Qualcomm | Msm8909 | - |
| Qualcomm | Msm8917 Firmware | - |
| Qualcomm | Msm8917 | - |
| Qualcomm | Msm8920 Firmware | - |
| Qualcomm | Msm8920 | - |
| Qualcomm | Msm8937 Firmware | - |
| Qualcomm | Msm8937 | - |
| Qualcomm | Msm8940 Firmware | - |
| Qualcomm | Msm8940 | - |
Related Weaknesses (CWE)
References
- https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletiVendor Advisory
- https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletiVendor Advisory
FAQ
What is CVE-2019-2295?
CVE-2019-2295 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Information disclosure due to lack of address range check done on the SysDBG buffers in SDI code. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon I...
How severe is CVE-2019-2295?
CVE-2019-2295 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-2295?
Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Apq8009 Firmware, Qualcomm Apq8009, Qualcomm Apq8017 Firmware, Qualcomm Apq8017, Qualcomm Apq8053 Firmware.