Vulnerability Description
When computing the digest a local variable is used after going out of scope in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9640, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855, SDM660, SDX24
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Mdm9640 Firmware | - |
| Qualcomm | Mdm9640 | - |
| Qualcomm | Qcs405 Firmware | - |
| Qualcomm | Qcs405 | - |
| Qualcomm | Qcs605 Firmware | - |
| Qualcomm | Qcs605 | - |
| Qualcomm | Sd 425 Firmware | - |
| Qualcomm | Sd 425 | - |
| Qualcomm | Sd 427 Firmware | - |
| Qualcomm | Sd 427 | - |
| Qualcomm | Sd 430 Firmware | - |
| Qualcomm | Sd 430 | - |
| Qualcomm | Sd 435 Firmware | - |
| Qualcomm | Sd 435 | - |
| Qualcomm | Sd 450 Firmware | - |
| Qualcomm | Sd 450 | - |
| Qualcomm | Sd 625 Firmware | - |
| Qualcomm | Sd 625 | - |
| Qualcomm | Sd 636 Firmware | - |
| Qualcomm | Sd 636 | - |
Related Weaknesses (CWE)
References
- https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-sePatchVendor Advisory
- https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-sePatchVendor Advisory
FAQ
What is CVE-2019-2316?
CVE-2019-2316 is a vulnerability with a CVSS score of 8.8 (HIGH). When computing the digest a local variable is used after going out of scope in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9640, QCS405, QCS605, SD 425,...
How severe is CVE-2019-2316?
CVE-2019-2316 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-2316?
Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Mdm9640 Firmware, Qualcomm Mdm9640, Qualcomm Qcs405 Firmware, Qualcomm Qcs405, Qualcomm Qcs605 Firmware.