Vulnerability Details CVE-2019-10537
Improper validation of event buffer extracted from FW response can lead to integer overflow, which will allow to pass the length check and eventually will lead to buffer overwrite when event data is copied to context buffer in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, Nicobar, QCA6574AU, QCN7605, QCS405, QCS605, SDM660, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 7.8%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
Products affected by CVE-2019-10537
-
cpe:2.3:h:qualcomm:mdm9607:-
-
cpe:2.3:h:qualcomm:nicobar:-
-
cpe:2.3:h:qualcomm:qca6574au:-
-
cpe:2.3:h:qualcomm:qcn7605:-
-
cpe:2.3:h:qualcomm:qcs405:-
-
cpe:2.3:h:qualcomm:qcs605:-
-
cpe:2.3:h:qualcomm:sdm660:-
-
cpe:2.3:h:qualcomm:sdm845:-
-
cpe:2.3:h:qualcomm:sdx55:-
-
cpe:2.3:h:qualcomm:sm6150:-
-
cpe:2.3:h:qualcomm:sm7150:-
-
cpe:2.3:h:qualcomm:sm8150:-
-
cpe:2.3:h:qualcomm:sm8250:-
-
cpe:2.3:h:qualcomm:sxr1130:-
-
cpe:2.3:h:qualcomm:sxr2130:-
-
cpe:2.3:o:qualcomm:mdm9607_firmware:-
-
cpe:2.3:o:qualcomm:nicobar_firmware:-
-
cpe:2.3:o:qualcomm:qca6574au_firmware:-
-
cpe:2.3:o:qualcomm:qcn7605_firmware:-
-
cpe:2.3:o:qualcomm:qcs405_firmware:-
-
cpe:2.3:o:qualcomm:qcs605_firmware:-
-
cpe:2.3:o:qualcomm:sdm660_firmware:-
-
cpe:2.3:o:qualcomm:sdm845_firmware:-
-
cpe:2.3:o:qualcomm:sdx55_firmware:-
-
cpe:2.3:o:qualcomm:sm6150_firmware:-
-
cpe:2.3:o:qualcomm:sm7150_firmware:-
-
cpe:2.3:o:qualcomm:sm8150_firmware:-
-
cpe:2.3:o:qualcomm:sm8250_firmware:-
-
cpe:2.3:o:qualcomm:sxr1130_firmware:-
-
cpe:2.3:o:qualcomm:sxr2130_firmware:-