CVSS: 7.8EPSS: 0%CPEs: 92EXPL: 0CVE-2019-10544
https://notcve.org/view.php?id=CVE-2019-10544
18 Dec 2019 — Improper length check on source buffer to handle userspace data received can lead to out-of-bound access in diag handlers in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, M... • https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 94EXPL: 0CVE-2019-10536
https://notcve.org/view.php?id=CVE-2019-10536
18 Dec 2019 — Potential double free scenario if driver receives another DIAG_EVENT_LOG_SUPPORTED event from firmware as the pointer is not set to NULL on first call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8917,... • https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 98EXPL: 0CVE-2019-10518
https://notcve.org/view.php?id=CVE-2019-10518
18 Dec 2019 — Use after free of a pointer in iWLAN scenario during netmgr state transition to CONNECT in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM893... • https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 104EXPL: 0CVE-2019-10525
https://notcve.org/view.php?id=CVE-2019-10525
18 Dec 2019 — Buffer overflow during SIB read when network configures complete sib list along with first and last segment of other SIB in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM... • https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 104EXPL: 0CVE-2019-10516
https://notcve.org/view.php?id=CVE-2019-10516
18 Dec 2019 — Multiple read overflows in MM while decoding service accept,service reject,attach reject and MT detach in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM... • https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 66EXPL: 0CVE-2019-10517
https://notcve.org/view.php?id=CVE-2019-10517
18 Dec 2019 — Memory is being freed up twice when two concurrent threads are executing in parallel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8996AU, QCS405, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM845, SDX20, SM6150, SM7... • https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin • CWE-415: Double Free •
CVSS: 10.0EPSS: 0%CPEs: 104EXPL: 0CVE-2019-10500
https://notcve.org/view.php?id=CVE-2019-10500
18 Dec 2019 — While processing MT Secondary PDP request, Buffer overflow will happen due to incorrect calculation of buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, ... • https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 10.0EPSS: 0%CPEs: 106EXPL: 0CVE-2019-10487
https://notcve.org/view.php?id=CVE-2019-10487
18 Dec 2019 — Buffer over read can happen while parsing SMS OTA messages at transport layer if network sends un-intended values in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, M... • https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 98EXPL: 0CVE-2019-10513
https://notcve.org/view.php?id=CVE-2019-10513
18 Dec 2019 — Possibility of Null pointer access if the SPDM commands are executed in the non-standard way in Trustzone in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ8074, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607,... • https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 98EXPL: 0CVE-2019-10482
https://notcve.org/view.php?id=CVE-2019-10482
18 Dec 2019 — Due to the use of non-time-constant comparison functions there is issue in timing side channels which can be used as a potential side channel for SUI corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MS... • https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin •