CVE-2019-2301 - Qualcomm Qca9980 Firmware, Qualcomm Sd 850 Firmware and Qualcomm Sdm660 Firmware

July 25, 2019

Critical 7.8

Possibility of out-of-bound read if id received from SPI is not in range of FIFO in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9980, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SD 855, SDM439, SDM660, SDX24

Affected software

Qualcomm Qca9980 Firmware

Qualcomm Sd 850 Firmware

Qualcomm Sdm660 Firmware

Qualcomm Sd 855 Firmware

Qualcomm Sd 712 Firmware

Qualcomm Sd 845 Firmware

Qualcomm Sd 439 Firmware

Qualcomm Sdm439 Firmware

Qualcomm Sdx24 Firmware

Qualcomm Sd 710 Firmware

Qualcomm Sd 636 Firmware

Qualcomm Qualcomm 215 Firmware

Qualcomm Sd 425 Firmware

Qualcomm Sd 450 Firmware

Qualcomm Sd 429 Firmware

Qualcomm Sd 632 Firmware

Qualcomm Msm8909w Firmware

Qualcomm Msm8996au Firmware

Qualcomm Qcs605 Firmware

Qualcomm Ipq4019 Firmware

Qualcomm Ipq8064 Firmware

Qualcomm Sd 820a Firmware

Qualcomm Sd 670 Firmware

Qualcomm Sd 625 Firmware

Reference links

https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin

CVE-2019-2301 - Qualcomm Qca9980 Firmware, Qualcomm Sd 850 Firmware and Qualcomm Sdm660 Firmware

Affected software

Reference links

Get alerted to vulnerabilities in your software