CVE-2019-2266

Published: Nov 21, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Possible double free issue in kernel while handling the camera sensor and its sub modules power sequence in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MDM9206, MDM9207C, MDM9607, MSM8909, MSM8909W, Nicobar, QCA9980, QCS405, QCS605, SDM845, SDX24, SM7150, SM8150

Affected (16)

Products: Qualcomm: Apq8053 Firmware, Ipq4019 Firmware, Ipq8064 Firmware, Mdm9206 Firmware, Mdm9207c Firmware, Mdm9607 Firmware, Msm8909 Firmware, Msm8909w Firmware, Nicobar Firmware, Qca9980 Firmware, Qcs405 Firmware, Qcs605 Firmware, Sdm845 Firmware, Sdx24 Firmware, Sm7150 Firmware, Sm8150 Firmware

16 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Apq8053 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Apq8053	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Ipq4019 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Ipq4019	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Ipq8064 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Ipq8064	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9206 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9206	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9207c Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9207c	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9607 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9607	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8909 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8909	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8909w Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8909w	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Nicobar Firmware	All versions

Running on/with	Platform Versions
Qualcomm Nicobar	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca9980 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca9980	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qcs405 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qcs405	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qcs605 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qcs605	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm845 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm845	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdx24 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdx24	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm7150 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm7150	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm8150 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm8150	All versions

Related CWEs

CWE-415

Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (2)

https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin

Source: product-security@qualcomm.com

PatchVendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.