Published: 30/09/2019 Updated: 02/10/2019

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Device record of the pairing device used after free during ACL disconnection in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016

Vulnerable Product	Search on Vulmon	Subscribe to Product
qualcomm msm8909w_firmware -
qualcomm msm8996au_firmware -
qualcomm qca6574au_firmware -
qualcomm qcs405_firmware -
qualcomm qcs605_firmware -
qualcomm sd_425_firmware -
qualcomm sd_427_firmware -
qualcomm sd_430_firmware -
qualcomm sd_435_firmware -
qualcomm sd_439_firmware -
qualcomm sd_429_firmware -
qualcomm sd_450_firmware -
qualcomm sd_625_firmware -
qualcomm sd_632_firmware -
qualcomm sd_636_firmware -
qualcomm sd_665_firmware -
qualcomm sd_675_firmware -
qualcomm sd_712_firmware -
qualcomm sd_710_firmware -
qualcomm sd_670_firmware -
qualcomm sd_730_firmware -
qualcomm sd_820_firmware -
qualcomm sd_820a_firmware -
qualcomm sd_835_firmware -
qualcomm sd_845_firmware -
qualcomm sd_850_firmware -
qualcomm sd_855_firmware -
qualcomm sda660_firmware -
qualcomm sdm439_firmware -
qualcomm sdm630_firmware -
qualcomm sdm660_firmware -
qualcomm snapdragon_high_med_2016_firmware -

It's 2019 – and you can completely pwn millions of Qualcomm-powered Androids over the air

The Register • Shaun Nichols in San Francisco • 06 Aug 2019

Grab security patches now from chip designer, Google Exposed: Lazy Android mobe makers couldn't care less about security

Black Hat It is possible to thoroughly hijack a nearby vulnerable Qualcomm-based Android phone, tablet, or similar gadget, via Wi-Fi, we learned on Monday. This likely affects millions of Android devices. Specifically, the following two security holes, dubbed Qualpwn and found by Tencent's Blade Team, can be leveraged one after the other to potentially take over a handheld: Thus, it is possible for a miscreant to join a nearby wireless network, seek out a vulnerable Qualcomm-powered Android devi...

The Register • Shaun Nichols in San Francisco • 06 Aug 2019

Grab security patches now from chip designer, Google Exposed: Lazy Android mobe makers couldn't care less about security

Black Hat It is possible to thoroughly hijack a nearby vulnerable Qualcomm-based Android phone, tablet, or similar gadget, via Wi-Fi, we learned on Monday. This likely affects millions of Android devices. Specifically, the following two security holes, dubbed Qualpwn and found by Tencent's Blade Team, can be leveraged one after the other to potentially take over a handheld: Thus, it is possible for a miscreant to join a nearby wireless network, seek out a vulnerable Qualcomm-powered Android devi...

CVE-2019-10509

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect