Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2019-2294

Published: 30/09/2019 Updated: 03/10/2019
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Qualcomm

Vulnerability Summary

Usage of hard-coded magic number for calculating heap guard bytes can allow users to corrupt heap blocks without heap algorithm knowledge in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

qualcomm mdm9205_firmware -

qualcomm mdm9206_firmware -

qualcomm mdm9607_firmware -

qualcomm mdm9615_firmware -

qualcomm mdm9625_firmware -

qualcomm mdm9635m_firmware -

qualcomm mdm9655_firmware -

qualcomm msm8909w_firmware -

qualcomm msm8996au_firmware -

qualcomm qcs605_firmware -

qualcomm qualcomm_215_firmware -

qualcomm sd_210_firmware -

qualcomm sd_212_firmware -

qualcomm sd_205_firmware -

qualcomm sd_410_firmware -

qualcomm sd_412_firmware -

qualcomm sd_425_firmware -

qualcomm sd_427_firmware -

qualcomm sd_430_firmware -

qualcomm sd_435_firmware -

qualcomm sd_439_firmware -

qualcomm sd_429_firmware -

qualcomm sd_450_firmware -

qualcomm sd_625_firmware -

qualcomm sd_632_firmware -

qualcomm sd_636_firmware -

qualcomm sd_650_firmware -

qualcomm sd_652_firmware -

qualcomm sd_665_firmware -

qualcomm sd_675_firmware -

qualcomm sd_712_firmware -

qualcomm sd_710_firmware -

qualcomm sd_670_firmware -

qualcomm sd_730_firmware -

qualcomm sd_820_firmware -

qualcomm sd_820a_firmware -

qualcomm sd_835_firmware -

qualcomm sd_845_firmware -

qualcomm sd_850_firmware -

qualcomm sd_855_firmware -

qualcomm sd_8cx_firmware -

qualcomm sda660_firmware -

qualcomm sdm439_firmware -

qualcomm sdm630_firmware -

qualcomm sdm660_firmware -

qualcomm snapdragon_high_med_2016_firmware -

qualcomm sxr1130_firmware -

Recent Articles

It's 2019 – and you can completely pwn millions of Qualcomm-powered Androids over the air
The Register • Shaun Nichols in San Francisco • 06 Aug 2019

Grab security patches now from chip designer, Google Exposed: Lazy Android mobe makers couldn't care less about security

Black Hat It is possible to thoroughly hijack a nearby vulnerable Qualcomm-based Android phone, tablet, or similar gadget, via Wi-Fi, we learned on Monday. This likely affects millions of Android devices. Specifically, the following two security holes, dubbed Qualpwn and found by Tencent's Blade Team, can be leveraged one after the other to potentially take over a handheld: Thus, it is possible for a miscreant to join a nearby wireless network, seek out a vulnerable Qualcomm-powered Android devi...

Read more...
It's 2019 – and you can completely pwn millions of Qualcomm-powered Androids over the air
The Register • Shaun Nichols in San Francisco • 06 Aug 2019

Grab security patches now from chip designer, Google Exposed: Lazy Android mobe makers couldn't care less about security

Black Hat It is possible to thoroughly hijack a nearby vulnerable Qualcomm-based Android phone, tablet, or similar gadget, via Wi-Fi, we learned on Monday. This likely affects millions of Android devices. Specifically, the following two security holes, dubbed Qualpwn and found by Tencent's Blade Team, can be leveraged one after the other to potentially take over a handheld: Thus, it is possible for a miscreant to join a nearby wireless network, seek out a vulnerable Qualcomm-powered Android devi...

Read more...

References

CWE-330https://www.qualcomm.com/company/product-security/bulletinshttps://nvd.nist.govhttps://www.theregister.co.uk/2019/08/06/qualcomm_android_patches/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook