Vulnerabilities > CVE-2019-10499 - Improper Validation of Array Index vulnerability in Qualcomm products

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

qualcomm

CWE-129

NVD

Published: 2019-09-30

Updated: 2019-10-02

Summary

Improper validation of read and write index of tx and rx fifo`s before using for data copy from fifo can lead to out-of-bound access. in Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, QCS405, SD 665, SD 675, SD 730, SD 855

Vulnerable Configurations

Part	Description	Count
OS	Qualcomm Qualcomm Ipq4019 Firmware - Qualcomm Ipq8064 Firmware - Qualcomm Ipq8074 Firmware - Qualcomm Qcs405 Firmware - Qualcomm SD 665 Firmware - Qualcomm SD 675 Firmware - Qualcomm SD 730 Firmware - Qualcomm SD 855 Firmware -	8
Hardware	Qualcomm Qualcomm Ipq4019 - Qualcomm Ipq8064 - Qualcomm Ipq8074 - Qualcomm Qcs405 - Qualcomm SD 665 - Qualcomm SD 675 - Qualcomm SD 730 - Qualcomm SD 855 -	8

Common Weakness Enumeration (CWE)

CWE-129 - Improper Validation of Array Index

Common Attack Pattern Enumeration and Classification (CAPEC)

Overflow Buffers
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.

References

https://www.codeaurora.org/security-bulletin/2019/08/05/august-2019-code-aurora-security-bulletin