Vulnerabilities > CVE-2019-10608 - Unspecified vulnerability in Qualcomm products

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

qualcomm

NVD

Published: 2020-04-16

Updated: 2020-08-24

Summary

Information disclosure issue occurs as there is no binding between the secure keypad session and the secure display session that allows user to take control of the REE to stop the secure keypad session and read the keypad input. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, MSM8905, MSM8909

Vulnerable Configurations

Part	Description	Count
OS	Qualcomm Qualcomm Apq8009 Firmware - Qualcomm Msm8905 Firmware - Qualcomm Msm8909 Firmware -	3
Hardware	Qualcomm Qualcomm Apq8009 - Qualcomm Msm8905 - Qualcomm Msm8909 -	3

References

https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin