7.1

CVE-2019-10625

Out of bound access in diag services when DCI command buffer reallocation is not done properly with required capacity in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, QCS605, Rennell, SC8180X, SDM429W, SDM710, SDX55, SM7150, SM8150
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QualcommApq8009 Firmware Version-
   QualcommApq8009 Version-
QualcommApq8096au Firmware Version-
   QualcommApq8096au Version-
QualcommMdm9206 Firmware Version-
   QualcommMdm9206 Version-
QualcommMdm9207c Firmware Version-
   QualcommMdm9207c Version-
QualcommMdm9607 Firmware Version-
   QualcommMdm9607 Version-
QualcommMdm9640 Firmware Version-
   QualcommMdm9640 Version-
QualcommMdm9650 Firmware Version-
   QualcommMdm9650 Version-
QualcommQcs605 Firmware Version-
   QualcommQcs605 Version-
QualcommRennell Firmware Version-
   QualcommRennell Version-
QualcommSc8180x Firmware Version-
   QualcommSc8180x Version-
QualcommSdm429w Firmware Version-
   QualcommSdm429w Version-
QualcommSdm710 Firmware Version-
   QualcommSdm710 Version-
QualcommSdx55 Firmware Version-
   QualcommSdx55 Version-
QualcommSm7150 Firmware Version-
   QualcommSm7150 Version-
QualcommSm8150 Firmware Version-
   QualcommSm8150 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.097
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
nvd@nist.gov 3.6 3.9 4.9
AV:L/AC:L/Au:N/C:P/I:N/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.