CVE-2019-10549

CVE Database · CVE-2019-10549

CVE-2019-10549

· HIGHModified

CVSS v3.1

7.5

EPSS

0.79%

Published

Mar 5, 2020

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Null pointer dereference issue can happen due to improper validation of CSEQ header response received from network in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, Nicobar, QCM2150, QM215, Rennell, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDX24, SDX55, SM6150, SM7150, SM8150

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weaknesses (CWE)

CWE-476

Affected Products (44)

qualcomm · msm8905_firmwarevulnerable

qualcomm · msm8905

qualcomm · msm8909_firmwarevulnerable

qualcomm · msm8909

qualcomm · msm8917_firmwarevulnerable

qualcomm · msm8917

qualcomm · msm8920_firmwarevulnerable

qualcomm · msm8920

qualcomm · msm8937_firmwarevulnerable

qualcomm · msm8937

qualcomm · msm8940_firmwarevulnerable

· msm8940

References (2)

https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin

Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs