When kernel thread unregistered listener, Use after free issue happened as the listener client`s private data has been already freed in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9607, MSM8909W, Nicobar, QCM2150, QCS405, QCS605, Saipan, SC8180X, SDM429W, SDX55, SM8150, SM8250, SXR2130

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Qualcomm
  • Mdm9607
  • Mdm9607 Firmware
  • Msm8909w
  • Msm8909w Firmware
  • Nicobar
  • Nicobar Firmware
  • Qcm2150
  • Qcm2150 Firmware
  • Qcs405
  • Qcs405 Firmware
  • Qcs605
  • Qcs605 Firmware
  • Saipan
  • Saipan Firmware
  • Sc8180x
  • Sc8180x Firmware
  • Sdm429w
  • Sdm429w Firmware
  • Sdx55
  • Sdx55 Firmware
  • Sm8150
  • Sm8150 Firmware
  • Sm8250
  • Sm8250 Firmware
  • Sxr2130
  • Sxr2130 Firmware

Configuration 1 [-]

AND
cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:h:qualcomm:nicobar:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:nicobar_firmware:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:h:qualcomm:qcm2150:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qcm2150_firmware:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:h:qualcomm:qcs405:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:h:qualcomm:saipan:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:saipan_firmware:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:h:qualcomm:sc8180x:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sc8180x_firmware:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:qualcomm:sdm429w_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sdm429w:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sdx55:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sm8150:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:qualcomm:sm8250_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sm8250:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sxr2130:-:*:*:*:*:*:*:*

No data.

References
Link Providers
https://www.qualcomm.com/company/product-security/bulletins/july-2020-bulletin cve-icon cve-icon
https://www.qualcomm.com/company/product-security/bulletins/july-2020-security-bulletin cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2020-07-30T11:40:27

Updated: 2024-08-04T22:24:18.695Z

Reserved: 2019-03-29T00:00:00

Link: CVE-2019-10580

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2020-07-30T12:15:11.257

Modified: 2020-07-31T13:55:40.117

Link: CVE-2019-10580

cve-icon Redhat

No data.