Qualcomm Sxr1130 Firmware Remote Code Execution Vulnerability

Summary

Kernel can write to arbitrary memory address passed by user while freeing/stopping a thread in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCS605, SD 675, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SM7150, SXR1130

Credit:

The information has been provided by Adrian Tang
The original article can be found at: https://www.qualcomm.com/company/product-security/bulletins#_CVE-2019-2250


Details

Qualcomm Qcs605 Firmware is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.

Vulnerable Systems:

  • Qualcomm Qcs605 Firmware
  • Qualcomm Sd 670 Firmware
  • Qualcomm Sd 675 Firmware
  • Qualcomm Sd 710 Firmware
  • Qualcomm Sd 712 Firmware
  • Qualcomm Sd 835 Firmware
  • Qualcomm Sd 845 Firmware
  • Qualcomm Sd 850 Firmware
  • Qualcomm Sd 855 Firmware
  • Qualcomm Sd 8cx Firmware
  • Qualcomm Sm7150 Firmware
  • Qualcomm Sxr1130 Firmware

CVE Information:
CVE-2019-2250

Disclosure Timeline:
Publish Date:05/24/2019