Snapdragon Auto Double Free Vulnerability


Snapdragon Auto suffers from double free vulnerability.


The information has been provided by Monk Avel

The original article can be found at:


Possibility of double free of the drawobj that is added to the drawqueue array of the context during IOCTL commands as there is no refcount taken for this object in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8953, MSM8996AU, Nicobar, QCS405, QCS605, QM215, Rennell, SA415M, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130


Vulnerable Systems:

Snapdragon Auto

Snapdragon Compute

Snapdragon Consumer Electronics Connectivity

Snapdragon Consumer IOT

Snapdragon Industrial IOT

Snapdragon Mobile

Snapdragon Voice & Music

Snapdragon Wearables


CVE Information:


Disclosure Timeline:
Published Date:6/2/2020

Categories: FeaturedNews