CVE-2019-10565 - Double free issue can happen when sensor power settings is freed by some thread while another thread

CVE-2019-10565

Summary

Double free issue can happen when sensor power settings is freed by some thread while another thread try to access. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, QCN7605, QCS405, QCS605, SDM845, SDX24, SXR1130

References

https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin

Vulnerable Configurations

cpe:2.3:o:qualcomm:apq8053_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:apq8053_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:apq8053:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:apq8053:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:mdm9207c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:mdm9207c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9207c:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9207c:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:msm8905_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:msm8905_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:msm8905:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:msm8905:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:msm8909_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:msm8909_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:msm8909:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:msm8909:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qcn7605_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qcn7605_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qcn7605:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qcn7605:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qcs405:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qcs405:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sdm845_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sdm845_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sdm845:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sdm845:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sdx24_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sdx24_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sdx24:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sdx24:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sxr1130_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sxr1130_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sxr1130:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sxr1130:-:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 21-11-2019 - 15:15)
Impact:
Exploitability:

CWE

CWE-415

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

confirm

https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin

Last major update

21-11-2019 - 15:15

Published

06-11-2019 - 17:15

Last modified

21-11-2019 - 15:15