Qualcomm Components are prone to an integer-underflow vulnerability because they fail to sufficiently validate an integer value.
Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploits may result in denial-of-service conditions.
This issue is being tracked by Android Bug ID A-129850941.
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
| Bugtraq ID: | 109383 |
| Class: | Boundary Condition Error |
| CVE: | CVE-2019-2307 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 26 2019 12:00AM |
| Updated: | Jul 26 2019 12:00AM |
| Credit: | The vendor reported this issue. |
| Vulnerable: | Google Pixel XL 0 Google Pixel C 0 Google Pixel 0 Google Nexus Player 0 Google Nexus 9 Google Nexus 6P Google Nexus 6 Google Nexus 5X Google Android 0 |
| Not Vulnerable: | |
References:
- Qualcomm Homepage (Qualcomm)
- Android Security BulletinĂ¢??July 2019 (Google)
- July 2019 Code Aurora Security Bulletin (Code Aurora)
from SecurityFocus Vulnerabilities https://ift.tt/333ETCO
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.