Chipsets.org

Vulnerability

CVE-2019-2288

Component: TRUST

Location: OS

Out of bound write in TZ while copying the secure dump structure on HLOS provided buffer as a part of memory dump in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8996, MSM8996AU, MSM8998, QCA8081, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, Snapdragon_High_Med_2016, SXR1130

Impact

Severity (Manufact.)

N/A

Severity (NIST)

7.8

Severity (Android)

N/A

Chipsets

Devices

1128

Affected Hardware

Name	Also known as	Manufacturer
MSM8905	Qualcomm 205	Qualcomm
MSM8909	Snapdragon 210	Qualcomm
QM215	Qualcomm 215	Qualcomm
MSM8917	Snapdragon 425	Qualcomm
MSM8920	Snapdragon 427	Qualcomm
MSM8937	Snapdragon 430	Qualcomm
MSM8940	Snapdragon 435	Qualcomm
SDM429	Snapdragon 429	Qualcomm
SDM439	Snapdragon 439	Qualcomm
SDM450	Snapdragon 450	Qualcomm

23 of 23 row(s) shown.

Rows per page

Page 1 of 3

Information reliability

The information on this website is intended to provide information on the big picture of chipset security and measure trends within the industry. Our information is obtained from several vantage points, checked for consistency, and automatically cross-referenced. However, this process may not always yield reliable information. Do not use the information on a particular vulnerability, chipset or device to verify your individual exposure in cases where inaccuracies are inacceptable, for instance to assess risks if you are a Politically Exposed Person.

Timeline

Introduced (est):

Jan 1, 2014

Reported:

Jan 1, 2019

Advisory Published:

Nov 4, 2019

CVE Published:

Dec 12, 2019

Android Patch Level:

None