CVE-2019-10480

Q: What is the severity of CVE-2019-10480?

CVE-2019-10480 has a CVSS score of 7.8 (HIGH). This vulnerability allows an attacker to write data outside the intended memory buffer in the WMI firmware event handler due to insufficient validation of data received from WLAN firmware. It affects a wide range of Qualcomm Snapdragon chipsets used in automotive, consumer electronics, IoT devices, mobile phones, wearables, and networking equipment. Successful exploitation could lead to arbitrary code execution or system crashes.

7.8 HIGH

📋 TL;DR

This vulnerability allows an attacker to write data outside the intended memory buffer in the WMI firmware event handler due to insufficient validation of data received from WLAN firmware. It affects a wide range of Qualcomm Snapdragon chipsets used in automotive, consumer electronics, IoT devices, mobile phones, wearables, and networking equipment. Successful exploitation could lead to arbitrary code execution or system crashes.

💻 Affected Systems

Products:

APQ8009
APQ8017
APQ8053
APQ8096AU
APQ8098
IPQ4019
IPQ8064
IPQ8074
MDM9206
MDM9207C
MDM9607
MDM9615
MDM9640
MDM9650
MSM8909
MSM8909W
MSM8917
MSM8920
MSM8937
MSM8939
MSM8940
MSM8996AU
QCA6174A
QCA6574AU
QCA9377
QCA9379
QCA9980
QCN7605
QCS605
SDA660
SDA845
SDM630
SDM636
SDM660
SDM670
SDM710
SDM845
SDX20
SDX24
SM6150
SM7150
SM8150
SXR1130

Versions: Specific firmware versions before December 2019 patches

Operating Systems: Android, Linux-based embedded systems, Qualcomm proprietary OS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices using vulnerable Qualcomm WLAN firmware. Impact depends on device manufacturer's implementation and firmware version.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with kernel privileges leading to complete device compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Device crash or denial of service through kernel panic, potentially requiring physical restart.

🟢

If Mitigated

Limited impact if devices are behind firewalls with restricted WLAN access and have updated firmware.

🌐 Internet-Facing: MEDIUM - Exploitation requires network access to WLAN interface, but many affected devices have wireless connectivity exposed.

🏢 Internal Only: HIGH - Internal attackers with network access to WLAN interfaces could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending specially crafted packets to the WLAN interface. No public exploit code was available at disclosure time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware updates released December 2019

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin

Restart Required: Yes

Instructions:

1. Check with device manufacturer for firmware updates. 2. Apply Qualcomm-provided firmware patches. 3. Reboot device to load new firmware. 4. Verify patch installation through version checks.

🔧 Temporary Workarounds

Disable WLAN if not needed

linux

Turn off wireless functionality to prevent exploitation through WLAN interface

nmcli radio wifi off
ip link set wlan0 down

Network segmentation

all

Isolate affected devices on separate VLANs with strict firewall rules

🧯 If You Can't Patch

Implement strict network access controls to limit WLAN traffic to trusted sources only
Monitor for unusual WLAN traffic patterns and device crashes

🔍 How to Verify

Check if Vulnerable:

Check firmware version against manufacturer's patched versions. Use 'cat /proc/version' or manufacturer-specific commands to check chipset and firmware details.

Check Version:

Manufacturer-specific commands vary. For Android: 'getprop ro.bootloader' or 'getprop ro.build.fingerprint'

Verify Fix Applied:

Verify firmware version matches patched versions from manufacturer advisory. Test WLAN functionality remains operational.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
WLAN driver crash messages
Unexpected system reboots

Network Indicators:

Unusual WLAN packet patterns
Malformed 802.11 frames targeting vulnerable chipsets

SIEM Query:

source="kernel" AND "panic" OR "WLAN" AND "crash" OR device_model IN (affected_products_list)

📊 Metadata

CVE ID: CVE-2019-10480

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: December 18, 2019

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin Patch,Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Apq8009 Firmware by Qualcomm

Apq8017 Firmware by Qualcomm

Apq8053 Firmware by Qualcomm

Apq8096au Firmware by Qualcomm

Apq8098 Firmware by Qualcomm

Ipq4019 Firmware by Qualcomm

Ipq8064 Firmware by Qualcomm

Ipq8074 Firmware by Qualcomm

Mdm9206 Firmware by Qualcomm

Mdm9207c Firmware by Qualcomm

Mdm9607 Firmware by Qualcomm

Mdm9615 Firmware by Qualcomm

Mdm9640 Firmware by Qualcomm

Mdm9650 Firmware by Qualcomm

Msm8909 Firmware by Qualcomm

Msm8909w Firmware by Qualcomm

Msm8917 Firmware by Qualcomm

Msm8920 Firmware by Qualcomm

Msm8937 Firmware by Qualcomm

Msm8939 Firmware by Qualcomm

Msm8940 Firmware by Qualcomm

Msm8996au Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca9377 Firmware by Qualcomm

Qca9379 Firmware by Qualcomm

Qca9980 Firmware by Qualcomm

Qcn7605 Firmware by Qualcomm

Qcs605 Firmware by Qualcomm

Sda660 Firmware by Qualcomm

Sda845 Firmware by Qualcomm

Sdm630 Firmware by Qualcomm

Sdm636 Firmware by Qualcomm

Sdm660 Firmware by Qualcomm

Sdm670 Firmware by Qualcomm

Sdm710 Firmware by Qualcomm

Sdm845 Firmware by Qualcomm

Sdx20 Firmware by Qualcomm

Sdx24 Firmware by Qualcomm

Sm6150 Firmware by Qualcomm

Sm7150 Firmware by Qualcomm

Sm8150 Firmware by Qualcomm

Sxr1130 Firmware by Qualcomm