On some hardware revisions where VP9 decoding is hardware-accelerated, the frame size is not programmed correctly into the decoder hardware which can lead to an invalid memory access by the decoder.
In certain hardware revisions where VP9 decoding is hardware-based, the frame size is not correctly programmed in the decoder chip. This results in the decoder being able to access an incorrect memory region while processing the video stream. The flaw falls under the category of CWE-823 (use of out-of-range pointer offset) and CWE-119 (improper restriction of operations within a memory buffer).
An attacker can compromise the confidentiality, integrity, and availability of the system, potentially executing arbitrary code or causing device failure through a crafted VP9 video stream.
Apply patches available from the manufacturer according to the references — Qualcomm security bulletin from May 2018: https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html
Qualcomm MSM8909W Firmware, Qualcomm MSM8996AU Firmware, Qualcomm SD 210 Firmware — specific affected hardware revisions indicated in the Qualcomm security bulletin from May 2018
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HQualcomm Msm8909w
HWQualcommwszystkie wersjeQualcomm Msm8909w Firmware
OSQualcommwszystkie wersjeQualcomm Msm8996au
HWQualcommwszystkie wersjeQualcomm Msm8996au Firmware
OSQualcommwszystkie wersjeQualcomm Sd 205
HWQualcommwszystkie wersjeQualcomm Sd 205 Firmware
OSQualcommwszystkie wersjeQualcomm Sd 210
HWQualcommwszystkie wersjeQualcomm Sd 210 Firmware
OSQualcommwszystkie wersjeQualcomm Sd 212
HWQualcommwszystkie wersjeQualcomm Sd 212 Firmware
OSQualcommwszystkie wersjeQualcomm Sd 415
HWQualcommwszystkie wersjeQualcomm Sd 415 Firmware
OSQualcommwszystkie wersjeQualcomm Sd 425
HWQualcommwszystkie wersjeQualcomm Sd 425 Firmware
OSQualcommwszystkie wersjeQualcomm Sd 427
HWQualcommwszystkie wersjeQualcomm Sd 427 Firmware
OSQualcommwszystkie wersjeQualcomm Sd 430
HWQualcommwszystkie wersjeQualcomm Sd 430 Firmware
OSQualcommwszystkie wersjeQualcomm Sd 435
HWQualcommwszystkie wersjeQualcomm Sd 435 Firmware
OSQualcommwszystkie wersjeQualcomm Sd 450
HWQualcommwszystkie wersjeQualcomm Sd 450 Firmware
OSQualcommwszystkie wersjeQualcomm Sd 615
HWQualcommwszystkie wersjeQualcomm Sd 615 Firmware
OSQualcommwszystkie wersjeQualcomm Sd 616
HWQualcommwszystkie wersjeQualcomm Sd 616 Firmware
OSQualcommwszystkie wersjeQualcomm Sd 625
HWQualcommwszystkie wersjeQualcomm Sd 625 Firmware
OSQualcommwszystkie wersjeQualcomm Sd 810
HWQualcommwszystkie wersjeQualcomm Sd 810 Firmware
OSQualcommwszystkie wersje
Related vulnerabilities
Memory corruption w Qualcomm podczas składania pakietów RTP (NALUs)
Qualcomm SD 450/625/820 — odczyt poza granicami bufora w obsłudze ramek 802.11
Qualcomm Touch Pal – zbieranie danych o użytkowniku bez jego wiedzy
Pominięcie uwierzytelnienia w sieciach LTE w modemach Qualcomm
Memory corruption w HLOS podczas obsługi PlayReady w chipsetach Qualcomm