{"vulnerability": "CVE-2019-10574", "sightings": [{"uuid": "66a713d0-ed26-4f04-ba3a-95f3701c42f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-10574", "type": "seen", "source": "https://t.me/cibsecurity/11340", "content": "ATENTION\u203c New - CVE-2019-10574\n\nLack of boundary checks for data offsets received from HLOS can lead to out-of-bound read in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice &amp; Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8016, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCM2150, QCS605, QM215, Rennell, SC7180, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130, SXR2130\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-04-16T17:02:33.000000Z"}, {"uuid": "08679cd1-a76b-49f2-85ef-b9de5b7e16b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-10574", "type": "seen", "source": "https://infosec.exchange/users/certvde/statuses/115926387351405846", "content": "", "creation_timestamp": "2026-01-20T08:05:01.139814Z"}, {"uuid": "edcaa3a6-eb1d-4883-ade6-a57e463097be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-10574", "type": "published-proof-of-concept", "source": "https://t.me/antichat/7071", "content": "\u0433\u043e\u0432\u043e\u0440\u044f \u043e \u0447\u0435\u043c-\u0442\u043e \u0442\u0430\u043c trusted. TrustZone \u2014\u00a0\u044d\u0442\u043e \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u0435 \u0432 ARM-\u0447\u0438\u043f\u0430\u0445, Trusted Execution Environment (TEE), Qualcomm Secure Execution Environment (QSEE) \u2014\u00a0\u043e\u0434\u043d\u0430 \u0438\u0437 \u0438\u043c\u043f\u043b\u0435\u043c\u0435\u043d\u0442\u0430\u0446\u0438\u0439 \u0443 Qualcomm \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u0430\u0445, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 \u0441\u043c\u0430\u0440\u0442\u0444\u043e\u043d\u0430\u0445 Pixel, LG, Xiaomi, Samsung \u0438 \u0442\u0434. \u0422\u0430\u043c \u0445\u0440\u0430\u043d\u044f\u0442\u0441\u044f \u0434\u0430\u043d\u043d\u044b\u0435 \u0431\u0430\u043d\u043a\u043e\u0432\u0441\u043a\u0438\u0445 \u043a\u0430\u0440\u0442, \u043a\u043b\u044e\u0447\u0438 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u0442\u0434. \u042d\u043a\u0441\u043f\u0435\u0440\u0442\u044b CheckPoint \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0446\u0435\u043b\u044b\u0439 \u0440\u044f\u0434 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0437\u0430\u043f\u0443\u0441\u0442\u0430\u0442\u044c \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0432 \u0438\u0437\u043b\u0438\u0448\u043d\u0435 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u043e\u043c \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0438 \u0438 \u0442\u0430\u043a\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0430\u043c\u044b\u043c \u0432\u0430\u0436\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445: \n\n- dxhdcp2 (LVE-SMP-190005)\n- sec_store (SVE-2019-13952)\n- authnr (SVE-2019-13949)\n- esecomm (SVE-2019-13950)\n- kmota (CVE-2019-10574)\n- tzpr25 \n- prov \n\nQualcomm \u0438 \u041e\u0415\u041c-\u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0438 \u0441\u043c\u0430\u0440\u0442\u0444\u043e\u043d\u043e\u0432 \u043f\u043e\u0441\u0442\u0435\u043f\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u0443\u0441\u043a\u0430\u044e\u0442 \u0430\u043f\u0434\u0435\u0439\u0442\u044b, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0449\u0438\u0435 \u044d\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438\n\nhttps://research.checkpoint.com/the-road-to-qualcomm-trustzone-apps-fuzzing/", "creation_timestamp": "2019-11-18T19:45:45.000000Z"}]}