CVE-2019-2308

User application could potentially make RPC call to the fastrpc driver and the driver will allow the message to go through to the remote subsystem in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin
https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin

Version: 2.1.0

Package kernel-image-std-debug update in sisyphus on 2021-03-23

ALT-PU-2021-1537-1

Closed vulnerabilities

CVE-2019-2308