CVE-2019-2273 : Security Advisory and Response
Learn about CVE-2019-2273, a denial of service issue affecting Qualcomm processors like Snapdragon Auto, Compute, Connectivity, and more when processing h265 video files. Find mitigation steps and affected versions here.
A denial of service issue affects multiple Qualcomm processors, including Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, and Wearables, triggered by an IOMMU page fault during h265 video playback.
Understanding CVE-2019-2273
What is CVE-2019-2273?
This CVE describes a denial of service vulnerability in various Qualcomm processors when processing h265 video files.
The Impact of CVE-2019-2273
The vulnerability can lead to a denial of service condition in affected Qualcomm processors, potentially disrupting device functionality.
Technical Details of CVE-2019-2273
Vulnerability Description
The issue arises from an IOMMU page fault while playing h265 video files on Snapdragon processors.
Affected Systems and Versions
- Affected Processors: MSM8909W, QCS605, Qualcomm 215, SD 210/212/205, SD 425, SD 427, SD 430, SD 435, SD 439/429, SD 450, SD 625, SD 650/52, SD 665, SD 675, SD 712/710/670, SD 730, SD 820, SD 845/850, SD 855, SD 8CX, SDM439, Snapdragon_High_Med_2016, SXR1130
Exploitation Mechanism
The vulnerability is triggered by an IOMMU page fault specifically during the playback of h265 video files.
Mitigation and Prevention
Immediate Steps to Take
- Apply vendor-supplied patches or updates to mitigate the vulnerability.
- Avoid playing h265 video files from untrusted sources.
Long-Term Security Practices
- Regularly update software and firmware to ensure protection against known vulnerabilities.
- Implement network security measures to prevent unauthorized access to devices.
Patching and Updates
- Check for security bulletins and updates from Qualcomm to address the CVE-2019-2273 vulnerability.