cve/2019/CVE-2019-10486.md

### [CVE-2019-10486](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10486)
![](https://img.shields.io/static/v1?label=Product&message=Snapdragon%20Auto%2C%20Snapdragon%20Consumer%20Electronics%20Connectivity%2C%20Snapdragon%20Consumer%20IOT%2C%20Snapdragon%20Industrial%20IOT%2C%20Snapdragon%20IoT%2C%20Snapdragon%20Mobile%2C%20Snapdragon%20Voice%20%26%20Music%2C%20Snapdragon%20Wearables&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Time-of-check%20Time-of-use%20Race%20Condition%20in%20Camera&color=brighgreen)

### Description

Race condition due to the lack of resource lock which will be concurrently modified in the memcpy statement leads to out of bound access in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8939, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150

### POC

#### Reference
- https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin
- https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin

#### Github
No PoCs found on GitHub currently.