Lucene search

K
cveQualcommCVE-2019-10563
HistoryNov 21, 2019 - 3:15 p.m.

CVE-2019-10563

2019-11-2115:15:12
CWE-125
CWE-20
qualcomm
web.nvd.nist.gov
33
cve-2019-10563
buffer over-read
fast message handler
snapdragon
firmware
security vulnerability

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0

Percentile

12.6%

Buffer over-read can occur in fast message handler due to improper input validation while processing a message from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053, APQ8096AU, MSM8996AU, MSM8998, QCN7605, QCS405, QCS605, SDA660, SDM636, SDM660, SDX20, SDX24

Affected configurations

Nvd
Node
qualcommapq8053Match-
AND
qualcommapq8053_firmwareMatch-
Node
qualcommapq8096auMatch-
AND
qualcommapq8096au_firmwareMatch-
Node
qualcommmsm8996au_firmwareMatch-
AND
qualcommmsm8996auMatch-
Node
qualcommmsm8998_firmwareMatch-
AND
qualcommmsm8998Match-
Node
qualcommqcn7605_firmwareMatch-
AND
qualcommqcn7605Match-
Node
qualcommqcs405_firmwareMatch-
AND
qualcommqcs405Match-
Node
qualcommqcs605_firmwareMatch-
AND
qualcommqcs605Match-
Node
qualcommsda660_firmwareMatch-
AND
qualcommsda660Match-
Node
qualcommsdm636_firmwareMatch-
AND
qualcommsdm636Match-
Node
qualcommsdm660_firmwareMatch-
AND
qualcommsdm660Match-
Node
qualcommsdx20_firmwareMatch-
AND
qualcommsdx20Match-
Node
qualcommsdx24_firmwareMatch-
AND
qualcommsdx24Match-
VendorProductVersionCPE
qualcommapq8053-cpe:2.3:h:qualcomm:apq8053:-:*:*:*:*:*:*:*
qualcommapq8053_firmware-cpe:2.3:o:qualcomm:apq8053_firmware:-:*:*:*:*:*:*:*
qualcommapq8096au-cpe:2.3:h:qualcomm:apq8096au:-:*:*:*:*:*:*:*
qualcommapq8096au_firmware-cpe:2.3:o:qualcomm:apq8096au_firmware:-:*:*:*:*:*:*:*
qualcommmsm8996au_firmware-cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*
qualcommmsm8996au-cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*
qualcommmsm8998_firmware-cpe:2.3:o:qualcomm:msm8998_firmware:-:*:*:*:*:*:*:*
qualcommmsm8998-cpe:2.3:h:qualcomm:msm8998:-:*:*:*:*:*:*:*
qualcommqcn7605_firmware-cpe:2.3:o:qualcomm:qcn7605_firmware:-:*:*:*:*:*:*:*
qualcommqcn7605-cpe:2.3:h:qualcomm:qcn7605:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 241

CNA Affected

[
  {
    "product": "Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "APQ8053, APQ8096AU, MSM8996AU, MSM8998, QCN7605, QCS405, QCS605, SDA660, SDM636, SDM660, SDX20, SDX24"
      }
    ]
  }
]

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0

Percentile

12.6%

Related for CVE-2019-10563