Lucene search

QualcommCVE-2019-10580

HistoryJul 30, 2020 - 12:15 p.m.

CVE-2019-10580

2020-07-3012:15:11

CWE-416

qualcomm

web.nvd.nist.gov

cve-2019-10580

kernel thread

use after free

snapdragon auto

snapdragon compute

snapdragon consumer iot

security vulnerability

nvd

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

Percentile

12.6%

JSON

When kernel thread unregistered listener, Use after free issue happened as the listener client`s private data has been already freed in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9607, MSM8909W, Nicobar, QCM2150, QCS405, QCS605, Saipan, SC8180X, SDM429W, SDX55, SM8150, SM8250, SXR2130

Affected configurations

Nvd

Node

qualcommmdm9607Match-

AND

qualcommmdm9607_firmwareMatch-

Node

qualcommmsm8909wMatch-

AND

qualcommmsm8909w_firmwareMatch-

Node

qualcommnicobarMatch-

AND

qualcommnicobar_firmwareMatch-

Node

qualcommqcm2150Match-

AND

qualcommqcm2150_firmwareMatch-

Node

qualcommqcs405Match-

AND

qualcommqcs405_firmwareMatch-

Node

qualcommqcs605Match-

AND

qualcommqcs605_firmwareMatch-

Node

qualcommsaipanMatch-

AND

qualcommsaipan_firmwareMatch-

Node

qualcommsc8180xMatch-

AND

qualcommsc8180x_firmwareMatch-

Node

qualcommsdm429w_firmwareMatch-

AND

qualcommsdm429wMatch-

Node

qualcommsdx55_firmwareMatch-

AND

qualcommsdx55Match-

Node

qualcommsm8150_firmwareMatch-

AND

qualcommsm8150Match-

Node

qualcommsm8250_firmwareMatch-

AND

qualcommsm8250Match-

Node

qualcommsxr2130_firmwareMatch-

AND

qualcommsxr2130Match-

VendorProductVersionCPE
qualcommmdm9607-cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*
qualcommmdm9607_firmware-cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
qualcommmsm8909w-cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*
qualcommmsm8909w_firmware-cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*
qualcommnicobar-cpe:2.3:h:qualcomm:nicobar:-:*:*:*:*:*:*:*
qualcommnicobar_firmware-cpe:2.3:o:qualcomm:nicobar_firmware:-:*:*:*:*:*:*:*
qualcommqcm2150-cpe:2.3:h:qualcomm:qcm2150:-:*:*:*:*:*:*:*
qualcommqcm2150_firmware-cpe:2.3:o:qualcomm:qcm2150_firmware:-:*:*:*:*:*:*:*
qualcommqcs405-cpe:2.3:h:qualcomm:qcs405:-:*:*:*:*:*:*:*
qualcommqcs405_firmware-cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qualcomm	mdm9607	-	cpe:2.3:h:qualcomm:mdm9607:-:::::::*
qualcomm	mdm9607_firmware	-	cpe:2.3:o:qualcomm:mdm9607_firmware:-:::::::*
qualcomm	msm8909w	-	cpe:2.3:h:qualcomm:msm8909w:-:::::::*
qualcomm	msm8909w_firmware	-	cpe:2.3:o:qualcomm:msm8909w_firmware:-:::::::*
qualcomm	nicobar	-	cpe:2.3:h:qualcomm:nicobar:-:::::::*
qualcomm	nicobar_firmware	-	cpe:2.3:o:qualcomm:nicobar_firmware:-:::::::*
qualcomm	qcm2150	-	cpe:2.3:h:qualcomm:qcm2150:-:::::::*
qualcomm	qcm2150_firmware	-	cpe:2.3:o:qualcomm:qcm2150_firmware:-:::::::*
qualcomm	qcs405	-	cpe:2.3:h:qualcomm:qcs405:-:::::::*
qualcomm	qcs405_firmware	-	cpe:2.3:o:qualcomm:qcs405_firmware:-:::::::*

Rows per page:

1-10 of 261

CNA Affected

[
  {
    "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "MDM9607, MSM8909W, Nicobar, QCM2150, QCS405, QCS605, Saipan, SC8180X, SDM429W, SDX55, SM8150, SM8250, SXR2130"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/july-2020-bulletin

www.qualcomm.com/company/product-security/bulletins/july-2020-security-bulletin

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2019-10580