Lucene search

QualcommCVE-2019-10608

HistoryApr 16, 2020 - 11:15 a.m.

CVE-2019-10608

2020-04-1611:15:13

qualcomm

web.nvd.nist.gov

cve-2019-10608

information disclosure

snapdragon

security

nvd

apq8009

msm8905

msm8909

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.7

Confidence

High

EPSS

Percentile

12.6%

JSON

Information disclosure issue occurs as there is no binding between the secure keypad session and the secure display session that allows user to take control of the REE to stop the secure keypad session and read the keypad input. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, MSM8905, MSM8909

Affected configurations

Nvd

Node

qualcommapq8009Match-

AND

qualcommapq8009_firmwareMatch-

Node

qualcommmsm8905Match-

AND

qualcommmsm8905_firmwareMatch-

Node

qualcommmsm8909Match-

AND

qualcommmsm8909_firmwareMatch-

VendorProductVersionCPE
qualcommapq8009-cpe:2.3:h:qualcomm:apq8009:-:*:*:*:*:*:*:*
qualcommapq8009_firmware-cpe:2.3:o:qualcomm:apq8009_firmware:-:*:*:*:*:*:*:*
qualcommmsm8905-cpe:2.3:h:qualcomm:msm8905:-:*:*:*:*:*:*:*
qualcommmsm8905_firmware-cpe:2.3:o:qualcomm:msm8905_firmware:-:*:*:*:*:*:*:*
qualcommmsm8909-cpe:2.3:h:qualcomm:msm8909:-:*:*:*:*:*:*:*
qualcommmsm8909_firmware-cpe:2.3:o:qualcomm:msm8909_firmware:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qualcomm	apq8009	-	cpe:2.3:h:qualcomm:apq8009:-:::::::*
qualcomm	apq8009_firmware	-	cpe:2.3:o:qualcomm:apq8009_firmware:-:::::::*
qualcomm	msm8905	-	cpe:2.3:h:qualcomm:msm8905:-:::::::*
qualcomm	msm8905_firmware	-	cpe:2.3:o:qualcomm:msm8905_firmware:-:::::::*
qualcomm	msm8909	-	cpe:2.3:h:qualcomm:msm8909:-:::::::*
qualcomm	msm8909_firmware	-	cpe:2.3:o:qualcomm:msm8909_firmware:-:::::::*

CNA Affected

[
  {
    "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "APQ8009, MSM8905, MSM8909"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.7

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2019-10608