Lucene search

QualcommCVE-2019-10622

HistoryApr 16, 2020 - 11:15 a.m.

CVE-2019-10622

2020-04-1611:15:13

CWE-125

qualcomm

web.nvd.nist.gov

cve-2019-10622

out of bound memory access

adsp message parsing

snapdragon platforms

security vulnerability

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:N/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

9.1

Confidence

High

EPSS

0.002

Percentile

56.4%

JSON

Out of bound memory access can happen while parsing ADSP message due to lack of check of size of payload received from userspace in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8096AU, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, QCN7605, QCS605, SC8180X, SDM710, SDX24, SDX55, SM8150, SM8250, SXR2130

Affected configurations

Nvd

Node

qualcommapq8009_firmwareMatch-

AND

qualcommapq8009Match-

Node

qualcommapq8096au_firmwareMatch-

AND

qualcommapq8096auMatch-

Node

qualcommipq4019_firmwareMatch-

AND

qualcommipq4019Match-

Node

qualcommipq6018_firmwareMatch-

AND

qualcommipq6018Match-

Node

qualcommipq8064_firmwareMatch-

AND

qualcommipq8064Match-

Node

qualcommipq8074_firmwareMatch-

AND

qualcommipq8074Match-

Node

qualcommmdm9206_firmwareMatch-

AND

qualcommmdm9206Match-

Node

qualcommmdm9207c_firmwareMatch-

AND

qualcommmdm9207cMatch-

Node

qualcommmdm9607_firmwareMatch-

AND

qualcommmdm9607Match-

Node

qualcommmdm9640_firmwareMatch-

AND

qualcommmdm9640Match-

Node

qualcommmdm9650Match-

AND

qualcommmdm9650_firmwareMatch-

Node

qualcommqcn7605Match-

AND

qualcommqcn7605_firmwareMatch-

Node

qualcommqcs605Match-

AND

qualcommqcs605_firmwareMatch-

Node

qualcommsc8180xMatch-

AND

qualcommsc8180x_firmwareMatch-

Node

qualcommsdm710Match-

AND

qualcommsdm710_firmwareMatch-

Node

qualcommsdx24Match-

AND

qualcommsdx24_firmwareMatch-

Node

qualcommsdx55Match-

AND

qualcommsdx55_firmwareMatch-

Node

qualcommsm8150Match-

AND

qualcommsm8150_firmwareMatch-

Node

qualcommsm8250_firmwareMatch-

AND

qualcommsm8250Match-

Node

qualcommsxr2130_firmwareMatch-

AND

qualcommsxr2130Match-

VendorProductVersionCPE
qualcommapq8009_firmware-cpe:2.3:o:qualcomm:apq8009_firmware:-:*:*:*:*:*:*:*
qualcommapq8009-cpe:2.3:h:qualcomm:apq8009:-:*:*:*:*:*:*:*
qualcommapq8096au_firmware-cpe:2.3:o:qualcomm:apq8096au_firmware:-:*:*:*:*:*:*:*
qualcommapq8096au-cpe:2.3:h:qualcomm:apq8096au:-:*:*:*:*:*:*:*
qualcommipq4019_firmware-cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*
qualcommipq4019-cpe:2.3:h:qualcomm:ipq4019:-:*:*:*:*:*:*:*
qualcommipq6018_firmware-cpe:2.3:o:qualcomm:ipq6018_firmware:-:*:*:*:*:*:*:*
qualcommipq6018-cpe:2.3:h:qualcomm:ipq6018:-:*:*:*:*:*:*:*
qualcommipq8064_firmware-cpe:2.3:o:qualcomm:ipq8064_firmware:-:*:*:*:*:*:*:*
qualcommipq8064-cpe:2.3:h:qualcomm:ipq8064:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qualcomm	apq8009_firmware	-	cpe:2.3:o:qualcomm:apq8009_firmware:-:::::::*
qualcomm	apq8009	-	cpe:2.3:h:qualcomm:apq8009:-:::::::*
qualcomm	apq8096au_firmware	-	cpe:2.3:o:qualcomm:apq8096au_firmware:-:::::::*
qualcomm	apq8096au	-	cpe:2.3:h:qualcomm:apq8096au:-:::::::*
qualcomm	ipq4019_firmware	-	cpe:2.3:o:qualcomm:ipq4019_firmware:-:::::::*
qualcomm	ipq4019	-	cpe:2.3:h:qualcomm:ipq4019:-:::::::*
qualcomm	ipq6018_firmware	-	cpe:2.3:o:qualcomm:ipq6018_firmware:-:::::::*
qualcomm	ipq6018	-	cpe:2.3:h:qualcomm:ipq6018:-:::::::*
qualcomm	ipq8064_firmware	-	cpe:2.3:o:qualcomm:ipq8064_firmware:-:::::::*
qualcomm	ipq8064	-	cpe:2.3:h:qualcomm:ipq8064:-:::::::*

Rows per page:

1-10 of 401

CNA Affected

[
  {
    "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "APQ8009, APQ8096AU, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, QCN7605, QCS605, SC8180X, SDM710, SDX24, SDX55, SM8150, SM8250, SXR2130"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:N/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

9.1

Confidence

High

EPSS

0.002

Percentile

56.4%

JSON

Related for CVE-2019-10622