Lucene search

QualcommCVE-2019-10624

HistoryApr 16, 2020 - 11:15 a.m.

CVE-2019-10624

2020-04-1611:15:14

CWE-119

CWE-681

qualcomm

web.nvd.nist.gov

cve-2019-10624

snapdragon auto

snapdragon compute

integer truncation issue

buffer overflow

nvd

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

Percentile

12.6%

JSON

While handling the vendor command there is an integer truncation issue that could yield a buffer overflow due to int data type copied to u8 data type in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8096AU, MSM8996AU, QCA6574AU, QCN7605, Rennell, SC8180X, SDM710, SDX55, SM7150, SM8150, SM8250, SXR2130

Affected configurations

Nvd

Node

qualcommapq8096au_firmwareMatch-

AND

qualcommapq8096auMatch-

Node

qualcommmsm8996au_firmwareMatch-

AND

qualcommmsm8996auMatch-

Node

qualcommqca6574au_firmwareMatch-

AND

qualcommqca6574auMatch-

Node

qualcommqcn7605_firmwareMatch-

AND

qualcommqcn7605Match-

Node

qualcommrennell_firmwareMatch-

AND

qualcommrennellMatch-

Node

qualcommsc8180x_firmwareMatch-

AND

qualcommsc8180xMatch-

Node

qualcommsdm710_firmwareMatch-

AND

qualcommsdm710Match-

Node

qualcommsdx55_firmwareMatch-

AND

qualcommsdx55Match-

Node

qualcommsm7150_firmwareMatch-

AND

qualcommsm7150Match-

Node

qualcommsm8150_firmwareMatch-

AND

qualcommsm8150Match-

Node

qualcommsm8250_firmwareMatch-

AND

qualcommsm8250Match-

Node

qualcommsxr2130_firmwareMatch-

AND

qualcommsxr2130Match-

VendorProductVersionCPE
qualcommapq8096au_firmware-cpe:2.3:o:qualcomm:apq8096au_firmware:-:*:*:*:*:*:*:*
qualcommapq8096au-cpe:2.3:h:qualcomm:apq8096au:-:*:*:*:*:*:*:*
qualcommmsm8996au_firmware-cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*
qualcommmsm8996au-cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*
qualcommqca6574au_firmware-cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*
qualcommqca6574au-cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:*
qualcommqcn7605_firmware-cpe:2.3:o:qualcomm:qcn7605_firmware:-:*:*:*:*:*:*:*
qualcommqcn7605-cpe:2.3:h:qualcomm:qcn7605:-:*:*:*:*:*:*:*
qualcommrennell_firmware-cpe:2.3:o:qualcomm:rennell_firmware:-:*:*:*:*:*:*:*
qualcommrennell-cpe:2.3:h:qualcomm:rennell:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qualcomm	apq8096au_firmware	-	cpe:2.3:o:qualcomm:apq8096au_firmware:-:::::::*
qualcomm	apq8096au	-	cpe:2.3:h:qualcomm:apq8096au:-:::::::*
qualcomm	msm8996au_firmware	-	cpe:2.3:o:qualcomm:msm8996au_firmware:-:::::::*
qualcomm	msm8996au	-	cpe:2.3:h:qualcomm:msm8996au:-:::::::*
qualcomm	qca6574au_firmware	-	cpe:2.3:o:qualcomm:qca6574au_firmware:-:::::::*
qualcomm	qca6574au	-	cpe:2.3:h:qualcomm:qca6574au:-:::::::*
qualcomm	qcn7605_firmware	-	cpe:2.3:o:qualcomm:qcn7605_firmware:-:::::::*
qualcomm	qcn7605	-	cpe:2.3:h:qualcomm:qcn7605:-:::::::*
qualcomm	rennell_firmware	-	cpe:2.3:o:qualcomm:rennell_firmware:-:::::::*
qualcomm	rennell	-	cpe:2.3:h:qualcomm:rennell:-:::::::*

Rows per page:

1-10 of 241

CNA Affected

[
  {
    "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "APQ8096AU, MSM8996AU, QCA6574AU, QCN7605, Rennell, SC8180X, SDM710, SDX55, SM7150, SM8150, SM8250, SXR2130"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2019-10624