Lucene search

QualcommCVE-2019-14046

HistoryFeb 07, 2020 - 5:15 a.m.

CVE-2019-14046

2020-02-0705:15:11

CWE-129

qualcomm

web.nvd.nist.gov

cve-2019-14046

out of bound access

improper validation

camera

snapdragon

memory allocation

nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

Percentile

12.6%

JSON

Out of bound access while allocating memory for an array in camera due to improper validation of elements parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS605, SDM439, SDX24

Affected configurations

Nvd

Node

qualcommqcs605Match-

AND

qualcommqcs605_firmwareMatch-

Node

qualcommsdm439Match-

AND

qualcommsdm439_firmwareMatch-

Node

qualcommsdx24_firmwareMatch-

AND

qualcommsdx24Match-

VendorProductVersionCPE
qualcommqcs605-cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*
qualcommqcs605_firmware-cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*
qualcommsdm439-cpe:2.3:h:qualcomm:sdm439:-:*:*:*:*:*:*:*
qualcommsdm439_firmware-cpe:2.3:o:qualcomm:sdm439_firmware:-:*:*:*:*:*:*:*
qualcommsdx24_firmware-cpe:2.3:o:qualcomm:sdx24_firmware:-:*:*:*:*:*:*:*
qualcommsdx24-cpe:2.3:h:qualcomm:sdx24:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qualcomm	qcs605	-	cpe:2.3:h:qualcomm:qcs605:-:::::::*
qualcomm	qcs605_firmware	-	cpe:2.3:o:qualcomm:qcs605_firmware:-:::::::*
qualcomm	sdm439	-	cpe:2.3:h:qualcomm:sdm439:-:::::::*
qualcomm	sdm439_firmware	-	cpe:2.3:o:qualcomm:sdm439_firmware:-:::::::*
qualcomm	sdx24_firmware	-	cpe:2.3:o:qualcomm:sdx24_firmware:-:::::::*
qualcomm	sdx24	-	cpe:2.3:h:qualcomm:sdx24:-:::::::*

CNA Affected

[
  {
    "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "QCS605, SDM439, SDX24"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2019-14046