Lucene search

QualcommCVE-2019-14104

HistoryApr 16, 2020 - 11:15 a.m.

CVE-2019-14104

2020-04-1611:15:14

CWE-125

qualcomm

web.nvd.nist.gov

cve-2019-14104

nvd

security

snapdragon

compute

consumer iot

mobile

apq8053

sc8180x

sdx55

sm8150

vulnerability

access

null check

CVSS2

6.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:N/A:C

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

AI Score

Confidence

High

EPSS

Percentile

12.6%

JSON

Slab-out-of-bounds access can occur if the context pointer is invalid due to lack of null check on pointer before accessing it in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, SC8180X, SDX55, SM8150

Affected configurations

Nvd

Node

qualcommapq8053_firmwareMatch-

AND

qualcommapq8053Match-

Node

qualcommsc8180x_firmwareMatch-

AND

qualcommsc8180xMatch-

Node

qualcommsdx55_firmwareMatch-

AND

qualcommsdx55Match-

Node

qualcommsm8150_firmwareMatch-

AND

qualcommsm8150Match-

VendorProductVersionCPE
qualcommapq8053_firmware-cpe:2.3:o:qualcomm:apq8053_firmware:-:*:*:*:*:*:*:*
qualcommapq8053-cpe:2.3:h:qualcomm:apq8053:-:*:*:*:*:*:*:*
qualcommsc8180x_firmware-cpe:2.3:o:qualcomm:sc8180x_firmware:-:*:*:*:*:*:*:*
qualcommsc8180x-cpe:2.3:h:qualcomm:sc8180x:-:*:*:*:*:*:*:*
qualcommsdx55_firmware-cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*
qualcommsdx55-cpe:2.3:h:qualcomm:sdx55:-:*:*:*:*:*:*:*
qualcommsm8150_firmware-cpe:2.3:o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:*
qualcommsm8150-cpe:2.3:h:qualcomm:sm8150:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qualcomm	apq8053_firmware	-	cpe:2.3:o:qualcomm:apq8053_firmware:-:::::::*
qualcomm	apq8053	-	cpe:2.3:h:qualcomm:apq8053:-:::::::*
qualcomm	sc8180x_firmware	-	cpe:2.3:o:qualcomm:sc8180x_firmware:-:::::::*
qualcomm	sc8180x	-	cpe:2.3:h:qualcomm:sc8180x:-:::::::*
qualcomm	sdx55_firmware	-	cpe:2.3:o:qualcomm:sdx55_firmware:-:::::::*
qualcomm	sdx55	-	cpe:2.3:h:qualcomm:sdx55:-:::::::*
qualcomm	sm8150_firmware	-	cpe:2.3:o:qualcomm:sm8150_firmware:-:::::::*
qualcomm	sm8150	-	cpe:2.3:h:qualcomm:sm8150:-:::::::*

CNA Affected

[
  {
    "product": "Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "APQ8053, SC8180X, SDX55, SM8150"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin

CVSS2

6.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:N/A:C

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

AI Score

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2019-14104