Lucene search

QualcommCVE-2019-2276

HistoryJul 25, 2019 - 5:15 p.m.

CVE-2019-2276

2019-07-2517:15:12

CWE-125

qualcomm

web.nvd.nist.gov

cve-2019-2276

out of bound read

snapdragon

security vulnerability

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.002

Percentile

56.4%

JSON

Possible out of bound read occurs while processing beaconing request due to lack of check on action frames received from user controlled space in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS405, QCS605, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX24

Affected configurations

Nvd

Node

qualcommmdm9607_firmwareMatch-

AND

qualcommmdm9607Match-

Node

qualcommmsm8996au_firmwareMatch-

AND

qualcommmsm8996auMatch-

Node

qualcommqca6174a_firmwareMatch-

AND

qualcommqca6174aMatch-

Node

qualcommqca6574au_firmwareMatch-

AND

qualcommqca6574auMatch-

Node

qualcommqca9377_firmwareMatch-

AND

qualcommqca9377Match-

Node

qualcommqca9379_firmwareMatch-

AND

qualcommqca9379Match-

Node

qualcommqcs405_firmwareMatch-

AND

qualcommqcs405Match-

Node

qualcommqcs605_firmwareMatch-

AND

qualcommqcs605Match-

Node

qualcommsd_636_firmwareMatch-

AND

qualcommsd_636Match-

Node

qualcommsd_665_firmwareMatch-

AND

qualcommsd_665Match-

Node

qualcommsd_675_firmwareMatch-

AND

qualcommsd_675Match-

Node

qualcommsd_712_firmwareMatch-

AND

qualcommsd_712Match-

Node

qualcommsd_710_firmwareMatch-

AND

qualcommsd_710Match-

Node

qualcommsd_670_firmwareMatch-

AND

qualcommsd_670Match-

Node

qualcommsd_730_firmwareMatch-

AND

qualcommsd_730Match-

Node

qualcommsd_820a_firmwareMatch-

AND

qualcommsd_820aMatch-

Node

qualcommsd_845_firmwareMatch-

AND

qualcommsd_845Match-

Node

qualcommsd_850_firmwareMatch-

AND

qualcommsd_850Match-

Node

qualcommsd_855_firmwareMatch-

AND

qualcommsd_855Match-

Node

qualcommsdm630_firmwareMatch-

AND

qualcommsdm630Match-

Node

qualcommsdm660_firmwareMatch-

AND

qualcommsdm660Match-

Node

qualcommsdx24_firmwareMatch-

AND

qualcommsdx24Match-

VendorProductVersionCPE
qualcommmdm9607_firmware-cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
qualcommmdm9607-cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*
qualcommmsm8996au_firmware-cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*
qualcommmsm8996au-cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*
qualcommqca6174a_firmware-cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*
qualcommqca6174a-cpe:2.3:h:qualcomm:qca6174a:-:*:*:*:*:*:*:*
qualcommqca6574au_firmware-cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*
qualcommqca6574au-cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:*
qualcommqca9377_firmware-cpe:2.3:o:qualcomm:qca9377_firmware:-:*:*:*:*:*:*:*
qualcommqca9377-cpe:2.3:h:qualcomm:qca9377:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qualcomm	mdm9607_firmware	-	cpe:2.3:o:qualcomm:mdm9607_firmware:-:::::::*
qualcomm	mdm9607	-	cpe:2.3:h:qualcomm:mdm9607:-:::::::*
qualcomm	msm8996au_firmware	-	cpe:2.3:o:qualcomm:msm8996au_firmware:-:::::::*
qualcomm	msm8996au	-	cpe:2.3:h:qualcomm:msm8996au:-:::::::*
qualcomm	qca6174a_firmware	-	cpe:2.3:o:qualcomm:qca6174a_firmware:-:::::::*
qualcomm	qca6174a	-	cpe:2.3:h:qualcomm:qca6174a:-:::::::*
qualcomm	qca6574au_firmware	-	cpe:2.3:o:qualcomm:qca6574au_firmware:-:::::::*
qualcomm	qca6574au	-	cpe:2.3:h:qualcomm:qca6574au:-:::::::*
qualcomm	qca9377_firmware	-	cpe:2.3:o:qualcomm:qca9377_firmware:-:::::::*
qualcomm	qca9377	-	cpe:2.3:h:qualcomm:qca9377:-:::::::*

Rows per page:

1-10 of 441

CNA Affected

[
  {
    "product": "Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "MDM9607, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS405, QCS605, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX24"
      }
    ]
  }
]

References

www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.002

Percentile

56.4%

JSON

Related for CVE-2019-2276