Sign-up

ID

VAR-201905-0616


CVE

CVE-2019-2247


TITLE

plural Snapdragon Double release vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-004904

DESCRIPTION

Possibility of double free issue while running multiple instances of smp2p test because of proper protection is missing while using global variable in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24. plural Snapdragon The product contains a double release vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. QualcommMDM9206 and other products are products of Qualcomm. The MDM9206 is a central processing unit (CPU) product. The MDM9607 is a central processing unit (CPU) product. The MDM9640 is a central processing unit (CPU) product. A resource management error vulnerability exists in several Qualcomm products. The vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. The following products and versions are affected: Qualcomm MDM9150; MDM9206; MDM9607; MDM9640; MDM9650; MSM8909W; MSM8996AU; QCS605; /16; SD 415; SD 625; SD 632; SD 636; SD 650/52; SD 712; SD 710; SD 670; SD 820A; SD 835; SD 845; SD 850; SD 855; SDM660; SDX20; SDX24

Trust: 2.25

sources: NVD: CVE-2019-2247 // JVNDB: JVNDB-2019-004904 // CNVD: CNVD-2019-16543 // VULHUB: VHN-153682

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-16543

AFFECTED PRODUCTS

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 1.4

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 1.4

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9640scope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9150scope: - version: -

Trust: 1.4

vendor:qualcommmodel:qcs605scope: - version: -

Trust: 1.4

vendor:qualcommmodel:sdx24scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 615scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 616scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 712scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 632scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 415scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 652scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qm215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 855scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 212scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sdscope:eqversion:850

Trust: 0.6

vendor:qualcommmodel:sdx20scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:425

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:450

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:625

Trust: 0.6

vendor:qualcommmodel:sd 820ascope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:835

Trust: 0.6

vendor:qualcommmodel:sd 210/sd 212/sdscope:eqversion:205

Trust: 0.6

vendor:qualcommmodel:sd 615/16/sdscope:eqversion:415

Trust: 0.6

vendor:qualcommmodel:sdm630scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm660scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:845

Trust: 0.6

vendor:qualcommmodel:sda660scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdx24scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:632

Trust: 0.6

vendor:qualcommmodel:sdm439scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:439

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:429

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:636

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:712

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:710

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:670

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:855

Trust: 0.6

vendor:qualcommmodel:qualcommscope:eqversion:215

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:650/52

Trust: 0.6

sources: CNVD: CNVD-2019-16543 // JVNDB: JVNDB-2019-004904 // NVD: CVE-2019-2247

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-2247
value: HIGH

Trust: 1.0

NVD: CVE-2019-2247
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-16543
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201905-998
value: HIGH

Trust: 0.6

VULHUB: VHN-153682
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-2247
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-16543
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-153682
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-2247
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-16543 // VULHUB: VHN-153682 // JVNDB: JVNDB-2019-004904 // CNNVD: CNNVD-201905-998 // NVD: CVE-2019-2247

PROBLEMTYPE DATA

problemtype:CWE-415

Trust: 1.9

sources: VULHUB: VHN-153682 // JVNDB: JVNDB-2019-004904 // NVD: CVE-2019-2247

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201905-998

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201905-998

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-004904

PATCH
title:April 2019 Code Aurora Security Bulletinurl:https://www.codeaurora.org/security-bulletin/2019/04/01/april-2019-code-aurora-security-bulletin
Trust: 0.8
title:Patches for several Qualcomm Product Resource Management Error Vulnerabilities (CNVD-2019-16543)url:https://www.cnvd.org.cn/patchInfo/show/163065
Trust: 0.6
title:Multiple Qualcomm Product resource management error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92954
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-16543 // 
            
            
            
            JVNDB: JVNDB-2019-004904 // 
            
            
            
            CNNVD: CNNVD-201905-998

EXTERNAL IDS
db:NVDid:CVE-2019-2247
Trust: 3.1
db:JVNDBid:JVNDB-2019-004904
Trust: 0.8
db:CNNVDid:CNNVD-201905-998
Trust: 0.7
db:CNVDid:CNVD-2019-16543
Trust: 0.6
db:VULHUBid:VHN-153682
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-16543 // 
            
            
            
            VULHUB: VHN-153682 // 
            
            
            
            JVNDB: JVNDB-2019-004904 // 
            
            
            
            CNNVD: CNNVD-201905-998 // 
            
            
            
            NVD: CVE-2019-2247

REFERENCES
url:https://www.codeaurora.org/security-bulletin/2019/04/01/april-2019-code-aurora-security-bulletin
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-2247
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2247
Trust: 0.8
url:https://web.nvd.nist.gov//vuln/detail/cve-2019-2247
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-16543 // 
            
            
            
            VULHUB: VHN-153682 // 
            
            
            
            JVNDB: JVNDB-2019-004904 // 
            
            
            
            CNNVD: CNNVD-201905-998 // 
            
            
            
            NVD: CVE-2019-2247

SOURCES
db:CNVDid:CNVD-2019-16543
db:VULHUBid:VHN-153682
db:JVNDBid:JVNDB-2019-004904
db:CNNVDid:CNNVD-201905-998
db:NVDid:CVE-2019-2247

LAST UPDATE DATE
2024-11-23T22:58:40.552000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-16543date:2019-06-05T00:00:00
db:VULHUBid:VHN-153682date:2019-05-29T00:00:00
db:JVNDBid:JVNDB-2019-004904date:2019-06-11T00:00:00
db:CNNVDid:CNNVD-201905-998date:2019-05-30T00:00:00
db:NVDid:CVE-2019-2247date:2024-11-21T04:40:31.813

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-16543date:2019-06-05T00:00:00
db:VULHUBid:VHN-153682date:2019-05-24T00:00:00
db:JVNDBid:JVNDB-2019-004904date:2019-06-11T00:00:00
db:CNNVDid:CNNVD-201905-998date:2019-05-24T00:00:00
db:NVDid:CVE-2019-2247date:2019-05-24T17:29:02.740