Sign-up

ID

VAR-201905-0618


CVE

CVE-2019-2250


TITLE

plural Snapdragon Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-004906

DESCRIPTION

Kernel can write to arbitrary memory address passed by user while freeing/stopping a thread in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCS605, SD 675, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SM7150, SXR1130. plural Snapdragon The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-120487384, A-117119000, A-117118976, A-117118295, A-117119172, A-122473270, A-109678120, A-111093019, A-111092813, A-111089816, A-111092945, A-111092919, A-111091938, A-111093762, A-111093242, A-111090373, A-111092814, A-111093763, A-111093243, A-111089817, A-111092400, A-111090534, A-111091378, A-111092946, A-111093022, A-111093244, A-111092888, A-111093280, A-111092401, A-111093259, A-111090535, A-112279580, A-112279127, A-119049704, A-119052960, A-114042276, A-117118499, A-117119174, A-117119152, A-117118789, A-122472377, A-120483842, A-122472139 and A-122473145. Qualcomm SD 712 and others are a central processing unit (CPU) product of Qualcomm (Qualcomm). An access control error vulnerability exists in kernel components in several Qualcomm products. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles. The following products and versions are affected: Qualcomm QCS605; SD 675; SD 712; SD 710; SD 670; SD 835; SD 845; SD 850; SD 855; SD 8CX; SM7150; SXR1130

Trust: 2.07

sources: NVD: CVE-2019-2250 // JVNDB: JVNDB-2019-004906 // BID: 107681 // VULHUB: VHN-153685 // VULMON: CVE-2019-2250

AFFECTED PRODUCTS

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 8cxscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm7150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 855scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr1130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 675scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 712scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 670scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 675scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 710scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 712scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 835scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 845scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 850scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 855scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 8cxscope: - version: -

Trust: 0.8

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel cscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexus playerscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: BID: 107681 // JVNDB: JVNDB-2019-004906 // NVD: CVE-2019-2250

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-2250
value: HIGH

Trust: 1.0

NVD: CVE-2019-2250
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201904-048
value: HIGH

Trust: 0.6

VULHUB: VHN-153685
value: HIGH

Trust: 0.1

VULMON: CVE-2019-2250
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-2250
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-153685
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-2250
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-153685 // VULMON: CVE-2019-2250 // JVNDB: JVNDB-2019-004906 // CNNVD: CNNVD-201904-048 // NVD: CVE-2019-2250

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-119

Trust: 1.0

sources: VULHUB: VHN-153685 // JVNDB: JVNDB-2019-004906 // NVD: CVE-2019-2250

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201904-048

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201904-048

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-004906

PATCH
title:April 2019 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins#_CVE-2019-2250
Trust: 0.8
title:Android Qualcomm Repair measures for closed source component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90972
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—April 2019url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=cd95df8ce79ebdc8577685322caeeedf
Trust: 0.1
title:Threatposturl:https://threatpost.com/google-critical-remote-code-execution-flaws-android/144497/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-2250 // 
            
            
            
            JVNDB: JVNDB-2019-004906 // 
            
            
            
            CNNVD: CNNVD-201904-048

EXTERNAL IDS
db:NVDid:CVE-2019-2250
Trust: 2.9
db:BIDid:107681
Trust: 1.0
db:JVNDBid:JVNDB-2019-004906
Trust: 0.8
db:CNNVDid:CNNVD-201904-048
Trust: 0.7
db:VULHUBid:VHN-153685
Trust: 0.1
db:VULMONid:CVE-2019-2250
Trust: 0.1
sources:
            
            
            VULHUB: VHN-153685 // 
            
            
            
            VULMON: CVE-2019-2250 // 
            
            
            
            BID: 107681 // 
            
            
            
            JVNDB: JVNDB-2019-004906 // 
            
            
            
            CNNVD: CNNVD-201904-048 // 
            
            
            
            NVD: CVE-2019-2250

REFERENCES
url:https://www.qualcomm.com/company/product-security/bulletins#_cve-2019-2250
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-2250
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2250
Trust: 0.8
url:http://www.securityfocus.com/bid/107681
Trust: 0.7
url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-april-2019-28925
Trust: 0.6
url:https://source.android.com/security/bulletin/2019-04-01.html
Trust: 0.4
url:http://code.google.com/android/
Trust: 0.3
url:http://www.qualcomm.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/google-critical-remote-code-execution-flaws-android/144497/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-153685 // 
            
            
            
            VULMON: CVE-2019-2250 // 
            
            
            
            BID: 107681 // 
            
            
            
            JVNDB: JVNDB-2019-004906 // 
            
            
            
            CNNVD: CNNVD-201904-048 // 
            
            
            
            NVD: CVE-2019-2250

CREDITS
The vendor reported these issues.
Trust: 0.9
sources:
            
            
            BID: 107681 // 
            
            
            
            CNNVD: CNNVD-201904-048

SOURCES
db:VULHUBid:VHN-153685
db:VULMONid:CVE-2019-2250
db:BIDid:107681
db:JVNDBid:JVNDB-2019-004906
db:CNNVDid:CNNVD-201904-048
db:NVDid:CVE-2019-2250

LAST UPDATE DATE
2024-11-23T21:38:13.817000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-153685date:2019-05-29T00:00:00
db:VULMONid:CVE-2019-2250date:2021-07-21T00:00:00
db:BIDid:107681date:2019-04-01T00:00:00
db:JVNDBid:JVNDB-2019-004906date:2019-06-11T00:00:00
db:CNNVDid:CNNVD-201904-048date:2019-05-30T00:00:00
db:NVDid:CVE-2019-2250date:2024-11-21T04:40:32.300

SOURCES RELEASE DATE
db:VULHUBid:VHN-153685date:2019-05-24T00:00:00
db:VULMONid:CVE-2019-2250date:2019-05-24T00:00:00
db:BIDid:107681date:2019-04-01T00:00:00
db:JVNDBid:JVNDB-2019-004906date:2019-06-11T00:00:00
db:CNNVDid:CNNVD-201904-048date:2019-04-02T00:00:00
db:NVDid:CVE-2019-2250date:2019-05-24T17:29:02.820