Details of VAR-201906-0693

ID

VAR-201906-0693

CVE

CVE-2019-2255

TITLE

plural Snapdragon Product buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-005491

DESCRIPTION

An unprivileged user can craft a bitstream such that the payload encoded in the bitstream gains code execution in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130. plural Snapdragon The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. QualcommMDM9650 is a central processing unit (CPU) product of Qualcomm. A buffer overflow vulnerability exists in H.264 decoders in several Qualcomm products. This vulnerability stems from a network system or product performing an operation on memory that does not properly validate data boundaries, causing errors to be performed on other associated memory locations. Read and write operations that an attacker can exploit to cause a buffer overflow or heap overflow. Qualcomm Closed-Source Components are prone to the following security vulnerabilities: 1. Multiple buffer-overflow vulnerabilities 2. Multiple information disclosure vulnerabilities 3. Multiple out-of-bounds memory access vulnerabilities 4. An unauthorized-access vulnerability 5. Multiple denial-of-service vulnerabilities 6. An insecure-file-permissions vulnerability An attacker can exploit these issues to execute arbitrary code, perform unauthorized actions, cause denial-of-service condition and obtain sensitive information. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-114074547,A-119050181,A-122474428,A-114067283,A-119049466,A-119050073,A-119049388,A-119050001,A-119049623,A-119051002,A-119050182,A-119052037,A-122472140,A-112303441 and A-123997497

Trust: 2.61

sources: NVD: CVE-2019-2255 // JVNDB: JVNDB-2019-005491 // CNVD: CNVD-2019-13769 // BID: 108300 // VULHUB: VHN-153690 // VULMON: CVE-2019-2255

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-13769

AFFECTED PRODUCTS

vendor:	qualcomm	model:	msm8909w	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	msm8996au	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	qcs605	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	sd 632	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8996au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 8cx	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 205	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 427	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 212	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sda660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 835	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 710	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 425	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 675	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 429	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 820a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon high med 2016	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 730	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 850	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm630	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 820	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qm215	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 450	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm439	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8909w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 670	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 439	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 435	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 855	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sxr1130	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 430	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 210	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 712	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 636	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 625	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qm215	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 205	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 210	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 212	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 425	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 427	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 430	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd	scope:	eq	version:	210	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	212	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	205	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	845	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	850	Trust: 0.6
vendor:	qualcomm	model:	mdm9650	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	425	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	450	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	625	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	820	Trust: 0.6
vendor:	qualcomm	model:	sd 820a	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	835	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	430	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	427	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	435	Trust: 0.6
vendor:	qualcomm	model:	sdm630	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sdm660	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	snapdragon high med 2016	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sda660	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sxr1130	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	632	Trust: 0.6
vendor:	qualcomm	model:	sd 8cx	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sdm439	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	439	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	429	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	636	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	712	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	710	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	670	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	855	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	675	Trust: 0.6
vendor:	qualcomm	model:	qualcomm	scope:	eq	version:	215	Trust: 0.6
vendor:	google	model:	pixel xl	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	pixel c	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	pixel	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	nexus player	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	9	Trust: 0.3
vendor:	google	model:	nexus 6p	scope:	-	version:	-	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	6	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	5x	Trust: 0.3
vendor:	google	model:	android	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2019-13769 // BID: 108300 // JVNDB: JVNDB-2019-005491 // NVD: CVE-2019-2255

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-2255
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-2255
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2019-13769
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201905-157
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-153690
value:	HIGH
Trust: 0.1
VULMON:	CVE-2019-2255
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-2255
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-13769
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-153690
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-2255
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-13769 // VULHUB: VHN-153690 // VULMON: CVE-2019-2255 // JVNDB: JVNDB-2019-005491 // CNNVD: CNNVD-201905-157 // NVD: CVE-2019-2255

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-119	Trust: 0.9

sources: VULHUB: VHN-153690 // JVNDB: JVNDB-2019-005491 // NVD: CVE-2019-2255

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-157

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201905-157

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-005491

PATCH

title:	May 2019 Qualcomm Technologies, Inc. Security Bulletin	url:	https://www.qualcomm.com/company/product-security/bulletins	Trust: 0.8
title:	Patches for multiple Qualcomm H.264 decoder buffer overflow vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/160905	Trust: 0.6
title:	Multiple Qualcomm product H.264 Fixes for decoder buffer error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92302	Trust: 0.6

sources: CNVD: CNVD-2019-13769 // JVNDB: JVNDB-2019-005491 // CNNVD: CNNVD-201905-157

EXTERNAL IDS

db:	NVD	id:	CVE-2019-2255	Trust: 3.5
db:	BID	id:	108300	Trust: 1.0
db:	JVNDB	id:	JVNDB-2019-005491	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-157	Trust: 0.7
db:	CNVD	id:	CNVD-2019-13769	Trust: 0.6
db:	VULHUB	id:	VHN-153690	Trust: 0.1
db:	VULMON	id:	CVE-2019-2255	Trust: 0.1

sources: CNVD: CNVD-2019-13769 // VULHUB: VHN-153690 // VULMON: CVE-2019-2255 // BID: 108300 // JVNDB: JVNDB-2019-005491 // CNNVD: CNNVD-201905-157 // NVD: CVE-2019-2255

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins	Trust: 2.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-2255	Trust: 1.4
url:	https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-may-2019-29239	Trust: 1.2
url:	http://code.google.com/android/	Trust: 0.9
url:	http://www.qualcomm.com/	Trust: 0.9
url:	https://source.android.com/security/bulletin/2019-05-01	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2255	Trust: 0.8
url:	https://www.securityfocus.com/bid/108300	Trust: 0.7
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2019-13769 // VULHUB: VHN-153690 // VULMON: CVE-2019-2255 // BID: 108300 // JVNDB: JVNDB-2019-005491 // CNNVD: CNNVD-201905-157 // NVD: CVE-2019-2255

CREDITS

Wen Guanxing of Pangu LAB, Xiling Gong of Tencent Blade Team.,derrek

Trust: 0.6

sources: CNNVD: CNNVD-201905-157

SOURCES

db:	CNVD	id:	CNVD-2019-13769
db:	VULHUB	id:	VHN-153690
db:	VULMON	id:	CVE-2019-2255
db:	BID	id:	108300
db:	JVNDB	id:	JVNDB-2019-005491
db:	CNNVD	id:	CNNVD-201905-157
db:	NVD	id:	CVE-2019-2255

LAST UPDATE DATE

2024-11-23T21:37:13.061000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-13769	date:	2019-05-10T00:00:00
db:	VULHUB	id:	VHN-153690	date:	2020-08-24T00:00:00
db:	VULMON	id:	CVE-2019-2255	date:	2020-08-24T00:00:00
db:	BID	id:	108300	date:	2019-05-06T00:00:00
db:	JVNDB	id:	JVNDB-2019-005491	date:	2019-06-20T00:00:00
db:	CNNVD	id:	CNNVD-201905-157	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-2255	date:	2024-11-21T04:40:33.080

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-13769	date:	2019-05-10T00:00:00
db:	VULHUB	id:	VHN-153690	date:	2019-06-14T00:00:00
db:	VULMON	id:	CVE-2019-2255	date:	2019-06-14T00:00:00
db:	BID	id:	108300	date:	2019-05-06T00:00:00
db:	JVNDB	id:	JVNDB-2019-005491	date:	2019-06-20T00:00:00
db:	CNNVD	id:	CNNVD-201905-157	date:	2019-05-07T00:00:00
db:	NVD	id:	CVE-2019-2255	date:	2019-06-14T17:29:02.423