Sign-up

ID

VAR-201906-0694


CVE

CVE-2019-2256


TITLE

plural Snapdragon Product buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-005492

DESCRIPTION

An unprivileged user can craft a bitstream such that the payload encoded in the bitstream gains code execution in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130. plural Snapdragon The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. QualcommMDM9650 is a central processing unit (CPU) product of Qualcomm. A buffer overflow vulnerability exists in several Qualcomm products. This vulnerability is caused when the network system or product performs operations on the memory and does not correctly verify the data boundary, resulting in incorrect read and write operations to other associated memory locations. This vulnerability can be exploited to cause buffer overflows or heap overflows. Qualcomm Closed-Source Components are prone to the following security vulnerabilities: 1. Multiple buffer-overflow vulnerabilities 2. Multiple information disclosure vulnerabilities 3. Multiple out-of-bounds memory access vulnerabilities 4. An unauthorized-access vulnerability 5. Multiple denial-of-service vulnerabilities 6. An insecure-file-permissions vulnerability An attacker can exploit these issues to execute arbitrary code, perform unauthorized actions, cause denial-of-service condition and obtain sensitive information. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-114074547,A-119050181,A-122474428,A-114067283,A-119049466,A-119050073,A-119049388,A-119050001,A-119049623,A-119051002,A-119050182,A-119052037,A-122472140,A-112303441 and A-123997497

Trust: 2.61

sources: NVD: CVE-2019-2256 // JVNDB: JVNDB-2019-005492 // CNVD: CNVD-2019-13770 // BID: 108300 // VULHUB: VHN-153691 // VULMON: CVE-2019-2256

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-13770

AFFECTED PRODUCTS

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 1.4

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 1.4

vendor:qualcommmodel:qcs605scope: - version: -

Trust: 1.4

vendor:qualcommmodel:sd 632scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 8cxscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 427scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 675scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon high med 2016scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qm215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 435scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 855scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr1130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 712scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qm215scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 205scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 212scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 425scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 427scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sdscope:eqversion:210

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:212

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:205

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:845

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:850

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:425

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:450

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:625

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:820

Trust: 0.6

vendor:qualcommmodel:sd 820ascope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:835

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:430

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:427

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:435

Trust: 0.6

vendor:qualcommmodel:sdm630scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm660scope: - version: -

Trust: 0.6

vendor:qualcommmodel:snapdragon high med 2016scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sda660scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sxr1130scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:632

Trust: 0.6

vendor:qualcommmodel:sd 8cxscope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm439scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:439

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:429

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:636

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:712

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:710

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:670

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:855

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:675

Trust: 0.6

vendor:qualcommmodel:qualcommscope:eqversion:215

Trust: 0.6

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel cscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexus playerscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2019-13770 // BID: 108300 // JVNDB: JVNDB-2019-005492 // NVD: CVE-2019-2256

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-2256
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-2256
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-13770
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201905-156
value: CRITICAL

Trust: 0.6

VULHUB: VHN-153691
value: HIGH

Trust: 0.1

VULMON: CVE-2019-2256
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-2256
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-13770
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-153691
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-2256
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-13770 // VULHUB: VHN-153691 // VULMON: CVE-2019-2256 // JVNDB: JVNDB-2019-005492 // CNNVD: CNNVD-201905-156 // NVD: CVE-2019-2256

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-153691 // JVNDB: JVNDB-2019-005492 // NVD: CVE-2019-2256

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-156

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201905-156

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005492

PATCH
title:May 2019 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins
Trust: 0.8
title:Patches for multiple Qualcomm Product Buffer Overflow Vulnerabilities (CNVD-2019-13770)url:https://www.cnvd.org.cn/patchInfo/show/160903
Trust: 0.6
title:Multiple Qualcomm Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92301
Trust: 0.6
title:Threatposturl:https://threatpost.com/google-critical-remote-code-execution-flaws-android/144497/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-13770 // 
            
            
            
            VULMON: CVE-2019-2256 // 
            
            
            
            JVNDB: JVNDB-2019-005492 // 
            
            
            
            CNNVD: CNNVD-201905-156

EXTERNAL IDS
db:NVDid:CVE-2019-2256
Trust: 3.5
db:BIDid:108300
Trust: 1.0
db:JVNDBid:JVNDB-2019-005492
Trust: 0.8
db:CNNVDid:CNNVD-201905-156
Trust: 0.7
db:CNVDid:CNVD-2019-13770
Trust: 0.6
db:VULHUBid:VHN-153691
Trust: 0.1
db:VULMONid:CVE-2019-2256
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-13770 // 
            
            
            
            VULHUB: VHN-153691 // 
            
            
            
            VULMON: CVE-2019-2256 // 
            
            
            
            BID: 108300 // 
            
            
            
            JVNDB: JVNDB-2019-005492 // 
            
            
            
            CNNVD: CNNVD-201905-156 // 
            
            
            
            NVD: CVE-2019-2256

REFERENCES
url:https://www.qualcomm.com/company/product-security/bulletins
Trust: 2.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-2256
Trust: 1.4
url:https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-may-2019-29239
Trust: 1.2
url:http://code.google.com/android/
Trust: 0.9
url:http://www.qualcomm.com/
Trust: 0.9
url:https://source.android.com/security/bulletin/2019-05-01
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2256
Trust: 0.8
url:https://www.securityfocus.com/bid/108300
Trust: 0.7
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/google-critical-remote-code-execution-flaws-android/144497/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-13770 // 
            
            
            
            VULHUB: VHN-153691 // 
            
            
            
            VULMON: CVE-2019-2256 // 
            
            
            
            BID: 108300 // 
            
            
            
            JVNDB: JVNDB-2019-005492 // 
            
            
            
            CNNVD: CNNVD-201905-156 // 
            
            
            
            NVD: CVE-2019-2256

CREDITS
Wen Guanxing of Pangu LAB, Xiling Gong of Tencent Blade Team.,derrek
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201905-156

SOURCES
db:CNVDid:CNVD-2019-13770
db:VULHUBid:VHN-153691
db:VULMONid:CVE-2019-2256
db:BIDid:108300
db:JVNDBid:JVNDB-2019-005492
db:CNNVDid:CNNVD-201905-156
db:NVDid:CVE-2019-2256

LAST UPDATE DATE
2024-11-23T21:37:13.169000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-13770date:2019-05-10T00:00:00
db:VULHUBid:VHN-153691date:2020-08-24T00:00:00
db:VULMONid:CVE-2019-2256date:2020-08-24T00:00:00
db:BIDid:108300date:2019-05-06T00:00:00
db:JVNDBid:JVNDB-2019-005492date:2019-06-20T00:00:00
db:CNNVDid:CNNVD-201905-156date:2020-08-25T00:00:00
db:NVDid:CVE-2019-2256date:2024-11-21T04:40:33.240

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-13770date:2019-05-10T00:00:00
db:VULHUBid:VHN-153691date:2019-06-14T00:00:00
db:VULMONid:CVE-2019-2256date:2019-06-14T00:00:00
db:BIDid:108300date:2019-05-06T00:00:00
db:JVNDBid:JVNDB-2019-005492date:2019-06-20T00:00:00
db:CNNVDid:CNNVD-201905-156date:2019-05-07T00:00:00
db:NVDid:CVE-2019-2256date:2019-06-14T17:29:02.690