ID
VAR-201906-0696
CVE
CVE-2019-2259
TITLE
plural Snapdragon Product depletion vulnerability
Trust: 0.8
DESCRIPTION
Resource allocation error while playing the video whose dimensions are more than supported dimension in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130. plural Snapdragon The product is vulnerable to resource exhaustion.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to the following security vulnerabilities: 1. Multiple buffer-overflow vulnerabilities 2. Multiple information disclosure vulnerabilities 3. Multiple out-of-bounds memory access vulnerabilities 4. An unauthorized-access vulnerability 5. Multiple denial-of-service vulnerabilities 6. An insecure-file-permissions vulnerability An attacker can exploit these issues to execute arbitrary code, perform unauthorized actions, cause denial-of-service condition and obtain sensitive information. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-114074547,A-119050181,A-122474428,A-114067283,A-119049466,A-119050073,A-119049388,A-119050001,A-119049623,A-119051002,A-119050182,A-119052037,A-122472140,A-112303441 and A-123997497. Qualcomm MSM8996AU is a central processing unit (CPU) product of Qualcomm (Qualcomm). A resource management error vulnerability exists in several Qualcomm products. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products
Trust: 2.07
AFFECTED PRODUCTS
| vendor: | qualcomm | model: | sd 632 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | msm8996au | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 8cx | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qcs605 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 205 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 427 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 212 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sda660 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 835 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 710 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 425 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 675 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 429 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 820a | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | snapdragon high med 2016 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 730 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 850 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm630 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm660 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 845 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 820 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qm215 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 450 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm439 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | msm8909w | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 670 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 439 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 435 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 855 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sxr1130 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 430 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 210 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 712 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 636 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 625 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | msm8909w | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | msm8996au | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | qcs605 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | qm215 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 205 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 210 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 212 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 425 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 427 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 430 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | model: | pixel xl | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | pixel c | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | pixel | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | nexus player | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 9 | Trust: 0.3 | |
| vendor: | model: | nexus 6p | scope: | - | version: | - | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 6 | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 5x | Trust: 0.3 | |
| vendor: | model: | android | scope: | eq | version: | 0 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-400 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
resource management error
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | Jun 2019 Qualcomm Technologies, Inc. Security Bulletin | url: | https://www.qualcomm.com/company/product-security/bulletins | Trust: 0.8 |
| title: | Multiple Qualcomm Product resource management error vulnerability fixes | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92299 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2019-2259 | Trust: 2.9 |
| db: | BID | id: | 108300 | Trust: 1.0 |
| db: | JVNDB | id: | JVNDB-2019-005553 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201905-154 | Trust: 0.7 |
| db: | VULHUB | id: | VHN-153694 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2019-2259 | Trust: 0.1 |
REFERENCES
| url: | https://www.qualcomm.com/company/product-security/bulletins | Trust: 2.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-2259 | Trust: 1.4 |
| url: | http://code.google.com/android/ | Trust: 0.9 |
| url: | http://www.qualcomm.com/ | Trust: 0.9 |
| url: | https://source.android.com/security/bulletin/2019-05-01 | Trust: 0.9 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2259 | Trust: 0.8 |
| url: | https://www.securityfocus.com/bid/108300 | Trust: 0.7 |
| url: | https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-may-2019-29239 | Trust: 0.6 |
| url: | https://cwe.mitre.org/data/definitions/400.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
CREDITS
Wen Guanxing of Pangu LAB, Xiling Gong of Tencent Blade Team.,derrek
Trust: 0.6
SOURCES
| db: | VULHUB | id: | VHN-153694 |
| db: | VULMON | id: | CVE-2019-2259 |
| db: | BID | id: | 108300 |
| db: | JVNDB | id: | JVNDB-2019-005553 |
| db: | CNNVD | id: | CNNVD-201905-154 |
| db: | NVD | id: | CVE-2019-2259 |
LAST UPDATE DATE
2024-11-23T21:37:13.460000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-153694 | date: | 2019-06-18T00:00:00 |
| db: | VULMON | id: | CVE-2019-2259 | date: | 2019-06-18T00:00:00 |
| db: | BID | id: | 108300 | date: | 2019-05-06T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-005553 | date: | 2019-06-21T00:00:00 |
| db: | CNNVD | id: | CNNVD-201905-154 | date: | 2019-06-19T00:00:00 |
| db: | NVD | id: | CVE-2019-2259 | date: | 2024-11-21T04:40:33.727 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-153694 | date: | 2019-06-14T00:00:00 |
| db: | VULMON | id: | CVE-2019-2259 | date: | 2019-06-14T00:00:00 |
| db: | BID | id: | 108300 | date: | 2019-05-06T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-005553 | date: | 2019-06-21T00:00:00 |
| db: | CNNVD | id: | CNNVD-201905-154 | date: | 2019-05-07T00:00:00 |
| db: | NVD | id: | CVE-2019-2259 | date: | 2019-06-14T17:29:02.940 |