ID
VAR-201907-0242
CVE
CVE-2019-2345
TITLE
plural Snapdragon Product race condition vulnerabilities
Trust: 0.8
DESCRIPTION
Race condition while accessing DMA buffer in jpeg driver in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM660, SDX20, SDX24. plural Snapdragon The product contains a race condition vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MSM8996AU and others are products of Qualcomm (Qualcomm). MSM8996AU is a central processing unit (CPU) product. SD 712 is a central processing unit (CPU) product. SDX24 is a modem. A race condition vulnerability exists in the Camera library in several Qualcomm products. The vulnerability stems from the improper handling of concurrent access when concurrent codes need to access shared resources mutually exclusive during the running of the network system or product
Trust: 1.71
AFFECTED PRODUCTS
| vendor: | qualcomm | model: | msm8996au | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdx24 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qcs605 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 427 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sda660 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 835 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 710 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 425 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 820a | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 850 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm660 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 845 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 820 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 450 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | msm8909w | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 670 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdx20 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 435 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 430 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 712 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 636 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 625 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | msm8909w | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | msm8996au | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | qcs605 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 425 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 427 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 430 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 435 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 450 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 625 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 636 | scope: | - | version: | - | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-362 | Trust: 1.9 |
THREAT TYPE
local
Trust: 0.6
TYPE
competition condition problem
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | July 2019 Code Aurora Security Bulletin | url: | https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin | Trust: 0.8 |
| title: | Multiple Qualcomm product Camera Repair measures for vulnerabilities in library competition conditions | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95483 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2019-2345 | Trust: 2.5 |
| db: | JVNDB | id: | JVNDB-2019-007034 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201907-1336 | Trust: 0.7 |
| db: | VULHUB | id: | VHN-153780 | Trust: 0.1 |
REFERENCES
| url: | https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin | Trust: 1.7 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-2345 | Trust: 1.4 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2345 | Trust: 0.8 |
| url: | https://vigilance.fr/vulnerability/google-android-os-multiple-vulnerabilities-30243 | Trust: 0.6 |
SOURCES
| db: | VULHUB | id: | VHN-153780 |
| db: | JVNDB | id: | JVNDB-2019-007034 |
| db: | CNNVD | id: | CNNVD-201907-1336 |
| db: | NVD | id: | CVE-2019-2345 |
LAST UPDATE DATE
2024-11-23T22:44:57.412000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-153780 | date: | 2019-07-30T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-007034 | date: | 2019-07-31T00:00:00 |
| db: | CNNVD | id: | CNNVD-201907-1336 | date: | 2019-09-05T00:00:00 |
| db: | NVD | id: | CVE-2019-2345 | date: | 2024-11-21T04:40:45.537 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-153780 | date: | 2019-07-25T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-007034 | date: | 2019-07-31T00:00:00 |
| db: | CNNVD | id: | CNNVD-201907-1336 | date: | 2019-07-25T00:00:00 |
| db: | NVD | id: | CVE-2019-2345 | date: | 2019-07-25T17:15:14.177 |