Sign-up

ID

VAR-201907-0557


CVE

CVE-2019-2240


TITLE

plural Snapdragon Product error handling vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-006895

DESCRIPTION

While sending the rendered surface content to the screen, Error handling is not properly checked results in an unpredictable behaviour in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9531, QCA9880, QCA9886, QCA9980, QCN5502, QCS404, QCS605, SD 210/SD 212/SD 205, SD 425, SD 600, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX20, SDX24, SXR1130. plural Snapdragon The product contains an error handling vulnerability.Information may be tampered with. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-129766496, A-129766125, A-122473271, A-122474808, A-122472479, A-122473168, A-122473304, A-122473496, A-122473989, A-129766432, A-129766099 and A-129766299

Trust: 1.98

sources: NVD: CVE-2019-2240 // JVNDB: JVNDB-2019-006895 // BID: 108986 // VULHUB: VHN-153675

AFFECTED PRODUCTS

vendor:qualcommmodel:qca9379scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6584auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx24scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 675scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9377scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 730scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq4019scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq8074scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca8081scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr1130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6564scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs404scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn5502scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 712scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9531scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9980scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 8cxscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9880scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq8064scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9886scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6174ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 600scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6584scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 855scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq4019scope: - version: -

Trust: 0.8

vendor:qualcommmodel:ipq8064scope: - version: -

Trust: 0.8

vendor:qualcommmodel:ipq8074scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9150scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9640scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:qca6174ascope: - version: -

Trust: 0.8

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel cscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexus playerscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: BID: 108986 // JVNDB: JVNDB-2019-006895 // NVD: CVE-2019-2240

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-2240
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-2240
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201907-081
value: MEDIUM

Trust: 0.6

VULHUB: VHN-153675
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-2240
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-153675
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-2240
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-153675 // JVNDB: JVNDB-2019-006895 // CNNVD: CNNVD-201907-081 // NVD: CVE-2019-2240

PROBLEMTYPE DATA

problemtype:CWE-755

Trust: 1.0

problemtype:CWE-388

Trust: 0.9

sources: VULHUB: VHN-153675 // JVNDB: JVNDB-2019-006895 // NVD: CVE-2019-2240

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201907-081

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201907-081

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-006895

PATCH
title:July 2019 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins
Trust: 0.8
title:Multiple Qualcomm Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94315
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-006895 // 
            
            
            
            CNNVD: CNNVD-201907-081

EXTERNAL IDS
db:NVDid:CVE-2019-2240
Trust: 2.8
db:BIDid:108986
Trust: 0.9
db:JVNDBid:JVNDB-2019-006895
Trust: 0.8
db:CNNVDid:CNNVD-201907-081
Trust: 0.6
db:VULHUBid:VHN-153675
Trust: 0.1
sources:
            
            
            VULHUB: VHN-153675 // 
            
            
            
            BID: 108986 // 
            
            
            
            JVNDB: JVNDB-2019-006895 // 
            
            
            
            CNNVD: CNNVD-201907-081 // 
            
            
            
            NVD: CVE-2019-2240

REFERENCES
url:https://www.qualcomm.com/company/product-security/bulletins
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-2240
Trust: 1.4
url:http://code.google.com/android/
Trust: 0.9
url:http://www.qualcomm.com/
Trust: 0.9
url:https://source.android.com/security/bulletin/2019-07-01.html
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2240
Trust: 0.8
url:https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-july-2019-29673
Trust: 0.6
url:https://www.securityfocus.com/bid/108986
Trust: 0.6
sources:
            
            
            VULHUB: VHN-153675 // 
            
            
            
            BID: 108986 // 
            
            
            
            JVNDB: JVNDB-2019-006895 // 
            
            
            
            CNNVD: CNNVD-201907-081 // 
            
            
            
            NVD: CVE-2019-2240

CREDITS
The vendor reported these issues.
Trust: 0.9
sources:
            
            
            BID: 108986 // 
            
            
            
            CNNVD: CNNVD-201907-081

SOURCES
db:VULHUBid:VHN-153675
db:BIDid:108986
db:JVNDBid:JVNDB-2019-006895
db:CNNVDid:CNNVD-201907-081
db:NVDid:CVE-2019-2240

LAST UPDATE DATE
2024-11-23T21:37:05.484000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-153675date:2019-07-26T00:00:00
db:BIDid:108986date:2019-07-01T00:00:00
db:JVNDBid:JVNDB-2019-006895date:2019-07-30T00:00:00
db:CNNVDid:CNNVD-201907-081date:2019-07-29T00:00:00
db:NVDid:CVE-2019-2240date:2024-11-21T04:40:30.647

SOURCES RELEASE DATE
db:VULHUBid:VHN-153675date:2019-07-25T00:00:00
db:BIDid:108986date:2019-07-01T00:00:00
db:JVNDBid:JVNDB-2019-006895date:2019-07-30T00:00:00
db:CNNVDid:CNNVD-201907-081date:2019-07-02T00:00:00
db:NVDid:CVE-2019-2240date:2019-07-25T17:15:12.270