Details of VAR-201907-0558

ID

VAR-201907-0558

CVE

CVE-2019-2241

TITLE

plural Snapdragon Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-006896

DESCRIPTION

While rendering the layout background, Error status check is not caught properly and also incorrect status handling is being done leading to unintended SUI behaviour in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCS404, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX24, SXR1130. plural Snapdragon The product contains an input validation vulnerability.Information may be tampered with. Qualcomm MDM9206, etc. are all products of Qualcomm. MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. SDX24 is a modem. There are security vulnerabilities in Content Protection in many Qualcomm products. Attackers can use this vulnerability to perform unauthorized operations. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-129766496, A-129766125, A-122473271, A-122474808, A-122472479, A-122473168, A-122473304, A-122473496, A-122473989, A-129766432, A-129766099 and A-129766299. The following products and versions are affected: Qualcomm MDM9150; MDM9206; MDM9607; MDM9650; MDM9655; MSM8996AU; SD 670; SD 730; SD 820; SD 820A; SD 835; SD 845; SD 850; SD 855; SD 8CX;

Trust: 2.52

sources: NVD: CVE-2019-2241 // JVNDB: JVNDB-2019-006896 // CNVD: CNVD-2020-20157 // BID: 108986 // VULHUB: VHN-153676

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-20157

AFFECTED PRODUCTS

vendor:	qualcomm	model:	msm8996au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 8cx	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 410	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx24	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 205	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 212	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sda660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 835	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 710	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 675	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 820a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9607	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 730	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 850	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9206	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm630	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 820	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9655	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 670	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 855	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 412	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sxr1130	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs404	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 210	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 712	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 636	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9150	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9206	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9607	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9650	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9655	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	msm8996au	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qcs404	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qcs605	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 210	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 212	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qcs605 no	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sd no	scope:	eq	version:	425	Trust: 0.6
vendor:	qualcomm	model:	sd no	scope:	eq	version:	427	Trust: 0.6
vendor:	qualcomm	model:	sd no	scope:	eq	version:	430	Trust: 0.6
vendor:	qualcomm	model:	sd no	scope:	eq	version:	435	Trust: 0.6
vendor:	qualcomm	model:	sd no	scope:	eq	version:	450	Trust: 0.6
vendor:	qualcomm	model:	sd no	scope:	eq	version:	625	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	636	Trust: 0.6
vendor:	qualcomm	model:	sd no	scope:	eq	version:	712	Trust: 0.6
vendor:	qualcomm	model:	sd no	scope:	eq	version:	710	Trust: 0.6
vendor:	qualcomm	model:	sd no	scope:	eq	version:	670	Trust: 0.6
vendor:	qualcomm	model:	sd no	scope:	eq	version:	845	Trust: 0.6
vendor:	qualcomm	model:	sd no	scope:	eq	version:	850	Trust: 0.6
vendor:	qualcomm	model:	sd no	scope:	eq	version:	855	Trust: 0.6
vendor:	qualcomm	model:	sdm630 no	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sdm660 no	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	msm8909w no	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	qcs405 no	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sd no	scope:	eq	version:	675	Trust: 0.6
vendor:	qualcomm	model:	sd no	scope:	eq	version:	730	Trust: 0.6
vendor:	qualcomm	model:	sdx24 no	scope:	-	version:	-	Trust: 0.6
vendor:	google	model:	pixel xl	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	pixel c	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	pixel	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	nexus player	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	9	Trust: 0.3
vendor:	google	model:	nexus 6p	scope:	-	version:	-	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	6	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	5x	Trust: 0.3
vendor:	google	model:	android	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2020-20157 // BID: 108986 // JVNDB: JVNDB-2019-006896 // NVD: CVE-2019-2241

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-2241
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-2241
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-20157
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201907-080
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-153676
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-2241
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-20157
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-153676
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-2241
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2020-20157 // VULHUB: VHN-153676 // JVNDB: JVNDB-2019-006896 // CNNVD: CNNVD-201907-080 // NVD: CVE-2019-2241

PROBLEMTYPE DATA

problemtype:	CWE-755	Trust: 1.0
problemtype:	CWE-20	Trust: 0.9

sources: VULHUB: VHN-153676 // JVNDB: JVNDB-2019-006896 // NVD: CVE-2019-2241

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201907-080

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201907-080

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006896

PATCH

title:	July 2019 Qualcomm Technologies, Inc. Security Bulletin	url:	https://www.qualcomm.com/company/product-security/bulletins	Trust: 0.8
title:	Patch for Multiple Qualcomm product input verification error vulnerabilities (CNVD-2020-20157)	url:	https://www.cnvd.org.cn/patchInfo/show/211557	Trust: 0.6
title:	Multiple Qualcomm Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94314	Trust: 0.6

sources: CNVD: CNVD-2020-20157 // JVNDB: JVNDB-2019-006896 // CNNVD: CNNVD-201907-080

EXTERNAL IDS

db:	NVD	id:	CVE-2019-2241	Trust: 3.4
db:	BID	id:	108986	Trust: 1.5
db:	JVNDB	id:	JVNDB-2019-006896	Trust: 0.8
db:	CNVD	id:	CNVD-2020-20157	Trust: 0.7
db:	CNNVD	id:	CNNVD-201907-080	Trust: 0.7
db:	VULHUB	id:	VHN-153676	Trust: 0.1

sources: CNVD: CNVD-2020-20157 // VULHUB: VHN-153676 // BID: 108986 // JVNDB: JVNDB-2019-006896 // CNNVD: CNNVD-201907-080 // NVD: CVE-2019-2241

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-2241	Trust: 1.4
url:	http://www.securityfocus.com/bid/108986	Trust: 1.2
url:	http://code.google.com/android/	Trust: 0.9
url:	http://www.qualcomm.com/	Trust: 0.9
url:	https://source.android.com/security/bulletin/2019-07-01.html	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2241	Trust: 0.8
url:	https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-july-2019-29673	Trust: 0.6

sources: CNVD: CNVD-2020-20157 // VULHUB: VHN-153676 // BID: 108986 // JVNDB: JVNDB-2019-006896 // CNNVD: CNNVD-201907-080 // NVD: CVE-2019-2241

CREDITS

The vendor reported these issues.

Trust: 0.9

sources: BID: 108986 // CNNVD: CNNVD-201907-080

SOURCES

db:	CNVD	id:	CNVD-2020-20157
db:	VULHUB	id:	VHN-153676
db:	BID	id:	108986
db:	JVNDB	id:	JVNDB-2019-006896
db:	CNNVD	id:	CNNVD-201907-080
db:	NVD	id:	CVE-2019-2241

LAST UPDATE DATE

2024-11-23T21:37:05.779000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-20157	date:	2020-03-30T00:00:00
db:	VULHUB	id:	VHN-153676	date:	2019-07-26T00:00:00
db:	BID	id:	108986	date:	2019-07-01T00:00:00
db:	JVNDB	id:	JVNDB-2019-006896	date:	2019-07-30T00:00:00
db:	CNNVD	id:	CNNVD-201907-080	date:	2019-07-29T00:00:00
db:	NVD	id:	CVE-2019-2241	date:	2024-11-21T04:40:30.830

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-20157	date:	2020-03-30T00:00:00
db:	VULHUB	id:	VHN-153676	date:	2019-07-25T00:00:00
db:	BID	id:	108986	date:	2019-07-01T00:00:00
db:	JVNDB	id:	JVNDB-2019-006896	date:	2019-07-30T00:00:00
db:	CNNVD	id:	CNNVD-201907-080	date:	2019-07-02T00:00:00
db:	NVD	id:	CVE-2019-2241	date:	2019-07-25T17:15:12.347