Sign-up

ID

VAR-201907-0561


CVE

CVE-2019-2236


TITLE

plural Snapdragon In product NULL Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-006901

DESCRIPTION

Null pointer dereference during secure application termination using specific application ids. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCA8081, QCS605, Qualcomm 215, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130. plural Snapdragon The product includes NULL A vulnerability related to pointer dereference exists.Service operation interruption (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-129766496, A-129766125, A-122473271, A-122474808, A-122472479, A-122473168, A-122473304, A-122473496, A-122473989, A-129766432, A-129766099 and A-129766299. Qualcomm MDM9206 is a central processing unit (CPU) product of Qualcomm (Qualcomm). A code issue vulnerability exists in several Qualcomm products. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products

Trust: 1.98

sources: NVD: CVE-2019-2236 // JVNDB: JVNDB-2019-006901 // BID: 108986 // VULHUB: VHN-153671

AFFECTED PRODUCTS

vendor:qualcommmodel:sd 427scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 675scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 730scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq8074scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9655scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca8081scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 435scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr1130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 712scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 632scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 8cxscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 410scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 652scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon high med 2016scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 412scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq8074scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9655scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:qca8081scope: - version: -

Trust: 0.8

vendor:qualcommmodel:qcs605scope: - version: -

Trust: 0.8

vendor:qualcommmodel:215scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 410scope: - version: -

Trust: 0.8

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel cscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexus playerscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: BID: 108986 // JVNDB: JVNDB-2019-006901 // NVD: CVE-2019-2236

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-2236
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-2236
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201907-085
value: MEDIUM

Trust: 0.6

VULHUB: VHN-153671
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-2236
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-153671
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-2236
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-153671 // JVNDB: JVNDB-2019-006901 // CNNVD: CNNVD-201907-085 // NVD: CVE-2019-2236

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.9

sources: VULHUB: VHN-153671 // JVNDB: JVNDB-2019-006901 // NVD: CVE-2019-2236

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201907-085

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201907-085

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-006901

PATCH
title:July 2019 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins
Trust: 0.8
title:Multiple Qualcomm Product code issue vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94319
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-006901 // 
            
            
            
            CNNVD: CNNVD-201907-085

EXTERNAL IDS
db:NVDid:CVE-2019-2236
Trust: 2.8
db:BIDid:108986
Trust: 0.9
db:JVNDBid:JVNDB-2019-006901
Trust: 0.8
db:CNNVDid:CNNVD-201907-085
Trust: 0.7
db:VULHUBid:VHN-153671
Trust: 0.1
sources:
            
            
            VULHUB: VHN-153671 // 
            
            
            
            BID: 108986 // 
            
            
            
            JVNDB: JVNDB-2019-006901 // 
            
            
            
            CNNVD: CNNVD-201907-085 // 
            
            
            
            NVD: CVE-2019-2236

REFERENCES
url:https://www.qualcomm.com/company/product-security/bulletins
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-2236
Trust: 1.4
url:http://code.google.com/android/
Trust: 0.9
url:http://www.qualcomm.com/
Trust: 0.9
url:https://source.android.com/security/bulletin/2019-07-01.html
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2236
Trust: 0.8
url:https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-july-2019-29673
Trust: 0.6
url:https://www.securityfocus.com/bid/108986
Trust: 0.6
sources:
            
            
            VULHUB: VHN-153671 // 
            
            
            
            BID: 108986 // 
            
            
            
            JVNDB: JVNDB-2019-006901 // 
            
            
            
            CNNVD: CNNVD-201907-085 // 
            
            
            
            NVD: CVE-2019-2236

CREDITS
The vendor reported these issues.
Trust: 0.9
sources:
            
            
            BID: 108986 // 
            
            
            
            CNNVD: CNNVD-201907-085

SOURCES
db:VULHUBid:VHN-153671
db:BIDid:108986
db:JVNDBid:JVNDB-2019-006901
db:CNNVDid:CNNVD-201907-085
db:NVDid:CVE-2019-2236

LAST UPDATE DATE
2024-11-23T21:37:05.579000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-153671date:2019-07-26T00:00:00
db:BIDid:108986date:2019-07-01T00:00:00
db:JVNDBid:JVNDB-2019-006901date:2019-07-30T00:00:00
db:CNNVDid:CNNVD-201907-085date:2019-07-29T00:00:00
db:NVDid:CVE-2019-2236date:2024-11-21T04:40:30.023

SOURCES RELEASE DATE
db:VULHUBid:VHN-153671date:2019-07-25T00:00:00
db:BIDid:108986date:2019-07-01T00:00:00
db:JVNDBid:JVNDB-2019-006901date:2019-07-30T00:00:00
db:CNNVDid:CNNVD-201907-085date:2019-07-02T00:00:00
db:NVDid:CVE-2019-2236date:2019-07-25T17:15:12.037