Sign-up

ID

VAR-201907-0563


CVE

CVE-2019-2238


TITLE

plural Snapdragon Product out-of-bounds vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-006903

DESCRIPTION

Lack of check of data type can lead to subsequent loop-expression potentially go negative and the condition will still evaluate to true leading to buffer underflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 8CX, SXR1130. plural Snapdragon The product contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-129766496, A-129766125, A-122473271, A-122474808, A-122472479, A-122473168, A-122473304, A-122473496, A-122473989, A-129766432, A-129766099 and A-129766299. Qualcomm MDM9206 is a central processing unit (CPU) product of Qualcomm (Qualcomm). A buffer error vulnerability exists in Content Protection in several Qualcomm products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: Qualcomm MDM9206; MDM9607; MDM9650; MDM9655; QCS605; SD 210; SD 212; SD 205; SD 410/12; SD 675; SD 712; SXR1130

Trust: 2.07

sources: NVD: CVE-2019-2238 // JVNDB: JVNDB-2019-006903 // BID: 108986 // VULHUB: VHN-153673 // VULMON: CVE-2019-2238

AFFECTED PRODUCTS

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9655scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 8cxscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr1130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 412scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 730scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 675scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 712scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 410scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9655scope: - version: -

Trust: 0.8

vendor:qualcommmodel:qcs605scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 205scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 212scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 410scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 412scope: - version: -

Trust: 0.8

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel cscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexus playerscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: BID: 108986 // JVNDB: JVNDB-2019-006903 // NVD: CVE-2019-2238

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-2238
value: HIGH

Trust: 1.0

NVD: CVE-2019-2238
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201907-083
value: HIGH

Trust: 0.6

VULHUB: VHN-153673
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-2238
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-2238
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-153673
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-2238
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-153673 // VULMON: CVE-2019-2238 // JVNDB: JVNDB-2019-006903 // CNNVD: CNNVD-201907-083 // NVD: CVE-2019-2238

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-125

Trust: 0.9

sources: VULHUB: VHN-153673 // JVNDB: JVNDB-2019-006903 // NVD: CVE-2019-2238

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201907-083

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201907-083

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-006903

PATCH
title:July 2019 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins
Trust: 0.8
title:Multiple Qualcomm Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94317
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-006903 // 
            
            
            
            CNNVD: CNNVD-201907-083

EXTERNAL IDS
db:NVDid:CVE-2019-2238
Trust: 2.9
db:BIDid:108986
Trust: 1.0
db:JVNDBid:JVNDB-2019-006903
Trust: 0.8
db:CNNVDid:CNNVD-201907-083
Trust: 0.7
db:VULHUBid:VHN-153673
Trust: 0.1
db:VULMONid:CVE-2019-2238
Trust: 0.1
sources:
            
            
            VULHUB: VHN-153673 // 
            
            
            
            VULMON: CVE-2019-2238 // 
            
            
            
            BID: 108986 // 
            
            
            
            JVNDB: JVNDB-2019-006903 // 
            
            
            
            CNNVD: CNNVD-201907-083 // 
            
            
            
            NVD: CVE-2019-2238

REFERENCES
url:https://www.qualcomm.com/company/product-security/bulletins
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-2238
Trust: 1.4
url:http://code.google.com/android/
Trust: 0.9
url:http://www.qualcomm.com/
Trust: 0.9
url:https://source.android.com/security/bulletin/2019-07-01.html
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2238
Trust: 0.8
url:https://www.securityfocus.com/bid/108986
Trust: 0.7
url:https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-july-2019-29673
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/787.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-153673 // 
            
            
            
            VULMON: CVE-2019-2238 // 
            
            
            
            BID: 108986 // 
            
            
            
            JVNDB: JVNDB-2019-006903 // 
            
            
            
            CNNVD: CNNVD-201907-083 // 
            
            
            
            NVD: CVE-2019-2238

CREDITS
The vendor reported these issues.
Trust: 0.9
sources:
            
            
            BID: 108986 // 
            
            
            
            CNNVD: CNNVD-201907-083

SOURCES
db:VULHUBid:VHN-153673
db:VULMONid:CVE-2019-2238
db:BIDid:108986
db:JVNDBid:JVNDB-2019-006903
db:CNNVDid:CNNVD-201907-083
db:NVDid:CVE-2019-2238

LAST UPDATE DATE
2024-11-23T21:37:05.515000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-153673date:2020-08-24T00:00:00
db:VULMONid:CVE-2019-2238date:2020-08-24T00:00:00
db:BIDid:108986date:2019-07-01T00:00:00
db:JVNDBid:JVNDB-2019-006903date:2019-07-30T00:00:00
db:CNNVDid:CNNVD-201907-083date:2020-08-25T00:00:00
db:NVDid:CVE-2019-2238date:2024-11-21T04:40:30.343

SOURCES RELEASE DATE
db:VULHUBid:VHN-153673date:2019-07-25T00:00:00
db:VULMONid:CVE-2019-2238date:2019-07-25T00:00:00
db:BIDid:108986date:2019-07-01T00:00:00
db:JVNDBid:JVNDB-2019-006903date:2019-07-30T00:00:00
db:CNNVDid:CNNVD-201907-083date:2019-07-02T00:00:00
db:NVDid:CVE-2019-2238date:2019-07-25T17:15:12.143