ID

VAR-201907-0619


CVE

CVE-2019-2322


TITLE

plural Snapdragon Product buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-007231

DESCRIPTION

Buffer overflow can occur when playing specific clip which is non-standard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016. plural Snapdragon The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-129766496, A-129766125, A-122473271, A-122474808, A-122472479, A-122473168, A-122473304, A-122473496, A-122473989, A-129766432, A-129766099 and A-129766299. Qualcomm MDM9206 and others are products of Qualcomm (Qualcomm). MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. SDX20 is a modem. Security flaws exist in several Qualcomm products

Trust: 1.98

sources: NVD: CVE-2019-2322 // JVNDB: JVNDB-2019-007231 // BID: 108986 // VULHUB: VHN-153757

AFFECTED PRODUCTS

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 615scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs405scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 632scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 616scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 712scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon high med 2016scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 427scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 855scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 600scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 730scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 675scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 435scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 415scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 665scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:qcs405scope: - version: -

Trust: 0.8

vendor:qualcommmodel:qcs605scope: - version: -

Trust: 0.8

vendor:qualcommmodel:215scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel cscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexus playerscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: BID: 108986 // JVNDB: JVNDB-2019-007231 // NVD: CVE-2019-2322

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-2322
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-2322
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201907-075
value: CRITICAL

Trust: 0.6

VULHUB: VHN-153757
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-2322
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-153757
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-2322
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-153757 // JVNDB: JVNDB-2019-007231 // CNNVD: CNNVD-201907-075 // NVD: CVE-2019-2322

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-153757 // JVNDB: JVNDB-2019-007231 // NVD: CVE-2019-2322

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-075

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201907-075

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007231

PATCH

title:July 2019 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins

Trust: 0.8

title:Multiple Qualcomm Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94309

Trust: 0.6

sources: JVNDB: JVNDB-2019-007231 // CNNVD: CNNVD-201907-075

EXTERNAL IDS

db:NVDid:CVE-2019-2322

Trust: 2.8

db:BIDid:108986

Trust: 0.9

db:JVNDBid:JVNDB-2019-007231

Trust: 0.8

db:CNNVDid:CNNVD-201907-075

Trust: 0.7

db:VULHUBid:VHN-153757

Trust: 0.1

sources: VULHUB: VHN-153757 // BID: 108986 // JVNDB: JVNDB-2019-007231 // CNNVD: CNNVD-201907-075 // NVD: CVE-2019-2322

REFERENCES

url:https://www.qualcomm.com/company/product-security/bulletins

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-2322

Trust: 1.4

url:http://code.google.com/android/

Trust: 0.9

url:http://www.qualcomm.com/

Trust: 0.9

url:https://source.android.com/security/bulletin/2019-07-01.html

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2322

Trust: 0.8

url:https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-july-2019-29673

Trust: 0.6

url:https://www.securityfocus.com/bid/108986

Trust: 0.6

sources: VULHUB: VHN-153757 // BID: 108986 // JVNDB: JVNDB-2019-007231 // CNNVD: CNNVD-201907-075 // NVD: CVE-2019-2322

CREDITS

The vendor reported these issues.

Trust: 0.9

sources: BID: 108986 // CNNVD: CNNVD-201907-075

SOURCES

db:VULHUBid:VHN-153757
db:BIDid:108986
db:JVNDBid:JVNDB-2019-007231
db:CNNVDid:CNNVD-201907-075
db:NVDid:CVE-2019-2322

LAST UPDATE DATE

2024-08-14T13:44:54.423000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-153757date:2019-08-05T00:00:00
db:BIDid:108986date:2019-07-01T00:00:00
db:JVNDBid:JVNDB-2019-007231date:2019-08-06T00:00:00
db:CNNVDid:CNNVD-201907-075date:2019-08-06T00:00:00
db:NVDid:CVE-2019-2322date:2019-08-05T17:08:02.210

SOURCES RELEASE DATE

db:VULHUBid:VHN-153757date:2019-07-25T00:00:00
db:BIDid:108986date:2019-07-01T00:00:00
db:JVNDBid:JVNDB-2019-007231date:2019-08-06T00:00:00
db:CNNVDid:CNNVD-201907-075date:2019-07-02T00:00:00
db:NVDid:CVE-2019-2322date:2019-07-25T17:15:13.723