Sign-up

ID

VAR-201907-0620


CVE

CVE-2019-2308


TITLE

plural Snapdragon Vulnerabilities related to authorization, authority, and access control in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-006996

DESCRIPTION

User application could potentially make RPC call to the fastrpc driver and the driver will allow the message to go through to the remote subsystem in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24. plural Snapdragon The product contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9607 and others are products of Qualcomm (Qualcomm). MDM9607 is a central processing unit (CPU) product. MDM9650 is a central processing unit (CPU) product. SDX20 is a modem. The DSP Service in several Qualcomm products has permissions and access control vulnerabilities. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products

Trust: 1.71

sources: NVD: CVE-2019-2308 // JVNDB: JVNDB-2019-006996 // VULHUB: VHN-153743

AFFECTED PRODUCTS

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 855scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 730scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 632scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs405scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx24scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 712scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 675scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 427scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 435scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 665scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:qcs405scope: - version: -

Trust: 0.8

vendor:qualcommmodel:qcs605scope: - version: -

Trust: 0.8

vendor:qualcommmodel:215scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 425scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 427scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-006996 // NVD: CVE-2019-2308

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-2308
value: HIGH

Trust: 1.0

NVD: CVE-2019-2308
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201907-074
value: HIGH

Trust: 0.6

VULHUB: VHN-153743
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-2308
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-153743
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-2308
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-153743 // JVNDB: JVNDB-2019-006996 // CNNVD: CNNVD-201907-074 // NVD: CVE-2019-2308

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-153743 // JVNDB: JVNDB-2019-006996 // NVD: CVE-2019-2308

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201907-074

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201907-074

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-006996

PATCH
title:July 2019 Code Aurora Security Bulletinurl:https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin
Trust: 0.8
title:Android Qualcomm DSP_Service Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94308
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-006996 // 
            
            
            
            CNNVD: CNNVD-201907-074

EXTERNAL IDS
db:NVDid:CVE-2019-2308
Trust: 2.5
db:JVNDBid:JVNDB-2019-006996
Trust: 0.8
db:CNNVDid:CNNVD-201907-074
Trust: 0.7
db:AUSCERTid:ESB-2021.1623
Trust: 0.6
db:AUSCERTid:ESB-2021.1766
Trust: 0.6
db:VULHUBid:VHN-153743
Trust: 0.1
sources:
            
            
            VULHUB: VHN-153743 // 
            
            
            
            JVNDB: JVNDB-2019-006996 // 
            
            
            
            CNNVD: CNNVD-201907-074 // 
            
            
            
            NVD: CVE-2019-2308

REFERENCES
url:https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-2308
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2308
Trust: 0.8
url:https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-july-2019-29673
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2021.1623
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2021.1766
Trust: 0.6
sources:
            
            
            VULHUB: VHN-153743 // 
            
            
            
            JVNDB: JVNDB-2019-006996 // 
            
            
            
            CNNVD: CNNVD-201907-074 // 
            
            
            
            NVD: CVE-2019-2308

SOURCES
db:VULHUBid:VHN-153743
db:JVNDBid:JVNDB-2019-006996
db:CNNVDid:CNNVD-201907-074
db:NVDid:CVE-2019-2308

LAST UPDATE DATE
2024-08-14T12:59:38.269000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-153743date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-006996date:2019-07-31T00:00:00
db:CNNVDid:CNNVD-201907-074date:2021-05-21T00:00:00
db:NVDid:CVE-2019-2308date:2020-08-24T17:37:01.140

SOURCES RELEASE DATE
db:VULHUBid:VHN-153743date:2019-07-25T00:00:00
db:JVNDBid:JVNDB-2019-006996date:2019-07-31T00:00:00
db:CNNVDid:CNNVD-201907-074date:2019-07-02T00:00:00
db:NVDid:CVE-2019-2308date:2019-07-25T17:15:13.410