Details of VAR-201907-0624

ID

VAR-201907-0624

CVE

CVE-2019-2316

TITLE

plural Snapdragon Vulnerability in using freed memory in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-007378

DESCRIPTION

When computing the digest a local variable is used after going out of scope in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9640, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855, SDM660, SDX24. plural Snapdragon The product contains a vulnerability related to the use of released memory.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9640 and others are products of Qualcomm (Qualcomm). MDM9640 is a central processing unit (CPU) product. SD 712 is a central processing unit (CPU) product. SDX24 is a modem. A resource management error vulnerability exists in HLOS in several Qualcomm products. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

Trust: 1.71

sources: NVD: CVE-2019-2316 // JVNDB: JVNDB-2019-007378 // VULHUB: VHN-153751

AFFECTED PRODUCTS

vendor:	qualcomm	model:	sdx24	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs405	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 427	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 710	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 425	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 675	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 730	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 850	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 450	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9640	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 670	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 435	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 855	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 430	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 665	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 712	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 636	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 625	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9640	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qcs405	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qcs605	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 425	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 427	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 430	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 435	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 450	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 625	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 636	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-007378 // NVD: CVE-2019-2316

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-2316
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-2316
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201907-1334
value:	HIGH
Trust: 0.6
VULHUB:	VHN-153751
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-2316
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-153751
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-2316
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.0
impactScore:	6.0
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-153751 // JVNDB: JVNDB-2019-007378 // CNNVD: CNNVD-201907-1334 // NVD: CVE-2019-2316

PROBLEMTYPE DATA

problemtype:

CWE-416

Trust: 1.9

sources: VULHUB: VHN-153751 // JVNDB: JVNDB-2019-007378 // NVD: CVE-2019-2316

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201907-1334

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201907-1334

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007378

PATCH

title:	July 2019 Code Aurora Security Bulletin	url:	https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin	Trust: 0.8
title:	Multiple Qualcomm product HLOS Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95481	Trust: 0.6

sources: JVNDB: JVNDB-2019-007378 // CNNVD: CNNVD-201907-1334

EXTERNAL IDS

db:	NVD	id:	CVE-2019-2316	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-007378	Trust: 0.8
db:	CNNVD	id:	CNNVD-201907-1334	Trust: 0.7
db:	VULHUB	id:	VHN-153751	Trust: 0.1

sources: VULHUB: VHN-153751 // JVNDB: JVNDB-2019-007378 // CNNVD: CNNVD-201907-1334 // NVD: CVE-2019-2316

REFERENCES

url:	https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-2316	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2316	Trust: 0.8
url:	https://source.android.com/security/bulletin/2019-09-01	Trust: 0.6
url:	https://vigilance.fr/vulnerability/google-android-os-multiple-vulnerabilities-30243	Trust: 0.6

sources: VULHUB: VHN-153751 // JVNDB: JVNDB-2019-007378 // CNNVD: CNNVD-201907-1334 // NVD: CVE-2019-2316

SOURCES

db:	VULHUB	id:	VHN-153751
db:	JVNDB	id:	JVNDB-2019-007378
db:	CNNVD	id:	CNNVD-201907-1334
db:	NVD	id:	CVE-2019-2316

LAST UPDATE DATE

2024-11-23T22:58:38.297000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-153751	date:	2019-08-07T00:00:00
db:	JVNDB	id:	JVNDB-2019-007378	date:	2019-08-08T00:00:00
db:	CNNVD	id:	CNNVD-201907-1334	date:	2019-09-05T00:00:00
db:	NVD	id:	CVE-2019-2316	date:	2024-11-21T04:40:41.483

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-153751	date:	2019-07-25T00:00:00
db:	JVNDB	id:	JVNDB-2019-007378	date:	2019-08-08T00:00:00
db:	CNNVD	id:	CNNVD-201907-1334	date:	2019-07-25T00:00:00
db:	NVD	id:	CVE-2019-2316	date:	2019-07-25T17:15:13.660