ID

VAR-201907-0625


CVE

CVE-2019-2334


TITLE

plural Snapdragon In product NULL Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-007044

DESCRIPTION

Null pointer dereferencing can happen when playing the clip with wrong block group id in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016. plural Snapdragon The product includes NULL A vulnerability related to pointer dereference exists.Service operation interruption (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-129766496, A-129766125, A-122473271, A-122474808, A-122472479, A-122473168, A-122473304, A-122473496, A-122473989, A-129766432, A-129766099 and A-129766299. Qualcomm MDM9206 and others are products of Qualcomm (Qualcomm). MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. SDX20 is a modem. A code issue vulnerability exists in several Qualcomm products. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products

Trust: 1.98

sources: NVD: CVE-2019-2334 // JVNDB: JVNDB-2019-007044 // BID: 108986 // VULHUB: VHN-153769

AFFECTED PRODUCTS

vendor:qualcommmodel:qcs405scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 427scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 675scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 730scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 615scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 616scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 435scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 665scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 712scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 632scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 415scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon high med 2016scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 600scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 855scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:qcs405scope: - version: -

Trust: 0.8

vendor:qualcommmodel:qcs605scope: - version: -

Trust: 0.8

vendor:qualcommmodel:215scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel cscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexus playerscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: BID: 108986 // JVNDB: JVNDB-2019-007044 // NVD: CVE-2019-2334

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-2334
value: HIGH

Trust: 1.0

NVD: CVE-2019-2334
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201907-067
value: HIGH

Trust: 0.6

VULHUB: VHN-153769
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-2334
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-153769
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-2334
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-153769 // JVNDB: JVNDB-2019-007044 // CNNVD: CNNVD-201907-067 // NVD: CVE-2019-2334

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.9

sources: VULHUB: VHN-153769 // JVNDB: JVNDB-2019-007044 // NVD: CVE-2019-2334

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-067

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201907-067

CONFIGURATIONS

[
  {
    "CVE_data_version": "4.0",
    "nodes": [
      {
        "operator": "OR",
        "cpe_match": [
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:mdm9150_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:mdm9206_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:mdm9607_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:mdm9650_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:msm8909w_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:msm8996au_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:qcs405_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:qcs605_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:qualcomm_215_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:sd_210_firmware"
          }
        ]
      }
    ]
  }
]

sources: JVNDB: JVNDB-2019-007044

PATCH

title:July 2019 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins

Trust: 0.8

title:Multiple Qualcomm Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94301

Trust: 0.6

sources: JVNDB: JVNDB-2019-007044 // CNNVD: CNNVD-201907-067

EXTERNAL IDS

db:NVDid:CVE-2019-2334

Trust: 2.8

db:BIDid:108986

Trust: 0.9

db:JVNDBid:JVNDB-2019-007044

Trust: 0.8

db:CNNVDid:CNNVD-201907-067

Trust: 0.7

db:VULHUBid:VHN-153769

Trust: 0.1

sources: VULHUB: VHN-153769 // BID: 108986 // JVNDB: JVNDB-2019-007044 // CNNVD: CNNVD-201907-067 // NVD: CVE-2019-2334

REFERENCES

url:https://www.qualcomm.com/company/product-security/bulletins

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-2334

Trust: 1.4

url:http://code.google.com/android/

Trust: 0.9

url:http://www.qualcomm.com/

Trust: 0.9

url:https://source.android.com/security/bulletin/2019-07-01.html

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2334

Trust: 0.8

url:https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-july-2019-29673

Trust: 0.6

url:https://www.securityfocus.com/bid/108986

Trust: 0.6

sources: VULHUB: VHN-153769 // BID: 108986 // JVNDB: JVNDB-2019-007044 // CNNVD: CNNVD-201907-067 // NVD: CVE-2019-2334

CREDITS

The vendor reported these issues.

Trust: 0.9

sources: BID: 108986 // CNNVD: CNNVD-201907-067

SOURCES

db:VULHUBid:VHN-153769
db:BIDid:108986
db:JVNDBid:JVNDB-2019-007044
db:CNNVDid:CNNVD-201907-067
db:NVDid:CVE-2019-2334

LAST UPDATE DATE

2024-11-23T21:37:05.677000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-153769date:2019-07-30T00:00:00
db:BIDid:108986date:2019-07-01T00:00:00
db:JVNDBid:JVNDB-2019-007044date:2019-07-31T00:00:00
db:CNNVDid:CNNVD-201907-067date:2019-07-31T00:00:00
db:NVDid:CVE-2019-2334date:2024-11-21T04:40:44.247

SOURCES RELEASE DATE

db:VULHUBid:VHN-153769date:2019-07-25T00:00:00
db:BIDid:108986date:2019-07-01T00:00:00
db:JVNDBid:JVNDB-2019-007044date:2019-07-31T00:00:00
db:CNNVDid:CNNVD-201907-067date:2019-07-02T00:00:00
db:NVDid:CVE-2019-2334date:2019-07-25T17:15:14.050