Sign-up

ID

VAR-201907-0627


CVE

CVE-2019-2306


TITLE

plural Snapdragon Product buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-006998

DESCRIPTION

Improper casting of structure while handling the buffer leads to out of bound read in display in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20. plural Snapdragon The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and others are products of Qualcomm (Qualcomm). MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. SDX20 is a modem. A buffer error vulnerability exists in Display in several Qualcomm products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Trust: 1.71

sources: NVD: CVE-2019-2306 // JVNDB: JVNDB-2019-006998 // VULHUB: VHN-153741

AFFECTED PRODUCTS

vendor:qualcommmodel:qcs405scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 427scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 675scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 730scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 615scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 616scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 435scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 665scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 712scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 632scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 415scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 855scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:qcs405scope: - version: -

Trust: 0.8

vendor:qualcommmodel:qcs605scope: - version: -

Trust: 0.8

vendor:qualcommmodel:215scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-006998 // NVD: CVE-2019-2306

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-2306
value: HIGH

Trust: 1.0

NVD: CVE-2019-2306
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201907-1330
value: HIGH

Trust: 0.6

VULHUB: VHN-153741
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-2306
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-153741
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-2306
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-153741 // JVNDB: JVNDB-2019-006998 // CNNVD: CNNVD-201907-1330 // NVD: CVE-2019-2306

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.1

problemtype:CWE-704

Trust: 1.1

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-153741 // JVNDB: JVNDB-2019-006998 // NVD: CVE-2019-2306

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201907-1330

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201907-1330

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-006998

PATCH
title:July 2019 Code Aurora Security Bulletinurl:https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin
Trust: 0.8
title:Multiple Qualcomm product Display Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95477
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-006998 // 
            
            
            
            CNNVD: CNNVD-201907-1330

EXTERNAL IDS
db:NVDid:CVE-2019-2306
Trust: 2.5
db:JVNDBid:JVNDB-2019-006998
Trust: 0.8
db:CNNVDid:CNNVD-201907-1330
Trust: 0.7
db:VULHUBid:VHN-153741
Trust: 0.1
sources:
            
            
            VULHUB: VHN-153741 // 
            
            
            
            JVNDB: JVNDB-2019-006998 // 
            
            
            
            CNNVD: CNNVD-201907-1330 // 
            
            
            
            NVD: CVE-2019-2306

REFERENCES
url:https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-2306
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2306
Trust: 0.8
url:https://vigilance.fr/vulnerability/google-android-os-multiple-vulnerabilities-30243
Trust: 0.6
sources:
            
            
            VULHUB: VHN-153741 // 
            
            
            
            JVNDB: JVNDB-2019-006998 // 
            
            
            
            CNNVD: CNNVD-201907-1330 // 
            
            
            
            NVD: CVE-2019-2306

SOURCES
db:VULHUBid:VHN-153741
db:JVNDBid:JVNDB-2019-006998
db:CNNVDid:CNNVD-201907-1330
db:NVDid:CVE-2019-2306

LAST UPDATE DATE
2024-11-23T22:16:57.483000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-153741date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-006998date:2019-07-31T00:00:00
db:CNNVDid:CNNVD-201907-1330date:2020-10-28T00:00:00
db:NVDid:CVE-2019-2306date:2024-11-21T04:40:40.100

SOURCES RELEASE DATE
db:VULHUBid:VHN-153741date:2019-07-25T00:00:00
db:JVNDBid:JVNDB-2019-006998date:2019-07-31T00:00:00
db:CNNVDid:CNNVD-201907-1330date:2019-07-25T00:00:00
db:NVDid:CVE-2019-2306date:2019-07-25T17:15:13.287