Details of VAR-201907-0630

ID

VAR-201907-0630

CVE

CVE-2019-2330

TITLE

plural Snapdragon Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-007227

DESCRIPTION

improper input validation in allocation request for secure allocations can lead to page fault. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24. plural Snapdragon The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Qualcomm MDM9640, etc. are all products of Qualcomm. MDM9640 is a central processing unit (CPU) product. MDM9650 is a central processing unit (CPU) product. SDX20 is a modem. The Kernel in many Qualcomm products has an input validation error vulnerability. The vulnerability stems from the fact that the network system or product did not correctly verify the input data. No detailed vulnerability details are currently available

Trust: 2.25

sources: NVD: CVE-2019-2330 // JVNDB: JVNDB-2019-007227 // CNVD: CNVD-2020-24779 // VULHUB: VHN-153765

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-24779

AFFECTED PRODUCTS

vendor:	qualcomm	model:	msm8909w	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	msm8996au	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	mdm9650	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	mdm9640	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	ipq8074	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	qcs605	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	ipq8064	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	mdm9150	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	qcs405	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	ipq4019	scope:	-	version:	-	Trust: 1.4
vendor:	qualcomm	model:	sdx24	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs405	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 427	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sda660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 710	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 425	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 675	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 429	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	215	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 820a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 730	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq4019	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 450	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8074	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9640	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 439	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 435	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 665	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 712	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 625	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 632	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8996au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 835	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8064	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 850	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm630	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm439	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8909w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 670	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx20	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 855	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 430	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 636	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd	scope:	eq	version:	450	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	625	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	430	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	632	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	439	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	675	Trust: 0.6
vendor:	qualcomm	model:	qualcomm	scope:	eq	version:	215	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	425	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	427	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	435	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	712	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	710	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	665	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	636	Trust: 0.6

sources: CNVD: CNVD-2020-24779 // JVNDB: JVNDB-2019-007227 // NVD: CVE-2019-2330

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-2330
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-2330
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-24779
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201907-068
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-153765
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-2330
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-24779
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-153765
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-2330
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2020-24779 // VULHUB: VHN-153765 // JVNDB: JVNDB-2019-007227 // CNNVD: CNNVD-201907-068 // NVD: CVE-2019-2330

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-153765 // JVNDB: JVNDB-2019-007227 // NVD: CVE-2019-2330

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201907-068

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201907-068

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007227

PATCH

title:	July 2019 Code Aurora Security Bulletin	url:	https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin	Trust: 0.8
title:	Patch for Multiple Qualcomm product input verification error vulnerabilities (CNVD-2020-24779)	url:	https://www.cnvd.org.cn/patchInfo/show/215477	Trust: 0.6
title:	Android Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94302	Trust: 0.6

sources: CNVD: CNVD-2020-24779 // JVNDB: JVNDB-2019-007227 // CNNVD: CNNVD-201907-068

EXTERNAL IDS

db:	NVD	id:	CVE-2019-2330	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-007227	Trust: 0.8
db:	CNNVD	id:	CNNVD-201907-068	Trust: 0.7
db:	CNVD	id:	CNVD-2020-24779	Trust: 0.6
db:	VULHUB	id:	VHN-153765	Trust: 0.1

sources: CNVD: CNVD-2020-24779 // VULHUB: VHN-153765 // JVNDB: JVNDB-2019-007227 // CNNVD: CNNVD-201907-068 // NVD: CVE-2019-2330

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2019-2330	Trust: 2.0
url:	https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2330	Trust: 0.8
url:	https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-july-2019-29673	Trust: 0.6

sources: CNVD: CNVD-2020-24779 // VULHUB: VHN-153765 // JVNDB: JVNDB-2019-007227 // CNNVD: CNNVD-201907-068 // NVD: CVE-2019-2330

SOURCES

db:	CNVD	id:	CNVD-2020-24779
db:	VULHUB	id:	VHN-153765
db:	JVNDB	id:	JVNDB-2019-007227
db:	CNNVD	id:	CNNVD-201907-068
db:	NVD	id:	CVE-2019-2330

LAST UPDATE DATE

2024-11-23T22:11:57.792000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-24779	date:	2020-04-26T00:00:00
db:	VULHUB	id:	VHN-153765	date:	2019-08-05T00:00:00
db:	JVNDB	id:	JVNDB-2019-007227	date:	2019-08-06T00:00:00
db:	CNNVD	id:	CNNVD-201907-068	date:	2019-08-06T00:00:00
db:	NVD	id:	CVE-2019-2330	date:	2024-11-21T04:40:43.623

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-24779	date:	2020-04-26T00:00:00
db:	VULHUB	id:	VHN-153765	date:	2019-07-25T00:00:00
db:	JVNDB	id:	JVNDB-2019-007227	date:	2019-08-06T00:00:00
db:	CNNVD	id:	CNNVD-201907-068	date:	2019-07-02T00:00:00
db:	NVD	id:	CVE-2019-2330	date:	2019-07-25T17:15:13.987