Details of VAR-201907-0870

ID

VAR-201907-0870

CVE

CVE-2019-2273

TITLE

plural Snapdragon Product out-of-bounds vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-006961

DESCRIPTION

IOMMU page fault while playing h265 video file leads to denial of service issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 845 / SD 850, SD 855, SD 8CX, SDM439, Snapdragon_High_Med_2016, SXR1130. plural Snapdragon The product contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Qualcomm SD 210 and others are a central processing unit (CPU) product of Qualcomm (Qualcomm). A buffer error vulnerability exists in the Video Driver in several Qualcomm products. A remote attacker could exploit this vulnerability to cause a denial of service

Trust: 1.71

sources: NVD: CVE-2019-2273 // JVNDB: JVNDB-2019-006961 // VULHUB: VHN-153708

AFFECTED PRODUCTS

vendor:	qualcomm	model:	sd 8cx	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 427	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 205	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 212	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 652	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 425	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 675	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 429	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	215	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 710	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon high med 2016	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 730	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 850	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 820	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 450	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm439	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8909w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 670	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 439	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 435	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 855	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sxr1130	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 430	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 210	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 665	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 712	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 625	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8909w	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qcs605	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	215	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 205	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 210	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 212	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 425	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 427	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 430	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 435	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-006961 // NVD: CVE-2019-2273

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-2273
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-2273
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201907-1323
value:	HIGH
Trust: 0.6
VULHUB:	VHN-153708
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-2273
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-153708
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-2273
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-153708 // JVNDB: JVNDB-2019-006961 // CNNVD: CNNVD-201907-1323 // NVD: CVE-2019-2273

PROBLEMTYPE DATA

problemtype:

CWE-125

Trust: 1.9

sources: VULHUB: VHN-153708 // JVNDB: JVNDB-2019-006961 // NVD: CVE-2019-2273

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-1323

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201907-1323

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006961

PATCH

title:	July 2019 Qualcomm Technologies, Inc. Security Bulletin	url:	https://www.qualcomm.com/company/product-security/bulletins	Trust: 0.8
title:	Multiple Qualcomm product Video Driver Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95470	Trust: 0.6

sources: JVNDB: JVNDB-2019-006961 // CNNVD: CNNVD-201907-1323

EXTERNAL IDS

db:	NVD	id:	CVE-2019-2273	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-006961	Trust: 0.8
db:	CNNVD	id:	CNNVD-201907-1323	Trust: 0.7
db:	VULHUB	id:	VHN-153708	Trust: 0.1

sources: VULHUB: VHN-153708 // JVNDB: JVNDB-2019-006961 // CNNVD: CNNVD-201907-1323 // NVD: CVE-2019-2273

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-2273	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2273	Trust: 0.8

sources: VULHUB: VHN-153708 // JVNDB: JVNDB-2019-006961 // CNNVD: CNNVD-201907-1323 // NVD: CVE-2019-2273

SOURCES

db:	VULHUB	id:	VHN-153708
db:	JVNDB	id:	JVNDB-2019-006961
db:	CNNVD	id:	CNNVD-201907-1323
db:	NVD	id:	CVE-2019-2273

LAST UPDATE DATE

2024-11-23T22:21:34.427000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-153708	date:	2019-07-29T00:00:00
db:	JVNDB	id:	JVNDB-2019-006961	date:	2019-07-30T00:00:00
db:	CNNVD	id:	CNNVD-201907-1323	date:	2019-07-30T00:00:00
db:	NVD	id:	CVE-2019-2273	date:	2024-11-21T04:40:35.550

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-153708	date:	2019-07-25T00:00:00
db:	JVNDB	id:	JVNDB-2019-006961	date:	2019-07-30T00:00:00
db:	CNNVD	id:	CNNVD-201907-1323	date:	2019-07-25T00:00:00
db:	NVD	id:	CVE-2019-2273	date:	2019-07-25T17:15:12.690