Sign-up

ID

VAR-201907-0871


CVE

CVE-2019-2290


TITLE

plural Snapdragon Vulnerability in using freed memory in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-006957

DESCRIPTION

Multiple open and close from multiple threads will lead camera driver to access destroyed session data pointer in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDM660, SDX20, SDX24, Snapdragon_High_Med_2016. plural Snapdragon The product contains a vulnerability related to the use of released memory.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and others are products of Qualcomm (Qualcomm). MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. SDX24 is a modem. A resource management error vulnerability exists in the Camera in several Qualcomm products. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

Trust: 1.71

sources: NVD: CVE-2019-2290 // JVNDB: JVNDB-2019-006957 // VULHUB: VHN-153725

AFFECTED PRODUCTS

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx24scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 427scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 652scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon high med 2016scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 435scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 712scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9640scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:qcs605scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 425scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 427scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 430scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-006957 // NVD: CVE-2019-2290

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-2290
value: HIGH

Trust: 1.0

NVD: CVE-2019-2290
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201907-1325
value: HIGH

Trust: 0.6

VULHUB: VHN-153725
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-2290
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-153725
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-2290
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-153725 // JVNDB: JVNDB-2019-006957 // CNNVD: CNNVD-201907-1325 // NVD: CVE-2019-2290

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.9

sources: VULHUB: VHN-153725 // JVNDB: JVNDB-2019-006957 // NVD: CVE-2019-2290

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201907-1325

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201907-1325

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-006957

PATCH
title:July 2019 Code Aurora Security Bulletinurl:https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin
Trust: 0.8
title:Multiple Qualcomm product Camera Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95472
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-006957 // 
            
            
            
            CNNVD: CNNVD-201907-1325

EXTERNAL IDS
db:NVDid:CVE-2019-2290
Trust: 2.5
db:JVNDBid:JVNDB-2019-006957
Trust: 0.8
db:CNNVDid:CNNVD-201907-1325
Trust: 0.7
db:VULHUBid:VHN-153725
Trust: 0.1
sources:
            
            
            VULHUB: VHN-153725 // 
            
            
            
            JVNDB: JVNDB-2019-006957 // 
            
            
            
            CNNVD: CNNVD-201907-1325 // 
            
            
            
            NVD: CVE-2019-2290

REFERENCES
url:https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-2290
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2290
Trust: 0.8
sources:
            
            
            VULHUB: VHN-153725 // 
            
            
            
            JVNDB: JVNDB-2019-006957 // 
            
            
            
            CNNVD: CNNVD-201907-1325 // 
            
            
            
            NVD: CVE-2019-2290

SOURCES
db:VULHUBid:VHN-153725
db:JVNDBid:JVNDB-2019-006957
db:CNNVDid:CNNVD-201907-1325
db:NVDid:CVE-2019-2290

LAST UPDATE DATE
2024-11-23T22:44:56.940000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-153725date:2019-07-29T00:00:00
db:JVNDBid:JVNDB-2019-006957date:2019-07-30T00:00:00
db:CNNVDid:CNNVD-201907-1325date:2019-07-30T00:00:00
db:NVDid:CVE-2019-2290date:2024-11-21T04:40:37.870

SOURCES RELEASE DATE
db:VULHUBid:VHN-153725date:2019-07-25T00:00:00
db:JVNDBid:JVNDB-2019-006957date:2019-07-30T00:00:00
db:CNNVDid:CNNVD-201907-1325date:2019-07-25T00:00:00
db:NVDid:CVE-2019-2290date:2019-07-25T17:15:12.927