Details of VAR-201907-0873

ID

VAR-201907-0873

CVE

CVE-2019-2293

TITLE

plural Snapdragon Vulnerability in using freed memory in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-006956

DESCRIPTION

Pointer dereference while freeing IFE resources due to lack of length check of in port resource. in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX24. plural Snapdragon The product contains a vulnerability related to the use of released memory.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SD 712 is a central processing unit (CPU) product. SD 710 is a central processing unit (CPU) product. SDX24 is a modem. A resource management error vulnerability exists in the Camera in several Qualcomm products. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

Trust: 1.71

sources: NVD: CVE-2019-2293 // JVNDB: JVNDB-2019-006956 // VULHUB: VHN-153728

AFFECTED PRODUCTS

vendor:	qualcomm	model:	sdx24	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs405	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 427	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 710	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 425	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 675	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 730	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 850	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm630	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 450	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8909w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 670	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 435	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 855	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 430	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 712	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 636	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 625	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8909w	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qcs405	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qcs605	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 425	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 427	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 430	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 435	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 450	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 625	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 636	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-006956 // NVD: CVE-2019-2293

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-2293
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-2293
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201907-1326
value:	HIGH
Trust: 0.6
VULHUB:	VHN-153728
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-2293
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-153728
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-2293
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-153728 // JVNDB: JVNDB-2019-006956 // CNNVD: CNNVD-201907-1326 // NVD: CVE-2019-2293

PROBLEMTYPE DATA

problemtype:

CWE-416

Trust: 1.9

sources: VULHUB: VHN-153728 // JVNDB: JVNDB-2019-006956 // NVD: CVE-2019-2293

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201907-1326

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201907-1326

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006956

PATCH

title:	July 2019 Code Aurora Security Bulletin	url:	https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin	Trust: 0.8
title:	Multiple Qualcomm product Camera Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95473	Trust: 0.6

sources: JVNDB: JVNDB-2019-006956 // CNNVD: CNNVD-201907-1326

EXTERNAL IDS

db:	NVD	id:	CVE-2019-2293	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-006956	Trust: 0.8
db:	CNNVD	id:	CNNVD-201907-1326	Trust: 0.7
db:	VULHUB	id:	VHN-153728	Trust: 0.1

sources: VULHUB: VHN-153728 // JVNDB: JVNDB-2019-006956 // CNNVD: CNNVD-201907-1326 // NVD: CVE-2019-2293

REFERENCES

url:	https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-2293	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2293	Trust: 0.8
url:	https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-january-2020-31267	Trust: 0.6

sources: VULHUB: VHN-153728 // JVNDB: JVNDB-2019-006956 // CNNVD: CNNVD-201907-1326 // NVD: CVE-2019-2293

SOURCES

db:	VULHUB	id:	VHN-153728
db:	JVNDB	id:	JVNDB-2019-006956
db:	CNNVD	id:	CNNVD-201907-1326
db:	NVD	id:	CVE-2019-2293

LAST UPDATE DATE

2024-11-23T22:55:30.805000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-153728	date:	2019-07-29T00:00:00
db:	JVNDB	id:	JVNDB-2019-006956	date:	2019-07-30T00:00:00
db:	CNNVD	id:	CNNVD-201907-1326	date:	2020-01-08T00:00:00
db:	NVD	id:	CVE-2019-2293	date:	2024-11-21T04:40:38.180

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-153728	date:	2019-07-25T00:00:00
db:	JVNDB	id:	JVNDB-2019-006956	date:	2019-07-30T00:00:00
db:	CNNVD	id:	CNNVD-201907-1326	date:	2019-07-25T00:00:00
db:	NVD	id:	CVE-2019-2293	date:	2019-07-25T17:15:12.987