ID
VAR-201907-0874
CVE
CVE-2019-2261
TITLE
plural Snapdragon Product configuration vulnerability
Trust: 0.8
DESCRIPTION
Unauthorized access from GPU subsystem to HLOS or other non secure subsystem memory can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MSM8996AU, QCA8081, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130. plural Snapdragon The product contains a vulnerability related to environment settings.Information may be obtained. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-120486477, A-120485121, A-120487163, A-122473494, and A-123998003. Qualcomm MDM9206 is a central processing unit (CPU) product of Qualcomm (Qualcomm). A configuration error vulnerability exists in several Qualcomm products
Trust: 2.07
AFFECTED PRODUCTS
| vendor: | qualcomm | model: | sd 427 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sda660 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 710 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 425 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 675 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 429 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | 215 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9607 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 820a | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 730 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9206 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm660 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 450 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | ipq8074 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9150 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qca8081 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 435 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 439 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sxr1130 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 712 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 625 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 632 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | msm8996au | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 8cx | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qcs605 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 205 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 212 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 650 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 835 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 652 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | snapdragon high med 2016 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9650 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 850 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm630 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 845 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 820 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm439 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 670 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 855 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 430 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 210 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 636 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | ipq8074 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9150 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9206 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9607 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9650 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | msm8996au | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | qca8081 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | qcs605 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | 215 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 210 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | model: | pixel xl | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | pixel c | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | pixel | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | nexus player | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 9 | Trust: 0.3 | |
| vendor: | model: | nexus 6p | scope: | - | version: | - | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 6 | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 5x | Trust: 0.3 | |
| vendor: | model: | android | scope: | eq | version: | 0 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-noinfo | Trust: 1.0 |
| problemtype: | CWE-16 | Trust: 0.9 |
THREAT TYPE
local
Trust: 0.6
TYPE
configuration error
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | July 2019 Qualcomm Technologies, Inc. Security Bulletin | url: | https://www.qualcomm.com/company/product-security/bulletins | Trust: 0.8 |
| title: | Multiple Qualcomm Product configuration error vulnerability fixes | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93159 | Trust: 0.6 |
| title: | The Register | url: | https://www.theregister.co.uk/2019/06/05/android_june_patch/ | Trust: 0.2 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2019-2261 | Trust: 2.9 |
| db: | BID | id: | 108546 | Trust: 1.0 |
| db: | JVNDB | id: | JVNDB-2019-007015 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201906-070 | Trust: 0.7 |
| db: | VULHUB | id: | VHN-153696 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2019-2261 | Trust: 0.1 |
REFERENCES
| url: | https://www.qualcomm.com/company/product-security/bulletins | Trust: 1.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-2261 | Trust: 1.4 |
| url: | http://code.google.com/android/ | Trust: 0.9 |
| url: | http://www.qualcomm.com/ | Trust: 0.9 |
| url: | https://source.android.com/security/bulletin/2019-06-01.html | Trust: 0.9 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2261 | Trust: 0.8 |
| url: | https://www.securityfocus.com/bid/108546 | Trust: 0.7 |
| url: | https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-june-2019-29461 | Trust: 0.6 |
| url: | https://cwe.mitre.org/data/definitions/16.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
CREDITS
The vendor reported these issues.
Trust: 0.9
SOURCES
| db: | VULHUB | id: | VHN-153696 |
| db: | VULMON | id: | CVE-2019-2261 |
| db: | BID | id: | 108546 |
| db: | JVNDB | id: | JVNDB-2019-007015 |
| db: | CNNVD | id: | CNNVD-201906-070 |
| db: | NVD | id: | CVE-2019-2261 |
LAST UPDATE DATE
2024-11-23T21:52:06.737000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-153696 | date: | 2019-07-29T00:00:00 |
| db: | VULMON | id: | CVE-2019-2261 | date: | 2021-07-21T00:00:00 |
| db: | BID | id: | 108546 | date: | 2019-06-03T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-007015 | date: | 2019-07-31T00:00:00 |
| db: | CNNVD | id: | CNNVD-201906-070 | date: | 2019-07-30T00:00:00 |
| db: | NVD | id: | CVE-2019-2261 | date: | 2024-11-21T04:40:34.050 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-153696 | date: | 2019-07-22T00:00:00 |
| db: | VULMON | id: | CVE-2019-2261 | date: | 2019-07-22T00:00:00 |
| db: | BID | id: | 108546 | date: | 2019-06-03T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-007015 | date: | 2019-07-31T00:00:00 |
| db: | CNNVD | id: | CNNVD-201906-070 | date: | 2019-06-03T00:00:00 |
| db: | NVD | id: | CVE-2019-2261 | date: | 2019-07-22T14:15:11.627 |