ID
VAR-201907-0876
CVE
CVE-2019-2264
TITLE
plural Snapdragon Vulnerability in using freed memory in products
Trust: 0.8
DESCRIPTION
Null pointer dereference occurs for channel context while opening glink channel in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9607, MDM9640, MSM8909W, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SDM439, SDM630, SDM660, SDX24. plural Snapdragon The product contains vulnerabilities related to the use of freed memory, and NULL A vulnerability related to pointer dereference exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9607 and other products are products of Qualcomm. The MDM9607 is a central processing unit (CPU) product. The MDM9640 is a central processing unit (CPU) product. The SDX24 is a modem. A code issue vulnerability exists in several Qualcomm products that stems from problems in design or implementation of code development during a network system or product. No detailed vulnerability details are currently available
Trust: 2.25
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | qualcomm | model: | mdm9607 | scope: | - | version: | - | Trust: 1.4 |
| vendor: | qualcomm | model: | msm8909w | scope: | - | version: | - | Trust: 1.4 |
| vendor: | qualcomm | model: | qcs605 | scope: | - | version: | - | Trust: 1.4 |
| vendor: | qualcomm | model: | qcs405 | scope: | - | version: | - | Trust: 1.4 |
| vendor: | qualcomm | model: | mdm9640 | scope: | - | version: | - | Trust: 1.4 |
| vendor: | qualcomm | model: | sd 632 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdx24 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qcs605 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qcs405 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 427 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 835 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 710 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 425 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 820a | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 429 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9607 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 850 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm630 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm660 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 845 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 450 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm439 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9640 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | msm8909w | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 670 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 439 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 435 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 430 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 712 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 636 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 625 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 425 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 427 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 430 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 435 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 439 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 845 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 425 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 430 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 427 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 435 | Trust: 0.6 |
| vendor: | qualcomm | model: | sdm439 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | qualcomm | model: | sdm660 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 835 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 850 | Trust: 0.6 |
| vendor: | qualcomm | model: | sdx24 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 632 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 439 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 429 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 636 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 712 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 710 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 670 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 625 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd 820a | scope: | - | version: | - | Trust: 0.6 |
| vendor: | qualcomm | model: | sdm630 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 450 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-416 | Trust: 1.9 |
| problemtype: | CWE-476 | Trust: 1.9 |
THREAT TYPE
local
Trust: 0.6
TYPE
code problem
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | June 2019 Code Aurora Security Bulletin | url: | https://www.codeaurora.org/security-bulletin/2019/06/03/june-2019-code-aurora-security-bulletin | Trust: 0.8 |
| title: | Patches for multiple Qualcomm product code issue vulnerabilities | url: | https://www.cnvd.org.cn/patchInfo/show/175011 | Trust: 0.6 |
| title: | Multiple Qualcomm Product resource management error vulnerability fixes | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95351 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2019-2264 | Trust: 3.1 |
| db: | JVNDB | id: | JVNDB-2019-006716 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201907-1165 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2019-27320 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-153699 | Trust: 0.1 |
REFERENCES
| url: | https://www.codeaurora.org/security-bulletin/2019/06/03/june-2019-code-aurora-security-bulletin | Trust: 2.3 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-2264 | Trust: 2.0 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2264 | Trust: 0.8 |
| url: | https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-march-2020-31720 | Trust: 0.6 |
SOURCES
| db: | CNVD | id: | CNVD-2019-27320 |
| db: | VULHUB | id: | VHN-153699 |
| db: | JVNDB | id: | JVNDB-2019-006716 |
| db: | CNNVD | id: | CNNVD-201907-1165 |
| db: | NVD | id: | CVE-2019-2264 |
LAST UPDATE DATE
2024-11-23T22:41:27.438000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2019-27320 | date: | 2019-08-14T00:00:00 |
| db: | VULHUB | id: | VHN-153699 | date: | 2019-07-24T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-006716 | date: | 2019-07-25T00:00:00 |
| db: | CNNVD | id: | CNNVD-201907-1165 | date: | 2020-03-04T00:00:00 |
| db: | NVD | id: | CVE-2019-2264 | date: | 2024-11-21T04:40:34.397 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2019-27320 | date: | 2019-08-14T00:00:00 |
| db: | VULHUB | id: | VHN-153699 | date: | 2019-07-22T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-006716 | date: | 2019-07-25T00:00:00 |
| db: | CNNVD | id: | CNNVD-201907-1165 | date: | 2019-07-22T00:00:00 |
| db: | NVD | id: | CVE-2019-2264 | date: | 2019-07-22T14:15:11.707 |