Details of VAR-201907-0881

ID

VAR-201907-0881

CVE

CVE-2019-2281

TITLE

plural Snapdragon Product buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-006958

DESCRIPTION

An unauthenticated bitmap image can be loaded in to memory and subsequently cause execution of unverified code. in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS405, QCS605, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX24, SXR1130. plural Snapdragon The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SD 712 is a central processing unit (CPU) product. SD 710 is a central processing unit (CPU) product. SDX24 is a modem. A buffer error vulnerability exists in Boot in several Qualcomm products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Trust: 1.71

sources: NVD: CVE-2019-2281 // JVNDB: JVNDB-2019-006958 // VULHUB: VHN-153716

AFFECTED PRODUCTS

vendor:	qualcomm	model:	sd 8cx	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx24	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs405	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sda660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 835	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 710	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 675	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 730	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 850	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm630	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 820	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 670	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 855	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sxr1130	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 665	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 712	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 636	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs405	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qcs605	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 636	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 665	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 670	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 675	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 710	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 712	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 730	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 820	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-006958 // NVD: CVE-2019-2281

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-2281
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-2281
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201907-1324
value:	HIGH
Trust: 0.6
VULHUB:	VHN-153716
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-2281
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-153716
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-2281
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-153716 // JVNDB: JVNDB-2019-006958 // CNNVD: CNNVD-201907-1324 // NVD: CVE-2019-2281

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-119	Trust: 0.9

sources: VULHUB: VHN-153716 // JVNDB: JVNDB-2019-006958 // NVD: CVE-2019-2281

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201907-1324

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201907-1324

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006958

PATCH

title:	July 2019 Qualcomm Technologies, Inc. Security Bulletin	url:	https://www.qualcomm.com/company/product-security/bulletins	Trust: 0.8
title:	Multiple Qualcomm product Boot Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95471	Trust: 0.6

sources: JVNDB: JVNDB-2019-006958 // CNNVD: CNNVD-201907-1324

EXTERNAL IDS

db:	NVD	id:	CVE-2019-2281	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-006958	Trust: 0.8
db:	CNNVD	id:	CNNVD-201907-1324	Trust: 0.7
db:	VULHUB	id:	VHN-153716	Trust: 0.1

sources: VULHUB: VHN-153716 // JVNDB: JVNDB-2019-006958 // CNNVD: CNNVD-201907-1324 // NVD: CVE-2019-2281

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-2281	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2281	Trust: 0.8
url:	https://vigilance.fr/vulnerability/google-android-os-multiple-vulnerabilities-30243	Trust: 0.6

sources: VULHUB: VHN-153716 // JVNDB: JVNDB-2019-006958 // CNNVD: CNNVD-201907-1324 // NVD: CVE-2019-2281

CREDITS

Gulshan Singh

Trust: 0.6

sources: CNNVD: CNNVD-201907-1324

SOURCES

db:	VULHUB	id:	VHN-153716
db:	JVNDB	id:	JVNDB-2019-006958
db:	CNNVD	id:	CNNVD-201907-1324
db:	NVD	id:	CVE-2019-2281

LAST UPDATE DATE

2024-11-23T22:11:57.233000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-153716	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-006958	date:	2019-07-30T00:00:00
db:	CNNVD	id:	CNNVD-201907-1324	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-2281	date:	2024-11-21T04:40:36.663

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-153716	date:	2019-07-25T00:00:00
db:	JVNDB	id:	JVNDB-2019-006958	date:	2019-07-30T00:00:00
db:	CNNVD	id:	CNNVD-201907-1324	date:	2019-07-25T00:00:00
db:	NVD	id:	CVE-2019-2281	date:	2019-07-25T17:15:12.863