ID

VAR-201907-0885


CVE

CVE-2019-2260


TITLE

plural Snapdragon Product race condition vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-006717

DESCRIPTION

A race condition occurs while processing perf-event which can lead to a use after free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM439, SDM630, SDM660, SDX20, SDX24, Snapdragon_High_Med_2016, SXR1130. plural Snapdragon The product contains a race condition vulnerability and a free memory usage vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Components are prone to the following security vulnerabilities: 1. Multiple buffer-overflow vulnerabilities 2. A denial-of-service vulnerability An attacker can exploit these issues to execute arbitrary code, and cause a denial-of-service condition. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-123700924, A-114399807, A-123999895, and A-127513046. Qualcomm MDM9206 and others are products of Qualcomm (Qualcomm). MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. MDM9640 is a central processing unit (CPU) product. A resource management error vulnerability exists in several Qualcomm products. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

Trust: 2.07

sources: NVD: CVE-2019-2260 // JVNDB: JVNDB-2019-006717 // BID: 108555 // VULHUB: VHN-153695 // VULMON: CVE-2019-2260

AFFECTED PRODUCTS

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs405scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 632scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx24scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 712scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon high med 2016scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 855scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 427scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 730scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 435scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr1130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 665scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9640scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 0.8

vendor:qualcommmodel:qcs405scope: - version: -

Trust: 0.8

vendor:qualcommmodel:qcs605scope: - version: -

Trust: 0.8

vendor:qualcommmodel:215scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel cscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexus playerscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: BID: 108555 // JVNDB: JVNDB-2019-006717 // NVD: CVE-2019-2260

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-2260
value: HIGH

Trust: 1.0

NVD: CVE-2019-2260
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201906-084
value: HIGH

Trust: 0.6

VULHUB: VHN-153695
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-2260
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-2260
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-153695
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-2260
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.0
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-153695 // VULMON: CVE-2019-2260 // JVNDB: JVNDB-2019-006717 // CNNVD: CNNVD-201906-084 // NVD: CVE-2019-2260

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.9

problemtype:CWE-416

Trust: 1.9

sources: VULHUB: VHN-153695 // JVNDB: JVNDB-2019-006717 // NVD: CVE-2019-2260

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201906-084

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201906-084

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006717

PATCH

title:June 2019 Code Aurora Security Bulletinurl:https://www.codeaurora.org/security-bulletin/2019/06/03/june-2019-code-aurora-security-bulletin

Trust: 0.8

title:Qualcomm Kernel Fixes for component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93173

Trust: 0.6

title:The Registerurl:https://www.theregister.co.uk/2019/06/05/android_june_patch/

Trust: 0.2

sources: VULMON: CVE-2019-2260 // JVNDB: JVNDB-2019-006717 // CNNVD: CNNVD-201906-084

EXTERNAL IDS

db:NVDid:CVE-2019-2260

Trust: 2.9

db:BIDid:108555

Trust: 1.0

db:JVNDBid:JVNDB-2019-006717

Trust: 0.8

db:CNNVDid:CNNVD-201906-084

Trust: 0.7

db:VULHUBid:VHN-153695

Trust: 0.1

db:VULMONid:CVE-2019-2260

Trust: 0.1

sources: VULHUB: VHN-153695 // VULMON: CVE-2019-2260 // BID: 108555 // JVNDB: JVNDB-2019-006717 // CNNVD: CNNVD-201906-084 // NVD: CVE-2019-2260

REFERENCES

url:https://www.codeaurora.org/security-bulletin/2019/06/03/june-2019-code-aurora-security-bulletin

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-2260

Trust: 1.4

url:http://code.google.com/android/

Trust: 0.9

url:https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=9c0fa2ad7dab4d11c866cb4677c3cd2561b829b

Trust: 0.9

url:https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit?id=3186af9f3ece8d5d07a3d62cc1a64b448eab375b

Trust: 0.9

url:https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?h=wlan-cld3.driver.lnx.1.1.r41-rel&id=a01623699ad76fc6947483b063727f417d526df7

Trust: 0.9

url:https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=d056949890ebd0ab90b284c34886e51a6c1e1515

Trust: 0.9

url:http://www.qualcomm.com/

Trust: 0.9

url:https://source.android.com/security/bulletin/2019-06-01.html

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2260

Trust: 0.8

url:https://www.securityfocus.com/bid/108555

Trust: 0.7

url:https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-june-2019-29461

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/362.html

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/416.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-153695 // VULMON: CVE-2019-2260 // BID: 108555 // JVNDB: JVNDB-2019-006717 // CNNVD: CNNVD-201906-084 // NVD: CVE-2019-2260

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 108555

SOURCES

db:VULHUBid:VHN-153695
db:VULMONid:CVE-2019-2260
db:BIDid:108555
db:JVNDBid:JVNDB-2019-006717
db:CNNVDid:CNNVD-201906-084
db:NVDid:CVE-2019-2260

LAST UPDATE DATE

2024-08-14T13:26:08.803000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-153695date:2019-07-24T00:00:00
db:VULMONid:CVE-2019-2260date:2019-07-24T00:00:00
db:BIDid:108555date:2019-06-03T00:00:00
db:JVNDBid:JVNDB-2019-006717date:2019-07-25T00:00:00
db:CNNVDid:CNNVD-201906-084date:2019-07-25T00:00:00
db:NVDid:CVE-2019-2260date:2019-07-24T13:22:52.033

SOURCES RELEASE DATE

db:VULHUBid:VHN-153695date:2019-07-22T00:00:00
db:VULMONid:CVE-2019-2260date:2019-07-22T00:00:00
db:BIDid:108555date:2019-06-03T00:00:00
db:JVNDBid:JVNDB-2019-006717date:2019-07-25T00:00:00
db:CNNVDid:CNNVD-201906-084date:2019-06-03T00:00:00
db:NVDid:CVE-2019-2260date:2019-07-22T14:15:11.567