Sign-up

ID

VAR-201909-1122


CVE

CVE-2019-2294


TITLE

plural Snapdragon Vulnerabilities related to insufficient random values in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-010098

DESCRIPTION

Usage of hard-coded magic number for calculating heap guard bytes can allow users to corrupt heap blocks without heap algorithm knowledge in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130. plural Snapdragon The product contains a vulnerability related to the use of insufficient random values.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 is a central processing unit (CPU) product of Qualcomm (Qualcomm). Video in several Qualcomm products has a security feature vulnerability. An attacker could exploit this vulnerability to corrupt heap blocks. The following products and versions are affected: Qualcomm MDM9205; MDM9206; MDM9607; MDM9615; MDM9625; MDM9635M; MDM9655; MSM8909W; MSM8996AU; SD 427; SD 430; SD 435; SD 439; SD 429; SD 450; SD 625; SD 632; SD 636; SD 650/52; SD 665; SD 675; SD 712; SD 820; SD 820A; SD 835; SD 845; SD 850; SD 855; SD 8CX;

Trust: 1.71

sources: NVD: CVE-2019-2294 // JVNDB: JVNDB-2019-010098 // VULHUB: VHN-153729

AFFECTED PRODUCTS

vendor:qualcommmodel:sd 427scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 675scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9615scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 730scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9655scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 435scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr1130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 665scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 712scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 632scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 410scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 8cxscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 652scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon high med 2016scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9635mscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 855scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 412scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9205scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9615scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9625scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9635mscope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9655scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:qcs605scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-010098 // NVD: CVE-2019-2294

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-2294
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-2294
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201908-374
value: HIGH

Trust: 0.6

VULHUB: VHN-153729
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-2294
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-153729
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-2294
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-2294
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-153729 // JVNDB: JVNDB-2019-010098 // CNNVD: CNNVD-201908-374 // NVD: CVE-2019-2294

PROBLEMTYPE DATA

problemtype:CWE-330

Trust: 1.9

sources: VULHUB: VHN-153729 // JVNDB: JVNDB-2019-010098 // NVD: CVE-2019-2294

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-201908-374

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010098

PATCH
title:August 2019 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins/august-2019-bulletin
Trust: 0.8
title:Multiple Qualcomm Repair measures for product security feature vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96126
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-010098 // 
            
            
            
            CNNVD: CNNVD-201908-374

EXTERNAL IDS
db:NVDid:CVE-2019-2294
Trust: 2.5
db:JVNDBid:JVNDB-2019-010098
Trust: 0.8
db:CNNVDid:CNNVD-201908-374
Trust: 0.7
db:VULHUBid:VHN-153729
Trust: 0.1
sources:
            
            
            VULHUB: VHN-153729 // 
            
            
            
            JVNDB: JVNDB-2019-010098 // 
            
            
            
            CNNVD: CNNVD-201908-374 // 
            
            
            
            NVD: CVE-2019-2294

REFERENCES
url:https://www.qualcomm.com/company/product-security/bulletins
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-2294
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2294
Trust: 0.8
url:https://source.android.com/security/bulletin/2019-08-01.html
Trust: 0.6
url:https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-august-2019-29951
Trust: 0.6
sources:
            
            
            VULHUB: VHN-153729 // 
            
            
            
            JVNDB: JVNDB-2019-010098 // 
            
            
            
            CNNVD: CNNVD-201908-374 // 
            
            
            
            NVD: CVE-2019-2294

SOURCES
db:VULHUBid:VHN-153729
db:JVNDBid:JVNDB-2019-010098
db:CNNVDid:CNNVD-201908-374
db:NVDid:CVE-2019-2294

LAST UPDATE DATE
2024-11-23T22:16:49.642000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-153729date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2019-010098date:2019-10-04T00:00:00
db:CNNVDid:CNNVD-201908-374date:2019-10-14T00:00:00
db:NVDid:CVE-2019-2294date:2024-11-21T04:40:38.330

SOURCES RELEASE DATE
db:VULHUBid:VHN-153729date:2019-09-30T00:00:00
db:JVNDBid:JVNDB-2019-010098date:2019-10-04T00:00:00
db:CNNVDid:CNNVD-201908-374date:2019-08-06T00:00:00
db:NVDid:CVE-2019-2294date:2019-09-30T16:15:11.463