Sign-up

ID

VAR-201909-1455


CVE

CVE-2019-10510


TITLE

plural Snapdragon In product NULL Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010016

DESCRIPTION

BT process died and BT toggled due to null pointer dereference when invalid vendor pass through command sent from remote in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS405, QCS605, SD 636, SD 675, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660. plural Snapdragon The product includes NULL A vulnerability related to pointer dereference exists.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Qualcomm SD 820A and others are a central processing unit (CPU) product of Qualcomm (Qualcomm). A code issue vulnerability exists in several Qualcomm products. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products. The following products and versions are affected: Qualcomm QCS405; QCS605; SD 636; SD 675; SD 730; SD 820A; SD 835; SD 845; SD 850; SD 855;

Trust: 1.71

sources: NVD: CVE-2019-10510 // JVNDB: JVNDB-2019-010016 // VULHUB: VHN-142064

AFFECTED PRODUCTS

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs405scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 855scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 675scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 730scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs405scope: - version: -

Trust: 0.8

vendor:qualcommmodel:qcs605scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 636scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 675scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 730scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 820ascope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 835scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 845scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 850scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 855scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-010016 // NVD: CVE-2019-10510

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10510
value: HIGH

Trust: 1.0

NVD: CVE-2019-10510
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201908-440
value: HIGH

Trust: 0.6

VULHUB: VHN-142064
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-10510
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-142064
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-10510
baseSeverity: HIGH
baseScore: 8.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.2
version: 3.1

Trust: 1.0

NVD: CVE-2019-10510
baseSeverity: HIGH
baseScore: 8.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-142064 // JVNDB: JVNDB-2019-010016 // CNNVD: CNNVD-201908-440 // NVD: CVE-2019-10510

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.9

sources: VULHUB: VHN-142064 // JVNDB: JVNDB-2019-010016 // NVD: CVE-2019-10510

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201908-440

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010016

PATCH
title:August 2019 Code Aurora Security Bulletinurl:https://www.codeaurora.org/security-bulletin/2019/08/05/august-2019-code-aurora-security-bulletin
Trust: 0.8
title:Android Qualcomm BTHOST Fixes for component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96177
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-010016 // 
            
            
            
            CNNVD: CNNVD-201908-440

EXTERNAL IDS
db:NVDid:CVE-2019-10510
Trust: 2.5
db:JVNDBid:JVNDB-2019-010016
Trust: 0.8
db:CNNVDid:CNNVD-201908-440
Trust: 0.7
db:VULHUBid:VHN-142064
Trust: 0.1
sources:
            
            
            VULHUB: VHN-142064 // 
            
            
            
            JVNDB: JVNDB-2019-010016 // 
            
            
            
            CNNVD: CNNVD-201908-440 // 
            
            
            
            NVD: CVE-2019-10510

REFERENCES
url:https://www.codeaurora.org/security-bulletin/2019/08/05/august-2019-code-aurora-security-bulletin
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-10510
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10510
Trust: 0.8
url:https://source.android.com/security/bulletin/2019-08-01.html
Trust: 0.6
url:https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-august-2019-29951
Trust: 0.6
sources:
            
            
            VULHUB: VHN-142064 // 
            
            
            
            JVNDB: JVNDB-2019-010016 // 
            
            
            
            CNNVD: CNNVD-201908-440 // 
            
            
            
            NVD: CVE-2019-10510

SOURCES
db:VULHUBid:VHN-142064
db:JVNDBid:JVNDB-2019-010016
db:CNNVDid:CNNVD-201908-440
db:NVDid:CVE-2019-10510

LAST UPDATE DATE
2024-11-23T23:01:40.709000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-142064date:2019-10-02T00:00:00
db:JVNDBid:JVNDB-2019-010016date:2019-10-03T00:00:00
db:CNNVDid:CNNVD-201908-440date:2020-07-28T00:00:00
db:NVDid:CVE-2019-10510date:2024-11-21T04:19:19.407

SOURCES RELEASE DATE
db:VULHUBid:VHN-142064date:2019-09-30T00:00:00
db:JVNDBid:JVNDB-2019-010016date:2019-10-03T00:00:00
db:CNNVDid:CNNVD-201908-440date:2019-08-06T00:00:00
db:NVDid:CVE-2019-10510date:2019-09-30T16:15:10.933