Sign-up

ID

VAR-201909-1459


CVE

CVE-2019-10508


TITLE

plural Snapdragon Classic buffer overflow vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-010014

DESCRIPTION

Lack of input validation for data received from user space can lead to OOB access in WLAN in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 650/52, SD 820A, SDX20. plural Snapdragon The product contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and others are products of Qualcomm (Qualcomm). MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. SDX20 is a modem. A buffer error vulnerability exists in WLAN in several Qualcomm products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: Qualcomm MDM9150; MDM9206; MDM9607; MDM9640; MDM9650; MSM8909W; MSM8996AU; QCA6174A; /16; SD 415; SD 625; SD 632; SD 650/52; SD 820A; SDX20

Trust: 1.8

sources: NVD: CVE-2019-10508 // JVNDB: JVNDB-2019-010014 // VULHUB: VHN-142061 // VULMON: CVE-2019-10508

AFFECTED PRODUCTS

vendor:qualcommmodel:sd 632scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9379scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 415scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 652scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9377scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 615scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6174ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 616scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 600scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9640scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:qca6174ascope: - version: -

Trust: 0.8

vendor:qualcommmodel:qca6574auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:qca9377scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-010014 // NVD: CVE-2019-10508

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10508
value: HIGH

Trust: 1.0

NVD: CVE-2019-10508
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201909-165
value: MEDIUM

Trust: 0.6

VULHUB: VHN-142061
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-10508
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-10508
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-142061
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-10508
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-10508
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-142061 // VULMON: CVE-2019-10508 // JVNDB: JVNDB-2019-010014 // CNNVD: CNNVD-201909-165 // NVD: CVE-2019-10508

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.9

sources: VULHUB: VHN-142061 // JVNDB: JVNDB-2019-010014 // NVD: CVE-2019-10508

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201909-165

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010014

PATCH
title:August 2019 Code Aurora Security Bulletinurl:https://www.codeaurora.org/security-bulletin/2019/08/05/august-2019-code-aurora-security-bulletin
Trust: 0.8
title:Multiple Qualcomm Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97927
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-010014 // 
            
            
            
            CNNVD: CNNVD-201909-165

EXTERNAL IDS
db:NVDid:CVE-2019-10508
Trust: 2.6
db:JVNDBid:JVNDB-2019-010014
Trust: 0.8
db:CNNVDid:CNNVD-201909-165
Trust: 0.7
db:VULHUBid:VHN-142061
Trust: 0.1
db:VULMONid:CVE-2019-10508
Trust: 0.1
sources:
            
            
            VULHUB: VHN-142061 // 
            
            
            
            VULMON: CVE-2019-10508 // 
            
            
            
            JVNDB: JVNDB-2019-010014 // 
            
            
            
            CNNVD: CNNVD-201909-165 // 
            
            
            
            NVD: CVE-2019-10508

REFERENCES
url:https://www.codeaurora.org/security-bulletin/2019/08/05/august-2019-code-aurora-security-bulletin
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-10508
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10508
Trust: 0.8
url:https://vigilance.fr/vulnerability/google-android-os-multiple-vulnerabilities-30243
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/120.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-142061 // 
            
            
            
            VULMON: CVE-2019-10508 // 
            
            
            
            JVNDB: JVNDB-2019-010014 // 
            
            
            
            CNNVD: CNNVD-201909-165 // 
            
            
            
            NVD: CVE-2019-10508

SOURCES
db:VULHUBid:VHN-142061
db:VULMONid:CVE-2019-10508
db:JVNDBid:JVNDB-2019-010014
db:CNNVDid:CNNVD-201909-165
db:NVDid:CVE-2019-10508

LAST UPDATE DATE
2024-11-23T22:33:45.117000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-142061date:2019-10-02T00:00:00
db:VULMONid:CVE-2019-10508date:2019-10-02T00:00:00
db:JVNDBid:JVNDB-2019-010014date:2019-10-03T00:00:00
db:CNNVDid:CNNVD-201909-165date:2019-10-14T00:00:00
db:NVDid:CVE-2019-10508date:2024-11-21T04:19:19.093

SOURCES RELEASE DATE
db:VULHUBid:VHN-142061date:2019-09-30T00:00:00
db:VULMONid:CVE-2019-10508date:2019-09-30T00:00:00
db:JVNDBid:JVNDB-2019-010014date:2019-10-03T00:00:00
db:CNNVDid:CNNVD-201909-165date:2019-09-04T00:00:00
db:NVDid:CVE-2019-10508date:2019-09-30T16:15:10.807