Details of VAR-201911-1177

ID

VAR-201911-1177

CVE

CVE-2019-2323

TITLE

plural Snapdragon Vulnerabilities related to the use of uninitialized resources in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-011670

DESCRIPTION

Lack of check to ensure crypto engine data passed by user is initialized can result in bus error in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24. plural Snapdragon The product contains a vulnerability related to the use of uninitialized resources.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206, etc. are all products of Qualcomm. MDM9206 is a central processing unit (CPU) product. Qualcomm MDM9150 is a central processing unit (CPU) product. SDX20 is a modem. Input validation error vulnerability exists in HLOS in many Qualcomm products. The vulnerability stems from the fact that the network system or product did not correctly verify the input data. No detailed vulnerability details are currently available

Trust: 2.16

sources: NVD: CVE-2019-2323 // JVNDB: JVNDB-2019-011670 // CNVD: CNVD-2020-20161

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-20161

AFFECTED PRODUCTS

vendor:	qualcomm	model:	sd 430	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sda660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 439	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 820a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 205	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs405	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 429	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 632	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx20	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx24	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 712	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9607	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 625	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 212	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8996au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 850	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9640	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 855	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 427	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8909w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 670	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm439	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 210	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 636	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 730	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 450	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm630	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9206	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 675	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 435	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 820	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 710	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 425	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 665	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 835	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	215	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9150	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9206	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9607	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9640	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9650	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	msm8909w	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	msm8996au	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qcs405	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qcs605	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	215	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	msm 8996au	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	qcs	scope:	eq	version:	605	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	210	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	212	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	205	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	425	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	427	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	430	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	435	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	439	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	429	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	450	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	625	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	632	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	665	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	675	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	712	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	710	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	670	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	730	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	820	Trust: 0.6
vendor:	qualcomm	model:	sd 820a	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	835	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	845	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	850	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	855	Trust: 0.6
vendor:	qualcomm	model:	sda	scope:	eq	version:	660	Trust: 0.6
vendor:	qualcomm	model:	sdx	scope:	eq	version:	24	Trust: 0.6
vendor:	qualcomm	model:	msm 8909w	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	qcs	scope:	eq	version:	405	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	636	Trust: 0.6
vendor:	qualcomm	model:	sdx	scope:	eq	version:	20	Trust: 0.6
vendor:	qualcomm	model:	mdm	scope:	eq	version:	9206	Trust: 0.6
vendor:	qualcomm	model:	mdm	scope:	eq	version:	9607	Trust: 0.6
vendor:	qualcomm	model:	mdm	scope:	eq	version:	9150	Trust: 0.6
vendor:	qualcomm	model:	mdm	scope:	eq	version:	9640	Trust: 0.6
vendor:	qualcomm	model:	mdm	scope:	eq	version:	9650	Trust: 0.6
vendor:	qualcomm	model:	sdm4	scope:	eq	version:	630	Trust: 0.6
vendor:	qualcomm	model:	sdm4	scope:	eq	version:	660	Trust: 0.6
vendor:	qualcomm	model:	sdm4	scope:	eq	version:	43	Trust: 0.6
vendor:	qualcomm	model:	eudora	scope:	eq	version:	215	Trust: 0.6

sources: CNVD: CNVD-2020-20161 // JVNDB: JVNDB-2019-011670 // NVD: CVE-2019-2323

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-2323
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-2323
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2020-20161
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201909-155
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2019-2323
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-20161
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-2323
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-2323
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-20161 // JVNDB: JVNDB-2019-011670 // CNNVD: CNNVD-201909-155 // NVD: CVE-2019-2323

PROBLEMTYPE DATA

problemtype:

CWE-1187

Trust: 1.8

sources: JVNDB: JVNDB-2019-011670 // NVD: CVE-2019-2323

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-155

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201909-155

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-011670

PATCH

title:	Android のセキュリティに関する公開情報	url:	https://source.android.com/security/bulletin/	Trust: 0.8
title:	Patch for Multiple Qualcomm product input verification error vulnerabilities (CNVD-2020-20161)	url:	https://www.cnvd.org.cn/patchInfo/show/211537	Trust: 0.6
title:	Multiple Qualcomm Product input verification error vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97917	Trust: 0.6

sources: CNVD: CNVD-2020-20161 // JVNDB: JVNDB-2019-011670 // CNNVD: CNNVD-201909-155

EXTERNAL IDS

db:	NVD	id:	CVE-2019-2323	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-011670	Trust: 0.8
db:	CNVD	id:	CNVD-2020-20161	Trust: 0.6
db:	CNNVD	id:	CNNVD-201909-155	Trust: 0.6

sources: CNVD: CNVD-2020-20161 // JVNDB: JVNDB-2019-011670 // CNNVD: CNNVD-201909-155 // NVD: CVE-2019-2323

REFERENCES

url:	https://source.android.com/security/bulletin/	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-2323	Trust: 1.4
url:	https://www.qualcomm.com/company/product-security/bulletins/september-2019-bulletin	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2323	Trust: 0.8
url:	https://source.android.com/security/bulletin/2019-09-01	Trust: 0.6
url:	https://vigilance.fr/vulnerability/google-android-os-multiple-vulnerabilities-30243	Trust: 0.6

sources: CNVD: CNVD-2020-20161 // JVNDB: JVNDB-2019-011670 // CNNVD: CNNVD-201909-155 // NVD: CVE-2019-2323

SOURCES

db:	CNVD	id:	CNVD-2020-20161
db:	JVNDB	id:	JVNDB-2019-011670
db:	CNNVD	id:	CNNVD-201909-155
db:	NVD	id:	CVE-2019-2323

LAST UPDATE DATE

2024-08-14T13:55:00.819000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-20161	date:	2020-03-30T00:00:00
db:	JVNDB	id:	JVNDB-2019-011670	date:	2019-11-14T00:00:00
db:	CNNVD	id:	CNNVD-201909-155	date:	2019-11-11T00:00:00
db:	NVD	id:	CVE-2019-2323	date:	2019-11-08T15:21:02.437

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-20161	date:	2020-03-30T00:00:00
db:	JVNDB	id:	JVNDB-2019-011670	date:	2019-11-14T00:00:00
db:	CNNVD	id:	CNNVD-201909-155	date:	2019-09-04T00:00:00
db:	NVD	id:	CVE-2019-2323	date:	2019-11-06T17:15:13.690