Sign-up

ID

VAR-201911-1179


CVE

CVE-2019-2318


TITLE

plural Snapdragon Product out-of-bounds vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-012279

DESCRIPTION

Non Secure Kernel can cause Trustzone to do an arbitrary memory read which will result into DOS in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8017, APQ8053, APQ8096, APQ8096AU, IPQ8074, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, QCA8081, QM215, SDM429, SDM439, SDM450, SDM632, Snapdragon_High_Med_2016. plural Snapdragon The product contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Qualcomm MSM8996AU and so on are a kind of central processing unit (CPU) products of Qualcomm of the United States. QTEE in multiple Qualcomm products has a buffer overflow vulnerability. An attacker could use this vulnerability to cause a denial of service

Trust: 2.16

sources: NVD: CVE-2019-2318 // JVNDB: JVNDB-2019-012279 // CNVD: CNVD-2020-16062

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-16062

AFFECTED PRODUCTS

vendor:qualcommmodel:sdm632scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:sdm429scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:snapdragon high med 2016scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:sdm450scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:msm8953scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8053scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8917scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8096auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8096scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8017scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qm215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq8074scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca8081scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8920scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8940scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8937scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8017scope: - version: -

Trust: 0.8

vendor:qualcommmodel:apq8053scope: - version: -

Trust: 0.8

vendor:qualcommmodel:apq8096scope: - version: -

Trust: 0.8

vendor:qualcommmodel:apq8096auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:ipq8074scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8917scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8920scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8937scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8940scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8953scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm 8996auscope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:439

Trust: 0.6

vendor:qualcommmodel:ipqscope:eqversion:8074

Trust: 0.6

vendor:qualcommmodel:snapdragon high medscope:eqversion:2016

Trust: 0.6

vendor:qualcommmodel:qcascope:eqversion:8081

Trust: 0.6

vendor:qualcommmodel:apq 8096auscope: - version: -

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8917

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8920

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8937

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8940

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8953

Trust: 0.6

vendor:qualcommmodel:qmscope:eqversion:215

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:429

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:450

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:632

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8996

Trust: 0.6

vendor:qualcommmodel:apqscope:eqversion:8017

Trust: 0.6

vendor:qualcommmodel:apqscope:eqversion:8053

Trust: 0.6

vendor:qualcommmodel:apqscope:eqversion:8096

Trust: 0.6

sources: CNVD: CNVD-2020-16062 // JVNDB: JVNDB-2019-012279 // CNNVD: CNNVD-201910-318 // NVD: CVE-2019-2318

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-2318
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-2318
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-16062
value: LOW

Trust: 0.6

CNNVD: CNNVD-201910-318
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-2318
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-16062
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-2318
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-2318
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-16062 // JVNDB: JVNDB-2019-012279 // CNNVD: CNNVD-201910-318 // NVD: CVE-2019-2318

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.8

sources: JVNDB: JVNDB-2019-012279 // NVD: CVE-2019-2318

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201910-318

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201910-318

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012279

PATCH
title:October 2019 Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin
Trust: 0.8
title:Patch for Multiple Qualcomm Product Buffer Overflow Vulnerabilities (CNVD-2020-16062)url:https://www.cnvd.org.cn/patchInfo/show/207805
Trust: 0.6
title:Multiple Qualcomm Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99022
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-16062 // 
            
            
            
            JVNDB: JVNDB-2019-012279 // 
            
            
            
            CNNVD: CNNVD-201910-318

EXTERNAL IDS
db:NVDid:CVE-2019-2318
Trust: 3.0
db:JVNDBid:JVNDB-2019-012279
Trust: 0.8
db:CNVDid:CNVD-2020-16062
Trust: 0.6
db:CNNVDid:CNNVD-201910-318
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-16062 // 
            
            
            
            JVNDB: JVNDB-2019-012279 // 
            
            
            
            CNNVD: CNNVD-201910-318 // 
            
            
            
            NVD: CVE-2019-2318

REFERENCES
url:https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-2318
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2318
Trust: 0.8
url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-october-2019-30549
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-16062 // 
            
            
            
            JVNDB: JVNDB-2019-012279 // 
            
            
            
            CNNVD: CNNVD-201910-318 // 
            
            
            
            NVD: CVE-2019-2318

SOURCES
db:CNVDid:CNVD-2020-16062
db:JVNDBid:JVNDB-2019-012279
db:CNNVDid:CNNVD-201910-318
db:NVDid:CVE-2019-2318

LAST UPDATE DATE
2024-11-23T22:44:47.362000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-16062date:2020-03-09T00:00:00
db:JVNDBid:JVNDB-2019-012279date:2019-11-28T00:00:00
db:CNNVDid:CNNVD-201910-318date:2019-11-26T00:00:00
db:NVDid:CVE-2019-2318date:2024-11-21T04:40:41.760

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-16062date:2020-03-09T00:00:00
db:JVNDBid:JVNDB-2019-012279date:2019-11-28T00:00:00
db:CNNVDid:CNNVD-201910-318date:2019-10-08T00:00:00
db:NVDid:CVE-2019-2318date:2019-11-21T15:15:16.230