Sign-up

ID

VAR-201911-1182


CVE

CVE-2019-2336


TITLE

plural Snapdragon Vulnerability in using freed memory in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-012272

DESCRIPTION

Subsequent use of the CBO listener may result in further memory corruption due to use after free issue. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in MDM9205, QCS404, SDX55, SM6150, SM7150, SM8150, SXR2130. plural Snapdragon The product contains a vulnerability related to the use of released memory.Service operation interruption (DoS) There is a possibility of being put into a state. Qualcomm MDM9205 and other products are Qualcomm's products. MDM9205 is a central processing unit (CPU) product. QCS404 is a central processing unit (CPU) product. SDX55 is a modem. QTEE in multiple Qualcomm products has a resource management error vulnerability. The vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. An attacker could exploit this vulnerability to cause further memory corruption

Trust: 2.16

sources: NVD: CVE-2019-2336 // JVNDB: JVNDB-2019-012272 // CNVD: CNVD-2020-16066

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-16066

AFFECTED PRODUCTS

vendor:qualcommmodel:sxr2130scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:sm7150scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:sm8150scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:sdx55scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:sm6150scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:mdm9205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs404scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9205scope: - version: -

Trust: 0.8

vendor:qualcommmodel:qcs404scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sdx55scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sm 6150scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sm 7150scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sm 8150scope: - version: -

Trust: 0.8

vendor:qualcommmodel:srx 2130scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdmscope:eqversion:9205

Trust: 0.6

vendor:qualcommmodel:qcsscope:eqversion:404

Trust: 0.6

vendor:qualcommmodel:smscope:eqversion:6150

Trust: 0.6

vendor:qualcommmodel:smscope:eqversion:7150

Trust: 0.6

vendor:qualcommmodel:smscope:eqversion:8150

Trust: 0.6

vendor:qualcommmodel:sxrscope:eqversion:2130

Trust: 0.6

vendor:qualcommmodel:sdxscope:eqversion:55

Trust: 0.6

sources: CNVD: CNVD-2020-16066 // JVNDB: JVNDB-2019-012272 // CNNVD: CNNVD-201910-312 // NVD: CVE-2019-2336

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-2336
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-2336
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-16066
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201910-312
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-2336
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-16066
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-2336
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-2336
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-16066 // JVNDB: JVNDB-2019-012272 // CNNVD: CNNVD-201910-312 // NVD: CVE-2019-2336

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.8

problemtype:CWE-787

Trust: 1.0

sources: JVNDB: JVNDB-2019-012272 // NVD: CVE-2019-2336

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201910-312

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201910-312

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012272

PATCH
title:October 2019 Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin
Trust: 0.8
title:Patch for Multiple Qualcomm Product Resource Management Error Vulnerabilities (CNVD-2020-16066)url:https://www.cnvd.org.cn/patchInfo/show/207833
Trust: 0.6
title:Multiple Qualcomm Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99016
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-16066 // 
            
            
            
            JVNDB: JVNDB-2019-012272 // 
            
            
            
            CNNVD: CNNVD-201910-312

EXTERNAL IDS
db:NVDid:CVE-2019-2336
Trust: 3.0
db:JVNDBid:JVNDB-2019-012272
Trust: 0.8
db:CNVDid:CNVD-2020-16066
Trust: 0.6
db:CNNVDid:CNNVD-201910-312
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-16066 // 
            
            
            
            JVNDB: JVNDB-2019-012272 // 
            
            
            
            CNNVD: CNNVD-201910-312 // 
            
            
            
            NVD: CVE-2019-2336

REFERENCES
url:https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-2336
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2336
Trust: 0.8
url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-october-2019-30549
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-16066 // 
            
            
            
            JVNDB: JVNDB-2019-012272 // 
            
            
            
            CNNVD: CNNVD-201910-312 // 
            
            
            
            NVD: CVE-2019-2336

SOURCES
db:CNVDid:CNVD-2020-16066
db:JVNDBid:JVNDB-2019-012272
db:CNNVDid:CNNVD-201910-312
db:NVDid:CVE-2019-2336

LAST UPDATE DATE
2024-11-23T22:41:17.745000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-16066date:2020-03-09T00:00:00
db:JVNDBid:JVNDB-2019-012272date:2019-11-28T00:00:00
db:CNNVDid:CNNVD-201910-312date:2019-11-26T00:00:00
db:NVDid:CVE-2019-2336date:2024-11-21T04:40:44.577

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-16066date:2020-03-09T00:00:00
db:JVNDBid:JVNDB-2019-012272date:2019-11-28T00:00:00
db:CNNVDid:CNNVD-201910-312date:2019-10-08T00:00:00
db:NVDid:CVE-2019-2336date:2019-11-21T15:15:16.463