ID
VAR-201911-1184
CVE
CVE-2019-2329
TITLE
plural Snapdragon Vulnerability in using freed memory in products
Trust: 0.8
DESCRIPTION
Use after free issue in cleanup routine due to missing pointer sanitization for a failed start of a trusted application. in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, QCS404, QCS605, SDA845, SDM670, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130. plural Snapdragon The product contains a vulnerability related to the use of released memory.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9205 and so on are a kind of central processing unit (CPU) products of Qualcomm of the United States. QTEE in multiple Qualcomm products has a resource management error vulnerability. The vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. An attacker could use this vulnerability to cause Trustzone to perform arbitrary memory reads
Trust: 2.16
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | qualcomm | model: | sxr1130 | scope: | eq | version: | - | Trust: 2.2 |
| vendor: | qualcomm | model: | sm7150 | scope: | eq | version: | - | Trust: 2.2 |
| vendor: | qualcomm | model: | mdm9205 | scope: | eq | version: | - | Trust: 2.2 |
| vendor: | qualcomm | model: | sm8150 | scope: | eq | version: | - | Trust: 2.2 |
| vendor: | qualcomm | model: | sxr2130 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | qcs404 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sdm670 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qcs605 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm710 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdx55 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm845 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sm6150 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sda845 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9205 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | qcs404 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | qcs605 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sda845 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sdm 670 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sdm710 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sdm845 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sdx55 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sm 6150 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sm 7150 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | qcs | scope: | eq | version: | 605 | Trust: 0.6 |
| vendor: | qualcomm | model: | mdm | scope: | eq | version: | 9205 | Trust: 0.6 |
| vendor: | qualcomm | model: | sxr | scope: | eq | version: | 1130 | Trust: 0.6 |
| vendor: | qualcomm | model: | qcs | scope: | eq | version: | 404 | Trust: 0.6 |
| vendor: | qualcomm | model: | sda | scope: | eq | version: | 845 | Trust: 0.6 |
| vendor: | qualcomm | model: | sdm | scope: | eq | version: | 670 | Trust: 0.6 |
| vendor: | qualcomm | model: | sdm | scope: | eq | version: | 710 | Trust: 0.6 |
| vendor: | qualcomm | model: | sdm | scope: | eq | version: | 845 | Trust: 0.6 |
| vendor: | qualcomm | model: | sm | scope: | eq | version: | 6150 | Trust: 0.6 |
| vendor: | qualcomm | model: | sm | scope: | eq | version: | 7150 | Trust: 0.6 |
| vendor: | qualcomm | model: | sm | scope: | eq | version: | 8150 | Trust: 0.6 |
| vendor: | qualcomm | model: | sxr | scope: | eq | version: | 2130 | Trust: 0.6 |
| vendor: | qualcomm | model: | sdx | scope: | eq | version: | 55 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-416 | Trust: 1.8 |
THREAT TYPE
local
Trust: 0.6
TYPE
resource management error
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | October 2019 Security Bulletin | url: | https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin | Trust: 0.8 |
| title: | Patch for Multiple Qualcomm Product Resource Management Error Vulnerabilities (CNVD-2020-16061) | url: | https://www.cnvd.org.cn/patchInfo/show/207831 | Trust: 0.6 |
| title: | Multiple Qualcomm Product security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99021 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2019-2329 | Trust: 3.0 |
| db: | JVNDB | id: | JVNDB-2019-012274 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2020-16061 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-201910-317 | Trust: 0.6 |
REFERENCES
| url: | https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin | Trust: 2.2 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-2329 | Trust: 1.4 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2329 | Trust: 0.8 |
| url: | https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-october-2019-30549 | Trust: 0.6 |
SOURCES
| db: | CNVD | id: | CNVD-2020-16061 |
| db: | JVNDB | id: | JVNDB-2019-012274 |
| db: | CNNVD | id: | CNNVD-201910-317 |
| db: | NVD | id: | CVE-2019-2329 |
LAST UPDATE DATE
2024-08-14T15:22:54.185000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2020-16061 | date: | 2020-03-09T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-012274 | date: | 2019-11-28T00:00:00 |
| db: | CNNVD | id: | CNNVD-201910-317 | date: | 2019-12-04T00:00:00 |
| db: | NVD | id: | CVE-2019-2329 | date: | 2019-11-25T18:29:44.060 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2020-16061 | date: | 2020-03-09T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-012274 | date: | 2019-11-28T00:00:00 |
| db: | CNNVD | id: | CNNVD-201910-317 | date: | 2019-10-08T00:00:00 |
| db: | NVD | id: | CVE-2019-2329 | date: | 2019-11-21T15:15:16.307 |