Details of VAR-201911-1185

ID

VAR-201911-1185

CVE

CVE-2019-2331

TITLE

plural Snapdragon Product integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-011587

DESCRIPTION

Possible Integer overflow because of subtracting two integers without checking if the result would overflow or not in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24. plural Snapdragon The product contains an integer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206, etc. are all products of Qualcomm. MDM9206 is a central processing unit (CPU) product. Qualcomm MDM9150 is a central processing unit (CPU) product. SDX20 is a modem. There are input validation error vulnerabilities in Audio in many Qualcomm products. The vulnerability stems from the fact that the network system or product did not correctly verify the input data. No detailed vulnerability details are currently available

Trust: 2.16

sources: NVD: CVE-2019-2331 // JVNDB: JVNDB-2019-011587 // CNVD: CNVD-2020-20154

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-20154

AFFECTED PRODUCTS

vendor:	qualcomm	model:	sdx24	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs405	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 427	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sda660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 710	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 425	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 675	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 429	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9615	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9607	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	215	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 820a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 730	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 615	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9206	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 450	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 616	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9640	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 439	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 435	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 665	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 712	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 625	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 632	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8996au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 415	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 205	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 212	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 835	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 850	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm630	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 820	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm439	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 600	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8909w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 670	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx20	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 855	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 430	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 210	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 636	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9150	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9206	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9607	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9615	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9640	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9650	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	msm8909w	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	msm8996au	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qcs405	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qcs605	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	msm 8996au	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	qcs	scope:	eq	version:	605	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	210	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	212	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	205	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	425	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	427	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	430	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	435	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	439	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	429	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	450	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	615/16	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	415	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	625	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	632	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	665	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	675	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	712	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	710	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	670	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	730	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	820	Trust: 0.6
vendor:	qualcomm	model:	sd 820a	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	835	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	845	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	850	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	855	Trust: 0.6
vendor:	qualcomm	model:	sda	scope:	eq	version:	660	Trust: 0.6
vendor:	qualcomm	model:	sdm	scope:	eq	version:	439	Trust: 0.6
vendor:	qualcomm	model:	sdm	scope:	eq	version:	630	Trust: 0.6
vendor:	qualcomm	model:	sdm	scope:	eq	version:	660	Trust: 0.6
vendor:	qualcomm	model:	sdx	scope:	eq	version:	24	Trust: 0.6
vendor:	qualcomm	model:	msm 8909w	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	qcs	scope:	eq	version:	405	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	636	Trust: 0.6
vendor:	qualcomm	model:	sdx	scope:	eq	version:	20	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	600	Trust: 0.6
vendor:	qualcomm	model:	mdm	scope:	eq	version:	9206	Trust: 0.6
vendor:	qualcomm	model:	mdm	scope:	eq	version:	9607	Trust: 0.6
vendor:	qualcomm	model:	mdm	scope:	eq	version:	9150	Trust: 0.6
vendor:	qualcomm	model:	mdm	scope:	eq	version:	9640	Trust: 0.6
vendor:	qualcomm	model:	mdm	scope:	eq	version:	9650	Trust: 0.6
vendor:	qualcomm	model:	mdm	scope:	eq	version:	9615	Trust: 0.6
vendor:	qualcomm	model:	eudora	scope:	eq	version:	215	Trust: 0.6

sources: CNVD: CNVD-2020-20154 // JVNDB: JVNDB-2019-011587 // NVD: CVE-2019-2331

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-2331
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-2331
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2020-20154
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201909-127
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2019-2331
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-20154
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-2331
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-2331
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-20154 // JVNDB: JVNDB-2019-011587 // CNNVD: CNNVD-201909-127 // NVD: CVE-2019-2331

PROBLEMTYPE DATA

problemtype:

CWE-190

Trust: 1.8

sources: JVNDB: JVNDB-2019-011587 // NVD: CVE-2019-2331

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-127

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201909-127

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-011587

PATCH

title:	Android のセキュリティに関する公開情報	url:	https://source.android.com/security/bulletin/	Trust: 0.8
title:	Patch for Multiple Qualcomm product input verification error vulnerabilities (CNVD-2020-20154)	url:	https://www.cnvd.org.cn/patchInfo/show/211533	Trust: 0.6
title:	Multiple Qualcomm Product input verification error vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97889	Trust: 0.6

sources: CNVD: CNVD-2020-20154 // JVNDB: JVNDB-2019-011587 // CNNVD: CNNVD-201909-127

EXTERNAL IDS

db:	NVD	id:	CVE-2019-2331	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-011587	Trust: 0.8
db:	CNVD	id:	CNVD-2020-20154	Trust: 0.6
db:	CNNVD	id:	CNNVD-201909-127	Trust: 0.6

sources: CNVD: CNVD-2020-20154 // JVNDB: JVNDB-2019-011587 // CNNVD: CNNVD-201909-127 // NVD: CVE-2019-2331

REFERENCES

url:	https://source.android.com/security/bulletin/	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-2331	Trust: 1.4
url:	https://www.qualcomm.com/company/product-security/bulletins/september-2019-bulletin	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2331	Trust: 0.8
url:	https://source.android.com/security/bulletin/2019-09-01	Trust: 0.6
url:	https://vigilance.fr/vulnerability/google-android-os-multiple-vulnerabilities-30243	Trust: 0.6

sources: CNVD: CNVD-2020-20154 // JVNDB: JVNDB-2019-011587 // CNNVD: CNNVD-201909-127 // NVD: CVE-2019-2331

SOURCES

db:	CNVD	id:	CNVD-2020-20154
db:	JVNDB	id:	JVNDB-2019-011587
db:	CNNVD	id:	CNNVD-201909-127
db:	NVD	id:	CVE-2019-2331

LAST UPDATE DATE

2024-11-23T23:01:34.897000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-20154	date:	2020-03-30T00:00:00
db:	JVNDB	id:	JVNDB-2019-011587	date:	2019-11-13T00:00:00
db:	CNNVD	id:	CNNVD-201909-127	date:	2019-11-08T00:00:00
db:	NVD	id:	CVE-2019-2331	date:	2024-11-21T04:40:43.777

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-20154	date:	2020-03-30T00:00:00
db:	JVNDB	id:	JVNDB-2019-011587	date:	2019-11-13T00:00:00
db:	CNNVD	id:	CNNVD-201909-127	date:	2019-09-04T00:00:00
db:	NVD	id:	CVE-2019-2331	date:	2019-11-06T17:15:13.877