Details of VAR-201911-1186

ID

VAR-201911-1186

CVE

CVE-2019-2324

TITLE

plural Snapdragon Product buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-011669

DESCRIPTION

When ADSP is compromised, the audio port index that`s returned from ADSP might be out of the valid range and leads to out of boundary access in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 845 / SD 850, SD 855, SDX20, SDX24. plural Snapdragon The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206, etc. are all products of Qualcomm. MDM9206 is a central processing unit (CPU) product. Qualcomm MDM9150 is a central processing unit (CPU) product. SDX20 is a modem. There are input validation error vulnerabilities in Audio in many Qualcomm products. The vulnerability stems from the fact that the network system or product did not correctly verify the input data. No detailed vulnerability details are currently available

Trust: 2.16

sources: NVD: CVE-2019-2324 // JVNDB: JVNDB-2019-011669 // CNVD: CNVD-2020-20162

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-20162

AFFECTED PRODUCTS

vendor:	qualcomm	model:	sdx24	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 415	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 205	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 427	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 212	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 710	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 425	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 675	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 820a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9615	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9607	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 730	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 615	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9206	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 850	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 820	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 450	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 616	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9640	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 600	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8909w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 670	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx20	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 435	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 855	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 430	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 210	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 665	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 712	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 625	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9150	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9206	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9607	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9615	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9640	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9650	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	msm8909w	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 205	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 210	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 212	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd	scope:	eq	version:	210	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	212	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	205	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	425	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	427	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	430	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	435	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	450	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	615/16	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	415	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	625	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	665	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	675	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	712	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	710	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	670	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	730	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	820	Trust: 0.6
vendor:	qualcomm	model:	sd 820a	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	845	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	850	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	855	Trust: 0.6
vendor:	qualcomm	model:	sdx	scope:	eq	version:	24	Trust: 0.6
vendor:	qualcomm	model:	msm 8909w	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sdx	scope:	eq	version:	20	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	600	Trust: 0.6
vendor:	qualcomm	model:	mdm	scope:	eq	version:	9206	Trust: 0.6
vendor:	qualcomm	model:	mdm	scope:	eq	version:	9607	Trust: 0.6
vendor:	qualcomm	model:	mdm	scope:	eq	version:	9150	Trust: 0.6
vendor:	qualcomm	model:	mdm	scope:	eq	version:	9640	Trust: 0.6
vendor:	qualcomm	model:	mdm	scope:	eq	version:	9650	Trust: 0.6
vendor:	qualcomm	model:	mdm	scope:	eq	version:	9615	Trust: 0.6

sources: CNVD: CNVD-2020-20162 // JVNDB: JVNDB-2019-011669 // NVD: CVE-2019-2324

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-2324
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-2324
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2020-20162
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201909-151
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2019-2324
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-20162
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-2324
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-2324
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-20162 // JVNDB: JVNDB-2019-011669 // CNNVD: CNNVD-201909-151 // NVD: CVE-2019-2324

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2019-011669 // NVD: CVE-2019-2324

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-151

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201909-151

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-011669

PATCH

title:	Android のセキュリティに関する公開情報	url:	https://source.android.com/security/bulletin/	Trust: 0.8
title:	Patch for Multiple Qualcomm product input verification error vulnerabilities (CNVD-2020-20162)	url:	https://www.cnvd.org.cn/patchInfo/show/211535	Trust: 0.6
title:	Multiple Qualcomm Product input verification error vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97913	Trust: 0.6

sources: CNVD: CNVD-2020-20162 // JVNDB: JVNDB-2019-011669 // CNNVD: CNNVD-201909-151

EXTERNAL IDS

db:	NVD	id:	CVE-2019-2324	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-011669	Trust: 0.8
db:	CNVD	id:	CNVD-2020-20162	Trust: 0.6
db:	CNNVD	id:	CNNVD-201909-151	Trust: 0.6

sources: CNVD: CNVD-2020-20162 // JVNDB: JVNDB-2019-011669 // CNNVD: CNNVD-201909-151 // NVD: CVE-2019-2324

REFERENCES

url:	https://source.android.com/security/bulletin/	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-2324	Trust: 1.4
url:	https://www.qualcomm.com/company/product-security/bulletins/september-2019-bulletin	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2324	Trust: 0.8
url:	https://source.android.com/security/bulletin/2019-09-01	Trust: 0.6
url:	https://vigilance.fr/vulnerability/google-android-os-multiple-vulnerabilities-30243	Trust: 0.6

sources: CNVD: CNVD-2020-20162 // JVNDB: JVNDB-2019-011669 // CNNVD: CNNVD-201909-151 // NVD: CVE-2019-2324

CREDITS

Peter Pi of Tencent

Trust: 0.6

sources: CNNVD: CNNVD-201909-151

SOURCES

db:	CNVD	id:	CNVD-2020-20162
db:	JVNDB	id:	JVNDB-2019-011669
db:	CNNVD	id:	CNNVD-201909-151
db:	NVD	id:	CVE-2019-2324

LAST UPDATE DATE

2024-11-23T22:33:39.277000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-20162	date:	2020-03-30T00:00:00
db:	JVNDB	id:	JVNDB-2019-011669	date:	2019-11-14T00:00:00
db:	CNNVD	id:	CNNVD-201909-151	date:	2019-11-12T00:00:00
db:	NVD	id:	CVE-2019-2324	date:	2024-11-21T04:40:42.713

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-20162	date:	2020-03-30T00:00:00
db:	JVNDB	id:	JVNDB-2019-011669	date:	2019-11-14T00:00:00
db:	CNNVD	id:	CNNVD-201909-151	date:	2019-09-04T00:00:00
db:	NVD	id:	CVE-2019-2324	date:	2019-11-06T17:15:13.753