Details of VAR-201911-1425

ID

VAR-201911-1425

CVE

CVE-2019-2249

TITLE

plural Snapdragon Product out-of-bounds vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-011677

DESCRIPTION

Kernel can do a memory read from arbitrary address passed by user during execution of a syscall in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9205, MDM9650, QCA8081, QCS605, SD 427, SD 435, SD 450, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130. plural Snapdragon The product contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9650 is a central processing unit (CPU) product of Qualcomm. The Kernel in many Qualcomm products has an input validation error vulnerability. The vulnerability stems from the fact that the network system or product did not correctly verify the input data. No detailed vulnerability details are currently available

Trust: 2.16

sources: NVD: CVE-2019-2249 // JVNDB: JVNDB-2019-011677 // CNVD: CNVD-2020-20149

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-20149

AFFECTED PRODUCTS

vendor:	qualcomm	model:	sda660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 855	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 636	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9205	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 730	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 8cx	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 450	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx20	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 712	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca8081	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 625	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm630	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon high med 2016	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8074	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 850	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 675	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 427	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 435	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sxr1130	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 710	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 665	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 835	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 670	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8074	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9205	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9650	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qca8081	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qcs605	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 427	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 435	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 450	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 625	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 636	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm	scope:	eq	version:	9650	Trust: 0.6
vendor:	qualcomm	model:	qcs	scope:	eq	version:	605	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	427	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	435	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	450	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	625	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	665	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	675	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	712	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	710	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	670	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	730	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	835	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	845	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	850	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	855	Trust: 0.6
vendor:	qualcomm	model:	sda	scope:	eq	version:	660	Trust: 0.6
vendor:	qualcomm	model:	sdm	scope:	eq	version:	630	Trust: 0.6
vendor:	qualcomm	model:	sdm	scope:	eq	version:	660	Trust: 0.6
vendor:	qualcomm	model:	sd	scope:	eq	version:	636	Trust: 0.6
vendor:	qualcomm	model:	sdx	scope:	eq	version:	20	Trust: 0.6
vendor:	qualcomm	model:	sd 8cx	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	snapdragon high med	scope:	eq	version:	2016	Trust: 0.6
vendor:	qualcomm	model:	sxr	scope:	eq	version:	1130	Trust: 0.6
vendor:	qualcomm	model:	ipq	scope:	eq	version:	8074	Trust: 0.6
vendor:	qualcomm	model:	mdm	scope:	eq	version:	9205	Trust: 0.6
vendor:	qualcomm	model:	qca	scope:	eq	version:	8081	Trust: 0.6
vendor:	qualcomm	model:	eudora	scope:	eq	version:	215	Trust: 0.6

sources: CNVD: CNVD-2020-20149 // JVNDB: JVNDB-2019-011677 // NVD: CVE-2019-2249

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-2249
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-2249
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2020-20149
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201909-124
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2019-2249
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-20149
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-2249
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-2249
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-20149 // JVNDB: JVNDB-2019-011677 // CNNVD: CNNVD-201909-124 // NVD: CVE-2019-2249

PROBLEMTYPE DATA

problemtype:

CWE-125

Trust: 1.8

sources: JVNDB: JVNDB-2019-011677 // NVD: CVE-2019-2249

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-124

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201909-124

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-011677

PATCH

title:	Android のセキュリティに関する公開情報	url:	https://source.android.com/security/bulletin/	Trust: 0.8
title:	Patch for Multiple Qualcomm product input verification error vulnerabilities (CNVD-2020-20149)	url:	https://www.cnvd.org.cn/patchInfo/show/211529	Trust: 0.6
title:	Multiple Qualcomm Product input verification error vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97886	Trust: 0.6

sources: CNVD: CNVD-2020-20149 // JVNDB: JVNDB-2019-011677 // CNNVD: CNNVD-201909-124

EXTERNAL IDS

db:	NVD	id:	CVE-2019-2249	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-011677	Trust: 0.8
db:	CNVD	id:	CNVD-2020-20149	Trust: 0.6
db:	CNNVD	id:	CNNVD-201909-124	Trust: 0.6

sources: CNVD: CNVD-2020-20149 // JVNDB: JVNDB-2019-011677 // CNNVD: CNNVD-201909-124 // NVD: CVE-2019-2249

REFERENCES

url:	https://source.android.com/security/bulletin/	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-2249	Trust: 1.4
url:	https://www.qualcomm.com/company/product-security/bulletins/september-2019-bulletin	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2249	Trust: 0.8
url:	https://source.android.com/security/bulletin/2019-09-01	Trust: 0.6
url:	https://vigilance.fr/vulnerability/google-android-os-multiple-vulnerabilities-30243	Trust: 0.6

sources: CNVD: CNVD-2020-20149 // JVNDB: JVNDB-2019-011677 // CNNVD: CNNVD-201909-124 // NVD: CVE-2019-2249

SOURCES

db:	CNVD	id:	CNVD-2020-20149
db:	JVNDB	id:	JVNDB-2019-011677
db:	CNNVD	id:	CNNVD-201909-124
db:	NVD	id:	CVE-2019-2249

LAST UPDATE DATE

2024-08-14T14:19:15.176000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-20149	date:	2020-03-30T00:00:00
db:	JVNDB	id:	JVNDB-2019-011677	date:	2019-11-15T00:00:00
db:	CNNVD	id:	CNNVD-201909-124	date:	2019-11-12T00:00:00
db:	NVD	id:	CVE-2019-2249	date:	2019-11-08T16:05:58.310

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-20149	date:	2020-03-30T00:00:00
db:	JVNDB	id:	JVNDB-2019-011677	date:	2019-11-15T00:00:00
db:	CNNVD	id:	CNNVD-201909-124	date:	2019-09-04T00:00:00
db:	NVD	id:	CVE-2019-2249	date:	2019-11-06T17:15:13.267