Sign-up

ID

VAR-201911-1430


CVE

CVE-2019-2275


TITLE

plural Snapdragon Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-011674

DESCRIPTION

While deserializing any key blob during key operations, buffer overflow could occur exposing partial key information if any key operations are invoked(Depends on CVE-2018-13907) in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS404, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130. plural Snapdragon The product contains an input validation vulnerability.Information may be obtained. Qualcomm MDM9206 is a central processing unit (CPU) product of Qualcomm. Many Qualcomm products have input validation error vulnerabilities, which can be exploited by attackers to cause buffer overflows or heap overflows

Trust: 2.16

sources: NVD: CVE-2019-2275 // JVNDB: JVNDB-2019-011674 // CNVD: CNVD-2020-20151

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-20151

AFFECTED PRODUCTS

vendor:qualcommmodel:sd 427scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 435scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr1130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs404scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 712scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 632scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 8cxscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 410scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 652scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon high med 2016scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 855scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 412scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9205scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:qcs404scope: - version: -

Trust: 0.8

vendor:qualcommmodel:qcs605scope: - version: -

Trust: 0.8

vendor:qualcommmodel:215scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm 8996auscope: - version: -

Trust: 0.6

vendor:qualcommmodel:qcsscope:eqversion:605

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:210

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:212

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:205

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:425

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:427

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:430

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:435

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:439

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:429

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:450

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:625

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:632

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:712

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:710

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:670

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:820

Trust: 0.6

vendor:qualcommmodel:sd 820ascope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:835

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:845

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:850

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:855

Trust: 0.6

vendor:qualcommmodel:sdascope:eqversion:660

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:439

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:630

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:660

Trust: 0.6

vendor:qualcommmodel:msm 8909wscope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:636

Trust: 0.6

vendor:qualcommmodel:mdmscope:eqversion:9206

Trust: 0.6

vendor:qualcommmodel:mdmscope:eqversion:9607

Trust: 0.6

vendor:qualcommmodel:mdmscope:eqversion:9150

Trust: 0.6

vendor:qualcommmodel:mdmscope:eqversion:9650

Trust: 0.6

vendor:qualcommmodel:mdmscope:eqversion:9205

Trust: 0.6

vendor:qualcommmodel:sd 8cxscope: - version: -

Trust: 0.6

vendor:qualcommmodel:snapdragon high medscope:eqversion:2016

Trust: 0.6

vendor:qualcommmodel:sxrscope:eqversion:1130

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:650/52

Trust: 0.6

vendor:qualcommmodel:qcsscope:eqversion:404

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:410/12

Trust: 0.6

vendor:qualcommmodel:eudorascope:eqversion:215

Trust: 0.6

sources: CNVD: CNVD-2020-20151 // JVNDB: JVNDB-2019-011674 // NVD: CVE-2019-2275

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-2275
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-2275
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-20151
value: LOW

Trust: 0.6

CNNVD: CNNVD-201909-122
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-2275
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-20151
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-2275
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-2275
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-20151 // JVNDB: JVNDB-2019-011674 // CNNVD: CNNVD-201909-122 // NVD: CVE-2019-2275

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.0

problemtype:CWE-20

Trust: 0.8

sources: JVNDB: JVNDB-2019-011674 // NVD: CVE-2019-2275

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201909-122

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201909-122

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011674

PATCH
title:Android のセキュリティに関する公開情報url:https://source.android.com/security/bulletin/
Trust: 0.8
title:Patch for Multiple Qualcomm product input verification error vulnerabilities (CNVD-2020-20151)url:https://www.cnvd.org.cn/patchInfo/show/211525
Trust: 0.6
title:Multiple Qualcomm Product input verification error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97884
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-20151 // 
            
            
            
            JVNDB: JVNDB-2019-011674 // 
            
            
            
            CNNVD: CNNVD-201909-122

EXTERNAL IDS
db:NVDid:CVE-2019-2275
Trust: 3.0
db:JVNDBid:JVNDB-2019-011674
Trust: 0.8
db:CNVDid:CNVD-2020-20151
Trust: 0.6
db:CNNVDid:CNNVD-201909-122
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-20151 // 
            
            
            
            JVNDB: JVNDB-2019-011674 // 
            
            
            
            CNNVD: CNNVD-201909-122 // 
            
            
            
            NVD: CVE-2019-2275

REFERENCES
url:https://www.qualcomm.com/company/product-security/bulletins
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-2275
Trust: 1.4
url:https://www.qualcomm.com/company/product-security/bulletins/september-2019-bulletin
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2275
Trust: 0.8
url:https://source.android.com/security/bulletin/2019-09-01
Trust: 0.6
url:https://vigilance.fr/vulnerability/google-android-os-multiple-vulnerabilities-30243
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-20151 // 
            
            
            
            JVNDB: JVNDB-2019-011674 // 
            
            
            
            CNNVD: CNNVD-201909-122 // 
            
            
            
            NVD: CVE-2019-2275

SOURCES
db:CNVDid:CNVD-2020-20151
db:JVNDBid:JVNDB-2019-011674
db:CNNVDid:CNNVD-201909-122
db:NVDid:CVE-2019-2275

LAST UPDATE DATE
2024-11-23T22:16:46.300000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-20151date:2020-03-30T00:00:00
db:JVNDBid:JVNDB-2019-011674date:2019-11-15T00:00:00
db:CNNVDid:CNNVD-201909-122date:2020-10-28T00:00:00
db:NVDid:CVE-2019-2275date:2024-11-21T04:40:35.850

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-20151date:2020-03-30T00:00:00
db:JVNDBid:JVNDB-2019-011674date:2019-11-15T00:00:00
db:CNNVDid:CNNVD-201909-122date:2019-09-04T00:00:00
db:NVDid:CVE-2019-2275date:2019-11-06T17:15:13.410