Details of VAR-201911-1431

ID

VAR-201911-1431

CVE

CVE-2019-2295

TITLE

plural Snapdragon Product buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-012276

DESCRIPTION

Information disclosure due to lack of address range check done on the SysDBG buffers in SDI code. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, MDM9205, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCS404, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, Snapdragon_High_Med_2016, SXR1130. plural Snapdragon The product contains a buffer error vulnerability.Information may be obtained. Qualcomm SDA660 and so on are a kind of central processing unit (CPU) products of Qualcomm of the United States. An attacker could use this vulnerability to leak information

Trust: 2.16

sources: NVD: CVE-2019-2295 // JVNDB: JVNDB-2019-012276 // CNVD: CNVD-2020-16065

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-16065

AFFECTED PRODUCTS

vendor:	qualcomm	model:	apq8009	scope:	eq	version:	-	Trust: 2.2
vendor:	qualcomm	model:	sxr1130	scope:	eq	version:	-	Trust: 2.2
vendor:	qualcomm	model:	snapdragon high med 2016	scope:	eq	version:	-	Trust: 2.2
vendor:	qualcomm	model:	sdm850	scope:	eq	version:	-	Trust: 2.2
vendor:	qualcomm	model:	sdm845	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	apq8017	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	msm8909	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8053	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8953	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sda845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm636	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8917	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8998	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm429	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs405	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sda660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm632	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm670	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm450	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm710	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9205	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm630	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qm215	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm439	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	nicobar	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8905	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8920	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8940	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs404	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8937	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8009	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	apq8017	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	apq8053	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9205	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	msm8905	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	msm8909	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	msm8917	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	msm8920	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	msm8937	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	msm8940	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	msm	scope:	eq	version:	8909	Trust: 0.6
vendor:	qualcomm	model:	qcs	scope:	eq	version:	605	Trust: 0.6
vendor:	qualcomm	model:	sda	scope:	eq	version:	660	Trust: 0.6
vendor:	qualcomm	model:	sdm	scope:	eq	version:	439	Trust: 0.6
vendor:	qualcomm	model:	sdm	scope:	eq	version:	630	Trust: 0.6
vendor:	qualcomm	model:	sdm	scope:	eq	version:	660	Trust: 0.6
vendor:	qualcomm	model:	qcs	scope:	eq	version:	405	Trust: 0.6
vendor:	qualcomm	model:	snapdragon high med	scope:	eq	version:	2016	Trust: 0.6
vendor:	qualcomm	model:	sxr	scope:	eq	version:	1130	Trust: 0.6
vendor:	qualcomm	model:	mdm	scope:	eq	version:	9205	Trust: 0.6
vendor:	qualcomm	model:	qcs	scope:	eq	version:	404	Trust: 0.6
vendor:	qualcomm	model:	msm	scope:	eq	version:	8998	Trust: 0.6
vendor:	qualcomm	model:	nicobar	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sda	scope:	eq	version:	845	Trust: 0.6
vendor:	qualcomm	model:	sdm	scope:	eq	version:	636	Trust: 0.6
vendor:	qualcomm	model:	sdm	scope:	eq	version:	670	Trust: 0.6
vendor:	qualcomm	model:	sdm	scope:	eq	version:	710	Trust: 0.6
vendor:	qualcomm	model:	sdm	scope:	eq	version:	845	Trust: 0.6
vendor:	qualcomm	model:	sdm	scope:	eq	version:	850	Trust: 0.6
vendor:	qualcomm	model:	msm	scope:	eq	version:	8905	Trust: 0.6
vendor:	qualcomm	model:	msm	scope:	eq	version:	8917	Trust: 0.6
vendor:	qualcomm	model:	msm	scope:	eq	version:	8920	Trust: 0.6
vendor:	qualcomm	model:	msm	scope:	eq	version:	8937	Trust: 0.6
vendor:	qualcomm	model:	msm	scope:	eq	version:	8940	Trust: 0.6
vendor:	qualcomm	model:	msm	scope:	eq	version:	8953	Trust: 0.6
vendor:	qualcomm	model:	qm	scope:	eq	version:	215	Trust: 0.6
vendor:	qualcomm	model:	sdm	scope:	eq	version:	429	Trust: 0.6
vendor:	qualcomm	model:	sdm	scope:	eq	version:	450	Trust: 0.6
vendor:	qualcomm	model:	sdm	scope:	eq	version:	632	Trust: 0.6
vendor:	qualcomm	model:	apq	scope:	eq	version:	8009	Trust: 0.6
vendor:	qualcomm	model:	apq	scope:	eq	version:	8017	Trust: 0.6
vendor:	qualcomm	model:	apq	scope:	eq	version:	8053	Trust: 0.6

sources: CNVD: CNVD-2020-16065 // JVNDB: JVNDB-2019-012276 // CNNVD: CNNVD-201910-324 // NVD: CVE-2019-2295

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-2295
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-2295
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-16065
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201910-324
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2019-2295
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-16065
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-2295
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-2295
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-16065 // JVNDB: JVNDB-2019-012276 // CNNVD: CNNVD-201910-324 // NVD: CVE-2019-2295

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2019-012276 // NVD: CVE-2019-2295

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201910-324

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201910-324

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-012276

PATCH

title:	October 2019 Security Bulletin	url:	https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin	Trust: 0.8
title:	Patch for Multiple Qualcomm Product Information Disclosure Vulnerabilities (CNVD-2020-16065)	url:	https://www.cnvd.org.cn/patchInfo/show/207825	Trust: 0.6
title:	Multiple Qualcomm Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99028	Trust: 0.6

sources: CNVD: CNVD-2020-16065 // JVNDB: JVNDB-2019-012276 // CNNVD: CNNVD-201910-324

EXTERNAL IDS

db:	NVD	id:	CVE-2019-2295	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-012276	Trust: 0.8
db:	CNVD	id:	CNVD-2020-16065	Trust: 0.6
db:	CNNVD	id:	CNNVD-201910-324	Trust: 0.6

sources: CNVD: CNVD-2020-16065 // JVNDB: JVNDB-2019-012276 // CNNVD: CNNVD-201910-324 // NVD: CVE-2019-2295

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-2295	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2295	Trust: 0.8
url:	https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-october-2019-30549	Trust: 0.6

sources: CNVD: CNVD-2020-16065 // JVNDB: JVNDB-2019-012276 // CNNVD: CNNVD-201910-324 // NVD: CVE-2019-2295

SOURCES

db:	CNVD	id:	CNVD-2020-16065
db:	JVNDB	id:	JVNDB-2019-012276
db:	CNNVD	id:	CNNVD-201910-324
db:	NVD	id:	CVE-2019-2295

LAST UPDATE DATE

2024-11-23T21:51:50.131000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-16065	date:	2020-03-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-012276	date:	2019-11-28T00:00:00
db:	CNNVD	id:	CNNVD-201910-324	date:	2019-11-26T00:00:00
db:	NVD	id:	CVE-2019-2295	date:	2024-11-21T04:40:38.483

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-16065	date:	2020-03-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-012276	date:	2019-11-28T00:00:00
db:	CNNVD	id:	CNNVD-201910-324	date:	2019-10-08T00:00:00
db:	NVD	id:	CVE-2019-2295	date:	2019-11-21T15:15:15.463