ID

VAR-201911-1434


CVE

CVE-2019-2283


TITLE

plural Snapdragon Product buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-011673

DESCRIPTION

Improper validation of read and write index of tx and rx fifo`s before calculating pointer can lead to out-of-bound access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24. plural Snapdragon The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206, etc. are all products of Qualcomm. MDM9206 is a central processing unit (CPU) product. Qualcomm MDM9150 is a central processing unit (CPU) product. SDX20 is a modem. Many Qualcomm products have input validation error vulnerabilities, and no detailed vulnerability details are currently available

Trust: 2.25

sources: NVD: CVE-2019-2283 // JVNDB: JVNDB-2019-011673 // CNVD: CNVD-2020-20152 // VULMON: CVE-2019-2283

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-20152

AFFECTED PRODUCTS

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 632scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx24scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 712scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 855scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 427scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 730scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 675scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 435scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9640scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:qcs605scope: - version: -

Trust: 0.8

vendor:qualcommmodel:215scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm 8996auscope: - version: -

Trust: 0.6

vendor:qualcommmodel:qcsscope:eqversion:605

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:210

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:212

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:205

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:425

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:427

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:430

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:435

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:439

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:429

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:450

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:625

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:632

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:675

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:712

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:710

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:670

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:730

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:820

Trust: 0.6

vendor:qualcommmodel:sd 820ascope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:835

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:845

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:850

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:855

Trust: 0.6

vendor:qualcommmodel:sdascope:eqversion:660

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:439

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:630

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:660

Trust: 0.6

vendor:qualcommmodel:sdxscope:eqversion:24

Trust: 0.6

vendor:qualcommmodel:msm 8909wscope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:636

Trust: 0.6

vendor:qualcommmodel:sdxscope:eqversion:20

Trust: 0.6

vendor:qualcommmodel:mdmscope:eqversion:9206

Trust: 0.6

vendor:qualcommmodel:mdmscope:eqversion:9607

Trust: 0.6

vendor:qualcommmodel:mdmscope:eqversion:9150

Trust: 0.6

vendor:qualcommmodel:mdmscope:eqversion:9640

Trust: 0.6

vendor:qualcommmodel:mdmscope:eqversion:9650

Trust: 0.6

vendor:qualcommmodel:eudorascope:eqversion:215

Trust: 0.6

sources: CNVD: CNVD-2020-20152 // JVNDB: JVNDB-2019-011673 // NVD: CVE-2019-2283

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-2283
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-2283
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-20152
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201909-120
value: CRITICAL

Trust: 0.6

VULMON: CVE-2019-2283
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-2283
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2020-20152
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-2283
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-2283
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-20152 // VULMON: CVE-2019-2283 // JVNDB: JVNDB-2019-011673 // CNNVD: CNNVD-201909-120 // NVD: CVE-2019-2283

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-119

Trust: 0.8

sources: JVNDB: JVNDB-2019-011673 // NVD: CVE-2019-2283

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-120

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201909-120

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-011673

PATCH

title:Android のセキュリティに関する公開情報url:https://source.android.com/security/bulletin/

Trust: 0.8

title:Patch for Multiple Qualcomm product input verification error vulnerabilities (CNVD-2020-20152)url:https://www.cnvd.org.cn/patchInfo/show/211523

Trust: 0.6

title:Multiple Qualcomm Product input verification error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97882

Trust: 0.6

sources: CNVD: CNVD-2020-20152 // JVNDB: JVNDB-2019-011673 // CNNVD: CNNVD-201909-120

EXTERNAL IDS

db:NVDid:CVE-2019-2283

Trust: 3.1

db:JVNDBid:JVNDB-2019-011673

Trust: 0.8

db:CNVDid:CNVD-2020-20152

Trust: 0.6

db:CNNVDid:CNNVD-201909-120

Trust: 0.6

db:VULMONid:CVE-2019-2283

Trust: 0.1

sources: CNVD: CNVD-2020-20152 // VULMON: CVE-2019-2283 // JVNDB: JVNDB-2019-011673 // CNNVD: CNNVD-201909-120 // NVD: CVE-2019-2283

REFERENCES

url:https://source.android.com/security/bulletin/

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-2283

Trust: 1.4

url:https://www.qualcomm.com/company/product-security/bulletins/september-2019-bulletin

Trust: 1.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2283

Trust: 0.8

url:https://source.android.com/security/bulletin/2019-09-01

Trust: 0.6

url:https://vigilance.fr/vulnerability/google-android-os-multiple-vulnerabilities-30243

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2020-20152 // VULMON: CVE-2019-2283 // JVNDB: JVNDB-2019-011673 // CNNVD: CNNVD-201909-120 // NVD: CVE-2019-2283

SOURCES

db:CNVDid:CNVD-2020-20152
db:VULMONid:CVE-2019-2283
db:JVNDBid:JVNDB-2019-011673
db:CNNVDid:CNNVD-201909-120
db:NVDid:CVE-2019-2283

LAST UPDATE DATE

2024-08-14T15:28:23.867000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-20152date:2020-03-30T00:00:00
db:VULMONid:CVE-2019-2283date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-011673date:2019-11-15T00:00:00
db:CNNVDid:CNNVD-201909-120date:2019-11-12T00:00:00
db:NVDid:CVE-2019-2283date:2020-08-24T17:37:01.140

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-20152date:2020-03-30T00:00:00
db:VULMONid:CVE-2019-2283date:2019-11-06T00:00:00
db:JVNDBid:JVNDB-2019-011673date:2019-11-15T00:00:00
db:CNNVDid:CNNVD-201909-120date:2019-09-04T00:00:00
db:NVDid:CVE-2019-2283date:2019-11-06T17:15:13.487