Sign-up

ID

VAR-201911-1664


CVE

CVE-2019-10490


TITLE

plural Snapdragon Vulnerability in using freed memory in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-012341

DESCRIPTION

Use after free issue in Xtra daemon shutdown due to static object instance getting freed from a multiple places in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS605, SDA660, SDA845, SDM450, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SM8250, SXR2130. plural Snapdragon The product contains a vulnerability related to the use of released memory.Service operation interruption (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and so on are the products of American Qualcomm. MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. SDX20 is a modem. The GPS Module in several Qualcomm products has a resource management error vulnerability. The vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. No detailed vulnerability details are provided at this time

Trust: 2.16

sources: NVD: CVE-2019-10490 // JVNDB: JVNDB-2019-012341 // CNVD: CNVD-2020-16059

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-16059

AFFECTED PRODUCTS

vendor:qualcommmodel:mdm9207cscope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:msm8905scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:mdm9150scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8250scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8953scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8937scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8096auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm6150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx24scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr2130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8053scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8939scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:nicobarscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8998scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8098scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8917scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8017scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8920scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8940scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8009scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm7150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8009scope: - version: -

Trust: 0.8

vendor:qualcommmodel:apq8017scope: - version: -

Trust: 0.8

vendor:qualcommmodel:apq8053scope: - version: -

Trust: 0.8

vendor:qualcommmodel:apq8096auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:apq8098scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9150scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9207cscope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdmscope:eqversion:9150

Trust: 0.6

vendor:qualcommmodel:mdmscope:eqversion:9607

Trust: 0.6

vendor:qualcommmodel:mdmscope:eqversion:9650

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8909

Trust: 0.6

vendor:qualcommmodel:msm 8996auscope: - version: -

Trust: 0.6

vendor:qualcommmodel:qcsscope:eqversion:605

Trust: 0.6

vendor:qualcommmodel:sdascope:eqversion:660

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:660

Trust: 0.6

vendor:qualcommmodel:sdxscope:eqversion:24

Trust: 0.6

vendor:qualcommmodel:msm 8909wscope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdxscope:eqversion:20

Trust: 0.6

vendor:qualcommmodel:mdmscope:eqversion:9206

Trust: 0.6

vendor:qualcommmodel:apq 8096auscope: - version: -

Trust: 0.6

vendor:qualcommmodel:apqscope:eqversion:8098

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8998

Trust: 0.6

vendor:qualcommmodel:nicobarscope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdascope:eqversion:845

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:670

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:710

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:845

Trust: 0.6

vendor:qualcommmodel:smscope:eqversion:6150

Trust: 0.6

vendor:qualcommmodel:smscope:eqversion:7150

Trust: 0.6

vendor:qualcommmodel:smscope:eqversion:8150

Trust: 0.6

vendor:qualcommmodel:smscope:eqversion:8250

Trust: 0.6

vendor:qualcommmodel:sxrscope:eqversion:2130

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8905

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8917

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8920

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8937

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8939

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8940

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8953

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:450

Trust: 0.6

vendor:qualcommmodel:mdm 9207cscope: - version: -

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8996

Trust: 0.6

vendor:qualcommmodel:apqscope:eqversion:8009

Trust: 0.6

vendor:qualcommmodel:apqscope:eqversion:8017

Trust: 0.6

vendor:qualcommmodel:apqscope:eqversion:8053

Trust: 0.6

sources: CNVD: CNVD-2020-16059 // JVNDB: JVNDB-2019-012341 // CNNVD: CNNVD-201910-367 // NVD: CVE-2019-10490

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10490
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-10490
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-16059
value: LOW

Trust: 0.6

CNNVD: CNNVD-201910-367
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-10490
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-16059
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-10490
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-10490
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-16059 // JVNDB: JVNDB-2019-012341 // CNNVD: CNNVD-201910-367 // NVD: CVE-2019-10490

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.8

sources: JVNDB: JVNDB-2019-012341 // NVD: CVE-2019-10490

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201910-367

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201910-367

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012341

PATCH
title:October 2019 Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin
Trust: 0.8
title:Patch for Multiple Qualcomm Product Resource Management Error Vulnerabilities (CNVD-2020-16059)url:https://www.cnvd.org.cn/patchInfo/show/207823
Trust: 0.6
title:Multiple Qualcomm Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99052
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-16059 // 
            
            
            
            JVNDB: JVNDB-2019-012341 // 
            
            
            
            CNNVD: CNNVD-201910-367

EXTERNAL IDS
db:NVDid:CVE-2019-10490
Trust: 3.0
db:JVNDBid:JVNDB-2019-012341
Trust: 0.8
db:CNVDid:CNVD-2020-16059
Trust: 0.6
db:CNNVDid:CNNVD-201910-367
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-16059 // 
            
            
            
            JVNDB: JVNDB-2019-012341 // 
            
            
            
            CNNVD: CNNVD-201910-367 // 
            
            
            
            NVD: CVE-2019-10490

REFERENCES
url:https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-10490
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10490
Trust: 0.8
url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-october-2019-30549
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-16059 // 
            
            
            
            JVNDB: JVNDB-2019-012341 // 
            
            
            
            CNNVD: CNNVD-201910-367 // 
            
            
            
            NVD: CVE-2019-10490

SOURCES
db:CNVDid:CNVD-2020-16059
db:JVNDBid:JVNDB-2019-012341
db:CNNVDid:CNNVD-201910-367
db:NVDid:CVE-2019-10490

LAST UPDATE DATE
2024-08-14T15:43:32.085000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-16059date:2020-03-09T00:00:00
db:JVNDBid:JVNDB-2019-012341date:2019-11-29T00:00:00
db:CNNVDid:CNNVD-201910-367date:2019-11-27T00:00:00
db:NVDid:CVE-2019-10490date:2019-11-26T15:47:55.217

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-16059date:2020-03-09T00:00:00
db:JVNDBid:JVNDB-2019-012341date:2019-11-29T00:00:00
db:CNNVDid:CNNVD-201910-367date:2019-10-08T00:00:00
db:NVDid:CVE-2019-10490date:2019-11-21T15:15:12.603