Details of VAR-201911-1694

ID

VAR-201911-1694

CVE

CVE-2019-10535

TITLE

plural Snapdragon Buffer error vulnerability in product

Trust: 0.8

sources: JVNDB: JVNDB-2019-012283

DESCRIPTION

Improper validation for loop variable received from firmware can lead to out of bound access in WLAN function while iterating through loop in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053, APQ8096AU, APQ8098, MDM9640, MSM8996AU, MSM8998, QCA6574AU, QCN7605, QCS405, QCS605, SDA845, SDM845, SDX20. plural Snapdragon The product contains a buffer error vulnerability.Denial of service (DoS) May be in a state. Qualcomm MDM9640 and other products are Qualcomm's (Qualcomm) products. MDM9640 is a central processing unit (CPU) product. MSM8996AU is a central processing unit (CPU) product. QCA6574AU is a central processing unit (CPU) product. The WLAN HOST in several Qualcomm products has security vulnerabilities, which originated from the program's failure to verify loop parameters from the firmware. No detailed vulnerability details are provided at this time

Trust: 2.16

sources: NVD: CVE-2019-10535 // JVNDB: JVNDB-2019-012283 // CNVD: CNVD-2020-16055

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-16055

AFFECTED PRODUCTS

vendor:	qualcomm	model:	sdx20	scope:	eq	version:	-	Trust: 2.2
vendor:	qualcomm	model:	qcs605	scope:	eq	version:	-	Trust: 2.2
vendor:	qualcomm	model:	sda845	scope:	eq	version:	-	Trust: 2.2
vendor:	qualcomm	model:	sdm845	scope:	eq	version:	-	Trust: 2.2
vendor:	qualcomm	model:	qcs405	scope:	eq	version:	-	Trust: 2.2
vendor:	qualcomm	model:	apq8053	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8096au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8996au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn7605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8998	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9640	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8098	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8053	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	apq8096au	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	apq8098	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9640	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	msm8996au	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	msm8998	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qca6574au	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qcn7605	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qcs405	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qcs605	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	msm 8996au	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	qcs	scope:	eq	version:	605	Trust: 0.6
vendor:	qualcomm	model:	qcs	scope:	eq	version:	405	Trust: 0.6
vendor:	qualcomm	model:	sdx	scope:	eq	version:	20	Trust: 0.6
vendor:	qualcomm	model:	qca 6574au	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	mdm	scope:	eq	version:	9640	Trust: 0.6
vendor:	qualcomm	model:	apq 8096au	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	apq	scope:	eq	version:	8098	Trust: 0.6
vendor:	qualcomm	model:	msm	scope:	eq	version:	8998	Trust: 0.6
vendor:	qualcomm	model:	sda	scope:	eq	version:	845	Trust: 0.6
vendor:	qualcomm	model:	sdm	scope:	eq	version:	845	Trust: 0.6
vendor:	qualcomm	model:	qcn	scope:	eq	version:	7605	Trust: 0.6
vendor:	qualcomm	model:	apq	scope:	eq	version:	8053	Trust: 0.6

sources: CNVD: CNVD-2020-16055 // JVNDB: JVNDB-2019-012283 // CNNVD: CNNVD-201910-358 // NVD: CVE-2019-10535

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-10535
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-10535
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-16055
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201910-358
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2019-10535
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-16055
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-10535
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-10535
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-16055 // JVNDB: JVNDB-2019-012283 // CNNVD: CNNVD-201910-358 // NVD: CVE-2019-10535

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.8
problemtype:	CWE-20	Trust: 1.0

sources: JVNDB: JVNDB-2019-012283 // NVD: CVE-2019-10535

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201910-358

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201910-358

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-012283

PATCH

title:	October 2019 Security Bulletin	url:	https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin	Trust: 0.8
title:	Patch for Unknown vulnerability in multiple Qualcomm products (CNVD-2020-16055)	url:	https://www.cnvd.org.cn/patchInfo/show/207813	Trust: 0.6
title:	Android Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99048	Trust: 0.6

sources: CNVD: CNVD-2020-16055 // JVNDB: JVNDB-2019-012283 // CNNVD: CNNVD-201910-358

EXTERNAL IDS

db:	NVD	id:	CVE-2019-10535	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-012283	Trust: 0.8
db:	CNVD	id:	CNVD-2020-16055	Trust: 0.6
db:	CNNVD	id:	CNNVD-201910-358	Trust: 0.6

sources: CNVD: CNVD-2020-16055 // JVNDB: JVNDB-2019-012283 // CNNVD: CNNVD-201910-358 // NVD: CVE-2019-10535

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10535	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10535	Trust: 0.8
url:	https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-october-2019-30549	Trust: 0.6

sources: CNVD: CNVD-2020-16055 // JVNDB: JVNDB-2019-012283 // CNNVD: CNNVD-201910-358 // NVD: CVE-2019-10535

SOURCES

db:	CNVD	id:	CNVD-2020-16055
db:	JVNDB	id:	JVNDB-2019-012283
db:	CNNVD	id:	CNNVD-201910-358
db:	NVD	id:	CVE-2019-10535

LAST UPDATE DATE

2024-11-23T23:08:08.854000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-16055	date:	2020-03-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-012283	date:	2019-11-28T00:00:00
db:	CNNVD	id:	CNNVD-201910-358	date:	2019-11-26T00:00:00
db:	NVD	id:	CVE-2019-10535	date:	2024-11-21T04:19:23.033

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-16055	date:	2020-03-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-012283	date:	2019-11-28T00:00:00
db:	CNNVD	id:	CNNVD-201910-358	date:	2019-10-08T00:00:00
db:	NVD	id:	CVE-2019-10535	date:	2019-11-21T15:15:12.727