ID
VAR-201911-1698
CVE
CVE-2019-10531
TITLE
plural Snapdragon Classic buffer overflow vulnerability in products
Trust: 0.8
DESCRIPTION
Incorrect reading of system image resulting in buffer overflow when size of system image is increased in Snapdragon Auto, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SDM439. plural Snapdragon The product contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9607 is a central processing unit (CPU) product of Qualcomm. Input validation error vulnerability exists in HLOS in many Qualcomm products. The vulnerability stems from the fact that the network system or product did not correctly verify the input data. No detailed vulnerability details are currently available
Trust: 2.16
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | qualcomm | model: | sd 632 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 450 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm439 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | msm8909w | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 205 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 439 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 212 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 425 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 210 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 429 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | 215 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9607 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 625 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9607 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | msm8909w | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | 215 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 205 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 210 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 212 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 425 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 429 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 439 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 450 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 210 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 212 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 205 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 425 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 439 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 429 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 450 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 625 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 632 | Trust: 0.6 |
| vendor: | qualcomm | model: | sdm | scope: | eq | version: | 439 | Trust: 0.6 |
| vendor: | qualcomm | model: | msm 8909w | scope: | - | version: | - | Trust: 0.6 |
| vendor: | qualcomm | model: | mdm | scope: | eq | version: | 9607 | Trust: 0.6 |
| vendor: | qualcomm | model: | - | scope: | eq | version: | 215215 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-120 | Trust: 1.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
input validation error
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | Android のセキュリティに関する公開情報 | url: | https://source.android.com/security/bulletin/ | Trust: 0.8 |
| title: | Patch for Multiple Qualcomm product input verification error vulnerabilities (CNVD-2020-20159) | url: | https://www.cnvd.org.cn/patchInfo/show/211541 | Trust: 0.6 |
| title: | Multiple Qualcomm Product input verification error vulnerability fixes | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97920 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2019-10531 | Trust: 3.0 |
| db: | JVNDB | id: | JVNDB-2019-011681 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2020-20159 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-201909-158 | Trust: 0.6 |
REFERENCES
| url: | https://source.android.com/security/bulletin/ | Trust: 1.6 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-10531 | Trust: 1.4 |
| url: | https://www.qualcomm.com/company/product-security/bulletins/september-2019-bulletin | Trust: 1.2 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10531 | Trust: 0.8 |
| url: | https://source.android.com/security/bulletin/2019-09-01 | Trust: 0.6 |
| url: | https://vigilance.fr/vulnerability/google-android-os-multiple-vulnerabilities-30243 | Trust: 0.6 |
SOURCES
| db: | CNVD | id: | CNVD-2020-20159 |
| db: | JVNDB | id: | JVNDB-2019-011681 |
| db: | CNNVD | id: | CNNVD-201909-158 |
| db: | NVD | id: | CVE-2019-10531 |
LAST UPDATE DATE
2024-11-23T22:21:23.791000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2020-20159 | date: | 2020-03-30T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-011681 | date: | 2019-11-15T00:00:00 |
| db: | CNNVD | id: | CNNVD-201909-158 | date: | 2019-11-11T00:00:00 |
| db: | NVD | id: | CVE-2019-10531 | date: | 2024-11-21T04:19:22.320 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2020-20159 | date: | 2020-03-30T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-011681 | date: | 2019-11-15T00:00:00 |
| db: | CNNVD | id: | CNNVD-201909-158 | date: | 2019-09-04T00:00:00 |
| db: | NVD | id: | CVE-2019-10531 | date: | 2019-11-06T17:15:12.643 |