Sign-up

ID

VAR-201912-1558


CVE

CVE-2019-2288


TITLE

plural Qualcomm Classic buffer overflow vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-012934

DESCRIPTION

Out of bound write in TZ while copying the secure dump structure on HLOS provided buffer as a part of memory dump in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8996, MSM8996AU, MSM8998, QCA8081, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, Snapdragon_High_Med_2016, SXR1130. plural Qualcomm The product contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 is a central processing unit (CPU) product from Qualcomm. QTEE in multiple Qualcomm products has a buffer overflow vulnerability. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, resulting in incorrect read and write operations to other associated memory locations. An attacker could use this vulnerability to cause a buffer overflow or heap overflow

Trust: 2.16

sources: NVD: CVE-2019-2288 // JVNDB: JVNDB-2019-012934 // CNVD: CNVD-2020-16070

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-16070

AFFECTED PRODUCTS

vendor:qualcommmodel:msm8909scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8053scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8953scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8917scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8998scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq8074scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8976scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca8081scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8940scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr1130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8096auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8009scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8098scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8096scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm632scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon high med 2016scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8017scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qm215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8905scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8920scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8937scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8009scope: - version: -

Trust: 0.8

vendor:qualcommmodel:apq8017scope: - version: -

Trust: 0.8

vendor:qualcommmodel:apq8053scope: - version: -

Trust: 0.8

vendor:qualcommmodel:apq8096scope: - version: -

Trust: 0.8

vendor:qualcommmodel:apq8096auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:apq8098scope: - version: -

Trust: 0.8

vendor:qualcommmodel:ipq8074scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9150scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdmscope:eqversion:9150

Trust: 0.6

vendor:qualcommmodel:mdmscope:eqversion:9607

Trust: 0.6

vendor:qualcommmodel:mdmscope:eqversion:9650

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8909

Trust: 0.6

vendor:qualcommmodel:msm 8996auscope: - version: -

Trust: 0.6

vendor:qualcommmodel:qcsscope:eqversion:605

Trust: 0.6

vendor:qualcommmodel:sdascope:eqversion:660

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:439

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:630

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:660

Trust: 0.6

vendor:qualcommmodel:mdmscope:eqversion:9206

Trust: 0.6

vendor:qualcommmodel:ipqscope:eqversion:8074

Trust: 0.6

vendor:qualcommmodel:snapdragon high medscope:eqversion:2016

Trust: 0.6

vendor:qualcommmodel:sxrscope:eqversion:1130

Trust: 0.6

vendor:qualcommmodel:qcascope:eqversion:8081

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8998

Trust: 0.6

vendor:qualcommmodel:sdascope:eqversion:845

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:636

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:670

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:710

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:845

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:850

Trust: 0.6

vendor:qualcommmodel:apqscope:eqversion:8017

Trust: 0.6

vendor:qualcommmodel:apqscope:eqversion:8053

Trust: 0.6

vendor:qualcommmodel:apqscope:eqversion:8009

Trust: 0.6

vendor:qualcommmodel:apq 8096auscope: - version: -

Trust: 0.6

vendor:qualcommmodel:apqscope:eqversion:8098

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8905

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8917

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8920

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8937

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8940

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8953

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8976

Trust: 0.6

vendor:qualcommmodel:qmscope:eqversion:215

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:429

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:450

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:632

Trust: 0.6

vendor:qualcommmodel:apqscope:eqversion:8096

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8996

Trust: 0.6

sources: CNVD: CNVD-2020-16070 // JVNDB: JVNDB-2019-012934 // NVD: CVE-2019-2288

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-2288
value: HIGH

Trust: 1.0

NVD: CVE-2019-2288
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-16070
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201911-259
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-2288
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-16070
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-2288
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-2288
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-16070 // JVNDB: JVNDB-2019-012934 // CNNVD: CNNVD-201911-259 // NVD: CVE-2019-2288

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.8

sources: JVNDB: JVNDB-2019-012934 // NVD: CVE-2019-2288

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-259

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201911-259

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012934

PATCH
title:November 2019 Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins/november-2019-bulletin
Trust: 0.8
title:Patch for Multiple Qualcomm Product Buffer Overflow Vulnerabilities (CNVD-2020-16070)url:https://www.cnvd.org.cn/patchInfo/show/207809
Trust: 0.6
title:Multiple Qualcomm Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105189
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-16070 // 
            
            
            
            JVNDB: JVNDB-2019-012934 // 
            
            
            
            CNNVD: CNNVD-201911-259

EXTERNAL IDS
db:NVDid:CVE-2019-2288
Trust: 3.0
db:JVNDBid:JVNDB-2019-012934
Trust: 0.8
db:CNVDid:CNVD-2020-16070
Trust: 0.6
db:CNNVDid:CNNVD-201911-259
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-16070 // 
            
            
            
            JVNDB: JVNDB-2019-012934 // 
            
            
            
            CNNVD: CNNVD-201911-259 // 
            
            
            
            NVD: CVE-2019-2288

REFERENCES
url:https://www.qualcomm.com/company/product-security/bulletins/november-2019-bulletin
Trust: 2.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-2288
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2288
Trust: 0.8
url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-november-2019-30795
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-16070 // 
            
            
            
            JVNDB: JVNDB-2019-012934 // 
            
            
            
            CNNVD: CNNVD-201911-259 // 
            
            
            
            NVD: CVE-2019-2288

SOURCES
db:CNVDid:CNVD-2020-16070
db:JVNDBid:JVNDB-2019-012934
db:CNNVDid:CNNVD-201911-259
db:NVDid:CVE-2019-2288

LAST UPDATE DATE
2024-11-23T23:04:34.212000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-16070date:2020-03-09T00:00:00
db:JVNDBid:JVNDB-2019-012934date:2019-12-17T00:00:00
db:CNNVDid:CNNVD-201911-259date:2020-06-24T00:00:00
db:NVDid:CVE-2019-2288date:2024-11-21T04:40:37.527

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-16070date:2020-03-09T00:00:00
db:JVNDBid:JVNDB-2019-012934date:2019-12-17T00:00:00
db:CNNVDid:CNNVD-201911-259date:2019-11-06T00:00:00
db:NVDid:CVE-2019-2288date:2019-12-12T09:15:12.863