ID
VAR-201912-1729
CVE
CVE-2019-10557
TITLE
plural Snapdragon Product out-of-bounds vulnerability
Trust: 0.8
DESCRIPTION
Out-of-bound read in the wireless driver in the Linux kernel due to lack of check of buffer length. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDX20, SDX55, SXR1130. plural Snapdragon The product contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and so on are the products of American Qualcomm. MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. SDX20 is a modem. WLAN is one of the wireless LAN components. The WLAN in multiple Qualcomm products has a buffer overflow vulnerability. This vulnerability is caused by network systems or products that do not correctly verify data boundaries when performing operations on memory, resulting in incorrect read and write operations to other associated memory locations. An attacker could use this vulnerability to cause a buffer overflow or heap overflow
Trust: 2.16
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | qualcomm | model: | apq8053 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdx55 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sda845 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qca9379 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm636 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | apq8096au | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | msm8996au | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | apq8009 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qcs605 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sda660 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9607 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qca9377 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9650 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | apq8017 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9206 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qca6574au | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm630 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qca6174a | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm660 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qcn7605 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9207c | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdx20 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sxr1130 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | apq8009 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | apq8017 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | apq8053 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | apq8096au | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9206 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9207c | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9607 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9650 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | msm8996au | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | qca6174a | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm | scope: | eq | version: | 9607 | Trust: 0.6 |
| vendor: | qualcomm | model: | mdm | scope: | eq | version: | 9650 | Trust: 0.6 |
| vendor: | qualcomm | model: | msm 8996au | scope: | - | version: | - | Trust: 0.6 |
| vendor: | qualcomm | model: | qcs | scope: | eq | version: | 605 | Trust: 0.6 |
| vendor: | qualcomm | model: | sda | scope: | eq | version: | 660 | Trust: 0.6 |
| vendor: | qualcomm | model: | sdm | scope: | eq | version: | 630 | Trust: 0.6 |
| vendor: | qualcomm | model: | sdm | scope: | eq | version: | 660 | Trust: 0.6 |
| vendor: | qualcomm | model: | sdx | scope: | eq | version: | 20 | Trust: 0.6 |
| vendor: | qualcomm | model: | mdm | scope: | eq | version: | 9206 | Trust: 0.6 |
| vendor: | qualcomm | model: | qca 6574au | scope: | - | version: | - | Trust: 0.6 |
| vendor: | qualcomm | model: | qca 6174a | scope: | - | version: | - | Trust: 0.6 |
| vendor: | qualcomm | model: | qca | scope: | eq | version: | 9377 | Trust: 0.6 |
| vendor: | qualcomm | model: | qca | scope: | eq | version: | 9379 | Trust: 0.6 |
| vendor: | qualcomm | model: | sxr | scope: | eq | version: | 1130 | Trust: 0.6 |
| vendor: | qualcomm | model: | sda | scope: | eq | version: | 845 | Trust: 0.6 |
| vendor: | qualcomm | model: | sdm | scope: | eq | version: | 636 | Trust: 0.6 |
| vendor: | qualcomm | model: | apq | scope: | eq | version: | 8017 | Trust: 0.6 |
| vendor: | qualcomm | model: | apq | scope: | eq | version: | 8053 | Trust: 0.6 |
| vendor: | qualcomm | model: | apq | scope: | eq | version: | 8009 | Trust: 0.6 |
| vendor: | qualcomm | model: | apq 8096au | scope: | - | version: | - | Trust: 0.6 |
| vendor: | qualcomm | model: | sdx | scope: | eq | version: | 55 | Trust: 0.6 |
| vendor: | qualcomm | model: | mdm 9207c | scope: | - | version: | - | Trust: 0.6 |
| vendor: | qualcomm | model: | qcn | scope: | eq | version: | 7605 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-125 | Trust: 1.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
buffer error
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | December 2019 Security Bulletin | url: | https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin | Trust: 0.8 |
| title: | Patch for Multiple Qualcomm Product Buffer Overflow Vulnerabilities (CNVD-2020-03575) | url: | https://www.cnvd.org.cn/patchInfo/show/198871 | Trust: 0.6 |
| title: | Multiple Qualcomm Product Buffer Error Vulnerability Fix | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105731 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2019-10557 | Trust: 3.0 |
| db: | JVNDB | id: | JVNDB-2019-013388 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2020-03575 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-201912-099 | Trust: 0.6 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-10557 | Trust: 2.0 |
| url: | https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin | Trust: 1.6 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10557 | Trust: 0.8 |
| url: | https://source.android.google.cn/security/bulletin/2019-12-01.html | Trust: 0.6 |
| url: | https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-december-2019-31041 | Trust: 0.6 |
SOURCES
| db: | CNVD | id: | CNVD-2020-03575 |
| db: | JVNDB | id: | JVNDB-2019-013388 |
| db: | CNNVD | id: | CNNVD-201912-099 |
| db: | NVD | id: | CVE-2019-10557 |
LAST UPDATE DATE
2024-11-23T23:11:36.065000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2020-03575 | date: | 2020-02-04T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-013388 | date: | 2019-12-27T00:00:00 |
| db: | CNNVD | id: | CNNVD-201912-099 | date: | 2020-06-04T00:00:00 |
| db: | NVD | id: | CVE-2019-10557 | date: | 2024-11-21T04:19:26.937 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2020-03575 | date: | 2020-02-04T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-013388 | date: | 2019-12-27T00:00:00 |
| db: | CNNVD | id: | CNNVD-201912-099 | date: | 2019-12-02T00:00:00 |
| db: | NVD | id: | CVE-2019-10557 | date: | 2019-12-18T06:15:12.097 |