Sign-up

ID

VAR-201912-1751


CVE

CVE-2019-10480


TITLE

plural Snapdragon Classic buffer overflow vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-013362

DESCRIPTION

Out of bound write can happen in WMI firmware event handler due to lack of validation of data received from WLAN firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCA9980, QCN7605, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130. plural Snapdragon The product contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 is a central processing unit (CPU) product from Qualcomm. A buffer overflow vulnerability exists in the WLAN Host in multiple Qualcomm products. The vulnerability stems from a network system or product that incorrectly validates data boundaries when performing operations on memory, resulting in incorrect read and write operations to associated other memory locations An attacker could use this vulnerability to cause a buffer overflow or heap overflow

Trust: 2.16

sources: NVD: CVE-2019-10480 // JVNDB: JVNDB-2019-013362 // CNVD: CNVD-2020-03579

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-03579

AFFECTED PRODUCTS

vendor:qualcommmodel:msm8909scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8053scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9379scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8917scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx24scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9615scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9377scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq4019scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq8074scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8940scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr1130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9980scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8096auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm7150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8009scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8098scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm6150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq8064scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8017scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6174ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn7605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9207cscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8920scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8937scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8939scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8009scope: - version: -

Trust: 0.8

vendor:qualcommmodel:apq8017scope: - version: -

Trust: 0.8

vendor:qualcommmodel:apq8053scope: - version: -

Trust: 0.8

vendor:qualcommmodel:apq8096auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:apq8098scope: - version: -

Trust: 0.8

vendor:qualcommmodel:ipq4019scope: - version: -

Trust: 0.8

vendor:qualcommmodel:ipq8064scope: - version: -

Trust: 0.8

vendor:qualcommmodel:ipq8074scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9207cscope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdmscope:eqversion:9607

Trust: 0.6

vendor:qualcommmodel:mdmscope:eqversion:9650

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8909

Trust: 0.6

vendor:qualcommmodel:msm 8996auscope: - version: -

Trust: 0.6

vendor:qualcommmodel:qcsscope:eqversion:605

Trust: 0.6

vendor:qualcommmodel:sdascope:eqversion:660

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:630

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:660

Trust: 0.6

vendor:qualcommmodel:sdxscope:eqversion:24

Trust: 0.6

vendor:qualcommmodel:msm 8909wscope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdxscope:eqversion:20

Trust: 0.6

vendor:qualcommmodel:mdmscope:eqversion:9206

Trust: 0.6

vendor:qualcommmodel:qca 6574auscope: - version: -

Trust: 0.6

vendor:qualcommmodel:ipqscope:eqversion:4019

Trust: 0.6

vendor:qualcommmodel:ipqscope:eqversion:8064

Trust: 0.6

vendor:qualcommmodel:ipqscope:eqversion:8074

Trust: 0.6

vendor:qualcommmodel:mdmscope:eqversion:9640

Trust: 0.6

vendor:qualcommmodel:qca 6174ascope: - version: -

Trust: 0.6

vendor:qualcommmodel:qcascope:eqversion:9377

Trust: 0.6

vendor:qualcommmodel:qcascope:eqversion:9379

Trust: 0.6

vendor:qualcommmodel:sxrscope:eqversion:1130

Trust: 0.6

vendor:qualcommmodel:sdascope:eqversion:845

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:636

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:670

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:710

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:845

Trust: 0.6

vendor:qualcommmodel:smscope:eqversion:6150

Trust: 0.6

vendor:qualcommmodel:smscope:eqversion:7150

Trust: 0.6

vendor:qualcommmodel:smscope:eqversion:8150

Trust: 0.6

vendor:qualcommmodel:apqscope:eqversion:8017

Trust: 0.6

vendor:qualcommmodel:apqscope:eqversion:8053

Trust: 0.6

vendor:qualcommmodel:apqscope:eqversion:8009

Trust: 0.6

vendor:qualcommmodel:apq 8096auscope: - version: -

Trust: 0.6

vendor:qualcommmodel:apqscope:eqversion:8098

Trust: 0.6

vendor:qualcommmodel:mdmscope:eqversion:9615

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8917

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8920

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8937

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8939

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8940

Trust: 0.6

vendor:qualcommmodel:mdm 9207cscope: - version: -

Trust: 0.6

vendor:qualcommmodel:qcnscope:eqversion:7605

Trust: 0.6

vendor:qualcommmodel:qcascope:eqversion:9980

Trust: 0.6

sources: CNVD: CNVD-2020-03579 // JVNDB: JVNDB-2019-013362 // NVD: CVE-2019-10480

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10480
value: HIGH

Trust: 1.0

NVD: CVE-2019-10480
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-03579
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201912-095
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-10480
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-03579
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-10480
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-10480
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-03579 // JVNDB: JVNDB-2019-013362 // CNNVD: CNNVD-201912-095 // NVD: CVE-2019-10480

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-120

Trust: 0.8

sources: JVNDB: JVNDB-2019-013362 // NVD: CVE-2019-10480

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201912-095

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201912-095

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013362

PATCH
title:December 2019 Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin
Trust: 0.8
title:Patch for Multiple Qualcomm Product Buffer Overflow Vulnerabilities (CNVD-2020-03579)url:https://www.cnvd.org.cn/patchInfo/show/198809
Trust: 0.6
title:Multiple Qualcomm Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105630
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-03579 // 
            
            
            
            JVNDB: JVNDB-2019-013362 // 
            
            
            
            CNNVD: CNNVD-201912-095

EXTERNAL IDS
db:NVDid:CVE-2019-10480
Trust: 3.0
db:JVNDBid:JVNDB-2019-013362
Trust: 0.8
db:CNVDid:CNVD-2020-03579
Trust: 0.6
db:CNNVDid:CNNVD-201912-095
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-03579 // 
            
            
            
            JVNDB: JVNDB-2019-013362 // 
            
            
            
            CNNVD: CNNVD-201912-095 // 
            
            
            
            NVD: CVE-2019-10480

REFERENCES
url:https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-10480
Trust: 1.4
url:https://source.android.google.cn/security/bulletin/2019-12-01.html
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10480
Trust: 0.8
url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-december-2019-31041
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-03579 // 
            
            
            
            JVNDB: JVNDB-2019-013362 // 
            
            
            
            CNNVD: CNNVD-201912-095 // 
            
            
            
            NVD: CVE-2019-10480

SOURCES
db:CNVDid:CNVD-2020-03579
db:JVNDBid:JVNDB-2019-013362
db:CNNVDid:CNNVD-201912-095
db:NVDid:CVE-2019-10480

LAST UPDATE DATE
2024-11-23T22:11:40.811000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-03579date:2020-02-04T00:00:00
db:JVNDBid:JVNDB-2019-013362date:2019-12-27T00:00:00
db:CNNVDid:CNNVD-201912-095date:2020-06-04T00:00:00
db:NVDid:CVE-2019-10480date:2024-11-21T04:19:14.297

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-03579date:2020-02-04T00:00:00
db:JVNDBid:JVNDB-2019-013362date:2019-12-27T00:00:00
db:CNNVDid:CNNVD-201912-095date:2019-12-02T00:00:00
db:NVDid:CVE-2019-10480date:2019-12-18T06:15:11.017