Details of VAR-201912-1779

ID

VAR-201912-1779

CVE

CVE-2019-10536

TITLE

plural Snapdragon Double release vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-013385

DESCRIPTION

Potential double free scenario if driver receives another DIAG_EVENT_LOG_SUPPORTED event from firmware as the pointer is not set to NULL on first call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6174A, QCA6574AU, QCA8081, QCA9377, QCA9379, QCN7605, QCS405, QCS605, SDA660, SDA845, SDM450, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130. plural Snapdragon The product contains a double release vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 is a central processing unit (CPU) product from Qualcomm. The WLAN Host in multiple Qualcomm products has a resource management error vulnerability. No detailed vulnerability details are provided at this time

Trust: 2.25

sources: NVD: CVE-2019-10536 // JVNDB: JVNDB-2019-013385 // CNVD: CNVD-2020-03573 // VULMON: CVE-2019-10536

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-03573

AFFECTED PRODUCTS

vendor:	qualcomm	model:	msm8953	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8053	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9379	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8917	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8998	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx24	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs405	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sda660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm8250	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9607	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9377	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm450	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm710	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq4019	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9206	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sxr2130	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8074	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9640	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca8081	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8940	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sxr1130	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm8150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx55	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sda845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm636	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8096au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8996au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm7150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8009	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8098	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm6150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm670	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8064	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8017	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm630	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6174a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn7605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	nicobar	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9207c	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx20	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8920	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8937	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8009	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	apq8017	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	apq8053	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	apq8096au	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	apq8098	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	ipq4019	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	ipq8064	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	ipq8074	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9206	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9207c	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm	scope:	eq	version:	9607	Trust: 0.6
vendor:	qualcomm	model:	mdm	scope:	eq	version:	9650	Trust: 0.6
vendor:	qualcomm	model:	msm 8996au	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	qcs	scope:	eq	version:	605	Trust: 0.6
vendor:	qualcomm	model:	sda	scope:	eq	version:	660	Trust: 0.6
vendor:	qualcomm	model:	sdm	scope:	eq	version:	630	Trust: 0.6
vendor:	qualcomm	model:	sdm	scope:	eq	version:	660	Trust: 0.6
vendor:	qualcomm	model:	sdx	scope:	eq	version:	24	Trust: 0.6
vendor:	qualcomm	model:	qcs	scope:	eq	version:	405	Trust: 0.6
vendor:	qualcomm	model:	sdx	scope:	eq	version:	20	Trust: 0.6
vendor:	qualcomm	model:	mdm	scope:	eq	version:	9206	Trust: 0.6
vendor:	qualcomm	model:	qca 6574au	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	ipq	scope:	eq	version:	4019	Trust: 0.6
vendor:	qualcomm	model:	ipq	scope:	eq	version:	8064	Trust: 0.6
vendor:	qualcomm	model:	ipq	scope:	eq	version:	8074	Trust: 0.6
vendor:	qualcomm	model:	mdm	scope:	eq	version:	9640	Trust: 0.6
vendor:	qualcomm	model:	qca 6174a	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	qca	scope:	eq	version:	9377	Trust: 0.6
vendor:	qualcomm	model:	qca	scope:	eq	version:	9379	Trust: 0.6
vendor:	qualcomm	model:	sxr	scope:	eq	version:	1130	Trust: 0.6
vendor:	qualcomm	model:	qca	scope:	eq	version:	8081	Trust: 0.6
vendor:	qualcomm	model:	msm	scope:	eq	version:	8998	Trust: 0.6
vendor:	qualcomm	model:	nicobar	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sda	scope:	eq	version:	845	Trust: 0.6
vendor:	qualcomm	model:	sdm	scope:	eq	version:	636	Trust: 0.6
vendor:	qualcomm	model:	sdm	scope:	eq	version:	670	Trust: 0.6
vendor:	qualcomm	model:	sdm	scope:	eq	version:	710	Trust: 0.6
vendor:	qualcomm	model:	sdm	scope:	eq	version:	845	Trust: 0.6
vendor:	qualcomm	model:	sm	scope:	eq	version:	6150	Trust: 0.6
vendor:	qualcomm	model:	sm	scope:	eq	version:	7150	Trust: 0.6
vendor:	qualcomm	model:	sm	scope:	eq	version:	8150	Trust: 0.6
vendor:	qualcomm	model:	sm	scope:	eq	version:	8250	Trust: 0.6
vendor:	qualcomm	model:	sxr	scope:	eq	version:	2130	Trust: 0.6
vendor:	qualcomm	model:	apq	scope:	eq	version:	8017	Trust: 0.6
vendor:	qualcomm	model:	apq	scope:	eq	version:	8053	Trust: 0.6
vendor:	qualcomm	model:	apq	scope:	eq	version:	8009	Trust: 0.6
vendor:	qualcomm	model:	apq 8096au	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	apq	scope:	eq	version:	8098	Trust: 0.6
vendor:	qualcomm	model:	msm	scope:	eq	version:	8917	Trust: 0.6
vendor:	qualcomm	model:	msm	scope:	eq	version:	8920	Trust: 0.6
vendor:	qualcomm	model:	msm	scope:	eq	version:	8937	Trust: 0.6
vendor:	qualcomm	model:	msm	scope:	eq	version:	8940	Trust: 0.6
vendor:	qualcomm	model:	msm	scope:	eq	version:	8953	Trust: 0.6
vendor:	qualcomm	model:	sdm	scope:	eq	version:	450	Trust: 0.6
vendor:	qualcomm	model:	sdx	scope:	eq	version:	55	Trust: 0.6
vendor:	qualcomm	model:	mdm 9207c	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	qcn	scope:	eq	version:	7605	Trust: 0.6

sources: CNVD: CNVD-2020-03573 // JVNDB: JVNDB-2019-013385 // NVD: CVE-2019-10536

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-10536
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-10536
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-03573
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201912-094
value:	HIGH
Trust: 0.6
VULMON:	CVE-2019-10536
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-10536
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2020-03573
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-10536
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-10536
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-03573 // VULMON: CVE-2019-10536 // JVNDB: JVNDB-2019-013385 // CNNVD: CNNVD-201912-094 // NVD: CVE-2019-10536

PROBLEMTYPE DATA

problemtype:

CWE-415

Trust: 1.8

sources: JVNDB: JVNDB-2019-013385 // NVD: CVE-2019-10536

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201912-094

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201912-094

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013385

PATCH

title:	December 2019 Security Bulletin	url:	https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin	Trust: 0.8
title:	Patch for Multiple Qualcomm Product Resource Management Error Vulnerabilities (CNVD-2020-03573)	url:	https://www.cnvd.org.cn/patchInfo/show/198865	Trust: 0.6
title:	Multiple Qualcomm Product resource management error vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105629	Trust: 0.6

sources: CNVD: CNVD-2020-03573 // JVNDB: JVNDB-2019-013385 // CNNVD: CNNVD-201912-094

EXTERNAL IDS

db:	NVD	id:	CVE-2019-10536	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-013385	Trust: 0.8
db:	CNVD	id:	CNVD-2020-03573	Trust: 0.6
db:	CNNVD	id:	CNNVD-201912-094	Trust: 0.6
db:	VULMON	id:	CVE-2019-10536	Trust: 0.1

sources: CNVD: CNVD-2020-03573 // VULMON: CVE-2019-10536 // JVNDB: JVNDB-2019-013385 // CNNVD: CNNVD-201912-094 // NVD: CVE-2019-10536

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2019-10536	Trust: 2.0
url:	https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10536	Trust: 0.8
url:	https://source.android.google.cn/security/bulletin/2019-12-01.html	Trust: 0.6
url:	https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-december-2019-31041	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/415.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2020-03573 // VULMON: CVE-2019-10536 // JVNDB: JVNDB-2019-013385 // CNNVD: CNNVD-201912-094 // NVD: CVE-2019-10536

SOURCES

db:	CNVD	id:	CNVD-2020-03573
db:	VULMON	id:	CVE-2019-10536
db:	JVNDB	id:	JVNDB-2019-013385
db:	CNNVD	id:	CNNVD-201912-094
db:	NVD	id:	CVE-2019-10536

LAST UPDATE DATE

2024-11-23T22:58:27.393000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-03573	date:	2020-02-04T00:00:00
db:	VULMON	id:	CVE-2019-10536	date:	2019-12-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-013385	date:	2019-12-27T00:00:00
db:	CNNVD	id:	CNNVD-201912-094	date:	2020-06-04T00:00:00
db:	NVD	id:	CVE-2019-10536	date:	2024-11-21T04:19:23.160

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-03573	date:	2020-02-04T00:00:00
db:	VULMON	id:	CVE-2019-10536	date:	2019-12-18T00:00:00
db:	JVNDB	id:	JVNDB-2019-013385	date:	2019-12-27T00:00:00
db:	CNNVD	id:	CNNVD-201912-094	date:	2019-12-02T00:00:00
db:	NVD	id:	CVE-2019-10536	date:	2019-12-18T06:15:11.847