ID

VAR-201912-1780


CVE

CVE-2019-10537


TITLE

plural Snapdragon Product integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-013386

DESCRIPTION

Improper validation of event buffer extracted from FW response can lead to integer overflow, which will allow to pass the length check and eventually will lead to buffer overwrite when event data is copied to context buffer in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, Nicobar, QCA6574AU, QCN7605, QCS405, QCS605, SDM660, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130. plural Snapdragon The product contains an integer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm QCA6574AU and other are a central processing unit (CPU) products from Qualcomm. The WLAN Host in multiple Qualcomm products has an input validation error vulnerability that can be exploited by an attacker to cause integer overflow

Trust: 2.16

sources: NVD: CVE-2019-10537 // JVNDB: JVNDB-2019-013386 // CNVD: CNVD-2020-03574

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-03574

AFFECTED PRODUCTS

vendor:qualcommmodel:nicobarscope: - version: -

Trust: 1.4

vendor:qualcommmodel:sm8150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx55scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn7605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm7150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:nicobarscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs405scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm6150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr1130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8250scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr2130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:qca6574auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:qcn7605scope: - version: -

Trust: 0.8

vendor:qualcommmodel:qcs405scope: - version: -

Trust: 0.8

vendor:qualcommmodel:qcs605scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sdm660scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sdm845scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sdx55scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sm 6150scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdmscope:eqversion:9607

Trust: 0.6

vendor:qualcommmodel:qcsscope:eqversion:605

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:660

Trust: 0.6

vendor:qualcommmodel:qcsscope:eqversion:405

Trust: 0.6

vendor:qualcommmodel:qca 6574auscope: - version: -

Trust: 0.6

vendor:qualcommmodel:sxrscope:eqversion:1130

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:845

Trust: 0.6

vendor:qualcommmodel:smscope:eqversion:6150

Trust: 0.6

vendor:qualcommmodel:smscope:eqversion:7150

Trust: 0.6

vendor:qualcommmodel:smscope:eqversion:8150

Trust: 0.6

vendor:qualcommmodel:smscope:eqversion:8250

Trust: 0.6

vendor:qualcommmodel:sxrscope:eqversion:2130

Trust: 0.6

vendor:qualcommmodel:sdxscope:eqversion:55

Trust: 0.6

vendor:qualcommmodel:qcnscope:eqversion:7605

Trust: 0.6

sources: CNVD: CNVD-2020-03574 // JVNDB: JVNDB-2019-013386 // NVD: CVE-2019-10537

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10537
value: HIGH

Trust: 1.0

NVD: CVE-2019-10537
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-03574
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201912-093
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-10537
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-03574
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-10537
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-10537
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-03574 // JVNDB: JVNDB-2019-013386 // CNNVD: CNNVD-201912-093 // NVD: CVE-2019-10537

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.8

sources: JVNDB: JVNDB-2019-013386 // NVD: CVE-2019-10537

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201912-093

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201912-093

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013386

PATCH

title:December 2019 Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin

Trust: 0.8

title:Patch for Multiple Qualcomm Product Input Validation Error Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/198867

Trust: 0.6

title:Multiple Qualcomm Product input verification error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105730

Trust: 0.6

sources: CNVD: CNVD-2020-03574 // JVNDB: JVNDB-2019-013386 // CNNVD: CNNVD-201912-093

EXTERNAL IDS

db:NVDid:CVE-2019-10537

Trust: 3.0

db:JVNDBid:JVNDB-2019-013386

Trust: 0.8

db:CNVDid:CNVD-2020-03574

Trust: 0.6

db:CNNVDid:CNNVD-201912-093

Trust: 0.6

sources: CNVD: CNVD-2020-03574 // JVNDB: JVNDB-2019-013386 // CNNVD: CNNVD-201912-093 // NVD: CVE-2019-10537

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2019-10537

Trust: 2.0

url:https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin

Trust: 1.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10537

Trust: 0.8

url:https://source.android.google.cn/security/bulletin/2019-12-01.html

Trust: 0.6

url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-december-2019-31041

Trust: 0.6

sources: CNVD: CNVD-2020-03574 // JVNDB: JVNDB-2019-013386 // CNNVD: CNNVD-201912-093 // NVD: CVE-2019-10537

SOURCES

db:CNVDid:CNVD-2020-03574
db:JVNDBid:JVNDB-2019-013386
db:CNNVDid:CNNVD-201912-093
db:NVDid:CVE-2019-10537

LAST UPDATE DATE

2024-11-23T22:48:10.564000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-03574date:2020-02-04T00:00:00
db:JVNDBid:JVNDB-2019-013386date:2019-12-27T00:00:00
db:CNNVDid:CNNVD-201912-093date:2020-06-24T00:00:00
db:NVDid:CVE-2019-10537date:2024-11-21T04:19:23.337

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-03574date:2020-02-04T00:00:00
db:JVNDBid:JVNDB-2019-013386date:2019-12-27T00:00:00
db:CNNVDid:CNNVD-201912-093date:2019-12-02T00:00:00
db:NVDid:CVE-2019-10537date:2019-12-18T06:15:11.940