Sign-up

ID

VAR-201912-1785


CVE

CVE-2019-10525


TITLE

plural Snapdragon Vulnerability related to out-of-bounds writing in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-013384

DESCRIPTION

Buffer overflow during SIB read when network configures complete sib list along with first and last segment of other SIB in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130. plural Snapdragon The product contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and so on are the products of American Qualcomm. MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. MDM9640 is a central processing unit (CPU) product. A buffer overflow vulnerability exists in WCDMA in several Qualcomm products. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, resulting in incorrect read and write operations to other associated memory locations. An attacker could use this vulnerability to cause a buffer overflow or heap overflow

Trust: 2.16

sources: NVD: CVE-2019-10525 // JVNDB: JVNDB-2019-013384 // CNVD: CNVD-2020-16052

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-16052

AFFECTED PRODUCTS

vendor:qualcommmodel:msm8909scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8053scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8953scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sc8180xscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8917scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8998scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx24scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9615scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9645scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9655scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8940scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr1130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcm2150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx55scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8096auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm7150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8009scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8098scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm6150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8096scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm632scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8017scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qm215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:nicobarscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8905scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9635mscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8920scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8937scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8939scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8009scope: - version: -

Trust: 0.8

vendor:qualcommmodel:apq8017scope: - version: -

Trust: 0.8

vendor:qualcommmodel:apq8053scope: - version: -

Trust: 0.8

vendor:qualcommmodel:apq8096scope: - version: -

Trust: 0.8

vendor:qualcommmodel:apq8096auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:apq8098scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9150scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9615scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msmscope:eqversion:8909

Trust: 0.6

vendor:qualcommmodel:msm 8996auscope: - version: -

Trust: 0.6

vendor:qualcommmodel:qcsscope:eqversion:605

Trust: 0.6

vendor:qualcommmodel:sdascope:eqversion:660

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:439

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:630

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:660

Trust: 0.6

vendor:qualcommmodel:sdxscope:eqversion:24

Trust: 0.6

vendor:qualcommmodel:msm 8909wscope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdxscope:eqversion:20

Trust: 0.6

vendor:qualcommmodel:sxrscope:eqversion:1130

Trust: 0.6

vendor:qualcommmodel:apq 8096auscope: - version: -

Trust: 0.6

vendor:qualcommmodel:apqscope:eqversion:8098

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8998

Trust: 0.6

vendor:qualcommmodel:nicobarscope: - version: -

Trust: 0.6

vendor:qualcommmodel:scscope:eqversion:8180x

Trust: 0.6

vendor:qualcommmodel:sdascope:eqversion:845

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:636

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:670

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:710

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:845

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:850

Trust: 0.6

vendor:qualcommmodel:smscope:eqversion:6150

Trust: 0.6

vendor:qualcommmodel:smscope:eqversion:7150

Trust: 0.6

vendor:qualcommmodel:smscope:eqversion:8150

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8905

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8917

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8920

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8937

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8939

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8940

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8953

Trust: 0.6

vendor:marwelmodel:qcmscope:eqversion:2150

Trust: 0.6

vendor:qualcommmodel:qmscope:eqversion:215

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:429

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:450

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:632

Trust: 0.6

vendor:qualcommmodel:sdxscope:eqversion:55

Trust: 0.6

vendor:qualcommmodel:apqscope:eqversion:8009

Trust: 0.6

vendor:qualcommmodel:apqscope:eqversion:8017

Trust: 0.6

vendor:qualcommmodel:apqscope:eqversion:8053

Trust: 0.6

vendor:qualcommmodel:apqscope:eqversion:8096

Trust: 0.6

vendor:qualcommmodel:mdm9150scope:eqversion:9150

Trust: 0.6

vendor:qualcommmodel:mdm9150scope:eqversion:9206

Trust: 0.6

vendor:qualcommmodel:mdm9150scope:eqversion:9607

Trust: 0.6

vendor:qualcommmodel:mdm9150scope:eqversion:9615

Trust: 0.6

vendor:qualcommmodel:mdm9150scope:eqversion:9625

Trust: 0.6

vendor:qualcommmodel:mdm9150 9635mscope: - version: -

Trust: 0.6

vendor:qualcommmodel:mdm9150scope:eqversion:9640

Trust: 0.6

vendor:qualcommmodel:mdm9150scope:eqversion:9645

Trust: 0.6

vendor:qualcommmodel:mdm9150scope:eqversion:9650

Trust: 0.6

vendor:qualcommmodel:mdm9150scope:eqversion:9655

Trust: 0.6

sources: CNVD: CNVD-2020-16052 // JVNDB: JVNDB-2019-013384 // NVD: CVE-2019-10525

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10525
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-10525
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-16052
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201912-100
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2019-10525
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-16052
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-10525
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-10525
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-16052 // JVNDB: JVNDB-2019-013384 // CNNVD: CNNVD-201912-100 // NVD: CVE-2019-10525

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2019-013384 // NVD: CVE-2019-10525

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-100

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201912-100

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013384

PATCH
title:December 2019 Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin
Trust: 0.8
title:Patch for Multiple Qualcomm Product Buffer Overflow Vulnerabilities (CNVD-2020-16052)url:https://www.cnvd.org.cn/patchInfo/show/207801
Trust: 0.6
title:Multiple Qualcomm Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105635
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-16052 // 
            
            
            
            JVNDB: JVNDB-2019-013384 // 
            
            
            
            CNNVD: CNNVD-201912-100

EXTERNAL IDS
db:NVDid:CVE-2019-10525
Trust: 3.0
db:JVNDBid:JVNDB-2019-013384
Trust: 0.8
db:CNVDid:CNVD-2020-16052
Trust: 0.6
db:CNNVDid:CNNVD-201912-100
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-16052 // 
            
            
            
            JVNDB: JVNDB-2019-013384 // 
            
            
            
            CNNVD: CNNVD-201912-100 // 
            
            
            
            NVD: CVE-2019-10525

REFERENCES
url:https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-10525
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10525
Trust: 0.8
url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-december-2019-31041
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-16052 // 
            
            
            
            JVNDB: JVNDB-2019-013384 // 
            
            
            
            CNNVD: CNNVD-201912-100 // 
            
            
            
            NVD: CVE-2019-10525

SOURCES
db:CNVDid:CNVD-2020-16052
db:JVNDBid:JVNDB-2019-013384
db:CNNVDid:CNNVD-201912-100
db:NVDid:CVE-2019-10525

LAST UPDATE DATE
2024-11-23T22:51:32.186000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-16052date:2020-03-09T00:00:00
db:JVNDBid:JVNDB-2019-013384date:2019-12-27T00:00:00
db:CNNVDid:CNNVD-201912-100date:2020-06-04T00:00:00
db:NVDid:CVE-2019-10525date:2024-11-21T04:19:21.340

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-16052date:2020-03-09T00:00:00
db:JVNDBid:JVNDB-2019-013384date:2019-12-27T00:00:00
db:CNNVDid:CNNVD-201912-100date:2019-12-02T00:00:00
db:NVDid:CVE-2019-10525date:2019-12-18T06:15:11.783