ID
VAR-201912-1802
CVE
CVE-2019-10601
TITLE
plural Snapdragon Vulnerability related to array index verification in products
Trust: 0.8
DESCRIPTION
Out of bound access can occur while processing firmware event due to lack of validation of WMI message received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MSM8996AU, Nicobar, QCA6574AU, QCN7605, QCS405, SDM630, SDM636, SDM660, SDM845, SM6150, SM7150, SM8150. plural Snapdragon The product contains a vulnerability related to array index validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MSM8996AU and so on are a kind of central processing unit (CPU) products of Qualcomm of the United States. The WLAN Host in multiple Qualcomm products has an input validation error vulnerability that could be exploited by an attacker to access out of range when processing firmware events
Trust: 2.25
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | qualcomm | model: | nicobar | scope: | - | version: | - | Trust: 1.4 |
| vendor: | qualcomm | model: | ipq4019 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm630 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm660 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qca6574au | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm636 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sm8150 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | apq8096au | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | msm8996au | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qcn7605 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | ipq8074 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sm7150 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | nicobar | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qcs405 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm845 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sm6150 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | ipq8064 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | apq8096au | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | ipq4019 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | ipq8064 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | ipq8074 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | msm8996au | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | qca6574au | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | qcn7605 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | qcs405 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sdm630 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | msm 8996au | scope: | - | version: | - | Trust: 0.6 |
| vendor: | qualcomm | model: | sdm | scope: | eq | version: | 630 | Trust: 0.6 |
| vendor: | qualcomm | model: | sdm | scope: | eq | version: | 660 | Trust: 0.6 |
| vendor: | qualcomm | model: | qcs | scope: | eq | version: | 405 | Trust: 0.6 |
| vendor: | qualcomm | model: | qca 6574au | scope: | - | version: | - | Trust: 0.6 |
| vendor: | qualcomm | model: | ipq | scope: | eq | version: | 4019 | Trust: 0.6 |
| vendor: | qualcomm | model: | ipq | scope: | eq | version: | 8064 | Trust: 0.6 |
| vendor: | qualcomm | model: | ipq | scope: | eq | version: | 8074 | Trust: 0.6 |
| vendor: | qualcomm | model: | sdm | scope: | eq | version: | 636 | Trust: 0.6 |
| vendor: | qualcomm | model: | sdm | scope: | eq | version: | 845 | Trust: 0.6 |
| vendor: | qualcomm | model: | sm | scope: | eq | version: | 6150 | Trust: 0.6 |
| vendor: | qualcomm | model: | sm | scope: | eq | version: | 7150 | Trust: 0.6 |
| vendor: | qualcomm | model: | sm | scope: | eq | version: | 8150 | Trust: 0.6 |
| vendor: | qualcomm | model: | apq 8096au | scope: | - | version: | - | Trust: 0.6 |
| vendor: | qualcomm | model: | qcn | scope: | eq | version: | 7605 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-129 | Trust: 1.8 |
THREAT TYPE
local
Trust: 0.6
TYPE
input validation error
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | December 2019 Security Bulletin | url: | https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin | Trust: 0.8 |
| title: | Patch for Multiple Qualcomm Product Input Validation Error Vulnerabilities (CNVD-2020-03578) | url: | https://www.cnvd.org.cn/patchInfo/show/198883 | Trust: 0.6 |
| title: | Multiple Qualcomm Product input verification error vulnerability fixes | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105624 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2019-10601 | Trust: 3.1 |
| db: | JVNDB | id: | JVNDB-2019-013348 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2020-03578 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-201912-088 | Trust: 0.6 |
| db: | VULMON | id: | CVE-2019-10601 | Trust: 0.1 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-10601 | Trust: 2.0 |
| url: | https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin | Trust: 1.7 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10601 | Trust: 0.8 |
| url: | https://source.android.google.cn/security/bulletin/2019-12-01.html | Trust: 0.6 |
| url: | https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-december-2019-31041 | Trust: 0.6 |
| url: | https://cwe.mitre.org/data/definitions/129.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
SOURCES
| db: | CNVD | id: | CNVD-2020-03578 |
| db: | VULMON | id: | CVE-2019-10601 |
| db: | JVNDB | id: | JVNDB-2019-013348 |
| db: | CNNVD | id: | CNNVD-201912-088 |
| db: | NVD | id: | CVE-2019-10601 |
LAST UPDATE DATE
2024-11-23T22:33:37.658000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2020-03578 | date: | 2020-02-04T00:00:00 |
| db: | VULMON | id: | CVE-2019-10601 | date: | 2019-12-22T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-013348 | date: | 2019-12-26T00:00:00 |
| db: | CNNVD | id: | CNNVD-201912-088 | date: | 2020-06-04T00:00:00 |
| db: | NVD | id: | CVE-2019-10601 | date: | 2024-11-21T04:19:33.180 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2020-03578 | date: | 2020-02-04T00:00:00 |
| db: | VULMON | id: | CVE-2019-10601 | date: | 2019-12-18T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-013348 | date: | 2019-12-26T00:00:00 |
| db: | CNNVD | id: | CNNVD-201912-088 | date: | 2019-12-02T00:00:00 |
| db: | NVD | id: | CVE-2019-10601 | date: | 2019-12-18T06:15:12.567 |