ID

VAR-202003-1264


CVE

CVE-2019-10569


TITLE

plural Snapdragon Out-of-bounds write vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-014822

DESCRIPTION

Stack buffer overflow due to instance id is misplaced inside definition of hardware accelerated effects in makefile in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, APQ8098, MDM9607, MDM9640, MSM8998, QCS605, SC8180X, SDM439, SDM630, SDM636, SDM660, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130. plural Snapdragon The product contains an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Qualcomm MDM9607, etc. are all products of Qualcomm. MDM9607 is a central processing unit (CPU) product. SDX24 is a modem. SDM630 is a central processing unit (CPU) product. There are buffer overflow vulnerabilities in Audio in many Qualcomm products. The vulnerability stems from network systems or products performing incorrect operations on the memory and not validating the data boundary, resulting in incorrect read and write operations to other associated memory locations , An attacker can use this vulnerability to cause a buffer overflow or heap overflow

Trust: 2.16

sources: NVD: CVE-2019-10569 // JVNDB: JVNDB-2019-014822 // CNVD: CNVD-2020-20202

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-20202

AFFECTED PRODUCTS

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 1.4

vendor:qualcommmodel:sdm439scope: - version: -

Trust: 1.4

vendor:qualcommmodel:sdm636scope: - version: -

Trust: 1.4

vendor:qualcommmodel:qcs605scope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9640scope: - version: -

Trust: 1.4

vendor:qualcommmodel:sdm630scope: - version: -

Trust: 1.4

vendor:qualcommmodel:apq8053scope: - version: -

Trust: 1.4

vendor:qualcommmodel:sc8180xscope: - version: -

Trust: 1.4

vendor:qualcommmodel:apq8098scope: - version: -

Trust: 1.4

vendor:qualcommmodel:msm8998scope: - version: -

Trust: 1.4

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sc8180xscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8998scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8098scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx55scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm6150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr1130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8053scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm7150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx24scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdx24scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sxr1130scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sm7150scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdx55scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm845scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sm6150scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sm8250scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-20202 // JVNDB: JVNDB-2019-014822 // NVD: CVE-2019-10569

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10569
value: HIGH

Trust: 1.0

NVD: JVNDB-2019-014822
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-20202
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202003-133
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-10569
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-014822
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-20202
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-10569
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-014822
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-20202 // JVNDB: JVNDB-2019-014822 // CNNVD: CNNVD-202003-133 // NVD: CVE-2019-10569

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2019-014822 // NVD: CVE-2019-10569

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202003-133

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202003-133

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-014822

PATCH

title:March 2020 Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin

Trust: 0.8

title:Patch for Multiple Qualcomm product buffer overflow vulnerabilities (CNVD-2020-20202)url:https://www.cnvd.org.cn/patchInfo/show/211583

Trust: 0.6

title:Multiple Qualcomm Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111015

Trust: 0.6

sources: CNVD: CNVD-2020-20202 // JVNDB: JVNDB-2019-014822 // CNNVD: CNNVD-202003-133

EXTERNAL IDS

db:NVDid:CVE-2019-10569

Trust: 3.0

db:JVNDBid:JVNDB-2019-014822

Trust: 0.8

db:CNVDid:CNVD-2020-20202

Trust: 0.6

db:CNNVDid:CNNVD-202003-133

Trust: 0.6

sources: CNVD: CNVD-2020-20202 // JVNDB: JVNDB-2019-014822 // CNNVD: CNNVD-202003-133 // NVD: CVE-2019-10569

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2019-10569

Trust: 2.0

url:https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin

Trust: 1.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10569

Trust: 0.8

url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-march-2020-31720

Trust: 0.6

sources: CNVD: CNVD-2020-20202 // JVNDB: JVNDB-2019-014822 // CNNVD: CNNVD-202003-133 // NVD: CVE-2019-10569

SOURCES

db:CNVDid:CNVD-2020-20202
db:JVNDBid:JVNDB-2019-014822
db:CNNVDid:CNNVD-202003-133
db:NVDid:CVE-2019-10569

LAST UPDATE DATE

2024-08-14T14:25:52.401000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-20202date:2020-03-30T00:00:00
db:JVNDBid:JVNDB-2019-014822date:2020-03-18T00:00:00
db:CNNVDid:CNNVD-202003-133date:2020-04-02T00:00:00
db:NVDid:CVE-2019-10569date:2020-03-09T12:14:44.897

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-20202date:2020-03-30T00:00:00
db:JVNDBid:JVNDB-2019-014822date:2020-03-18T00:00:00
db:CNNVDid:CNNVD-202003-133date:2020-03-03T00:00:00
db:NVDid:CVE-2019-10569date:2020-03-05T09:15:15.797