Sign-up

ID

VAR-202003-1267


CVE

CVE-2019-10554


TITLE

plural Snapdragon Out-of-bounds read vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-014821

DESCRIPTION

Multiple Read overflows issue due to improper length check while decoding Identity Request in CSdomain/Authentication Reject in CS domain/ PRAU accept/while logging DL message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130. plural Snapdragon The product contains an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be put into a state. Qualcomm MDM9206, etc. are all products of Qualcomm. MDM9206 is a central processing unit (CPU) product. SDX24 is a modem. MSM8917 is a central processing unit (CPU) product. The Multi-Mode Call Processor in multiple Qualcomm products has a buffer overflow vulnerability. The vulnerability stems from the fact that the network system or product performs an operation on the memory and does not correctly verify the data boundary, resulting in the execution of the wrong memory location. For read and write operations, an attacker can use this vulnerability to cause a buffer overflow or heap overflow

Trust: 2.16

sources: NVD: CVE-2019-10554 // JVNDB: JVNDB-2019-014821 // CNVD: CNVD-2020-20195

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-20195

AFFECTED PRODUCTS

vendor:qualcommmodel:apq8009scope: - version: -

Trust: 1.4

vendor:qualcommmodel:apq8017scope: - version: -

Trust: 1.4

vendor:qualcommmodel:apq8053scope: - version: -

Trust: 1.4

vendor:qualcommmodel:apq8096auscope: - version: -

Trust: 1.4

vendor:qualcommmodel:apq8098scope: - version: -

Trust: 1.4

vendor:qualcommmodel:apq8096scope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9150scope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9205scope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 1.4

vendor:qualcommmodel:msm8909scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8053scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8953scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sc8180xscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8917scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8998scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx24scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9615scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9645scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9655scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8940scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr1130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcm2150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx55scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8096auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm7150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8009scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8098scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm6150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8096scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm632scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm429wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8017scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qm215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:nicobarscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8905scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9635mscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8920scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:rennellscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8937scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8939scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9615scope: - version: -

Trust: 0.6

vendor:qualcommmodel:mdm9625scope: - version: -

Trust: 0.6

vendor:qualcommmodel:mdm9640scope: - version: -

Trust: 0.6

vendor:qualcommmodel:mdm9645scope: - version: -

Trust: 0.6

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.6

vendor:qualcommmodel:mdm9655scope: - version: -

Trust: 0.6

vendor:qualcommmodel:mdm9635mscope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8917scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8920scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8937scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8940scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8953scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8905scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8909scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8998scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8939scope: - version: -

Trust: 0.6

vendor:qualcommmodel:nicobarscope: - version: -

Trust: 0.6

vendor:qualcommmodel:qcm2150scope: - version: -

Trust: 0.6

vendor:qualcommmodel:qcs605scope: - version: -

Trust: 0.6

vendor:qualcommmodel:qm215scope: - version: -

Trust: 0.6

vendor:qualcommmodel:rennellscope: - version: -

Trust: 0.6

vendor:qualcommmodel:sc8180xscope: - version: -

Trust: 0.6

vendor:qualcommmodel:sda660scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sda845scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm429scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm439scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm630scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm632scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm636scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm660scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm670scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm429wscope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm450scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm710scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm845scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm850scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdx20scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdx24scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdx55scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sm7150scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sm8150scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sm6150scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sxr1130scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-20195 // JVNDB: JVNDB-2019-014821 // NVD: CVE-2019-10554

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10554
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2019-014821
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-20195
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202003-135
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2019-10554
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-014821
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-20195
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-10554
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-014821
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-20195 // JVNDB: JVNDB-2019-014821 // CNNVD: CNNVD-202003-135 // NVD: CVE-2019-10554

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.8

sources: JVNDB: JVNDB-2019-014821 // NVD: CVE-2019-10554

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-135

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202003-135

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-014821

PATCH
title:March 2020 Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin
Trust: 0.8
title:Patch for Multiple Qualcomm product buffer overflow vulnerabilities (CNVD-2020-20195)url:https://www.cnvd.org.cn/patchInfo/show/211587
Trust: 0.6
title:Multiple Qualcomm Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111594
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-20195 // 
            
            
            
            JVNDB: JVNDB-2019-014821 // 
            
            
            
            CNNVD: CNNVD-202003-135

EXTERNAL IDS
db:NVDid:CVE-2019-10554
Trust: 3.0
db:JVNDBid:JVNDB-2019-014821
Trust: 0.8
db:CNVDid:CNVD-2020-20195
Trust: 0.6
db:CNNVDid:CNNVD-202003-135
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-20195 // 
            
            
            
            JVNDB: JVNDB-2019-014821 // 
            
            
            
            CNNVD: CNNVD-202003-135 // 
            
            
            
            NVD: CVE-2019-10554

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-10554
Trust: 2.0
url:https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10554
Trust: 0.8
url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-march-2020-31720
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-20195 // 
            
            
            
            JVNDB: JVNDB-2019-014821 // 
            
            
            
            CNNVD: CNNVD-202003-135 // 
            
            
            
            NVD: CVE-2019-10554

SOURCES
db:CNVDid:CNVD-2020-20195
db:JVNDBid:JVNDB-2019-014821
db:CNNVDid:CNNVD-202003-135
db:NVDid:CVE-2019-10554

LAST UPDATE DATE
2024-11-23T23:08:04.260000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-20195date:2020-03-30T00:00:00
db:JVNDBid:JVNDB-2019-014821date:2020-03-18T00:00:00
db:CNNVDid:CNNVD-202003-135date:2020-04-02T00:00:00
db:NVDid:CVE-2019-10554date:2024-11-21T04:19:26.453

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-20195date:2020-03-30T00:00:00
db:JVNDBid:JVNDB-2019-014821date:2020-03-18T00:00:00
db:CNNVDid:CNNVD-202003-135date:2020-03-03T00:00:00
db:NVDid:CVE-2019-10554date:2020-03-05T09:15:15.733