Sign-up

ID

VAR-202003-1268


CVE

CVE-2019-10552


TITLE

plural Snapdragon Out-of-bounds read vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-014819

DESCRIPTION

Multiple Buffer Over-read issue can happen due to improper length checks while decoding Service Reject/RAU Reject/PTMSI Realloc cmd in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130. plural Snapdragon The product contains an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be put into a state. Qualcomm MDM9206, etc. are all products of Qualcomm. MDM9206 is a central processing unit (CPU) product. SDX24 is a modem. APQ8017 is a central processing unit (CPU) product. The Multi-Mode Call Processor in multiple Qualcomm products has a buffer overflow vulnerability. The vulnerability stems from the fact that when decoding the Service Reject/RAU Reject/PTMSI Realloc cmd, the program fails to perform the correct length check. The attacker can use a special request Use the vulnerability to obtain sensitive information or cause denial of service

Trust: 2.16

sources: NVD: CVE-2019-10552 // JVNDB: JVNDB-2019-014819 // CNVD: CNVD-2020-20203

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-20203

AFFECTED PRODUCTS

vendor:qualcommmodel:apq8009scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:apq8096auscope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:apq8017scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:apq8096scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:apq8053scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9150scope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9205scope: - version: -

Trust: 1.4

vendor:qualcommmodel:apq8009scope: - version: -

Trust: 1.4

vendor:qualcommmodel:apq8017scope: - version: -

Trust: 1.4

vendor:qualcommmodel:apq8053scope: - version: -

Trust: 1.4

vendor:qualcommmodel:apq8096auscope: - version: -

Trust: 1.4

vendor:qualcommmodel:apq8098scope: - version: -

Trust: 1.4

vendor:qualcommmodel:apq8096scope: - version: -

Trust: 1.4

vendor:qualcommmodel:msm8909scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8953scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sc8180xscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8917scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8998scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx24scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9615scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9645scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9655scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8940scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr1130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcm2150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx55scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm7150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8098scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm6150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm632scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm429wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qm215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:nicobarscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8905scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9635mscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8920scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:rennellscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8937scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8939scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdx20scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm429scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm439scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm630scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm632scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm636scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sda660scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sda845scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sxr1130scope: - version: -

Trust: 0.6

vendor:qualcommmodel:mdm9615scope: - version: -

Trust: 0.6

vendor:qualcommmodel:mdm9625scope: - version: -

Trust: 0.6

vendor:qualcommmodel:mdm9635mscope: - version: -

Trust: 0.6

vendor:qualcommmodel:mdm9645scope: - version: -

Trust: 0.6

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.6

vendor:qualcommmodel:mdm9655scope: - version: -

Trust: 0.6

vendor:qualcommmodel:mdm9640scope: - version: -

Trust: 0.6

vendor:qualcommmodel:qcs605scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm660scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdx24scope: - version: -

Trust: 0.6

vendor:qualcommmodel:nicobarscope: - version: -

Trust: 0.6

vendor:qualcommmodel:sm7150scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm670scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sm8150scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm429wscope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8917scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8920scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8937scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8940scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8953scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sc8180xscope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm450scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdx55scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8905scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8909scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8998scope: - version: -

Trust: 0.6

vendor:qualcommmodel:qm215scope: - version: -

Trust: 0.6

vendor:qualcommmodel:rennellscope: - version: -

Trust: 0.6

vendor:qualcommmodel:qcm2150scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm710scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm845scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm850scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sm6150scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8939scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-20203 // JVNDB: JVNDB-2019-014819 // CNNVD: CNNVD-202003-134 // NVD: CVE-2019-10552

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10552
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2019-014819
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-20203
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202003-134
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2019-10552
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-014819
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-20203
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-10552
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-014819
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-20203 // JVNDB: JVNDB-2019-014819 // CNNVD: CNNVD-202003-134 // NVD: CVE-2019-10552

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.8

problemtype:CWE-20

Trust: 1.0

sources: JVNDB: JVNDB-2019-014819 // NVD: CVE-2019-10552

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-134

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202003-134

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-014819

PATCH
title:March 2020 Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin
Trust: 0.8
title:Patch for Multiple Qualcomm product buffer overflow vulnerabilities (CNVD-2020-20203)url:https://www.cnvd.org.cn/patchInfo/show/211585
Trust: 0.6
title:Multiple Qualcomm Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111593
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-20203 // 
            
            
            
            JVNDB: JVNDB-2019-014819 // 
            
            
            
            CNNVD: CNNVD-202003-134

EXTERNAL IDS
db:NVDid:CVE-2019-10552
Trust: 3.0
db:JVNDBid:JVNDB-2019-014819
Trust: 0.8
db:CNVDid:CNVD-2020-20203
Trust: 0.6
db:CNNVDid:CNNVD-202003-134
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-20203 // 
            
            
            
            JVNDB: JVNDB-2019-014819 // 
            
            
            
            CNNVD: CNNVD-202003-134 // 
            
            
            
            NVD: CVE-2019-10552

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-10552
Trust: 2.0
url:https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10552
Trust: 0.8
url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-march-2020-31720
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-20203 // 
            
            
            
            JVNDB: JVNDB-2019-014819 // 
            
            
            
            CNNVD: CNNVD-202003-134 // 
            
            
            
            NVD: CVE-2019-10552

SOURCES
db:CNVDid:CNVD-2020-20203
db:JVNDBid:JVNDB-2019-014819
db:CNNVDid:CNNVD-202003-134
db:NVDid:CVE-2019-10552

LAST UPDATE DATE
2024-11-23T23:01:30.092000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-20203date:2020-03-30T00:00:00
db:JVNDBid:JVNDB-2019-014819date:2020-03-18T00:00:00
db:CNNVDid:CNNVD-202003-134date:2020-03-13T00:00:00
db:NVDid:CVE-2019-10552date:2024-11-21T04:19:26.123

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-20203date:2020-03-30T00:00:00
db:JVNDBid:JVNDB-2019-014819date:2020-03-18T00:00:00
db:CNNVDid:CNNVD-202003-134date:2020-03-03T00:00:00
db:NVDid:CVE-2019-10552date:2020-03-05T09:15:15.610