Lucene search

[email protected]CVE-2019-10603

HistoryMar 05, 2020 - 9:15 a.m.

CVE-2019-10603

2020-03-0509:15:16

CWE-416

[email protected]

web.nvd.nist.gov

cve-2019-10603

use after free

snapdragon

ipv6

route lookup

security issue

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.8%

JSON

Use after free issue occurs If the real device interface goes down and a route lookup is performed while sending a raw IPv6 message in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8917, MSM8937, MSM8996AU, QCN7605, SDA845, SDM630, SDM636, SDM660, SDX20, SXR1130

Affected configurations

NVD

Node

qualcommapq8053Match-

AND

qualcommapq8053_firmwareMatch-

Node

qualcommapq8096auMatch-

AND

qualcommapq8096au_firmwareMatch-

Node

qualcommapq8098Match-

AND

qualcommapq8098_firmwareMatch-

Node

qualcommmdm9206Match-

AND

qualcommmdm9206_firmwareMatch-

Node

qualcommmdm9207cMatch-

AND

qualcommmdm9207c_firmwareMatch-

Node

qualcommmdm9607Match-

AND

qualcommmdm9607_firmwareMatch-

Node

qualcommmdm9640Match-

AND

qualcommmdm9640_firmwareMatch-

Node

qualcommmdm9650Match-

AND

qualcommmdm9650_firmwareMatch-

Node

qualcommmsm8917_firmwareMatch-

AND

qualcommmsm8917Match-

Node

qualcommmsm8937_firmwareMatch-

AND

qualcommmsm8937Match-

Node

qualcommmsm8996au_firmwareMatch-

AND

qualcommmsm8996auMatch-

Node

qualcommqcn7605_firmwareMatch-

AND

qualcommqcn7605Match-

Node

qualcommsda845_firmwareMatch-

AND

qualcommsda845Match-

Node

qualcommsdm630_firmwareMatch-

AND

qualcommsdm630Match-

Node

qualcommsdm636_firmwareMatch-

AND

qualcommsdm636Match-

Node

qualcommsdm660_firmwareMatch-

AND

qualcommsdm660Match-

Node

qualcommsdx20_firmwareMatch-

AND

qualcommsdx20Match-

Node

qualcommsxr1130_firmwareMatch-

AND

qualcommsxr1130Match-

CPENameOperatorVersion
qualcomm:apq8053_firmwarequalcomm apq8053 firmwareeq-

CPE	Name	Operator	Version
qualcomm:apq8053_firmware	qualcomm apq8053 firmware	eq	-

CNA Affected

[
  {
    "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8917, MSM8937, MSM8996AU, QCN7605, SDA845, SDM630, SDM636, SDM660, SDX20, SXR1130"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.8%

JSON

Related for CVE-2019-10603

prion1 nvd1 cvelist1