Lucene search

[email protected]CVE-2019-10612

HistoryMar 05, 2020 - 9:15 a.m.

CVE-2019-10612

2020-03-0509:15:16

CWE-787

[email protected]

web.nvd.nist.gov

cve-2019-10612

stack overflow

snapdragon auto

snapdragon compute

snapdragon consumer iot

snapdragon industrial iot

mdm9205

mdm9650

qcs605

sa6155p

sc8180x

sda845

sdm670

sdm710

sdm845

sdm850

sdx55

sm6150

sm7150

sm8150

sm8250

sxr1130

sxr2130

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.5%

JSON

UTCB object has a function pointer called by the reaper to deallocate its memory resources and this address can potentially be corrupted by stack overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, MDM9650, QCS605, SA6155P, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Affected configurations

NVD

Node

qualcommmdm9205Match-

AND

qualcommmdm9205_firmwareMatch-

Node

qualcommmdm9650Match-

AND

qualcommmdm9650_firmwareMatch-

Node

qualcommqcs605Match-

AND

qualcommqcs605_firmwareMatch-

Node

qualcommsa6155pMatch-

AND

qualcommsa6155p_firmwareMatch-

Node

qualcommsc8180xMatch-

AND

qualcommsc8180x_firmwareMatch-

Node

qualcommsda845Match-

AND

qualcommsda845_firmwareMatch-

Node

qualcommsdm670Match-

AND

qualcommsdm670_firmwareMatch-

Node

qualcommsdm710Match-

AND

qualcommsdm710_firmwareMatch-

Node

qualcommsdm845_firmwareMatch-

AND

qualcommsdm845Match-

Node

qualcommsdm850_firmwareMatch-

AND

qualcommsdm850Match-

Node

qualcommsdx55_firmwareMatch-

AND

qualcommsdx55Match-

Node

qualcommsm6150_firmwareMatch-

AND

qualcommsm6150Match-

Node

qualcommsm7150_firmwareMatch-

AND

qualcommsm7150Match-

Node

qualcommsm8150_firmwareMatch-

AND

qualcommsm8150Match-

Node

qualcommsm8250_firmwareMatch-

AND

qualcommsm8250Match-

Node

qualcommsxr1130_firmwareMatch-

AND

qualcommsxr1130Match-

Node

qualcommsxr2130_firmwareMatch-

AND

qualcommsxr2130Match-

CPENameOperatorVersion
qualcomm:mdm9205_firmwarequalcomm mdm9205 firmwareeq-

CPE	Name	Operator	Version
qualcomm:mdm9205_firmware	qualcomm mdm9205 firmware	eq	-

CNA Affected

[
  {
    "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "MDM9205, MDM9650, QCS605, SA6155P, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.5%

JSON

Related for CVE-2019-10612

cvelist1 nvd1 prion1