Lucene search

[email protected]CVE-2019-10622

HistoryApr 16, 2020 - 11:15 a.m.

CVE-2019-10622

2020-04-1611:15:13

CWE-125

[email protected]

web.nvd.nist.gov

cve-2019-10622

out of bound memory access

adsp message parsing

snapdragon platforms

security vulnerability

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:N/A:P

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

9.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.5%

JSON

Out of bound memory access can happen while parsing ADSP message due to lack of check of size of payload received from userspace in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8096AU, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, QCN7605, QCS605, SC8180X, SDM710, SDX24, SDX55, SM8150, SM8250, SXR2130

Affected configurations

NVD

Node

qualcommapq8009_firmwareMatch-

AND

qualcommapq8009Match-

Node

qualcommapq8096au_firmwareMatch-

AND

qualcommapq8096auMatch-

Node

qualcommipq4019_firmwareMatch-

AND

qualcommipq4019Match-

Node

qualcommipq6018_firmwareMatch-

AND

qualcommipq6018Match-

Node

qualcommipq8064_firmwareMatch-

AND

qualcommipq8064Match-

Node

qualcommipq8074_firmwareMatch-

AND

qualcommipq8074Match-

Node

qualcommmdm9206_firmwareMatch-

AND

qualcommmdm9206Match-

Node

qualcommmdm9207c_firmwareMatch-

AND

qualcommmdm9207cMatch-

Node

qualcommmdm9607_firmwareMatch-

AND

qualcommmdm9607Match-

Node

qualcommmdm9640_firmwareMatch-

AND

qualcommmdm9640Match-

Node

qualcommmdm9650Match-

AND

qualcommmdm9650_firmwareMatch-

Node

qualcommqcn7605Match-

AND

qualcommqcn7605_firmwareMatch-

Node

qualcommqcs605Match-

AND

qualcommqcs605_firmwareMatch-

Node

qualcommsc8180xMatch-

AND

qualcommsc8180x_firmwareMatch-

Node

qualcommsdm710Match-

AND

qualcommsdm710_firmwareMatch-

Node

qualcommsdx24Match-

AND

qualcommsdx24_firmwareMatch-

Node

qualcommsdx55Match-

AND

qualcommsdx55_firmwareMatch-

Node

qualcommsm8150Match-

AND

qualcommsm8150_firmwareMatch-

Node

qualcommsm8250_firmwareMatch-

AND

qualcommsm8250Match-

Node

qualcommsxr2130_firmwareMatch-

AND

qualcommsxr2130Match-

CPENameOperatorVersion
qualcomm:apq8009_firmwarequalcomm apq8009 firmwareeq-

CPE	Name	Operator	Version
qualcomm:apq8009_firmware	qualcomm apq8009 firmware	eq	-

CNA Affected

[
  {
    "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "APQ8009, APQ8096AU, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, QCN7605, QCS605, SC8180X, SDM710, SDX24, SDX55, SM8150, SM8250, SXR2130"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:N/A:P

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

9.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.5%

JSON

Related for CVE-2019-10622

prion1 cvelist1 nvd1 androidsecurity1