Lucene search

[email protected]CVE-2019-2284

HistorySep 30, 2019 - 4:15 p.m.

CVE-2019-2284

2019-09-3016:15:11

CWE-416

CWE-362

[email protected]

web.nvd.nist.gov

cve-2019-2284

snapdragon

race condition

use-after-free

camera

ioctl

msm8909w

qcs405

qcs605

qualcomm 215

sd 425

sd 439

sd 450

sd 625

sd 632

sd 665

sd 675

sd 712

sd 710

sd 670

sd 730

sd 845

sd 850

sd 855

sdm439

sdx24

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Possible use-after-free issue due to a race condition while calling camera ioctl concurrently in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, QCS405, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855, SDM439, SDX24

Affected configurations

NVD

Node

qualcommmsm8909w_firmwareMatch-

AND

qualcommmsm8909wMatch-

Node

qualcommqcs405_firmwareMatch-

AND

qualcommqcs405Match-

Node

qualcommqcs605_firmwareMatch-

AND

qualcommqcs605Match-

Node

qualcommqualcomm_215_firmwareMatch-

AND

qualcommqualcomm_215Match-

Node

qualcommsd_425_firmwareMatch-

AND

qualcommsd_425Match-

Node

qualcommsd_439_firmwareMatch-

AND

qualcommsd_439Match-

Node

qualcommsd_429_firmwareMatch-

AND

qualcommsd_429Match-

Node

qualcommsd_450_firmwareMatch-

AND

qualcommsd_450Match-

Node

qualcommsd_625_firmwareMatch-

AND

qualcommsd_625Match-

Node

qualcommsd_632_firmwareMatch-

AND

qualcommsd_632Match-

Node

qualcommsd_665_firmwareMatch-

AND

qualcommsd_665Match-

Node

qualcommsd_675_firmwareMatch-

AND

qualcommsd_675Match-

Node

qualcommsd_712_firmwareMatch-

AND

qualcommsd_712Match-

Node

qualcommsd_710_firmwareMatch-

AND

qualcommsd_710Match-

Node

qualcommsd_670_firmwareMatch-

AND

qualcommsd_670Match-

Node

qualcommsd_730_firmwareMatch-

AND

qualcommsd_730Match-

Node

qualcommsd_845_firmwareMatch-

AND

qualcommsd_845Match-

Node

qualcommsd_850_firmwareMatch-

AND

qualcommsd_850Match-

Node

qualcommsd_855_firmwareMatch-

AND

qualcommsd_855Match-

Node

qualcommsdm439_firmwareMatch-

AND

qualcommsdm439Match-

Node

qualcommsdx24_firmwareMatch-

AND

qualcommsdx24Match-

CPENameOperatorVersion
qualcomm:msm8909w_firmwarequalcomm msm8909w firmwareeq-

CPE	Name	Operator	Version
qualcomm:msm8909w_firmware	qualcomm msm8909w firmware	eq	-

CNA Affected

[
  {
    "product": "Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "MSM8909W, QCS405, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855, SDM439, SDX24"
      }
    ]
  }
]

References

www.codeaurora.org/security-bulletin/2019/08/05/august-2019-code-aurora-security-bulletin

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2019-2284

cvelist1 prion1 nvd1 threatpost1 androidsecurity2