Lucene search

[email protected]CVE-2019-2318

HistoryNov 21, 2019 - 3:15 p.m.

CVE-2019-2318

2019-11-2115:15:16

CWE-125

[email protected]

web.nvd.nist.gov

cve

trustzone

dos

snapdragon

kernel

security

vulnerability

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.8%

JSON

Non Secure Kernel can cause Trustzone to do an arbitrary memory read which will result into DOS in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8017, APQ8053, APQ8096, APQ8096AU, IPQ8074, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, QCA8081, QM215, SDM429, SDM439, SDM450, SDM632, Snapdragon_High_Med_2016

Affected configurations

NVD

Node

qualcommapq8017_firmwareMatch-

AND

qualcommapq8017Match-

Node

qualcommapq8053_firmwareMatch-

AND

qualcommapq8053Match-

Node

qualcommapq8096_firmwareMatch-

AND

qualcommapq8096Match-

Node

qualcommapq8096au_firmwareMatch-

AND

qualcommapq8096auMatch-

Node

qualcommipq8074_firmwareMatch-

AND

qualcommipq8074Match-

Node

qualcommmsm8917_firmwareMatch-

AND

qualcommmsm8917Match-

Node

qualcommmsm8920_firmwareMatch-

AND

qualcommmsm8920Match-

Node

qualcommmsm8937_firmwareMatch-

AND

qualcommmsm8937Match-

Node

qualcommmsm8940_firmwareMatch-

AND

qualcommmsm8940Match-

Node

qualcommmsm8953_firmwareMatch-

AND

qualcommmsm8953Match-

Node

qualcommmsm8996_firmwareMatch-

AND

qualcommmsm8996Match-

Node

qualcommmsm8996au_firmwareMatch-

AND

qualcommmsm8996auMatch-

Node

qualcommqca8081_firmwareMatch-

AND

qualcommqca8081Match-

Node

qualcommqm215_firmwareMatch-

AND

qualcommqm215Match-

Node

qualcommsdm429_firmwareMatch-

AND

qualcommsdm429Match-

Node

qualcommsdm439_firmwareMatch-

AND

qualcommsdm439Match-

Node

qualcommsdm450_firmwareMatch-

AND

qualcommsdm450Match-

Node

qualcommsdm632_firmwareMatch-

AND

qualcommsdm632Match-

Node

qualcommsnapdragon_high_med_2016_firmwareMatch-

AND

qualcommsnapdragon_high_med_2016Match-

CPENameOperatorVersion
qualcomm:apq8017_firmwarequalcomm apq8017 firmwareeq-

CPE	Name	Operator	Version
qualcomm:apq8017_firmware	qualcomm apq8017 firmware	eq	-

CNA Affected

[
  {
    "product": "Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "APQ8017, APQ8053, APQ8096, APQ8096AU, IPQ8074, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, QCA8081, QM215, SDM429, SDM439, SDM450, SDM632, Snapdragon_High_Med_2016"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.8%

JSON

Related for CVE-2019-2318

nvd1 prion1 cvelist1