Lucene search

[email protected]CVE-2019-2336

HistoryNov 21, 2019 - 3:15 p.m.

CVE-2019-2336

2019-11-2115:15:16

CWE-416

CWE-787

[email protected]

web.nvd.nist.gov

cve-2019-2336

cbo listener

memory corruption

use after free

snapdragon

nvd

security issue

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.8%

JSON

Subsequent use of the CBO listener may result in further memory corruption due to use after free issue. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in MDM9205, QCS404, SDX55, SM6150, SM7150, SM8150, SXR2130

Affected configurations

NVD

Node

qualcommmdm9205_firmwareMatch-

AND

qualcommmdm9205Match-

Node

qualcommqcs404_firmwareMatch-

AND

qualcommqcs404Match-

Node

qualcommsdx55_firmwareMatch-

AND

qualcommsdx55Match-

Node

qualcommsm6150_firmwareMatch-

AND

qualcommsm6150Match-

Node

qualcommsm7150_firmwareMatch-

AND

qualcommsm7150Match-

Node

qualcommsm8150_firmwareMatch-

AND

qualcommsm8150Match-

Node

qualcommsxr2130_firmwareMatch-

AND

qualcommsxr2130Match-

CPENameOperatorVersion
qualcomm:mdm9205_firmwarequalcomm mdm9205 firmwareeq-

CPE	Name	Operator	Version
qualcomm:mdm9205_firmware	qualcomm mdm9205 firmware	eq	-

CNA Affected

[
  {
    "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "MDM9205, QCS404, SDX55, SM6150, SM7150, SM8150, SXR2130"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.8%

JSON

Related for CVE-2019-2336

prion1 cvelist1 nvd1