Lucene search

[email protected]CVE-2019-2345

HistoryJul 25, 2019 - 5:15 p.m.

CVE-2019-2345

2019-07-2517:15:14

CWE-362

[email protected]

web.nvd.nist.gov

cve-2019-2345

race condition

snapdragon

dma buffer

jpeg driver

nvd

security vulnerability

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Race condition while accessing DMA buffer in jpeg driver in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM660, SDX20, SDX24

Affected configurations

NVD

Node

qualcommmsm8909w_firmwareMatch-

AND

qualcommmsm8909wMatch-

Node

qualcommmsm8996au_firmwareMatch-

AND

qualcommmsm8996auMatch-

Node

qualcommqcs605_firmwareMatch-

AND

qualcommqcs605Match-

Node

qualcommsd_425_firmwareMatch-

AND

qualcommsd_425Match-

Node

qualcommsd_427_firmwareMatch-

AND

qualcommsd_427Match-

Node

qualcommsd_430_firmwareMatch-

AND

qualcommsd_430Match-

Node

qualcommsd_435_firmwareMatch-

AND

qualcommsd_435Match-

Node

qualcommsd_450_firmwareMatch-

AND

qualcommsd_450Match-

Node

qualcommsd_625_firmwareMatch-

AND

qualcommsd_625Match-

Node

qualcommsd_636_firmwareMatch-

AND

qualcommsd_636Match-

Node

qualcommsd_712_firmwareMatch-

AND

qualcommsd_712Match-

Node

qualcommsd_710_firmwareMatch-

AND

qualcommsd_710Match-

Node

qualcommsd_670_firmwareMatch-

AND

qualcommsd_670Match-

Node

qualcommsd_820_firmwareMatch-

AND

qualcommsd_820Match-

Node

qualcommsd_820a_firmwareMatch-

AND

qualcommsd_820aMatch-

Node

qualcommsd_835_firmwareMatch-

AND

qualcommsd_835Match-

Node

qualcommsd_845_firmwareMatch-

AND

qualcommsd_845Match-

Node

qualcommsd_850_firmwareMatch-

AND

qualcommsd_850Match-

Node

qualcommsda660_firmwareMatch-

AND

qualcommsda660Match-

Node

qualcommsdm660_firmwareMatch-

AND

qualcommsdm660Match-

Node

qualcommsdx20_firmwareMatch-

AND

qualcommsdx20Match-

Node

qualcommsdx24_firmwareMatch-

AND

qualcommsdx24Match-

CPENameOperatorVersion
qualcomm:msm8909w_firmwarequalcomm msm8909w firmwareeq-

CPE	Name	Operator	Version
qualcomm:msm8909w_firmware	qualcomm msm8909w firmware	eq	-

CNA Affected

[
  {
    "product": "Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "MSM8909W, MSM8996AU, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM660, SDX20, SDX24"
      }
    ]
  }
]

References

www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2019-2345

cvelist1 prion1 nvd1 androidsecurity1