1. CVE-Search
  2. CVE-2019-10616
ID CVE-2019-10616
Summary Possibility of null pointer access if the SPDM commands are executed in the non-standard way in TZ. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8016, MDM9150, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8998, SA6155P, SDX24
References
Vulnerable Configurations
  • cpe:2.3:o:qualcomm:apq8009_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:apq8009_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:apq8009:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:apq8009:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:apq8016_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:apq8016_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:apq8016:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:apq8016:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:mdm9150_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:mdm9150_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:mdm9150:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:mdm9150:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:msm8905_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:msm8905_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:msm8905:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:msm8905:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:msm8909_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:msm8909_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:msm8909:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:msm8909:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:msm8998_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:msm8998_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:msm8998:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:msm8998:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sdx24_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sdx24_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sdx24:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sdx24:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*
CVSS
Base: 4.9 (as of 09-03-2020 - 12:04)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:C
refmap via4
confirm https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin
Last major update 09-03-2020 - 12:04
Published 05-03-2020 - 09:15
Last modified 09-03-2020 - 12:04
Back to Top