var-202003-1264
Vulnerability from variot
Stack buffer overflow due to instance id is misplaced inside definition of hardware accelerated effects in makefile in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, APQ8098, MDM9607, MDM9640, MSM8998, QCS605, SC8180X, SDM439, SDM630, SDM636, SDM660, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130. plural Snapdragon The product contains an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Qualcomm MDM9607, etc. are all products of Qualcomm. MDM9607 is a central processing unit (CPU) product. SDX24 is a modem. SDM630 is a central processing unit (CPU) product.
There are buffer overflow vulnerabilities in Audio in many Qualcomm products. The vulnerability stems from network systems or products performing incorrect operations on the memory and not validating the data boundary, resulting in incorrect read and write operations to other associated memory locations , An attacker can use this vulnerability to cause a buffer overflow or heap overflow
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202003-1264", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mdm9607", "scope": null, "trust": 1.4, "vendor": "qualcomm", "version": null }, { "model": "sdm439", "scope": null, "trust": 1.4, "vendor": "qualcomm", "version": null }, { "model": "sdm636", "scope": null, "trust": 1.4, "vendor": "qualcomm", "version": null }, { "model": "qcs605", "scope": null, "trust": 1.4, "vendor": "qualcomm", "version": null }, { "model": "mdm9640", "scope": null, "trust": 1.4, "vendor": "qualcomm", "version": null }, { "model": "sdm630", "scope": null, "trust": 1.4, "vendor": "qualcomm", "version": null }, { "model": "apq8053", "scope": null, "trust": 1.4, "vendor": "qualcomm", "version": null }, { "model": "sc8180x", "scope": null, "trust": 1.4, "vendor": "qualcomm", "version": null }, { "model": "apq8098", "scope": null, "trust": 1.4, "vendor": "qualcomm", "version": null }, { "model": "msm8998", "scope": null, "trust": 1.4, "vendor": "qualcomm", "version": null }, { "model": "sm8150", "scope": "eq", "trust": 1.0, "vendor": "qualcomm", "version": null }, { "model": "apq8053", "scope": "eq", "trust": 1.0, "vendor": "qualcomm", "version": null }, { "model": "sdm630", "scope": "eq", "trust": 1.0, "vendor": "qualcomm", "version": null }, { "model": "sdm636", "scope": "eq", "trust": 1.0, "vendor": "qualcomm", "version": null }, { "model": "sc8180x", "scope": "eq", "trust": 1.0, "vendor": "qualcomm", "version": null }, { "model": "sdm660", "scope": "eq", "trust": 1.0, "vendor": "qualcomm", "version": null }, { "model": "msm8998", "scope": "eq", "trust": 1.0, "vendor": "qualcomm", "version": null }, { "model": "sdm439", "scope": "eq", "trust": 1.0, "vendor": "qualcomm", "version": null }, { "model": "sdx24", "scope": "eq", "trust": 1.0, "vendor": "qualcomm", "version": null }, { "model": "mdm9640", "scope": "eq", "trust": 1.0, "vendor": "qualcomm", "version": null }, { "model": "sdx55", "scope": "eq", "trust": 1.0, "vendor": "qualcomm", "version": null }, { "model": "apq8098", "scope": "eq", "trust": 1.0, "vendor": "qualcomm", "version": null }, { "model": "qcs605", "scope": "eq", "trust": 1.0, "vendor": "qualcomm", "version": null }, { "model": "sdm845", "scope": "eq", "trust": 1.0, "vendor": "qualcomm", "version": null }, { "model": "sm6150", "scope": "eq", "trust": 1.0, "vendor": "qualcomm", "version": null }, { "model": "sm7150", "scope": "eq", "trust": 1.0, "vendor": "qualcomm", "version": null }, { "model": "sxr1130", "scope": "eq", "trust": 1.0, "vendor": "qualcomm", "version": null }, { "model": "mdm9607", "scope": "eq", "trust": 1.0, "vendor": "qualcomm", "version": null }, { "model": "sdm660", "scope": null, "trust": 0.6, "vendor": "qualcomm", "version": null }, { "model": "sdx24", "scope": null, "trust": 0.6, "vendor": "qualcomm", "version": null }, { "model": "sxr1130", "scope": null, "trust": 0.6, "vendor": "qualcomm", "version": null }, { "model": "sm7150", "scope": null, "trust": 0.6, "vendor": "qualcomm", "version": null }, { "model": "sdx55", "scope": null, "trust": 0.6, "vendor": "qualcomm", "version": null }, { "model": "sdm845", "scope": null, "trust": 0.6, "vendor": "qualcomm", "version": null }, { "model": "sm6150", "scope": null, "trust": 0.6, "vendor": "qualcomm", "version": null }, { "model": "sm8250", "scope": null, "trust": 0.6, "vendor": "qualcomm", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-20202" }, { "db": "JVNDB", "id": "JVNDB-2019-014822" }, { "db": "NVD", "id": "CVE-2019-10569" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/o:qualcomm:apq8053_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:qualcomm:apq8098_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:qualcomm:mdm9607_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:qualcomm:mdm9640_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:qualcomm:msm8998_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:qualcomm:qcs605_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:qualcomm:sc8180x_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:qualcomm:sdm439_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:qualcomm:sdm630_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:qualcomm:sdm636_firmware", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014822" } ] }, "cve": "CVE-2019-10569", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CVE-2019-10569", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.0, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.2, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "JVNDB-2019-014822", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CNVD-2020-20202", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2019-10569", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2019-014822", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-10569", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "JVNDB-2019-014822", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2020-20202", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202003-133", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-20202" }, { "db": "JVNDB", "id": "JVNDB-2019-014822" }, { "db": "CNNVD", "id": "CNNVD-202003-133" }, { "db": "NVD", "id": "CVE-2019-10569" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Stack buffer overflow due to instance id is misplaced inside definition of hardware accelerated effects in makefile in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, APQ8098, MDM9607, MDM9640, MSM8998, QCS605, SC8180X, SDM439, SDM630, SDM636, SDM660, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130. plural Snapdragon The product contains an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Qualcomm MDM9607, etc. are all products of Qualcomm. MDM9607 is a central processing unit (CPU) product. SDX24 is a modem. SDM630 is a central processing unit (CPU) product. \n\r\n\r\nThere are buffer overflow vulnerabilities in Audio in many Qualcomm products. The vulnerability stems from network systems or products performing incorrect operations on the memory and not validating the data boundary, resulting in incorrect read and write operations to other associated memory locations , An attacker can use this vulnerability to cause a buffer overflow or heap overflow", "sources": [ { "db": "NVD", "id": "CVE-2019-10569" }, { "db": "JVNDB", "id": "JVNDB-2019-014822" }, { "db": "CNVD", "id": "CNVD-2020-20202" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-10569", "trust": 3.0 }, { "db": "JVNDB", "id": "JVNDB-2019-014822", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2020-20202", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202003-133", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-20202" }, { "db": "JVNDB", "id": "JVNDB-2019-014822" }, { "db": "CNNVD", "id": "CNNVD-202003-133" }, { "db": "NVD", "id": "CVE-2019-10569" } ] }, "id": "VAR-202003-1264", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-20202" } ], "trust": 0.06 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-20202" } ] }, "last_update_date": "2024-11-23T22:29:41.115000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "March 2020 Security Bulletin", "trust": 0.8, "url": "https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin" }, { "title": "Patch for Multiple Qualcomm product buffer overflow vulnerabilities (CNVD-2020-20202)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/211583" }, { "title": "Multiple Qualcomm Product Buffer Error Vulnerability Fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111015" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-20202" }, { "db": "JVNDB", "id": "JVNDB-2019-014822" }, { "db": "CNNVD", "id": "CNNVD-202003-133" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014822" }, { "db": "NVD", "id": "CVE-2019-10569" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10569" }, { "trust": 1.6, "url": "https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10569" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-march-2020-31720" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-20202" }, { "db": "JVNDB", "id": "JVNDB-2019-014822" }, { "db": "CNNVD", "id": "CNNVD-202003-133" }, { "db": "NVD", "id": "CVE-2019-10569" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2020-20202" }, { "db": "JVNDB", "id": "JVNDB-2019-014822" }, { "db": "CNNVD", "id": "CNNVD-202003-133" }, { "db": "NVD", "id": "CVE-2019-10569" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-03-30T00:00:00", "db": "CNVD", "id": "CNVD-2020-20202" }, { "date": "2020-03-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-014822" }, { "date": "2020-03-03T00:00:00", "db": "CNNVD", "id": "CNNVD-202003-133" }, { "date": "2020-03-05T09:15:15.797000", "db": "NVD", "id": "CVE-2019-10569" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-03-30T00:00:00", "db": "CNVD", "id": "CNVD-2020-20202" }, { "date": "2020-03-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-014822" }, { "date": "2020-04-02T00:00:00", "db": "CNNVD", "id": "CNNVD-202003-133" }, { "date": "2024-11-21T04:19:28.580000", "db": "NVD", "id": "CVE-2019-10569" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202003-133" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Snapdragon Out-of-bounds write vulnerabilities in the product", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014822" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202003-133" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.