cnvd - cnvd-2020-03574

CNVD-2020-03574

Vulnerability from cnvd - Published: 2020-02-04

Title

多款Qualcomm产品输入验证错误漏洞

Description

Qualcomm QCA6574AU等都是美国高通（Qualcomm）公司的一款中央处理器（CPU）产品。多款Qualcomm产品中的WLAN Host存在输入验证错误漏洞，攻击者可利用该漏洞导致整数溢出。

Severity

高

Patch Name

多款Qualcomm产品输入验证错误漏洞的补丁

Patch Description

Qualcomm QCA6574AU等都是美国高通（Qualcomm）公司的一款中央处理器（CPU）产品。多款Qualcomm产品中的WLAN Host存在输入验证错误漏洞，攻击者可利用该漏洞导致整数溢出。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-10537

Impacted products

Name
['Qualcomm MDM 9607', 'Qualcomm QCS 605', 'Qualcomm SDM 660', 'Qualcomm QCS 405', 'Qualcomm QCA 6574AU', 'Qualcomm SXR 1130', 'Qualcomm Nicobar', 'Qualcomm SDM 845', 'Qualcomm SM 6150', 'Qualcomm SM 7150', 'Qualcomm SM 8150', 'Qualcomm SM 8250', 'Qualcomm SXR 2130', 'Qualcomm SDX 55', 'Qualcomm QCN 7605']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-10537",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-10537"
    }
  },
  "description": "Qualcomm QCA6574AU\u7b49\u90fd\u662f\u7f8e\u56fd\u9ad8\u901a\uff08Qualcomm\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u4e2d\u592e\u5904\u7406\u5668\uff08CPU\uff09\u4ea7\u54c1\u3002\n\n\u591a\u6b3eQualcomm\u4ea7\u54c1\u4e2d\u7684WLAN Host\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u6574\u6570\u6ea2\u51fa\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-03574",
  "openTime": "2020-02-04",
  "patchDescription": "Qualcomm QCA6574AU\u7b49\u90fd\u662f\u7f8e\u56fd\u9ad8\u901a\uff08Qualcomm\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u4e2d\u592e\u5904\u7406\u5668\uff08CPU\uff09\u4ea7\u54c1\u3002\r\n\r\n\u591a\u6b3eQualcomm\u4ea7\u54c1\u4e2d\u7684WLAN Host\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u6574\u6570\u6ea2\u51fa\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eQualcomm\u4ea7\u54c1\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Qualcomm MDM 9607",
      "Qualcomm QCS 605",
      "Qualcomm SDM 660",
      "Qualcomm QCS 405",
      "Qualcomm QCA 6574AU",
      "Qualcomm SXR 1130",
      "Qualcomm Nicobar",
      "Qualcomm SDM 845",
      "Qualcomm SM 6150",
      "Qualcomm SM 7150",
      "Qualcomm SM 8150",
      "Qualcomm SM 8250",
      "Qualcomm SXR 2130",
      "Qualcomm SDX 55",
      "Qualcomm QCN 7605"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-10537",
  "serverity": "\u9ad8",
  "submitTime": "2019-12-25",
  "title": "\u591a\u6b3eQualcomm\u4ea7\u54c1\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2019-10537 (GCVE-0-2019-10537)

Vulnerability from cvelistv5 – Published: 2019-12-18 05:25 – Updated: 2024-08-04 22:24

Summary

Improper validation of event buffer extracted from FW response can lead to integer overflow, which will allow to pass the length check and eventually will lead to buffer overwrite when event data is copied to context buffer in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, Nicobar, QCA6574AU, QCN7605, QCS405, QCS605, SDM660, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Severity ?

No CVSS data available.

CWE

Integer Overflow to Buffer Overflow in WLAN HOST

Assigner

qualcomm

References

URL

Tags

https://www.qualcomm.com/company/product-security…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Qualcomm, Inc.	Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music	Affected: MDM9607, Nicobar, QCA6574AU, QCN7605, QCS405, QCS605, SDM660, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:24:18.700Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "MDM9607, Nicobar, QCA6574AU, QCN7605, QCS405, QCS605, SDM660, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper validation of event buffer extracted from FW response can lead to integer overflow, which will allow to pass the length check and eventually will lead to buffer overwrite when event data is copied to context buffer in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music in MDM9607, Nicobar, QCA6574AU, QCN7605, QCS405, QCS605, SDM660, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Integer Overflow to Buffer Overflow in WLAN HOST",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-18T05:25:44",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@qualcomm.com",
          "ID": "CVE-2019-10537",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "MDM9607, Nicobar, QCA6574AU, QCN7605, QCS405, QCS605, SDM660, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Qualcomm, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper validation of event buffer extracted from FW response can lead to integer overflow, which will allow to pass the length check and eventually will lead to buffer overwrite when event data is copied to context buffer in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music in MDM9607, Nicobar, QCA6574AU, QCN7605, QCS405, QCS605, SDM660, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Integer Overflow to Buffer Overflow in WLAN HOST"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin",
              "refsource": "CONFIRM",
              "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2019-10537",
    "datePublished": "2019-12-18T05:25:44",
    "dateReserved": "2019-03-29T00:00:00",
    "dateUpdated": "2024-08-04T22:24:18.700Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-03574

CVE-2019-10537 (GCVE-0-2019-10537)

Tags

Sightings

Nomenclature