cnvd - cnvd-2020-16058

CNVD-2020-16058

Vulnerability from cnvd - Published: 2020-03-09

Title

多款Qualcomm产品资源管理错误漏洞（CNVD-2020-16058）

Description

Qualcomm MDM9206等都是美国高通（Qualcomm）公司的产品。MDM9206是一款中央处理器（CPU）产品。MDM9607是一款中央处理器（CPU）产品。MDM9650是一款中央处理器（CPU）产品。多款Qualcomm产品中的DSP Services存在资源管理错误漏洞。该漏洞源于网络系统或产品对系统资源（如内存、磁盘空间、文件等）的管理不当。目前没有详细的漏洞细节提供。

Severity

中

Patch Name

多款Qualcomm产品资源管理错误漏洞（CNVD-2020-16058）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin

Reference

https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin

Impacted products

Name
['Qualcomm MDM 9607', 'Qualcomm MDM 9650', 'Qualcomm MSM 8909', 'Qualcomm MSM 8996AU', 'Qualcomm QCS 605', 'Qualcomm SDA 660', 'Qualcomm SDM 630', 'Qualcomm SDM 660', 'Qualcomm MSM 8909W', 'Qualcomm QCS 405', 'Qualcomm SDX 20', 'Qualcomm MDM 9206', 'Qualcomm SXR 1130', 'Qualcomm Qualcomm APQ 8096AU', 'Qualcomm Qualcomm APQ 8098', 'Qualcomm SDA 845', 'Qualcomm SDM 636', 'Qualcomm SDM 845', 'Qualcomm SM 6150', 'Qualcomm SM 7150', 'Qualcomm SM 8150', 'Qualcomm SM 8250', 'Qualcomm SXR 2130', 'Qualcomm MSM 8917', 'Qualcomm MSM 8920', 'Qualcomm MSM 8937', 'Qualcomm MSM 8939', 'Qualcomm MSM 8940', 'Qualcomm MDM 9207C', 'Qualcomm Qualcomm APQ 8009', 'Qualcomm Qualcomm APQ 8017', 'Qualcomm Qualcomm APQ 8053', 'Qualcomm Qualcomm APQ 8096']

Name

['Qualcomm MDM 9607', 'Qualcomm MDM 9650', 'Qualcomm MSM 8909', 'Qualcomm MSM 8996AU', 'Qualcomm QCS 605', 'Qualcomm SDA 660', 'Qualcomm SDM 630', 'Qualcomm SDM 660', 'Qualcomm MSM 8909W', 'Qualcomm QCS 405', 'Qualcomm SDX 20', 'Qualcomm MDM 9206', 'Qualcomm SXR 1130', 'Qualcomm Qualcomm APQ 8096AU', 'Qualcomm Qualcomm APQ 8098', 'Qualcomm SDA 845', 'Qualcomm SDM 636', 'Qualcomm SDM 845', 'Qualcomm SM 6150', 'Qualcomm SM 7150', 'Qualcomm SM 8150', 'Qualcomm SM 8250', 'Qualcomm SXR 2130', 'Qualcomm MSM 8917', 'Qualcomm MSM 8920', 'Qualcomm MSM 8937', 'Qualcomm MSM 8939', 'Qualcomm MSM 8940', 'Qualcomm MDM 9207C', 'Qualcomm Qualcomm APQ 8009', 'Qualcomm Qualcomm APQ 8017', 'Qualcomm Qualcomm APQ 8053', 'Qualcomm Qualcomm APQ 8096']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-10517",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-10517"
    }
  },
  "description": "Qualcomm MDM9206\u7b49\u90fd\u662f\u7f8e\u56fd\u9ad8\u901a\uff08Qualcomm\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002MDM9206\u662f\u4e00\u6b3e\u4e2d\u592e\u5904\u7406\u5668\uff08CPU\uff09\u4ea7\u54c1\u3002MDM9607\u662f\u4e00\u6b3e\u4e2d\u592e\u5904\u7406\u5668\uff08CPU\uff09\u4ea7\u54c1\u3002MDM9650\u662f\u4e00\u6b3e\u4e2d\u592e\u5904\u7406\u5668\uff08CPU\uff09\u4ea7\u54c1\u3002\n\n\u591a\u6b3eQualcomm\u4ea7\u54c1\u4e2d\u7684DSP Services\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5bf9\u7cfb\u7edf\u8d44\u6e90\uff08\u5982\u5185\u5b58\u3001\u78c1\u76d8\u7a7a\u95f4\u3001\u6587\u4ef6\u7b49\uff09\u7684\u7ba1\u7406\u4e0d\u5f53\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-16058",
  "openTime": "2020-03-09",
  "patchDescription": "Qualcomm MDM9206\u7b49\u90fd\u662f\u7f8e\u56fd\u9ad8\u901a\uff08Qualcomm\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002MDM9206\u662f\u4e00\u6b3e\u4e2d\u592e\u5904\u7406\u5668\uff08CPU\uff09\u4ea7\u54c1\u3002MDM9607\u662f\u4e00\u6b3e\u4e2d\u592e\u5904\u7406\u5668\uff08CPU\uff09\u4ea7\u54c1\u3002MDM9650\u662f\u4e00\u6b3e\u4e2d\u592e\u5904\u7406\u5668\uff08CPU\uff09\u4ea7\u54c1\u3002\r\n\r\n\u591a\u6b3eQualcomm\u4ea7\u54c1\u4e2d\u7684DSP Services\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5bf9\u7cfb\u7edf\u8d44\u6e90\uff08\u5982\u5185\u5b58\u3001\u78c1\u76d8\u7a7a\u95f4\u3001\u6587\u4ef6\u7b49\uff09\u7684\u7ba1\u7406\u4e0d\u5f53\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eQualcomm\u4ea7\u54c1\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2020-16058\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Qualcomm MDM 9607",
      "Qualcomm MDM 9650",
      "Qualcomm MSM 8909",
      "Qualcomm MSM 8996AU",
      "Qualcomm QCS 605",
      "Qualcomm SDA 660",
      "Qualcomm SDM 630",
      "Qualcomm SDM 660",
      "Qualcomm MSM 8909W",
      "Qualcomm QCS 405",
      "Qualcomm SDX 20",
      "Qualcomm MDM 9206",
      "Qualcomm SXR 1130",
      "Qualcomm Qualcomm APQ 8096AU",
      "Qualcomm Qualcomm APQ 8098",
      "Qualcomm SDA 845",
      "Qualcomm SDM 636",
      "Qualcomm SDM 845",
      "Qualcomm SM 6150",
      "Qualcomm SM 7150",
      "Qualcomm SM 8150",
      "Qualcomm SM 8250",
      "Qualcomm SXR 2130",
      "Qualcomm MSM 8917",
      "Qualcomm MSM 8920",
      "Qualcomm MSM 8937",
      "Qualcomm MSM 8939",
      "Qualcomm MSM 8940",
      "Qualcomm MDM 9207C",
      "Qualcomm Qualcomm APQ 8009",
      "Qualcomm Qualcomm APQ 8017",
      "Qualcomm Qualcomm APQ 8053",
      "Qualcomm Qualcomm APQ 8096"
    ]
  },
  "referenceLink": "https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin",
  "serverity": "\u4e2d",
  "submitTime": "2019-12-05",
  "title": "\u591a\u6b3eQualcomm\u4ea7\u54c1\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2020-16058\uff09"
}

CVE-2019-10517 (GCVE-0-2019-10517)

Vulnerability from cvelistv5 – Published: 2019-12-18 05:25 – Updated: 2024-08-04 22:24

Summary

Memory is being freed up twice when two concurrent threads are executing in parallel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8996AU, QCS405, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Severity ?

No CVSS data available.

CWE

Double Free Issues in DSP Services

Assigner

qualcomm

References

URL

Tags

https://www.qualcomm.com/company/product-security…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Qualcomm, Inc.	Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables	Affected: APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8996AU, QCS405, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:24:18.626Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8996AU, QCS405, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory is being freed up twice when two concurrent threads are executing in parallel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8996AU, QCS405, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Double Free Issues in DSP Services",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-18T05:25:42",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@qualcomm.com",
          "ID": "CVE-2019-10517",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8996AU, QCS405, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Qualcomm, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Memory is being freed up twice when two concurrent threads are executing in parallel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8996AU, QCS405, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Double Free Issues in DSP Services"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin",
              "refsource": "CONFIRM",
              "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2019-10517",
    "datePublished": "2019-12-18T05:25:42",
    "dateReserved": "2019-03-29T00:00:00",
    "dateUpdated": "2024-08-04T22:24:18.626Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-16058

CVE-2019-10517 (GCVE-0-2019-10517)

Tags

Sightings

Nomenclature