cnvd - cnvd-2020-16065

CNVD-2020-16065

Vulnerability from cnvd - Published: 2020-03-09

Title

多款Qualcomm产品信息泄露漏洞（CNVD-2020-16065）

Description

Qualcomm SDA660等都是美国高通（Qualcomm）公司的一款中央处理器（CPU）产品。多款Qualcomm产品中的System Debug存在安全漏洞，该漏洞源于程序缺少地址范围检查。攻击者可利用该漏洞泄露信息。

Severity

低

Patch Name

多款Qualcomm产品信息泄露漏洞（CNVD-2020-16065）的补丁

Patch Description

Qualcomm SDA660等都是美国高通（Qualcomm）公司的一款中央处理器（CPU）产品。多款Qualcomm产品中的System Debug存在安全漏洞，该漏洞源于程序缺少地址范围检查。攻击者可利用该漏洞泄露信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin

Reference

https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin

Impacted products

Name
['Qualcomm MSM 8909', 'Qualcomm QCS 605', 'Qualcomm SDA 660', 'Qualcomm SDM 439', 'Qualcomm SDM 630', 'Qualcomm SDM 660', 'Qualcomm QCS 405', 'Qualcomm Snapdragon_High_Med 2016', 'Qualcomm SXR 1130', 'Qualcomm MDM 9205', 'Qualcomm QCS 404', 'Qualcomm MSM 8998', 'Qualcomm Nicobar', 'Qualcomm SDA 845', 'Qualcomm SDM 636', 'Qualcomm SDM 670', 'Qualcomm SDM 710', 'Qualcomm SDM 845', 'Qualcomm SDM 850', 'Qualcomm MSM 8905', 'Qualcomm MSM 8917', 'Qualcomm MSM 8920', 'Qualcomm MSM 8937', 'Qualcomm MSM 8940', 'Qualcomm MSM 8953', 'Qualcomm QM 215', 'Qualcomm SDM 429', 'Qualcomm SDM 450', 'Qualcomm SDM 632', 'Qualcomm Qualcomm APQ 8009', 'Qualcomm Qualcomm APQ 8017', 'Qualcomm Qualcomm APQ 8053']

Name

['Qualcomm MSM 8909', 'Qualcomm QCS 605', 'Qualcomm SDA 660', 'Qualcomm SDM 439', 'Qualcomm SDM 630', 'Qualcomm SDM 660', 'Qualcomm QCS 405', 'Qualcomm Snapdragon_High_Med 2016', 'Qualcomm SXR 1130', 'Qualcomm MDM 9205', 'Qualcomm QCS 404', 'Qualcomm MSM 8998', 'Qualcomm Nicobar', 'Qualcomm SDA 845', 'Qualcomm SDM 636', 'Qualcomm SDM 670', 'Qualcomm SDM 710', 'Qualcomm SDM 845', 'Qualcomm SDM 850', 'Qualcomm MSM 8905', 'Qualcomm MSM 8917', 'Qualcomm MSM 8920', 'Qualcomm MSM 8937', 'Qualcomm MSM 8940', 'Qualcomm MSM 8953', 'Qualcomm QM 215', 'Qualcomm SDM 429', 'Qualcomm SDM 450', 'Qualcomm SDM 632', 'Qualcomm Qualcomm APQ 8009', 'Qualcomm Qualcomm APQ 8017', 'Qualcomm Qualcomm APQ 8053']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-2295",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-2295"
    }
  },
  "description": "Qualcomm SDA660\u7b49\u90fd\u662f\u7f8e\u56fd\u9ad8\u901a\uff08Qualcomm\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u4e2d\u592e\u5904\u7406\u5668\uff08CPU\uff09\u4ea7\u54c1\u3002\n\n\u591a\u6b3eQualcomm\u4ea7\u54c1\u4e2d\u7684System Debug\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u7f3a\u5c11\u5730\u5740\u8303\u56f4\u68c0\u67e5\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6cc4\u9732\u4fe1\u606f\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-16065",
  "openTime": "2020-03-09",
  "patchDescription": "Qualcomm SDA660\u7b49\u90fd\u662f\u7f8e\u56fd\u9ad8\u901a\uff08Qualcomm\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u4e2d\u592e\u5904\u7406\u5668\uff08CPU\uff09\u4ea7\u54c1\u3002\r\n\r\n\u591a\u6b3eQualcomm\u4ea7\u54c1\u4e2d\u7684System Debug\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u7f3a\u5c11\u5730\u5740\u8303\u56f4\u68c0\u67e5\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6cc4\u9732\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eQualcomm\u4ea7\u54c1\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2020-16065\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Qualcomm MSM 8909",
      "Qualcomm QCS 605",
      "Qualcomm SDA 660",
      "Qualcomm SDM 439",
      "Qualcomm SDM 630",
      "Qualcomm SDM 660",
      "Qualcomm QCS 405",
      "Qualcomm Snapdragon_High_Med 2016",
      "Qualcomm SXR 1130",
      "Qualcomm MDM 9205",
      "Qualcomm QCS 404",
      "Qualcomm MSM 8998",
      "Qualcomm Nicobar",
      "Qualcomm SDA 845",
      "Qualcomm SDM 636",
      "Qualcomm SDM 670",
      "Qualcomm SDM 710",
      "Qualcomm SDM 845",
      "Qualcomm SDM 850",
      "Qualcomm MSM 8905",
      "Qualcomm MSM 8917",
      "Qualcomm MSM 8920",
      "Qualcomm MSM 8937",
      "Qualcomm MSM 8940",
      "Qualcomm MSM 8953",
      "Qualcomm QM 215",
      "Qualcomm SDM 429",
      "Qualcomm SDM 450",
      "Qualcomm SDM 632",
      "Qualcomm Qualcomm APQ 8009",
      "Qualcomm Qualcomm APQ 8017",
      "Qualcomm Qualcomm APQ 8053"
    ]
  },
  "referenceLink": "https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin",
  "serverity": "\u4f4e",
  "submitTime": "2019-11-19",
  "title": "\u591a\u6b3eQualcomm\u4ea7\u54c1\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2020-16065\uff09"
}

CVE-2019-2295 (GCVE-0-2019-2295)

Vulnerability from cvelistv5 – Published: 2019-11-21 14:38 – Updated: 2024-08-04 18:42

Summary

Information disclosure due to lack of address range check done on the SysDBG buffers in SDI code. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, MDM9205, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCS404, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, Snapdragon_High_Med_2016, SXR1130

Severity ?

No CVSS data available.

CWE

Untrusted Pointer Dereference in System Debug

Assigner

qualcomm

References

URL

Tags

https://www.qualcomm.com/company/product-security…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Qualcomm, Inc.	Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking	Affected: APQ8009, APQ8017, APQ8053, MDM9205, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCS404, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, Snapdragon_High_Med_2016, SXR1130

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:42:51.159Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wired Infrastructure and Networking",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "APQ8009, APQ8017, APQ8053, MDM9205, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCS404, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, Snapdragon_High_Med_2016, SXR1130"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Information disclosure due to lack of address range check done on the SysDBG buffers in SDI code. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, MDM9205, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCS404, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, Snapdragon_High_Med_2016, SXR1130"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Untrusted Pointer Dereference in System Debug",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-21T14:38:22",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@qualcomm.com",
          "ID": "CVE-2019-2295",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wired Infrastructure and Networking",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "APQ8009, APQ8017, APQ8053, MDM9205, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCS404, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, Snapdragon_High_Med_2016, SXR1130"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Qualcomm, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Information disclosure due to lack of address range check done on the SysDBG buffers in SDI code. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, MDM9205, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCS404, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, Snapdragon_High_Med_2016, SXR1130"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Untrusted Pointer Dereference in System Debug"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin",
              "refsource": "CONFIRM",
              "url": "https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2019-2295",
    "datePublished": "2019-11-21T14:38:22",
    "dateReserved": "2018-12-10T00:00:00",
    "dateUpdated": "2024-08-04T18:42:51.159Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-16065

CVE-2019-2295 (GCVE-0-2019-2295)

Tags

Sightings

Nomenclature