CVE-2019-10537 (GCVE-0-2019-10537)

Vulnerability from cvelistv5 – Published: 2019-12-18 05:25 – Updated: 2024-08-04 22:24
VLAI?
Summary
Improper validation of event buffer extracted from FW response can lead to integer overflow, which will allow to pass the length check and eventually will lead to buffer overwrite when event data is copied to context buffer in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, Nicobar, QCA6574AU, QCN7605, QCS405, QCS605, SDM660, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
Severity ?
No CVSS data available.
CWE
  • Integer Overflow to Buffer Overflow in WLAN HOST
Assigner
References
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music Affected: MDM9607, Nicobar, QCA6574AU, QCN7605, QCS405, QCS605, SDM660, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:24:18.700Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "MDM9607, Nicobar, QCA6574AU, QCN7605, QCS405, QCS605, SDM660, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper validation of event buffer extracted from FW response can lead to integer overflow, which will allow to pass the length check and eventually will lead to buffer overwrite when event data is copied to context buffer in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music in MDM9607, Nicobar, QCA6574AU, QCN7605, QCS405, QCS605, SDM660, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Integer Overflow to Buffer Overflow in WLAN HOST",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-18T05:25:44",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@qualcomm.com",
          "ID": "CVE-2019-10537",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "MDM9607, Nicobar, QCA6574AU, QCN7605, QCS405, QCS605, SDM660, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Qualcomm, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper validation of event buffer extracted from FW response can lead to integer overflow, which will allow to pass the length check and eventually will lead to buffer overwrite when event data is copied to context buffer in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music in MDM9607, Nicobar, QCA6574AU, QCN7605, QCS405, QCS605, SDM660, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Integer Overflow to Buffer Overflow in WLAN HOST"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin",
              "refsource": "CONFIRM",
              "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2019-10537",
    "datePublished": "2019-12-18T05:25:44",
    "dateReserved": "2019-03-29T00:00:00",
    "dateUpdated": "2024-08-04T22:24:18.700Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A35FECFB-60AE-42A8-BCBB-FEA7D5826D49\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9765187-8653-4D66-B230-B2CE862AC5C0\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qualcomm:nicobar_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"490B208B-BBF3-4C58-A2BD-626DF6841AEE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:qualcomm:nicobar:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"572C4751-B805-430C-B26B-2DF661B362C2\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D527E2B1-2A46-4FBA-9F7A-F5543677C8FB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8374DDB3-D484-4141-AE0C-42333D2721F6\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qualcomm:qcn7605_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C9D1966-30F0-414D-BE75-0A14B12A1457\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:qualcomm:qcn7605:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD28C87D-1D28-4C84-BFE4-56EE3BF2C6B0\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36F5A18B-8C9E-4A38-B994-E3E2696BB83D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:qualcomm:qcs405:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B703667D-DE09-40AF-BA44-E0E56252A790\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B05FD66D-13A6-40E9-A64B-E428378F237E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D0D665C1-3EBA-42F2-BF56-55E6C365F7DF\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24D7B67C-6FEC-48F8-9D46-778E4528BC20\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:qualcomm:sdm660:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"05006807-D961-446C-B8DC-C87507F1316E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qualcomm:sdm845_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DED4B719-53B5-4D16-B3FA-ADE29D28ED86\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:qualcomm:sdm845:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D342C86B-E184-457C-9F72-BD853ED79425\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E93FB34B-3674-404D-9687-E092E9A246AB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:qualcomm:sdx55:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3FF5A9A-A34A-499C-B6E0-D67B496C5454\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qualcomm:sm6150_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8ABE492A-3755-4969-9DEB-4B85EBB84644\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:qualcomm:sm6150:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E3D3787B-6ACC-4591-B041-01307ED66C36\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qualcomm:sm7150_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F63A748F-2236-4486-83F1-DE4BCBE5D56D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:qualcomm:sm7150:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"184F3DFC-27E8-48AC-B46C-C589DBCBF030\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9286B1E8-E39F-4DAA-8969-311CA2A0A8AA\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:qualcomm:sm8150:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"19B9AE36-87A9-4EE7-87C8-CCA2DCF51039\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qualcomm:sm8250_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DDC730C6-FB32-4566-AAE2-B2B261BA9411\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:qualcomm:sm8250:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A432773-467F-492C-AA3A-ADF08A21FB3F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qualcomm:sxr1130_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"096F7BA5-FF58-416B-93EF-733B16326C86\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:qualcomm:sxr1130:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7AF958FB-1611-4102-A2DB-8D4311AE0D72\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F9FA3B1-E4E4-4D9B-A99C-7BF958D4B993\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:qualcomm:sxr2130:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"95762B01-2762-45BD-8388-5DB77EA6139C\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Improper validation of event buffer extracted from FW response can lead to integer overflow, which will allow to pass the length check and eventually will lead to buffer overwrite when event data is copied to context buffer in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music in MDM9607, Nicobar, QCA6574AU, QCN7605, QCS405, QCS605, SDM660, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130\"}, {\"lang\": \"es\", \"value\": \"Una validaci\\u00f3n inapropiada del b\\u00fafer de eventos extra\\u00eddo de la respuesta de FW puede conllevar a un desbordamiento de enteros, lo que permitir\\u00e1 pasar la comprobaci\\u00f3n de longitud y eventualmente conllevar\\u00e1 a la sobrescritura del b\\u00fafer cuando los datos del evento se copien en el b\\u00fafer de contexto en los productos Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026amp; Music en las versiones MDM9607, Nicobar, QCA6574AU, QCN7605, QCS405, QCS605, SDM660, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130.\"}]",
      "id": "CVE-2019-10537",
      "lastModified": "2024-11-21T04:19:23.337",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-12-18T06:15:11.940",
      "references": "[{\"url\": \"https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin\", \"source\": \"product-security@qualcomm.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@qualcomm.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-190\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-10537\",\"sourceIdentifier\":\"product-security@qualcomm.com\",\"published\":\"2019-12-18T06:15:11.940\",\"lastModified\":\"2024-11-21T04:19:23.337\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper validation of event buffer extracted from FW response can lead to integer overflow, which will allow to pass the length check and eventually will lead to buffer overwrite when event data is copied to context buffer in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music in MDM9607, Nicobar, QCA6574AU, QCN7605, QCS405, QCS605, SDM660, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130\"},{\"lang\":\"es\",\"value\":\"Una validaci\u00f3n inapropiada del b\u00fafer de eventos extra\u00eddo de la respuesta de FW puede conllevar a un desbordamiento de enteros, lo que permitir\u00e1 pasar la comprobaci\u00f3n de longitud y eventualmente conllevar\u00e1 a la sobrescritura del b\u00fafer cuando los datos del evento se copien en el b\u00fafer de contexto en los productos Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026amp; Music en las versiones MDM9607, Nicobar, QCA6574AU, QCN7605, QCS405, QCS605, SDM660, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A35FECFB-60AE-42A8-BCBB-FEA7D5826D49\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9765187-8653-4D66-B230-B2CE862AC5C0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:nicobar_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"490B208B-BBF3-4C58-A2BD-626DF6841AEE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:nicobar:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"572C4751-B805-430C-B26B-2DF661B362C2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D527E2B1-2A46-4FBA-9F7A-F5543677C8FB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8374DDB3-D484-4141-AE0C-42333D2721F6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcn7605_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C9D1966-30F0-414D-BE75-0A14B12A1457\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcn7605:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD28C87D-1D28-4C84-BFE4-56EE3BF2C6B0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36F5A18B-8C9E-4A38-B994-E3E2696BB83D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcs405:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B703667D-DE09-40AF-BA44-E0E56252A790\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B05FD66D-13A6-40E9-A64B-E428378F237E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0D665C1-3EBA-42F2-BF56-55E6C365F7DF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24D7B67C-6FEC-48F8-9D46-778E4528BC20\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sdm660:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05006807-D961-446C-B8DC-C87507F1316E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sdm845_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DED4B719-53B5-4D16-B3FA-ADE29D28ED86\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sdm845:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D342C86B-E184-457C-9F72-BD853ED79425\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E93FB34B-3674-404D-9687-E092E9A246AB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sdx55:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3FF5A9A-A34A-499C-B6E0-D67B496C5454\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sm6150_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ABE492A-3755-4969-9DEB-4B85EBB84644\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sm6150:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3D3787B-6ACC-4591-B041-01307ED66C36\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sm7150_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F63A748F-2236-4486-83F1-DE4BCBE5D56D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sm7150:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"184F3DFC-27E8-48AC-B46C-C589DBCBF030\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9286B1E8-E39F-4DAA-8969-311CA2A0A8AA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sm8150:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19B9AE36-87A9-4EE7-87C8-CCA2DCF51039\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sm8250_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDC730C6-FB32-4566-AAE2-B2B261BA9411\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sm8250:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A432773-467F-492C-AA3A-ADF08A21FB3F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sxr1130_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"096F7BA5-FF58-416B-93EF-733B16326C86\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sxr1130:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AF958FB-1611-4102-A2DB-8D4311AE0D72\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F9FA3B1-E4E4-4D9B-A99C-7BF958D4B993\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sxr2130:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95762B01-2762-45BD-8388-5DB77EA6139C\"}]}]}],\"references\":[{\"url\":\"https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin\",\"source\":\"product-security@qualcomm.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.