cve-2019-10596
Vulnerability from cvelistv5
Published
2020-09-08 09:31
Modified
2024-08-04 22:24
Severity ?
EPSS score ?
Summary
u'Improper access control can lead signed process to guess pid of other processes and access their address space' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Bitra, Nicobar, QCS605, QCS610, Rennell, SA6155P, Saipan, SC7180, SC8180X, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:24:18.758Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "Bitra, Nicobar, QCS605, QCS610, Rennell, SA6155P, Saipan, SC7180, SC8180X, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "u\u0027Improper access control can lead signed process to guess pid of other processes and access their address space\u0027 in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Bitra, Nicobar, QCS605, QCS610, Rennell, SA6155P, Saipan, SC7180, SC8180X, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control Issue in KERNEL",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-08T09:31:26",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2019-10596",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking",
"version": {
"version_data": [
{
"version_value": "Bitra, Nicobar, QCS605, QCS610, Rennell, SA6155P, Saipan, SC7180, SC8180X, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "u\u0027Improper access control can lead signed process to guess pid of other processes and access their address space\u0027 in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Bitra, Nicobar, QCS605, QCS610, Rennell, SA6155P, Saipan, SC7180, SC8180X, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control Issue in KERNEL"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2019-10596",
"datePublished": "2020-09-08T09:31:26",
"dateReserved": "2019-03-29T00:00:00",
"dateUpdated": "2024-08-04T22:24:18.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2019-10596\",\"sourceIdentifier\":\"product-security@qualcomm.com\",\"published\":\"2020-09-08T10:15:12.170\",\"lastModified\":\"2021-07-21T11:39:23.747\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"u\u0027Improper access control can lead signed process to guess pid of other processes and access their address space\u0027 in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Bitra, Nicobar, QCS605, QCS610, Rennell, SA6155P, Saipan, SC7180, SC8180X, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130\"},{\"lang\":\"es\",\"value\":\"Un control de acceso inapropiado puede conllevar a un proceso firmado para adivinar el pid de otros procesos y acceder a su espacio de direcciones en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking en versiones Bitra, Nicobar, QCS605, QCS610, Rennell, SA6155P, Saipan, SC7180, SC8180X, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":7.2},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:bitra_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"237CFDBE-F6BB-4D59-9A7D-8E1AF9FF4E70\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:bitra:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEA4D618-EC35-4458-BF22-7907CCBD90B2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:nicobar_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"490B208B-BBF3-4C58-A2BD-626DF6841AEE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:nicobar:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"572C4751-B805-430C-B26B-2DF661B362C2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B05FD66D-13A6-40E9-A64B-E428378F237E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0D665C1-3EBA-42F2-BF56-55E6C365F7DF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E634F59C-6817-4898-A141-082044E66836\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcs610:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29762819-EC90-499C-A8C6-1423DE3FE6B9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:rennell_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D49376E9-D31E-4E84-9401-45859263F26C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:rennell:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6D66742-81FA-46D6-B7A2-5460923D81A8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DC40C14-3B2D-4E00-9E0F-86E6BDBF2D81\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0514D433-162C-4680-8912-721D19BE6201\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:saipan_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41BF2712-4559-4C5E-937D-74DE969A7BE0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:saipan:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5FE6662E-D919-497B-81B4-3F442201D730\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sc7180_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"792A18B7-E775-4AF4-A8C4-D434400317B0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sc7180:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5170B38-0976-49BB-A916-5BE44C567218\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sc8180x_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30A45C1A-C921-42B5-9237-367245023B45\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sc8180x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56C9D979-F214-4CD4-8CF9-43BC804BB179\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sdm670_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00865826-86AE-425F-BE6F-162F611FB200\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sdm670:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CC0441C-C30B-4D99-9BAD-C1E4387302BB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sdm710_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D045BE4B-BC19-4A51-90E6-00C18389C81B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sdm710:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F006960-CDE3-4E74-B4F0-2C4B2CA93959\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sdm845_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DED4B719-53B5-4D16-B3FA-ADE29D28ED86\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sdm845:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D342C86B-E184-457C-9F72-BD853ED79425\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sdm850_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3ADE826-C55D-4731-80B9-164FEA290FAC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sdm850:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ED4F8FE-32DB-4696-A3AD-A9D7CB7E513A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sm6150_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ABE492A-3755-4969-9DEB-4B85EBB84644\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sm6150:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3D3787B-6ACC-4591-B041-01307ED66C36\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sm7150_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F63A748F-2236-4486-83F1-DE4BCBE5D56D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sm7150:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"184F3DFC-27E8-48AC-B46C-C589DBCBF030\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9286B1E8-E39F-4DAA-8969-311CA2A0A8AA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sm8150:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19B9AE36-87A9-4EE7-87C8-CCA2DCF51039\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sm8250_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDC730C6-FB32-4566-AAE2-B2B261BA9411\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sm8250:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A432773-467F-492C-AA3A-ADF08A21FB3F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sxr1130_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"096F7BA5-FF58-416B-93EF-733B16326C86\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sxr1130:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AF958FB-1611-4102-A2DB-8D4311AE0D72\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F9FA3B1-E4E4-4D9B-A99C-7BF958D4B993\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sxr2130:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95762B01-2762-45BD-8388-5DB77EA6139C\"}]}]}],\"references\":[{\"url\":\"https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin\",\"source\":\"product-security@qualcomm.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin\",\"source\":\"nvd@nist.gov\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.