FKIE_CVE-2019-14044

Vulnerability from fkie_nvd - Published: 2020-02-07 05:15 - Updated: 2024-11-21 04:25
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Out of bound access due to access of uninitialized memory segment in an array of pointers while normal camera open close in Snapdragon Consumer IOT, Snapdragon Mobile in QCS605, SDM439, SDM630, SDM636, SDM660, SDX24
References
product-security@qualcomm.comhttps://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletinPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletinPatch, Vendor Advisory
Impacted products
Vendor Product Version
qualcomm qcs605_firmware -
qualcomm qcs605 -
qualcomm sdm439_firmware -
qualcomm sdm439 -
qualcomm sdm630_firmware -
qualcomm sdm630 -
qualcomm sdm636_firmware -
qualcomm sdm636 -
qualcomm sdm660_firmware -
qualcomm sdm660 -
qualcomm sdx24_firmware -
qualcomm sdx24 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B05FD66D-13A6-40E9-A64B-E428378F237E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0D665C1-3EBA-42F2-BF56-55E6C365F7DF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:qualcomm:sdm439_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "84289E6D-DA2A-4D04-9DDA-E8C46DDDD056",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:qualcomm:sdm439:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0B56360-7AC3-410A-B7F8-1BE8514B3781",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EA0D645-80F6-48C3-AF0D-99198ADC8778",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:qualcomm:sdm630:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "814FF3F3-CD5A-45A3-988C-6457D2CEB48C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:qualcomm:sdm636_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F00D854-0AC7-415F-B19A-642CB9F72210",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:qualcomm:sdm636:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F977B432-2709-4D75-AA3E-F440285B7BA2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24D7B67C-6FEC-48F8-9D46-778E4528BC20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:qualcomm:sdm660:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "05006807-D961-446C-B8DC-C87507F1316E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:qualcomm:sdx24_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9BE864E-7B1E-44D5-A10A-60078095DE33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:qualcomm:sdx24:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "96DD6B48-2554-464D-A061-DBB4B8E00758",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Out of bound access due to access of uninitialized memory segment in an array of pointers while normal camera open close in Snapdragon Consumer IOT, Snapdragon Mobile in QCS605, SDM439, SDM630, SDM636, SDM660, SDX24"
    },
    {
      "lang": "es",
      "value": "Un acceso fuera del limite debido al acceso del segmento de memoria no inicializado en una matriz de punteros mientras la c\u00e1mara normal se abre y cierra en los productos Snapdragon Consumer IOT, Snapdragon Mobile en las versiones QCS605, SDM439, SDM630, SDM636, SDM660, SDX24."
    }
  ],
  "id": "CVE-2019-14044",
  "lastModified": "2024-11-21T04:25:58.280",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-07T05:15:11.687",
  "references": [
    {
      "source": "product-security@qualcomm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin"
    }
  ],
  "sourceIdentifier": "product-security@qualcomm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-129"
        },
        {
          "lang": "en",
          "value": "CWE-908"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.