Vulnerability Name:

CVE-2019-10492 (CCN-168608)

Assigned:2019-08-05
Published:2019-08-05
Updated:2021-07-21
Summary:Boot image not getting verified by AVB in Snapdragon Auto, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 820, SD 820A, SDM439
CVSS v3 Severity:7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
8.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-327
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2019-10492

Source: XF
Type: UNKNOWN
codeaurora-cve201910492-code-exec(168608)

Source: CCN
Type: Code Aurora Security Bulletin August 2019
Code Aurora

Source: CONFIRM
Type: Patch, Third Party Advisory
https://www.codeaurora.org/security-bulletin/2019/08/05/august-2019-code-aurora-security-bulletin

Vulnerable Configuration:Configuration 1:
  • cpe:/o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:mdm9607:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:msm8909w:-:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:qualcomm:qualcomm_215_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:qualcomm_215:-:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_210:-:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_212:-:*:*:*:*:*:*:*

    • Configuration 6:
  • cpe:/o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_205:-:*:*:*:*:*:*:*

    • Configuration 7:
  • cpe:/o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_425:-:*:*:*:*:*:*:*

    • Configuration 8:
  • cpe:/o:qualcomm:sd_427_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_427:-:*:*:*:*:*:*:*

    • Configuration 9:
  • cpe:/o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_430:-:*:*:*:*:*:*:*

    • Configuration 10:
  • cpe:/o:qualcomm:sd_435_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_435:-:*:*:*:*:*:*:*

    • Configuration 11:
  • cpe:/o:qualcomm:sd_439_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_439:-:*:*:*:*:*:*:*

    • Configuration 12:
  • cpe:/o:qualcomm:sd_429_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_429:-:*:*:*:*:*:*:*

    • Configuration 13:
  • cpe:/o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_450:-:*:*:*:*:*:*:*

    • Configuration 14:
  • cpe:/o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_625:-:*:*:*:*:*:*:*

    • Configuration 15:
  • cpe:/o:qualcomm:sd_632_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_632:-:*:*:*:*:*:*:*

    • Configuration 16:
  • cpe:/o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_820:-:*:*:*:*:*:*:*

    • Configuration 17:
  • cpe:/o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_820a:-:*:*:*:*:*:*:*

    • Configuration 18:
  • cpe:/o:qualcomm:sdm439_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sdm439:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:codeaurora:android-msm:2.6.29:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    qualcomm mdm9607 firmware -
    qualcomm mdm9607 -
    qualcomm msm8909w firmware -
    qualcomm msm8909w -
    qualcomm qualcomm 215 firmware -
    qualcomm qualcomm 215 -
    qualcomm sd 210 firmware -
    qualcomm sd 210 -
    qualcomm sd 212 firmware -
    qualcomm sd 212 -
    qualcomm sd 205 firmware -
    qualcomm sd 205 -
    qualcomm sd 425 firmware -
    qualcomm sd 425 -
    qualcomm sd 427 firmware -
    qualcomm sd 427 -
    qualcomm sd 430 firmware -
    qualcomm sd 430 -
    qualcomm sd 435 firmware -
    qualcomm sd 435 -
    qualcomm sd 439 firmware -
    qualcomm sd 439 -
    qualcomm sd 429 firmware -
    qualcomm sd 429 -
    qualcomm sd 450 firmware -
    qualcomm sd 450 -
    qualcomm sd 625 firmware -
    qualcomm sd 625 -
    qualcomm sd 632 firmware -
    qualcomm sd 632 -
    qualcomm sd 820 firmware -
    qualcomm sd 820 -
    qualcomm sd 820a firmware -
    qualcomm sd 820a -
    qualcomm sdm439 firmware -
    qualcomm sdm439 -
    codeaurora android-msm 2.6.29