Vulnerability Name: CVE-2019-10582 (CCN-174996) Assigned: 2019-03-29 Published: 2019-03-29 Updated: 2020-01-24 Summary: Use after free issue due to using of invalidated iterator to delete an object in sensors HAL in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8096AU, MSM8909W, Nicobar, QCS605, SA6155P, SDA845, SDM429W, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR1130, SXR2130 CVSS v3 Severity: 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
8.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-416 Vulnerability Consequences: Gain Access References: Source: MITRECVE-2019-10582 qualcomm-cve201910582-code-exec(174996) January 2020 Security Bulletin https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin Vulnerable Configuration: Configuration 1 :cpe:/o:qualcomm:apq8096au_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:apq8096au:-:*:*:*:*:*:*:* Configuration 2 :cpe:/o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:mdm9607:-:*:*:*:*:*:*:* Configuration 3 :cpe:/o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:msm8909w:-:*:*:*:*:*:*:* Configuration 4 :cpe:/o:qualcomm:nicobar_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:nicobar:-:*:*:*:*:*:*:* Configuration 5 :cpe:/o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:qcs605:-:*:*:*:*:*:*:* Configuration 6 :cpe:/o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sa6155p:-:*:*:*:*:*:*:* Configuration 7 :cpe:/o:qualcomm:sda845_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sda845:-:*:*:*:*:*:*:* Configuration 8 :cpe:/o:qualcomm:sdm429w_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sdm429w:-:*:*:*:*:*:*:* Configuration 9 :cpe:/o:qualcomm:sdm670_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sdm670:-:*:*:*:*:*:*:* Configuration 10 :cpe:/o:qualcomm:sdm710_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sdm710:-:*:*:*:*:*:*:* Configuration 11 :cpe:/o:qualcomm:sdm845_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sdm845:-:*:*:*:*:*:*:* Configuration 12 :cpe:/o:qualcomm:sm6150_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sm6150:-:*:*:*:*:*:*:* Configuration 13 :cpe:/o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sm8150:-:*:*:*:*:*:*:* Configuration 14 :cpe:/o:qualcomm:sm8250_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sm8250:-:*:*:*:*:*:*:* Configuration 15 :cpe:/o:qualcomm:sxr1130_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sxr1130:-:*:*:*:*:*:*:* Configuration 16 :cpe:/o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sxr2130:-:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/h:qualcomm:snapdragon_mobile:-:*:*:*:*:*:*:* OR cpe:/h:qualcomm:snapdragon_auto:-:*:*:*:*:*:*:* OR cpe:/h:qualcomm:snapdragon_consumer_internet_of_things:-:*:*:*:*:*:*:* OR cpe:/h:qualcomm:snapdragon_industrial_internet_of_things:-:*:*:*:*:*:*:* OR cpe:/h:qualcomm:snapdragon_voice_&_music:-:*:*:*:*:*:*:* OR cpe:/o:qualcomm:snapdragon_wearables:-:*:*:*:*:*:*:* BACK
qualcomm apq8096au firmware -
qualcomm apq8096au -
qualcomm mdm9607 firmware -
qualcomm mdm9607 -
qualcomm msm8909w firmware -
qualcomm msm8909w -
qualcomm nicobar firmware -
qualcomm nicobar -
qualcomm qcs605 firmware -
qualcomm qcs605 -
qualcomm sa6155p firmware -
qualcomm sa6155p -
qualcomm sda845 firmware -
qualcomm sda845 -
qualcomm sdm429w firmware -
qualcomm sdm429w -
qualcomm sdm670 firmware -
qualcomm sdm670 -
qualcomm sdm710 firmware -
qualcomm sdm710 -
qualcomm sdm845 firmware -
qualcomm sdm845 -
qualcomm sm6150 firmware -
qualcomm sm6150 -
qualcomm sm8150 firmware -
qualcomm sm8150 -
qualcomm sm8250 firmware -
qualcomm sm8250 -
qualcomm sxr1130 firmware -
qualcomm sxr1130 -
qualcomm sxr2130 firmware -
qualcomm sxr2130 -
qualcomm snapdragon mobile -
qualcomm snapdragon auto -
qualcomm snapdragon consumer internet of things -
qualcomm snapdragon industrial internet of things -
qualcomm snapdragon voice & music -
qualcomm snapdragon wearables -
Denotes that component is vulnerable