| Vulnerability Name: | CVE-2019-10583 (CCN-174946) |
| Assigned: | 2019-03-29 |
| Published: | 2019-03-29 |
| Updated: | 2020-01-24 |
| Summary: | Use after free issue occurs when camera access sensors data through direct report mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8096AU, MDM9607, MSM8909W, Nicobar, QCS605, SA6155P, SDA845, SDM429W, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR1130, SXR2130
|
| CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): High
Integrity (I): High
Availibility (A): High |
8.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): High
Integrity (I): High
Availibility (A): High |
|
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)| Exploitability Metrics: | Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete |
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)| Exploitability Metrics: | Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete |
|
| Vulnerability Type: | CWE-416
|
| Vulnerability Consequences: | Gain Access |
| References: | Source: MITRE
Type: CNA
CVE-2019-10583
Source: XF
Type: UNKNOWN
qualcomm-cve201910583-code-exec(174946)
Source: CCN
Type: Qualcomm Web site
January 2020 Security Bulletin
Source: CONFIRM
Type: Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin
|
| Vulnerable Configuration: | Configuration 1:
cpe:/o:qualcomm:apq8096au_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:apq8096au:-:*:*:*:*:*:*:*
Configuration 2:
cpe:/o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:mdm9607:-:*:*:*:*:*:*:*
Configuration 3:
cpe:/o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:msm8909w:-:*:*:*:*:*:*:*
Configuration 4:
cpe:/o:qualcomm:nicobar_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:nicobar:-:*:*:*:*:*:*:*
Configuration 5:
cpe:/o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:qcs605:-:*:*:*:*:*:*:*
Configuration 6:
cpe:/o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sa6155p:-:*:*:*:*:*:*:*
Configuration 7:
cpe:/o:qualcomm:sda845_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sda845:-:*:*:*:*:*:*:*
Configuration 8:
cpe:/o:qualcomm:sdm429w_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sdm429w:-:*:*:*:*:*:*:*
Configuration 9:
cpe:/o:qualcomm:sdm670_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sdm670:-:*:*:*:*:*:*:*
Configuration 10:
cpe:/o:qualcomm:sdm710_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sdm710:-:*:*:*:*:*:*:*
Configuration 11:
cpe:/o:qualcomm:sdm845_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sdm845:-:*:*:*:*:*:*:*
Configuration 12:
cpe:/o:qualcomm:sm6150_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sm6150:-:*:*:*:*:*:*:*
Configuration 13:
cpe:/o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sm8150:-:*:*:*:*:*:*:*
Configuration 14:
cpe:/o:qualcomm:sm8250_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sm8250:-:*:*:*:*:*:*:*
Configuration 15:
cpe:/o:qualcomm:sxr1130_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sxr1130:-:*:*:*:*:*:*:*
Configuration 16:
cpe:/o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sxr2130:-:*:*:*:*:*:*:*
Configuration CCN 1:
cpe:/h:qualcomm:snapdragon_mobile:-:*:*:*:*:*:*:*OR cpe:/h:qualcomm:snapdragon_auto:-:*:*:*:*:*:*:*OR cpe:/h:qualcomm:snapdragon_compute:-:*:*:*:*:*:*:*OR cpe:/h:qualcomm:snapdragon_consumer_internet_of_things:-:*:*:*:*:*:*:*OR cpe:/h:qualcomm:snapdragon_industrial_internet_of_things:-:*:*:*:*:*:*:*OR cpe:/h:qualcomm:snapdragon_voice_&_music:-:*:*:*:*:*:*:*OR cpe:/o:qualcomm:snapdragon_wearables:-:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| BACK |
qualcomm apq8096au firmware -
qualcomm apq8096au -
qualcomm mdm9607 firmware -
qualcomm mdm9607 -
qualcomm msm8909w firmware -
qualcomm msm8909w -
qualcomm nicobar firmware -
qualcomm nicobar -
qualcomm qcs605 firmware -
qualcomm qcs605 -
qualcomm sa6155p firmware -
qualcomm sa6155p -
qualcomm sda845 firmware -
qualcomm sda845 -
qualcomm sdm429w firmware -
qualcomm sdm429w -
qualcomm sdm670 firmware -
qualcomm sdm670 -
qualcomm sdm710 firmware -
qualcomm sdm710 -
qualcomm sdm845 firmware -
qualcomm sdm845 -
qualcomm sm6150 firmware -
qualcomm sm6150 -
qualcomm sm8150 firmware -
qualcomm sm8150 -
qualcomm sm8250 firmware -
qualcomm sm8250 -
qualcomm sxr1130 firmware -
qualcomm sxr1130 -
qualcomm sxr2130 firmware -
qualcomm sxr2130 -
qualcomm snapdragon mobile -
qualcomm snapdragon auto -
qualcomm snapdragon compute -
qualcomm snapdragon consumer internet of things -
qualcomm snapdragon industrial internet of things -
qualcomm snapdragon voice & music -
qualcomm snapdragon wearables -