Vulnerability Name: CVE-2019-10606 (CCN-174949) Assigned: 2019-03-29 Published: 2019-03-29 Updated: 2020-01-24 Summary: Out-of-bound access will occur in USB driver due to lack of check to validate the frame size passed by user in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, QCS605, SDX24 CVSS v3 Severity: 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
8.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-120 Vulnerability Consequences: Gain Access References: Source: MITRECVE-2019-10606 qualcomm-cve201910606-bo(174949) January 2020 Security Bulletin https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin Vulnerable Configuration: Configuration 1 :cpe:/o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:mdm9607:-:*:*:*:*:*:*:* Configuration 2 :cpe:/o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:msm8909w:-:*:*:*:*:*:*:* Configuration 3 :cpe:/o:qualcomm:msm8917_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:msm8917:-:*:*:*:*:*:*:* Configuration 4 :cpe:/o:qualcomm:msm8920_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:msm8920:-:*:*:*:*:*:*:* Configuration 5 :cpe:/o:qualcomm:msm8937_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:msm8937:-:*:*:*:*:*:*:* Configuration 6 :cpe:/o:qualcomm:msm8940_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:msm8940:-:*:*:*:*:*:*:* Configuration 7 :cpe:/o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:qcs605:-:*:*:*:*:*:*:* Configuration 8 :cpe:/o:qualcomm:sdx24_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sdx24:-:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/h:qualcomm:snapdragon_mobile:-:*:*:*:*:*:*:* OR cpe:/h:qualcomm:snapdragon_auto:-:*:*:*:*:*:*:* OR cpe:/h:qualcomm:snapdragon_consumer_electronics_connectivity:-:*:*:*:*:*:*:* OR cpe:/h:qualcomm:snapdragon_consumer_internet_of_things:-:*:*:*:*:*:*:* OR cpe:/h:qualcomm:snapdragon_industrial_internet_of_things:-:*:*:*:*:*:*:* OR cpe:/o:qualcomm:snapdragon_wearables:-:*:*:*:*:*:*:* BACK
qualcomm mdm9607 firmware -
qualcomm mdm9607 -
qualcomm msm8909w firmware -
qualcomm msm8909w -
qualcomm msm8917 firmware -
qualcomm msm8917 -
qualcomm msm8920 firmware -
qualcomm msm8920 -
qualcomm msm8937 firmware -
qualcomm msm8937 -
qualcomm msm8940 firmware -
qualcomm msm8940 -
qualcomm qcs605 firmware -
qualcomm qcs605 -
qualcomm sdx24 firmware -
qualcomm sdx24 -
qualcomm snapdragon mobile -
qualcomm snapdragon auto -
qualcomm snapdragon consumer electronics connectivity -
qualcomm snapdragon consumer internet of things -
qualcomm snapdragon industrial internet of things -
qualcomm snapdragon wearables -
Denotes that component is vulnerable