Vulnerability Name: CVE-2019-2238 (CCN-164662) Assigned: 2018-12-10 Published: 2019-07-01 Updated: 2020-08-24 Summary: Lack of check of data type can lead to subsequent loop-expression potentially go negative and the condition will still evaluate to true leading to buffer underflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 8CX, SXR1130 CVSS v3 Severity: 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
7.7 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 6.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): NoneAvailibility (A): High
CVSS v2 Severity: 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
6.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:N/A:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): NoneAvailibility (A): Complete
Vulnerability Type: CWE-787 Vulnerability Consequences: Obtain Information References: Source: MITRECVE-2019-2238 qualcomm-cve20192238-info-disc(164662) Qualcomm https://www.qualcomm.com/company/product-security/bulletins Vulnerable Configuration: Configuration 1 :cpe:/o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:mdm9206:-:*:*:*:*:*:*:* Configuration 2 :cpe:/o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:mdm9607:-:*:*:*:*:*:*:* Configuration 3 :cpe:/o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:mdm9650:-:*:*:*:*:*:*:* Configuration 4 :cpe:/o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:mdm9655:-:*:*:*:*:*:*:* Configuration 5 :cpe:/o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:qcs605:-:*:*:*:*:*:*:* Configuration 6 :cpe:/o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_210:-:*:*:*:*:*:*:* Configuration 7 :cpe:/o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_212:-:*:*:*:*:*:*:* Configuration 8 :cpe:/o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_205:-:*:*:*:*:*:*:* Configuration 9 :cpe:/o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_410:-:*:*:*:*:*:*:* Configuration 10 :cpe:/o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_412:-:*:*:*:*:*:*:* Configuration 11 :cpe:/o:qualcomm:sd_675_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_675:-:*:*:*:*:*:*:* Configuration 12 :cpe:/o:qualcomm:sd_712_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_712:-:*:*:*:*:*:*:* Configuration 13 :cpe:/o:qualcomm:sd_710_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_710:-:*:*:*:*:*:*:* Configuration 14 :cpe:/o:qualcomm:sd_670_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_670:-:*:*:*:*:*:*:* Configuration 15 :cpe:/o:qualcomm:sd_730_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_730:-:*:*:*:*:*:*:* Configuration 16 :cpe:/o:qualcomm:sd_8cx_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_8cx:-:*:*:*:*:*:*:* Configuration 17 :cpe:/o:qualcomm:sxr1130_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sxr1130:-:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/h:qualcomm:snapdragon_mobile:-:*:*:*:*:*:*:* OR cpe:/h:qualcomm:snapdragon_auto:-:*:*:*:*:*:*:* OR cpe:/h:qualcomm:snapdragon_compute:-:*:*:*:*:*:*:* BACK
qualcomm mdm9206 firmware -
qualcomm mdm9206 -
qualcomm mdm9607 firmware -
qualcomm mdm9607 -
qualcomm mdm9650 firmware -
qualcomm mdm9650 -
qualcomm mdm9655 firmware -
qualcomm mdm9655 -
qualcomm qcs605 firmware -
qualcomm qcs605 -
qualcomm sd 210 firmware -
qualcomm sd 210 -
qualcomm sd 212 firmware -
qualcomm sd 212 -
qualcomm sd 205 firmware -
qualcomm sd 205 -
qualcomm sd 410 firmware -
qualcomm sd 410 -
qualcomm sd 412 firmware -
qualcomm sd 412 -
qualcomm sd 675 firmware -
qualcomm sd 675 -
qualcomm sd 712 firmware -
qualcomm sd 712 -
qualcomm sd 710 firmware -
qualcomm sd 710 -
qualcomm sd 670 firmware -
qualcomm sd 670 -
qualcomm sd 730 firmware -
qualcomm sd 730 -
qualcomm sd 8cx firmware -
qualcomm sd 8cx -
qualcomm sxr1130 firmware -
qualcomm sxr1130 -
qualcomm snapdragon mobile -
qualcomm snapdragon auto -
qualcomm snapdragon compute -
Denotes that component is vulnerable