| Vulnerability Name: | CVE-2019-2316 (CCN-164289) |
| Assigned: | 2018-12-10 |
| Published: | 2019-07-01 |
| Updated: | 2019-08-07 |
| Summary: | When computing the digest a local variable is used after going out of scope in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9640, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855, SDM660, SDX24
|
| CVSS v3 Severity: | 8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None | | Scope: | Scope (S): Changed
| | Impact Metrics: | Confidentiality (C): High
Integrity (I): High
Availibility (A): High |
6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): None
Availibility (A): High |
|
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)| Exploitability Metrics: | Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete |
4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)| Exploitability Metrics: | Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete |
|
| Vulnerability Type: | CWE-416
|
| Vulnerability Consequences: | Denial of Service |
| References: | Source: MITRE
Type: CNA
CVE-2019-2316
Source: XF
Type: UNKNOWN
codeaurora-cve20192316-dos(164289)
Source: CCN
Type: Code Aurora Security Bulletin July 2019
Code Aurora
Source: CONFIRM
Type: Patch, Vendor Advisory
https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin
|
| Vulnerable Configuration: | Configuration 1:
cpe:/o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:mdm9640:-:*:*:*:*:*:*:*
Configuration 2:
cpe:/o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:qcs405:-:*:*:*:*:*:*:*
Configuration 3:
cpe:/o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:qcs605:-:*:*:*:*:*:*:*
Configuration 4:
cpe:/o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_425:-:*:*:*:*:*:*:*
Configuration 5:
cpe:/o:qualcomm:sd_427_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_427:-:*:*:*:*:*:*:*
Configuration 6:
cpe:/o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_430:-:*:*:*:*:*:*:*
Configuration 7:
cpe:/o:qualcomm:sd_435_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_435:-:*:*:*:*:*:*:*
Configuration 8:
cpe:/o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_450:-:*:*:*:*:*:*:*
Configuration 9:
cpe:/o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_625:-:*:*:*:*:*:*:*
Configuration 10:
cpe:/o:qualcomm:sd_636_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_636:-:*:*:*:*:*:*:*
Configuration 11:
cpe:/o:qualcomm:sd_665_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_665:-:*:*:*:*:*:*:*
Configuration 12:
cpe:/o:qualcomm:sd_675_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_675:-:*:*:*:*:*:*:*
Configuration 13:
cpe:/o:qualcomm:sd_712_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_712:-:*:*:*:*:*:*:*
Configuration 14:
cpe:/o:qualcomm:sd_710_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_710:-:*:*:*:*:*:*:*
Configuration 15:
cpe:/o:qualcomm:sd_670_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_670:-:*:*:*:*:*:*:*
Configuration 16:
cpe:/o:qualcomm:sd_730_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_730:-:*:*:*:*:*:*:*
Configuration 17:
cpe:/o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_845:-:*:*:*:*:*:*:*
Configuration 18:
cpe:/o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_850:-:*:*:*:*:*:*:*
Configuration 19:
cpe:/o:qualcomm:sd_855_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_855:-:*:*:*:*:*:*:*
Configuration 20:
cpe:/o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sdm660:-:*:*:*:*:*:*:*
Configuration 21:
cpe:/o:qualcomm:sdx24_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sdx24:-:*:*:*:*:*:*:*
Configuration CCN 1:
cpe:/o:codeaurora:android-msm:2.6.29:*:*:*:*:*:*:*OR cpe:/h:qualcomm:snapdragon_mobile:-:*:*:*:*:*:*:*OR cpe:/h:qualcomm:snapdragon_auto:-:*:*:*:*:*:*:*OR cpe:/h:qualcomm:snapdragon_voice_&_music:-:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| BACK |
qualcomm mdm9640 firmware -
qualcomm mdm9640 -
qualcomm qcs405 firmware -
qualcomm qcs405 -
qualcomm qcs605 firmware -
qualcomm qcs605 -
qualcomm sd 425 firmware -
qualcomm sd 425 -
qualcomm sd 427 firmware -
qualcomm sd 427 -
qualcomm sd 430 firmware -
qualcomm sd 430 -
qualcomm sd 435 firmware -
qualcomm sd 435 -
qualcomm sd 450 firmware -
qualcomm sd 450 -
qualcomm sd 625 firmware -
qualcomm sd 625 -
qualcomm sd 636 firmware -
qualcomm sd 636 -
qualcomm sd 665 firmware -
qualcomm sd 665 -
qualcomm sd 675 firmware -
qualcomm sd 675 -
qualcomm sd 712 firmware -
qualcomm sd 712 -
qualcomm sd 710 firmware -
qualcomm sd 710 -
qualcomm sd 670 firmware -
qualcomm sd 670 -
qualcomm sd 730 firmware -
qualcomm sd 730 -
qualcomm sd 845 firmware -
qualcomm sd 845 -
qualcomm sd 850 firmware -
qualcomm sd 850 -
qualcomm sd 855 firmware -
qualcomm sd 855 -
qualcomm sdm660 firmware -
qualcomm sdm660 -
qualcomm sdx24 firmware -
qualcomm sdx24 -
codeaurora android-msm 2.6.29
qualcomm snapdragon mobile -
qualcomm snapdragon auto -
qualcomm snapdragon voice & music -