Vulnerability Name:

CVE-2019-2343 (CCN-164276)

Assigned:2018-12-10
Published:2019-07-01
Updated:2020-08-24
Summary:Out of bound read and information disclosure in firmware due to insufficient checking of an embedded structure that can be sent from a kernel driver in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130
CVSS v3 Severity:5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-125
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2019-2343

Source: XF
Type: UNKNOWN
qualcomm-cve20192343-info-disc(164276)

Source: CCN
Type: Qualcomm Web site
Security bulletins

Source: CONFIRM
Type: Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins

Vulnerable Configuration:Configuration 1:
  • cpe:/o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:msm8909w:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:msm8996au:-:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:qcs605:-:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:qualcomm:qualcomm_215_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:qualcomm_215:-:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_210:-:*:*:*:*:*:*:*

    • Configuration 6:
  • cpe:/o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_212:-:*:*:*:*:*:*:*

    • Configuration 7:
  • cpe:/o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_205:-:*:*:*:*:*:*:*

    • Configuration 8:
  • cpe:/o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_425:-:*:*:*:*:*:*:*

    • Configuration 9:
  • cpe:/o:qualcomm:sd_427_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_427:-:*:*:*:*:*:*:*

    • Configuration 10:
  • cpe:/o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_430:-:*:*:*:*:*:*:*

    • Configuration 11:
  • cpe:/o:qualcomm:sd_435_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_435:-:*:*:*:*:*:*:*

    • Configuration 12:
  • cpe:/o:qualcomm:sd_439_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_439:-:*:*:*:*:*:*:*

    • Configuration 13:
  • cpe:/o:qualcomm:sd_429_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_429:-:*:*:*:*:*:*:*

    • Configuration 14:
  • cpe:/o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_450:-:*:*:*:*:*:*:*

    • Configuration 15:
  • cpe:/o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_625:-:*:*:*:*:*:*:*

    • Configuration 16:
  • cpe:/o:qualcomm:sd_632_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_632:-:*:*:*:*:*:*:*

    • Configuration 17:
  • cpe:/o:qualcomm:sd_636_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_636:-:*:*:*:*:*:*:*

    • Configuration 18:
  • cpe:/o:qualcomm:sd_665_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_665:-:*:*:*:*:*:*:*

    • Configuration 19:
  • cpe:/o:qualcomm:sd_675_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_675:-:*:*:*:*:*:*:*

    • Configuration 20:
  • cpe:/o:qualcomm:sd_712_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_712:-:*:*:*:*:*:*:*

    • Configuration 21:
  • cpe:/o:qualcomm:sd_710_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_710:-:*:*:*:*:*:*:*

    • Configuration 22:
  • cpe:/o:qualcomm:sd_670_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_670:-:*:*:*:*:*:*:*

    • Configuration 23:
  • cpe:/o:qualcomm:sd_730_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_730:-:*:*:*:*:*:*:*

    • Configuration 24:
  • cpe:/o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_820:-:*:*:*:*:*:*:*

    • Configuration 25:
  • cpe:/o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_820a:-:*:*:*:*:*:*:*

    • Configuration 26:
  • cpe:/o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_835:-:*:*:*:*:*:*:*

    • Configuration 27:
  • cpe:/o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_845:-:*:*:*:*:*:*:*

    • Configuration 28:
  • cpe:/o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_850:-:*:*:*:*:*:*:*

    • Configuration 29:
  • cpe:/o:qualcomm:sd_855_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_855:-:*:*:*:*:*:*:*

    • Configuration 30:
  • cpe:/o:qualcomm:sd_8cx_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_8cx:-:*:*:*:*:*:*:*

    • Configuration 31:
  • cpe:/o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sda660:-:*:*:*:*:*:*:*

    • Configuration 32:
  • cpe:/o:qualcomm:sdm439_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sdm439:-:*:*:*:*:*:*:*

    • Configuration 33:
  • cpe:/o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sdm630:-:*:*:*:*:*:*:*

    • Configuration 34:
  • cpe:/o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sdm660:-:*:*:*:*:*:*:*

    • Configuration 35:
  • cpe:/o:qualcomm:snapdragon_high_med_2016_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:snapdragon_high_med_2016:-:*:*:*:*:*:*:*

    • Configuration 36:
  • cpe:/o:qualcomm:sxr1130_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sxr1130:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/h:qualcomm:snapdragon_mobile:-:*:*:*:*:*:*:*
  • OR cpe:/h:qualcomm:snapdragon_auto:-:*:*:*:*:*:*:*
  • OR cpe:/h:qualcomm:snapdragon_compute:-:*:*:*:*:*:*:*
  • OR cpe:/h:qualcomm:snapdragon_connectivity:-:*:*:*:*:*:*:*
  • OR cpe:/h:qualcomm:snapdragon_voice_&_music:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    qualcomm msm8909w firmware -
    qualcomm msm8909w -
    qualcomm msm8996au firmware -
    qualcomm msm8996au -
    qualcomm qcs605 firmware -
    qualcomm qcs605 -
    qualcomm qualcomm 215 firmware -
    qualcomm qualcomm 215 -
    qualcomm sd 210 firmware -
    qualcomm sd 210 -
    qualcomm sd 212 firmware -
    qualcomm sd 212 -
    qualcomm sd 205 firmware -
    qualcomm sd 205 -
    qualcomm sd 425 firmware -
    qualcomm sd 425 -
    qualcomm sd 427 firmware -
    qualcomm sd 427 -
    qualcomm sd 430 firmware -
    qualcomm sd 430 -
    qualcomm sd 435 firmware -
    qualcomm sd 435 -
    qualcomm sd 439 firmware -
    qualcomm sd 439 -
    qualcomm sd 429 firmware -
    qualcomm sd 429 -
    qualcomm sd 450 firmware -
    qualcomm sd 450 -
    qualcomm sd 625 firmware -
    qualcomm sd 625 -
    qualcomm sd 632 firmware -
    qualcomm sd 632 -
    qualcomm sd 636 firmware -
    qualcomm sd 636 -
    qualcomm sd 665 firmware -
    qualcomm sd 665 -
    qualcomm sd 675 firmware -
    qualcomm sd 675 -
    qualcomm sd 712 firmware -
    qualcomm sd 712 -
    qualcomm sd 710 firmware -
    qualcomm sd 710 -
    qualcomm sd 670 firmware -
    qualcomm sd 670 -
    qualcomm sd 730 firmware -
    qualcomm sd 730 -
    qualcomm sd 820 firmware -
    qualcomm sd 820 -
    qualcomm sd 820a firmware -
    qualcomm sd 820a -
    qualcomm sd 835 firmware -
    qualcomm sd 835 -
    qualcomm sd 845 firmware -
    qualcomm sd 845 -
    qualcomm sd 850 firmware -
    qualcomm sd 850 -
    qualcomm sd 855 firmware -
    qualcomm sd 855 -
    qualcomm sd 8cx firmware -
    qualcomm sd 8cx -
    qualcomm sda660 firmware -
    qualcomm sda660 -
    qualcomm sdm439 firmware -
    qualcomm sdm439 -
    qualcomm sdm630 firmware -
    qualcomm sdm630 -
    qualcomm sdm660 firmware -
    qualcomm sdm660 -
    qualcomm snapdragon high med 2016 firmware -
    qualcomm snapdragon high med 2016 -
    qualcomm sxr1130 firmware -
    qualcomm sxr1130 -
    qualcomm snapdragon mobile -
    qualcomm snapdragon auto -
    qualcomm snapdragon compute -
    qualcomm snapdragon connectivity -
    qualcomm snapdragon voice & music -