CVE-2019-2272 - OpenCVE

Buffer overflow can occur in display function due to lack of validation of header block size set by user. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SDM660, SDX20

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Qualcomm	Sd 616 Mdm9607 Firmware Mdm9206 Firmware Mdm9206 Msm8996au Sd 710 Firmware Sd 820a Sd 652 Sd 427 Sd 450 Firmware Sd 616 Firmware Sdx20 Msm8909w Firmware Sd 450 Sdm660 Firmware Sd 712 Firmware Sd 636 Sd 212 Sd 850 Firmware Sd 820a Firmware Sd 425 Sd 845 Sd 435 Firmware Sd 425 Firmware Sd 850 Sd 650 Firmware Sdx20 Firmware Sd 435 Sd 205 Firmware Sd 430 Firmware Sdm660 Sd 625 Mdm9607 Sd 427 Firmware Msm8909w Sd 415 Firmware Sd 615 Sd 710 Sd 652 Firmware Sd 615 Firmware Sd 415 Sd 712 Sd 210 Firmware Msm8996au Firmware Mdm9650 Sd 212 Firmware Sd 625 Firmware Sd 670 Firmware Sd 430 Sd 845 Firmware Sd 210 Sd 636 Firmware Mdm9650 Firmware Sd 650 Sd 670 Sd 205

Configuration 1 [-]

AND

cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:qualcomm:sd_427_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_427:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:qualcomm:sd_435_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_435:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:qualcomm:sd_636_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_636:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:qualcomm:sd_712_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_712:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:qualcomm:sd_710_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_710:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:qualcomm:sd_670_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_670:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdm660:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin	Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: qualcomm

Published: 2019-07-25T16:33:17

Updated: 2019-07-25T16:33:17

Reserved: 2018-12-10T00:00:00

Link: CVE-2019-2272

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-07-25T17:15:12.630

Modified: 2019-07-29T00:57:53.813

Link: CVE-2019-2272

JSON object: View

Redhat Information

No data.

CWE

CWE-119