CVE-2019-2276 - OpenCVE

Possible out of bound read occurs while processing beaconing request due to lack of check on action frames received from user controlled space in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS405, QCS605, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX24

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Qualcomm	Mdm9607 Firmware Qca9379 Firmware Msm8996au Sd 855 Sd 710 Firmware Sdm630 Firmware Sdm630 Sd 820a Sd 665 Qcs405 Sdm660 Firmware Qca6574au Firmware Sd 665 Firmware Sd 712 Firmware Qca9377 Qcs605 Firmware Sd 636 Sd 850 Firmware Sd 820a Firmware Sd 845 Sd 850 Sdx24 Sdm660 Mdm9607 Sd 730 Firmware Sd 675 Firmware Qca6174a Sd 710 Qcs605 Sd 675 Sd 712 Qca6174a Firmware Qca6574au Msm8996au Firmware Sd 670 Firmware Qca9379 Qcs405 Firmware Sd 730 Sd 845 Firmware Sd 855 Firmware Sdx24 Firmware Qca9377 Firmware Sd 636 Firmware Sd 670

Configuration 1 [-]

AND

cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6174a:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:qualcomm:qca9377_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca9377:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:qualcomm:qca9379_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca9379:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qcs405:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:qualcomm:sd_636_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_636:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:qualcomm:sd_665_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_665:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:qualcomm:sd_675_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_675:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:qualcomm:sd_712_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_712:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:qualcomm:sd_710_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_710:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:qualcomm:sd_670_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_670:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:qualcomm:sd_730_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_730:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:qualcomm:sd_855_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_855:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdm630:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdm660:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:qualcomm:sdx24_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdx24:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin	Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: qualcomm

Published: 2019-07-25T16:33:17

Updated: 2019-07-25T16:33:17

Reserved: 2018-12-10T00:00:00

Link: CVE-2019-2276

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-07-25T17:15:12.753

Modified: 2019-07-29T00:51:20.030

Link: CVE-2019-2276

JSON object: View

Redhat Information

No data.

CWE

CWE-125