Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-20549

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Broadcom chipsets) software. A heap out-of-bounds access can occur during LE Packet reception in Broadcom Bluetooth. The Samsung ID is SVE-2019-15724 (November 2019).

Published

2020-03-24T19:15:18.150

Last Modified

2024-11-21T04:38:43.650

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-125

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	google	android	7.0	Yes
Operating System	google	android	7.1.0	Yes
Operating System	google	android	7.1.1	Yes
Operating System	google	android	7.1.2	Yes
Operating System	google	android	8.0	Yes
Operating System	google	android	8.1	Yes
Operating System	google	android	9.0	Yes
Hardware	broadcom	bcm43162	-	No
Hardware	broadcom	bcm43224	-	No
Hardware	broadcom	bcm4323	-	No
Hardware	broadcom	bcm43684	-	No
Hardware	broadcom	bcm43694	-	No
Hardware	broadcom	bcm47622	-	No
Hardware	broadcom	bcm6710	-	No
Hardware	broadcom	bcm6750	-	No
Hardware	broadcom	bcm6752	-	No
Hardware	broadcom	bcm6755	-	No

References

https://security.samsungmobile.com/securityUpdate.smsb Vendor Advisory ([email protected])
https://security.samsungmobile.com/securityUpdate.smsb Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)