Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-2302

While processing vendor command which contains corrupted channel count, an integer overflow occurs and finally will lead to heap overflow. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8976, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS405, QCS605, SDA845, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM8150

Published

2019-11-06T17:15:13.627

Last Modified

2024-11-21T04:40:39.463

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-190
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	qualcomm	apq8017_firmware	-	Yes
Hardware	qualcomm	apq8017	-	No
Operating System	qualcomm	apq8053_firmware	-	Yes
Hardware	qualcomm	apq8053	-	No
Operating System	qualcomm	apq8096au_firmware	-	Yes
Hardware	qualcomm	apq8096au	-	No
Operating System	qualcomm	mdm9206_firmware	-	Yes
Hardware	qualcomm	mdm9206	-	No
Operating System	qualcomm	mdm9207c_firmware	-	Yes
Hardware	qualcomm	mdm9207c	-	No
Operating System	qualcomm	mdm9607_firmware	-	Yes
Hardware	qualcomm	mdm9607	-	No
Operating System	qualcomm	mdm9640_firmware	-	Yes
Hardware	qualcomm	mdm9640	-	No
Operating System	qualcomm	mdm9650_firmware	-	Yes
Hardware	qualcomm	mdm9650	-	No
Operating System	qualcomm	msm8905_firmware	-	Yes
Hardware	qualcomm	msm8905	-	No
Operating System	qualcomm	msm8909_firmware	-	Yes
Hardware	qualcomm	msm8909	-	No
Operating System	qualcomm	msm8909w_firmware	-	Yes
Hardware	qualcomm	msm8909w	-	No
Operating System	qualcomm	msm8976_firmware	-	Yes
Hardware	qualcomm	msm8976	-	No
Operating System	qualcomm	msm8996au_firmware	-	Yes
Hardware	qualcomm	msm8996au	-	No
Operating System	qualcomm	qca6174a_firmware	-	Yes
Hardware	qualcomm	qca6174a	-	No
Operating System	qualcomm	qca6574au_firmware	-	Yes
Hardware	qualcomm	qca6574au	-	No
Operating System	qualcomm	qca9377_firmware	-	Yes
Hardware	qualcomm	qca9377	-	No
Operating System	qualcomm	qca9379_firmware	-	Yes
Hardware	qualcomm	qca9379	-	No
Operating System	qualcomm	qcn7605_firmware	-	Yes
Hardware	qualcomm	qcn7605	-	No
Operating System	qualcomm	qcs405_firmware	-	Yes
Hardware	qualcomm	qcs405	-	No
Operating System	qualcomm	qcs605_firmware	-	Yes
Hardware	qualcomm	qcs605	-	No
Operating System	qualcomm	sda845_firmware	-	Yes
Hardware	qualcomm	sda845	-	No
Operating System	qualcomm	sdm636_firmware	-	Yes
Hardware	qualcomm	sdm636	-	No
Operating System	qualcomm	sdm660_firmware	-	Yes
Hardware	qualcomm	sdm660	-	No
Operating System	qualcomm	sdm670_firmware	-	Yes
Hardware	qualcomm	sdm670	-	No
Operating System	qualcomm	sdm710_firmware	-	Yes
Hardware	qualcomm	sdm710	-	No
Operating System	qualcomm	sdm845_firmware	-	Yes
Hardware	qualcomm	sdm845	-	No
Operating System	qualcomm	sdx20_firmware	-	Yes
Hardware	qualcomm	sdx20	-	No
Operating System	qualcomm	sdx24_firmware	-	Yes
Hardware	qualcomm	sdx24	-	No
Operating System	qualcomm	sm6150_firmware	-	Yes
Hardware	qualcomm	sm6150	-	No
Operating System	qualcomm	sm8150_firmware	-	Yes
Hardware	qualcomm	sm8150	-	No

References

https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin ([email protected])
https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin (af854a3a-2127-422b-91ae-364da2661108)