Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-2326

Data token is received from ADSP and is used without validation as an index into the array leads to out of bound access in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24

Published

2019-07-25T17:15:13.800

Last Modified

2024-11-21T04:40:43.027

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-129

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	qualcomm	mdm9150_firmware	-	Yes
Hardware	qualcomm	mdm9150	-	No
Operating System	qualcomm	mdm9206_firmware	-	Yes
Hardware	qualcomm	mdm9206	-	No
Operating System	qualcomm	mdm9607_firmware	-	Yes
Hardware	qualcomm	mdm9607	-	No
Operating System	qualcomm	mdm9640_firmware	-	Yes
Hardware	qualcomm	mdm9640	-	No
Operating System	qualcomm	mdm9650_firmware	-	Yes
Hardware	qualcomm	mdm9650	-	No
Operating System	qualcomm	msm8909w_firmware	-	Yes
Hardware	qualcomm	msm8909w	-	No
Operating System	qualcomm	msm8996au_firmware	-	Yes
Hardware	qualcomm	msm8996au	-	No
Operating System	qualcomm	qcs405_firmware	-	Yes
Hardware	qualcomm	qcs405	-	No
Operating System	qualcomm	qcs605_firmware	-	Yes
Hardware	qualcomm	qcs605	-	No
Operating System	qualcomm	qualcomm_215_firmware	-	Yes
Hardware	qualcomm	qualcomm_215	-	No
Operating System	qualcomm	sd_210_firmware	-	Yes
Hardware	qualcomm	sd_210	-	No
Operating System	qualcomm	sd_212_firmware	-	Yes
Hardware	qualcomm	sd_212	-	No
Operating System	qualcomm	sd_205_firmware	-	Yes
Hardware	qualcomm	sd_205	-	No
Operating System	qualcomm	sd_425_firmware	-	Yes
Hardware	qualcomm	sd_425	-	No
Operating System	qualcomm	sd_427_firmware	-	Yes
Hardware	qualcomm	sd_427	-	No
Operating System	qualcomm	sd_430_firmware	-	Yes
Hardware	qualcomm	sd_430	-	No
Operating System	qualcomm	sd_435_firmware	-	Yes
Hardware	qualcomm	sd_435	-	No
Operating System	qualcomm	sd_439_firmware	-	Yes
Hardware	qualcomm	sd_439	-	No
Operating System	qualcomm	sd_429_firmware	-	Yes
Hardware	qualcomm	sd_429	-	No
Operating System	qualcomm	sd_450_firmware	-	Yes
Hardware	qualcomm	sd_450	-	No
Operating System	qualcomm	sd_625_firmware	-	Yes
Hardware	qualcomm	sd_625	-	No
Operating System	qualcomm	sd_632_firmware	-	Yes
Hardware	qualcomm	sd_632	-	No
Operating System	qualcomm	sd_636_firmware	-	Yes
Hardware	qualcomm	sd_636	-	No
Operating System	qualcomm	sd_665_firmware	-	Yes
Hardware	qualcomm	sd_665	-	No
Operating System	qualcomm	sd_675_firmware	-	Yes
Hardware	qualcomm	sd_675	-	No
Operating System	qualcomm	sd_712_firmware	-	Yes
Hardware	qualcomm	sd_712	-	No
Operating System	qualcomm	sd_710_firmware	-	Yes
Hardware	qualcomm	sd_710	-	No
Operating System	qualcomm	sd_670_firmware	-	Yes
Hardware	qualcomm	sd_670	-	No
Operating System	qualcomm	sd_730_firmware	-	Yes
Hardware	qualcomm	sd_730	-	No
Operating System	qualcomm	sd_820_firmware	-	Yes
Hardware	qualcomm	sd_820	-	No
Operating System	qualcomm	sd_820a_firmware	-	Yes
Hardware	qualcomm	sd_820a	-	No
Operating System	qualcomm	sd_835_firmware	-	Yes
Hardware	qualcomm	sd_835	-	No
Operating System	qualcomm	sd_845_firmware	-	Yes
Hardware	qualcomm	sd_845	-	No
Operating System	qualcomm	sd_850_firmware	-	Yes
Hardware	qualcomm	sd_850	-	No
Operating System	qualcomm	sd_855_firmware	-	Yes
Hardware	qualcomm	sd_855	-	No
Operating System	qualcomm	sda660_firmware	-	Yes
Hardware	qualcomm	sda660	-	No
Operating System	qualcomm	sdm439_firmware	-	Yes
Hardware	qualcomm	sdm439	-	No
Operating System	qualcomm	sdm630_firmware	-	Yes
Hardware	qualcomm	sdm630	-	No
Operating System	qualcomm	sdm660_firmware	-	Yes
Hardware	qualcomm	sdm660	-	No
Operating System	qualcomm	sdx20_firmware	-	Yes
Hardware	qualcomm	sdx20	-	No
Operating System	qualcomm	sdx24_firmware	-	Yes
Hardware	qualcomm	sdx24	-	No

References

https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin Patch, Third Party Advisory ([email protected])
https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)