{"containers": {"cna": {"affected": [{"product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking", "vendor": "Qualcomm, Inc.", "versions": [{"status": "affected", "version": "IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9980, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SD 855, SDM439, SDM660, SDX24"}]}], "descriptions": [{"lang": "en", "value": "Possibility of out-of-bound read if id received from SPI is not in range of FIFO in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9980, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SD 855, SDM439, SDM660, SDX24"}], "problemTypes": [{"descriptions": [{"description": "Buffer Copy Without Checking Size of Input in Kernel", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-07-25T16:33:18", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@qualcomm.com", "ID": "CVE-2019-2301", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking", "version": {"version_data": [{"version_value": "IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9980, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SD 855, SDM439, SDM660, SDX24"}]}}]}, "vendor_name": "Qualcomm, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Possibility of out-of-bound read if id received from SPI is not in range of FIFO in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9980, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SD 855, SDM439, SDM660, SDX24"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Buffer Copy Without Checking Size of Input in Kernel"}]}]}, "references": {"reference_data": [{"name": "https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin", "refsource": "CONFIRM", "url": "https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T18:49:46.207Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin"}]}]}, "cveMetadata": {"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2019-2301", "datePublished": "2019-07-25T16:33:18", "dateReserved": "2018-12-10T00:00:00", "dateUpdated": "2024-08-04T18:49:46.207Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "94CB547F-0078-47CD-B511-06DE96882D5A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:ipq4019:-:*:*:*:*:*:*:*", "matchCriteriaId": "AA679375-BB14-4B24-8AD9-B2BFBACE2FDB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:ipq8064_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7A1CC1C1-F2CA-4C43-B9E9-1288C3496C7B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:ipq8064:-:*:*:*:*:*:*:*", "matchCriteriaId": "AC82552A-9E7C-4A13-B7A5-43CEA218675C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE28A59C-7AA6-4B85-84E8-07852B96108E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "matchCriteriaId": "5DEE828B-09A7-4AC1-8134-491A7C87C118", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "8CA1E7B0-782B-4757-B118-802943798984", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*", "matchCriteriaId": "95CB08EC-AE12-4A54-AA3C-998F01FC8763", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:qca9980_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "DCBC53AC-E040-40E0-B09B-4117E641C9D4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:qca9980:-:*:*:*:*:*:*:*", "matchCriteriaId": "7AE49086-E95B-4852-8A09-16A83DD63EC9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "B05FD66D-13A6-40E9-A64B-E428378F237E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0D665C1-3EBA-42F2-BF56-55E6C365F7DF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:qualcomm_215_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7A039963-E922-4BD2-926F-FC935F5A74DF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:qualcomm_215:-:*:*:*:*:*:*:*", "matchCriteriaId": "1FC2372C-DE7A-449F-AEED-494EB6559566", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "C56BC939-2FE8-4AB4-B638-35C83B224005", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "matchCriteriaId": "E36C12E2-7064-41E6-B357-3F0E6E6D0A0F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sd_439_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "8DE3EA03-0373-4FEF-B1FC-123A8073520B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sd_439:-:*:*:*:*:*:*:*", "matchCriteriaId": "A64D3E69-0784-4DEA-96C1-2D41EAFA1906", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sd_429_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "B11CE0F1-29BD-46E1-ACFE-D076192F138E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sd_429:-:*:*:*:*:*:*:*", "matchCriteriaId": "D205DB4E-68C2-4B13-8373-128870DF83D8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E07C621F-0BC0-40C1-9678-1AF6498AC487", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "matchCriteriaId": "9C621A62-E346-406B-9D20-8FF6C2B0851F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "06E0CC35-AC20-42D7-8FEA-CA4685E33E72", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "matchCriteriaId": "4A2C4DED-2367-4736-A0AF-C8356F1271AD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sd_632_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F2126866-3B02-42B4-A57A-4EFF30848B55", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sd_632:-:*:*:*:*:*:*:*", "matchCriteriaId": "F832FE19-8D65-4779-B6F5-BD90BD131FD4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sd_636_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "CE94E380-CB75-462E-B411-BF38F17D53B2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sd_636:-:*:*:*:*:*:*:*", "matchCriteriaId": "0947F38F-3DC2-45F1-B3B3-963922F32054", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sd_712_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6BFF8872-645F-4A05-BAF9-7797CFBE37C6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sd_712:-:*:*:*:*:*:*:*", "matchCriteriaId": "9CB91AFF-C149-4F5C-92EC-E78E66935528", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sd_710_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B529780-DB0A-4F9C-AE63-6DEC593B86E5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sd_710:-:*:*:*:*:*:*:*", "matchCriteriaId": "669E7360-E8C3-4BB8-A3B6-61BD58AFAF62", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sd_670_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D49606C5-7306-4F33-864C-C1905594F09C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sd_670:-:*:*:*:*:*:*:*", "matchCriteriaId": "B43964AF-7CEC-420A-935B-D3895B2BAC70", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E08016A2-E4FE-4E9C-A915-C66BE157AFB5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "matchCriteriaId": "018452D0-007C-4740-B2AF-E5C8BBAC310F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0A2D2B3B-CB28-46AA-9117-A7FA371FDE80", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "matchCriteriaId": "DE18BF66-B0DB-48BB-B43A-56F01821F5A3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0C10C7CB-3B66-4F17-8146-6A85611E2BA9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "matchCriteriaId": "B9DA765F-53DE-4FB0-B825-6C11B3177641", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sd_855_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "91400943-3D25-4E44-9FFD-9E3076305D80", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sd_855:-:*:*:*:*:*:*:*", "matchCriteriaId": "57B16867-710D-4748-8636-635E2C6F7389", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sdm439_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "84289E6D-DA2A-4D04-9DDA-E8C46DDDD056", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sdm439:-:*:*:*:*:*:*:*", "matchCriteriaId": "C0B56360-7AC3-410A-B7F8-1BE8514B3781", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "24D7B67C-6FEC-48F8-9D46-778E4528BC20", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sdm660:-:*:*:*:*:*:*:*", "matchCriteriaId": "05006807-D961-446C-B8DC-C87507F1316E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sdx24_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F9BE864E-7B1E-44D5-A10A-60078095DE33", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sdx24:-:*:*:*:*:*:*:*", "matchCriteriaId": "96DD6B48-2554-464D-A061-DBB4B8E00758", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Possibility of out-of-bound read if id received from SPI is not in range of FIFO in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9980, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SD 855, SDM439, SDM660, SDX24"}, {"lang": "es", "value": "La posibilidad de una lectura fuera de l\u00edmite si la identificaci\u00f3n recibida desde la SPI no est\u00e1 en el rango de FIFO en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking en las versiones IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9980, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SD 855, SDM439, SDM660, SDX24."}], "id": "CVE-2019-2301", "lastModified": "2024-11-21T04:40:39.297", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-25T17:15:13.177", "references": [{"source": "product-security@qualcomm.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin"}], "sourceIdentifier": "product-security@qualcomm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}