CVE-2019-2346 - Vulnerability Details

Description

Firmware is getting into loop of overwriting memory when scan command is given from host because of improper validation. in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, QCA8081, QCS404, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660

Published: 2019-07-25

Score: 7.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Qualcomm, Inc.

Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

affected

Version	Status	Constraints
`IPQ8074, QCA8081, QCS404, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:qualcomm:ipq8074_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:ipq8074:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca8081:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:qualcomm:qcs404_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qcs404:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qcs405:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:qualcomm:sd_427_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_427:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:qualcomm:sd_435_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_435:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:qualcomm:sd_636_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_636:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:qualcomm:sd_712_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_712:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:qualcomm:sd_710_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_710:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:qualcomm:sd_670_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_670:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:qualcomm:sd_855_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_855:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:qualcomm:sd_8cx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_8cx:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sda660:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdm630:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdm660:-:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2019-11988	Firmware is getting into loop of overwriting memory when scan command is given from host because of improper validation. in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, QCA8081, QCS404, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00033.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.qualcomm.com/company/product-security/bulletins

History

No history.

Subscriptions

Qualcomm Ipq8074 Ipq8074 Firmware Qca8081 Qca8081 Firmware Qcs404 Qcs404 Firmware Qcs405 Qcs405 Firmware Qcs605 Qcs605 Firmware Sd 425 Sd 425 Firmware Sd 427 Sd 427 Firmware Sd 430 Sd 430 Firmware Sd 435 Sd 435 Firmware Sd 450 Sd 450 Firmware Sd 625 Sd 625 Firmware Sd 636 Sd 636 Firmware Sd 670 Sd 670 Firmware Sd 710 Sd 710 Firmware Sd 712 Sd 712 Firmware Sd 820 Sd 820 Firmware Sd 835 Sd 835 Firmware Sd 845 Sd 845 Firmware Sd 850 Sd 850 Firmware Sd 855 Sd 855 Firmware Sd 8cx Sd 8cx Firmware Sda660 Sda660 Firmware Sdm630 Sdm630 Firmware Sdm660 Sdm660 Firmware

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2019-07-25T16:33:19.000Z

Updated: 2024-08-04T18:49:47.489Z

Reserved: 2018-12-10T00:00:00.000Z

Link: CVE-2019-2346

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-07-25T17:15:14.237

Modified: 2024-11-21T04:40:45.683

Link: CVE-2019-2346

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-129

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object