{"id": "CVE-2019-10601", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2019-12-18T06:15:12.567", "references": [{"url": "https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin", "tags": ["Patch", "Vendor Advisory"], "source": "product-security@qualcomm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-129"}]}], "descriptions": [{"lang": "en", "value": "Out of bound access can occur while processing firmware event due to lack of validation of WMI message received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MSM8996AU, Nicobar, QCA6574AU, QCN7605, QCS405, SDM630, SDM636, SDM660, SDM845, SM6150, SM7150, SM8150"}, {"lang": "es", "value": "Puede ocurrir un acceso fuera del l\u00edmite mientras se procesan eventos del firmware debido a una falta de comprobaci\u00f3n del mensaje WMI recibido desde el firmware en los productos Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking en las versiones APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MSM8996AU, Nicobar, QCA6574AU, QCN7605, QCS405, SDM630, SDM636, SDM660, SDM845, SM6150, SM7150, SM8150."}], "lastModified": "2019-12-22T13:34:34.380", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:apq8096au_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD17C0A3-A200-4659-968B-B2DA03CB683F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:apq8096au:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B1F31FFB-982A-4308-82F8-C2480DABDED8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94CB547F-0078-47CD-B511-06DE96882D5A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:ipq4019:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AA679375-BB14-4B24-8AD9-B2BFBACE2FDB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:ipq8064_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A1CC1C1-F2CA-4C43-B9E9-1288C3496C7B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:ipq8064:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AC82552A-9E7C-4A13-B7A5-43CEA218675C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:ipq8074_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2914BF98-E69C-4C8D-8B10-759642ADD7B4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:ipq8074:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2118C404-402F-463C-8160-3CC3B703DF30"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CA1E7B0-782B-4757-B118-802943798984"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "95CB08EC-AE12-4A54-AA3C-998F01FC8763"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:nicobar_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "490B208B-BBF3-4C58-A2BD-626DF6841AEE"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:nicobar:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "572C4751-B805-430C-B26B-2DF661B362C2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D527E2B1-2A46-4FBA-9F7A-F5543677C8FB"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8374DDB3-D484-4141-AE0C-42333D2721F6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:qcn7605_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C9D1966-30F0-414D-BE75-0A14B12A1457"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:qcn7605:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CD28C87D-1D28-4C84-BFE4-56EE3BF2C6B0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36F5A18B-8C9E-4A38-B994-E3E2696BB83D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:qcs405:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B703667D-DE09-40AF-BA44-E0E56252A790"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8EA0D645-80F6-48C3-AF0D-99198ADC8778"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sdm630:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "814FF3F3-CD5A-45A3-988C-6457D2CEB48C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sdm636_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F00D854-0AC7-415F-B19A-642CB9F72210"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sdm636:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F977B432-2709-4D75-AA3E-F440285B7BA2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24D7B67C-6FEC-48F8-9D46-778E4528BC20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sdm660:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "05006807-D961-446C-B8DC-C87507F1316E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sdm845_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DED4B719-53B5-4D16-B3FA-ADE29D28ED86"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sdm845:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D342C86B-E184-457C-9F72-BD853ED79425"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sm6150_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8ABE492A-3755-4969-9DEB-4B85EBB84644"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sm6150:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E3D3787B-6ACC-4591-B041-01307ED66C36"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sm7150_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F63A748F-2236-4486-83F1-DE4BCBE5D56D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sm7150:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "184F3DFC-27E8-48AC-B46C-C589DBCBF030"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9286B1E8-E39F-4DAA-8969-311CA2A0A8AA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sm8150:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "19B9AE36-87A9-4EE7-87C8-CCA2DCF51039"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "product-security@qualcomm.com"}