{"id": "CVE-2019-10625", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "published": "2020-04-16T11:15:14.167", "references": [{"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin", "tags": ["Patch", "Vendor Advisory"], "source": "product-security@qualcomm.com"}, {"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "Out of bound access in diag services when DCI command buffer reallocation is not done properly with required capacity in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, QCS605, Rennell, SC8180X, SDM429W, SDM710, SDX55, SM7150, SM8150"}, {"lang": "es", "value": "Un acceso fuera de l\u00edmites en los servicios diag cuando la reasignaci\u00f3n del b\u00fafer del comando DCI no est\u00e1 hecha apropiadamente con la capacidad requerida en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables en versiones APQ8009, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, QCS605, Rennell, SC8180X, SDM429W, SDM710, SDX55, SM7150, SM8150."}], "lastModified": "2024-11-21T04:19:36.867", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:apq8009_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C61BF93F-53DF-4399-AF41-45CEC1E0A2B8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:apq8009:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7CC498E0-B82B-4A53-8F55-6C1DA58AFA88"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:apq8096au_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD17C0A3-A200-4659-968B-B2DA03CB683F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:apq8096au:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B1F31FFB-982A-4308-82F8-C2480DABDED8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A960B86A-C397-4ACB-AEE6-55F316D32949"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D79B8959-3D1E-4B48-9181-D75FE90AAF98"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:mdm9207c_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3CFA66A-CD2E-4670-A137-65E2C94C1A11"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:mdm9207c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DE52FE99-DF0D-4C57-BB9C-0B853D1AF58B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A35FECFB-60AE-42A8-BCBB-FEA7D5826D49"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E9765187-8653-4D66-B230-B2CE862AC5C0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FD1C359-C79B-4CE8-A192-5AA34D0BF05B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "716B747E-672C-4B95-9D8E-1262338E67EA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35B7E25E-FA92-4C36-883C-CFF36F4B3507"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "ECD99C6F-2444-4A5E-A517-0C8023DDF23D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B05FD66D-13A6-40E9-A64B-E428378F237E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D0D665C1-3EBA-42F2-BF56-55E6C365F7DF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:rennell_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D49376E9-D31E-4E84-9401-45859263F26C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:rennell:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B6D66742-81FA-46D6-B7A2-5460923D81A8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sc8180x_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30A45C1A-C921-42B5-9237-367245023B45"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sc8180x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "56C9D979-F214-4CD4-8CF9-43BC804BB179"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sdm429w_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7E52771-4FB7-45DB-A349-4DD911F53752"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sdm429w:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "72F6CE39-9299-4FC3-BC48-11F79034F2E4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sdm710_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D045BE4B-BC19-4A51-90E6-00C18389C81B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sdm710:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4F006960-CDE3-4E74-B4F0-2C4B2CA93959"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E93FB34B-3674-404D-9687-E092E9A246AB"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sdx55:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F3FF5A9A-A34A-499C-B6E0-D67B496C5454"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sm7150_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F63A748F-2236-4486-83F1-DE4BCBE5D56D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sm7150:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "184F3DFC-27E8-48AC-B46C-C589DBCBF030"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9286B1E8-E39F-4DAA-8969-311CA2A0A8AA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sm8150:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "19B9AE36-87A9-4EE7-87C8-CCA2DCF51039"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "product-security@qualcomm.com"}
