CVE-2019-2238

EUVD-2019-11880

25.07.2019, 17:15

Lack of check of data type can lead to subsequent loop-expression potentially go negative and the condition will still evaluate to true leading to buffer underflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 8CX, SXR1130

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 12%

Affected Products (NVD)

Vendor	Product	Version
qualcomm	mdm9206_firmware	-
qualcomm	mdm9607_firmware	-
qualcomm	mdm9650_firmware	-
qualcomm	mdm9655_firmware	-
qualcomm	qcs605_firmware	-
qualcomm	sd_210_firmware	-
qualcomm	sd_212_firmware	-
qualcomm	sd_205_firmware	-
qualcomm	sd_410_firmware	-
qualcomm	sd_412_firmware	-
qualcomm	sd_675_firmware	-
qualcomm	sd_712_firmware	-
qualcomm	sd_710_firmware	-
qualcomm	sd_670_firmware	-
qualcomm	sd_730_firmware	-
qualcomm	sd_8cx_firmware	-
qualcomm	sxr1130_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

References

https://www.qualcomm.com/company/product-security/bulletins