CVE-2019-2301

EUVD-2019-11943

25.07.2019, 17:15

Possibility of out-of-bound read if id received from SPI is not in range of FIFO in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9980, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SD 855, SDM439, SDM660, SDX24

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 12%

Affected Products (NVD)

Vendor	Product	Version
qualcomm	ipq4019_firmware	-
qualcomm	ipq8064_firmware	-
qualcomm	msm8909w_firmware	-
qualcomm	msm8996au_firmware	-
qualcomm	qca9980_firmware	-
qualcomm	qcs605_firmware	-
qualcomm	qualcomm_215_firmware	-
qualcomm	sd_425_firmware	-
qualcomm	sd_439_firmware	-
qualcomm	sd_429_firmware	-
qualcomm	sd_450_firmware	-
qualcomm	sd_625_firmware	-
qualcomm	sd_632_firmware	-
qualcomm	sd_636_firmware	-
qualcomm	sd_712_firmware	-
qualcomm	sd_710_firmware	-
qualcomm	sd_670_firmware	-
qualcomm	sd_820a_firmware	-
qualcomm	sd_845_firmware	-
qualcomm	sd_850_firmware	-
qualcomm	sd_855_firmware	-
qualcomm	sdm439_firmware	-
qualcomm	sdm660_firmware	-
qualcomm	sdx24_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

References

https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin