CVE-2019-2318

EUVD-2019-11960

21.11.2019, 15:15

Non Secure Kernel can cause Trustzone to do an arbitrary memory read which will result into DOS in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8017, APQ8053, APQ8096, APQ8096AU, IPQ8074, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, QCA8081, QM215, SDM429, SDM439, SDM450, SDM632, Snapdragon_High_Med_2016

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 28%

Affected Products (NVD)

Vendor	Product	Version
qualcomm	apq8017_firmware	-
qualcomm	apq8053_firmware	-
qualcomm	apq8096_firmware	-
qualcomm	apq8096au_firmware	-
qualcomm	ipq8074_firmware	-
qualcomm	msm8917_firmware	-
qualcomm	msm8920_firmware	-
qualcomm	msm8937_firmware	-
qualcomm	msm8940_firmware	-
qualcomm	msm8953_firmware	-
qualcomm	msm8996_firmware	-
qualcomm	msm8996au_firmware	-
qualcomm	qca8081_firmware	-
qualcomm	qm215_firmware	-
qualcomm	sdm429_firmware	-
qualcomm	sdm439_firmware	-
qualcomm	sdm450_firmware	-
qualcomm	sdm632_firmware	-
qualcomm	snapdragon_high_med_2016_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

References

https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin