CVE-2019-10506

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

While processing QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY vendor command, driver does not validate the data obtained from the user space which could be invalid and thus leads to an undesired behaviour in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS605, SD 600, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX24

Durante el procesamiento del comando del proveedor QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY, el controlador no comprueba los datos obtenidos desde el espacio de usuario que podrían ser no validos y, por lo tanto, conlleva a un comportamiento no deseado en los productos Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile en las versiones MDM9206, MDM9607, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS605, SD 600, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX24

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-03-29 CVE Reserved
2019-09-30 CVE Published
2023-03-08 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://www.codeaurora.org/security-bulletin/2019/08/05/august-2019-code-aurora-security-bulletin	2019-10-02

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Qualcomm Search vendor "Qualcomm"	Mdm9206 Firmware Search vendor "Qualcomm" for product "Mdm9206 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Mdm9206 Search vendor "Qualcomm" for product "Mdm9206"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Mdm9607 Firmware Search vendor "Qualcomm" for product "Mdm9607 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Mdm9607 Search vendor "Qualcomm" for product "Mdm9607"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Msm8996au Firmware Search vendor "Qualcomm" for product "Msm8996au Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Msm8996au Search vendor "Qualcomm" for product "Msm8996au"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Qca6174a Firmware Search vendor "Qualcomm" for product "Qca6174a Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Qca6174a Search vendor "Qualcomm" for product "Qca6174a"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Qca6574au Firmware Search vendor "Qualcomm" for product "Qca6574au Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Qca6574au Search vendor "Qualcomm" for product "Qca6574au"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Qca9377 Firmware Search vendor "Qualcomm" for product "Qca9377 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Qca9377 Search vendor "Qualcomm" for product "Qca9377"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Qca9379 Firmware Search vendor "Qualcomm" for product "Qca9379 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Qca9379 Search vendor "Qualcomm" for product "Qca9379"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Qcs605 Firmware Search vendor "Qualcomm" for product "Qcs605 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Qcs605 Search vendor "Qualcomm" for product "Qcs605"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sd 600 Firmware Search vendor "Qualcomm" for product "Sd 600 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sd 600 Search vendor "Qualcomm" for product "Sd 600"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sd 625 Firmware Search vendor "Qualcomm" for product "Sd 625 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sd 625 Search vendor "Qualcomm" for product "Sd 625"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sd 636 Firmware Search vendor "Qualcomm" for product "Sd 636 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sd 636 Search vendor "Qualcomm" for product "Sd 636"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sd 665 Firmware Search vendor "Qualcomm" for product "Sd 665 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sd 665 Search vendor "Qualcomm" for product "Sd 665"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sd 675 Firmware Search vendor "Qualcomm" for product "Sd 675 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sd 675 Search vendor "Qualcomm" for product "Sd 675"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sd 712 Firmware Search vendor "Qualcomm" for product "Sd 712 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sd 712 Search vendor "Qualcomm" for product "Sd 712"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sd 710 Firmware Search vendor "Qualcomm" for product "Sd 710 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sd 710 Search vendor "Qualcomm" for product "Sd 710"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sd 670 Firmware Search vendor "Qualcomm" for product "Sd 670 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sd 670 Search vendor "Qualcomm" for product "Sd 670"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sd 730 Firmware Search vendor "Qualcomm" for product "Sd 730 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sd 730 Search vendor "Qualcomm" for product "Sd 730"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sd 820 Firmware Search vendor "Qualcomm" for product "Sd 820 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sd 820 Search vendor "Qualcomm" for product "Sd 820"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sd 820a Firmware Search vendor "Qualcomm" for product "Sd 820a Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sd 820a Search vendor "Qualcomm" for product "Sd 820a"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sd 835 Firmware Search vendor "Qualcomm" for product "Sd 835 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sd 835 Search vendor "Qualcomm" for product "Sd 835"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sd 845 Firmware Search vendor "Qualcomm" for product "Sd 845 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sd 845 Search vendor "Qualcomm" for product "Sd 845"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sd 850 Firmware Search vendor "Qualcomm" for product "Sd 850 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sd 850 Search vendor "Qualcomm" for product "Sd 850"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sd 855 Firmware Search vendor "Qualcomm" for product "Sd 855 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sd 855 Search vendor "Qualcomm" for product "Sd 855"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sdm630 Firmware Search vendor "Qualcomm" for product "Sdm630 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sdm630 Search vendor "Qualcomm" for product "Sdm630"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sdm660 Firmware Search vendor "Qualcomm" for product "Sdm660 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sdm660 Search vendor "Qualcomm" for product "Sdm660"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sdx24 Firmware Search vendor "Qualcomm" for product "Sdx24 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sdx24 Search vendor "Qualcomm" for product "Sdx24"	-	-	Safe