// For flags

CVE-2019-10538

 

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Lack of check of address range received from firmware response allows modem to respond arbitrary pages into its address range which can compromise HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM660, SDX20, SDX24

La falta de comprobación del rango de direcciones recibido desde la respuesta del firmware permite que el módem responda a páginas arbitrarias en su rango de direcciones lo que puede comprometer a HLOS en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables en las versiones MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM660, SDX20, SDX24.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-03-29 CVE Reserved
  • 2019-09-30 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Qualcomm
Search vendor "Qualcomm"
Msm8909w Firmware
Search vendor "Qualcomm" for product "Msm8909w Firmware"
--
Affected
in Qualcomm
Search vendor "Qualcomm"
Msm8909w
Search vendor "Qualcomm" for product "Msm8909w"
--
Safe
Qualcomm
Search vendor "Qualcomm"
Msm8996au Firmware
Search vendor "Qualcomm" for product "Msm8996au Firmware"
--
Affected
in Qualcomm
Search vendor "Qualcomm"
Msm8996au
Search vendor "Qualcomm" for product "Msm8996au"
--
Safe
Qualcomm
Search vendor "Qualcomm"
Qcs405 Firmware
Search vendor "Qualcomm" for product "Qcs405 Firmware"
--
Affected
in Qualcomm
Search vendor "Qualcomm"
Qcs405
Search vendor "Qualcomm" for product "Qcs405"
--
Safe
Qualcomm
Search vendor "Qualcomm"
Qcs605 Firmware
Search vendor "Qualcomm" for product "Qcs605 Firmware"
--
Affected
in Qualcomm
Search vendor "Qualcomm"
Qcs605
Search vendor "Qualcomm" for product "Qcs605"
--
Safe
Qualcomm
Search vendor "Qualcomm"
Qualcomm 215 Firmware
Search vendor "Qualcomm" for product "Qualcomm 215 Firmware"
--
Affected
in Qualcomm
Search vendor "Qualcomm"
Qualcomm 215
Search vendor "Qualcomm" for product "Qualcomm 215"
--
Safe
Qualcomm
Search vendor "Qualcomm"
Sd 425 Firmware
Search vendor "Qualcomm" for product "Sd 425 Firmware"
--
Affected
in Qualcomm
Search vendor "Qualcomm"
Sd 425
Search vendor "Qualcomm" for product "Sd 425"
--
Safe
Qualcomm
Search vendor "Qualcomm"
Sd 439 Firmware
Search vendor "Qualcomm" for product "Sd 439 Firmware"
--
Affected
in Qualcomm
Search vendor "Qualcomm"
Sd 439
Search vendor "Qualcomm" for product "Sd 439"
--
Safe
Qualcomm
Search vendor "Qualcomm"
Sd 429 Firmware
Search vendor "Qualcomm" for product "Sd 429 Firmware"
--
Affected
in Qualcomm
Search vendor "Qualcomm"
Sd 429
Search vendor "Qualcomm" for product "Sd 429"
--
Safe
Qualcomm
Search vendor "Qualcomm"
Sd 450 Firmware
Search vendor "Qualcomm" for product "Sd 450 Firmware"
--
Affected
in Qualcomm
Search vendor "Qualcomm"
Sd 450
Search vendor "Qualcomm" for product "Sd 450"
--
Safe
Qualcomm
Search vendor "Qualcomm"
Sd 625 Firmware
Search vendor "Qualcomm" for product "Sd 625 Firmware"
--
Affected
in Qualcomm
Search vendor "Qualcomm"
Sd 625
Search vendor "Qualcomm" for product "Sd 625"
--
Safe
Qualcomm
Search vendor "Qualcomm"
Sd 632 Firmware
Search vendor "Qualcomm" for product "Sd 632 Firmware"
--
Affected
in Qualcomm
Search vendor "Qualcomm"
Sd 632
Search vendor "Qualcomm" for product "Sd 632"
--
Safe
Qualcomm
Search vendor "Qualcomm"
Sd 636 Firmware
Search vendor "Qualcomm" for product "Sd 636 Firmware"
--
Affected
in Qualcomm
Search vendor "Qualcomm"
Sd 636
Search vendor "Qualcomm" for product "Sd 636"
--
Safe
Qualcomm
Search vendor "Qualcomm"
Sd 665 Firmware
Search vendor "Qualcomm" for product "Sd 665 Firmware"
--
Affected
in Qualcomm
Search vendor "Qualcomm"
Sd 665
Search vendor "Qualcomm" for product "Sd 665"
--
Safe
Qualcomm
Search vendor "Qualcomm"
Sd 675 Firmware
Search vendor "Qualcomm" for product "Sd 675 Firmware"
--
Affected
in Qualcomm
Search vendor "Qualcomm"
Sd 675
Search vendor "Qualcomm" for product "Sd 675"
--
Safe
Qualcomm
Search vendor "Qualcomm"
Sd 712 Firmware
Search vendor "Qualcomm" for product "Sd 712 Firmware"
--
Affected
in Qualcomm
Search vendor "Qualcomm"
Sd 712
Search vendor "Qualcomm" for product "Sd 712"
--
Safe
Qualcomm
Search vendor "Qualcomm"
Sd 710 Firmware
Search vendor "Qualcomm" for product "Sd 710 Firmware"
--
Affected
in Qualcomm
Search vendor "Qualcomm"
Sd 710
Search vendor "Qualcomm" for product "Sd 710"
--
Safe
Qualcomm
Search vendor "Qualcomm"
Sd 670 Firmware
Search vendor "Qualcomm" for product "Sd 670 Firmware"
--
Affected
in Qualcomm
Search vendor "Qualcomm"
Sd 670
Search vendor "Qualcomm" for product "Sd 670"
--
Safe
Qualcomm
Search vendor "Qualcomm"
Sd 730 Firmware
Search vendor "Qualcomm" for product "Sd 730 Firmware"
--
Affected
in Qualcomm
Search vendor "Qualcomm"
Sd 730
Search vendor "Qualcomm" for product "Sd 730"
--
Safe
Qualcomm
Search vendor "Qualcomm"
Sd 820a Firmware
Search vendor "Qualcomm" for product "Sd 820a Firmware"
--
Affected
in Qualcomm
Search vendor "Qualcomm"
Sd 820a
Search vendor "Qualcomm" for product "Sd 820a"
--
Safe
Qualcomm
Search vendor "Qualcomm"
Sd 845 Firmware
Search vendor "Qualcomm" for product "Sd 845 Firmware"
--
Affected
in Qualcomm
Search vendor "Qualcomm"
Sd 845
Search vendor "Qualcomm" for product "Sd 845"
--
Safe
Qualcomm
Search vendor "Qualcomm"
Sd 850 Firmware
Search vendor "Qualcomm" for product "Sd 850 Firmware"
--
Affected
in Qualcomm
Search vendor "Qualcomm"
Sd 850
Search vendor "Qualcomm" for product "Sd 850"
--
Safe
Qualcomm
Search vendor "Qualcomm"
Sd 855 Firmware
Search vendor "Qualcomm" for product "Sd 855 Firmware"
--
Affected
in Qualcomm
Search vendor "Qualcomm"
Sd 855
Search vendor "Qualcomm" for product "Sd 855"
--
Safe
Qualcomm
Search vendor "Qualcomm"
Sda660 Firmware
Search vendor "Qualcomm" for product "Sda660 Firmware"
--
Affected
in Qualcomm
Search vendor "Qualcomm"
Sda660
Search vendor "Qualcomm" for product "Sda660"
--
Safe
Qualcomm
Search vendor "Qualcomm"
Sdm439 Firmware
Search vendor "Qualcomm" for product "Sdm439 Firmware"
--
Affected
in Qualcomm
Search vendor "Qualcomm"
Sdm439
Search vendor "Qualcomm" for product "Sdm439"
--
Safe
Qualcomm
Search vendor "Qualcomm"
Sdm660 Firmware
Search vendor "Qualcomm" for product "Sdm660 Firmware"
--
Affected
in Qualcomm
Search vendor "Qualcomm"
Sdm660
Search vendor "Qualcomm" for product "Sdm660"
--
Safe
Qualcomm
Search vendor "Qualcomm"
Sdx20 Firmware
Search vendor "Qualcomm" for product "Sdx20 Firmware"
--
Affected
in Qualcomm
Search vendor "Qualcomm"
Sdx20
Search vendor "Qualcomm" for product "Sdx20"
--
Safe
Qualcomm
Search vendor "Qualcomm"
Sdx24 Firmware
Search vendor "Qualcomm" for product "Sdx24 Firmware"
--
Affected
in Qualcomm
Search vendor "Qualcomm"
Sdx24
Search vendor "Qualcomm" for product "Sdx24"
--
Safe