CVE-2019-10538
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Lack of check of address range received from firmware response allows modem to respond arbitrary pages into its address range which can compromise HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM660, SDX20, SDX24
La falta de comprobación del rango de direcciones recibido desde la respuesta del firmware permite que el módem responda a páginas arbitrarias en su rango de direcciones lo que puede comprometer a HLOS en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables en las versiones MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM660, SDX20, SDX24.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-03-29 CVE Reserved
- 2019-09-30 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.codeaurora.org/security-bulletin/2019/08/05/august-2019-code-aurora-security-bulletin | 2019-10-02 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Qualcomm Search vendor "Qualcomm" | Msm8909w Firmware Search vendor "Qualcomm" for product "Msm8909w Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Msm8909w Search vendor "Qualcomm" for product "Msm8909w" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Msm8996au Firmware Search vendor "Qualcomm" for product "Msm8996au Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Msm8996au Search vendor "Qualcomm" for product "Msm8996au" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Qcs405 Firmware Search vendor "Qualcomm" for product "Qcs405 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Qcs405 Search vendor "Qualcomm" for product "Qcs405" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Qcs605 Firmware Search vendor "Qualcomm" for product "Qcs605 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Qcs605 Search vendor "Qualcomm" for product "Qcs605" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Qualcomm 215 Firmware Search vendor "Qualcomm" for product "Qualcomm 215 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Qualcomm 215 Search vendor "Qualcomm" for product "Qualcomm 215" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 425 Firmware Search vendor "Qualcomm" for product "Sd 425 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 425 Search vendor "Qualcomm" for product "Sd 425" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 439 Firmware Search vendor "Qualcomm" for product "Sd 439 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 439 Search vendor "Qualcomm" for product "Sd 439" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 429 Firmware Search vendor "Qualcomm" for product "Sd 429 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 429 Search vendor "Qualcomm" for product "Sd 429" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 450 Firmware Search vendor "Qualcomm" for product "Sd 450 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 450 Search vendor "Qualcomm" for product "Sd 450" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 625 Firmware Search vendor "Qualcomm" for product "Sd 625 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 625 Search vendor "Qualcomm" for product "Sd 625" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 632 Firmware Search vendor "Qualcomm" for product "Sd 632 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 632 Search vendor "Qualcomm" for product "Sd 632" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 636 Firmware Search vendor "Qualcomm" for product "Sd 636 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 636 Search vendor "Qualcomm" for product "Sd 636" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 665 Firmware Search vendor "Qualcomm" for product "Sd 665 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 665 Search vendor "Qualcomm" for product "Sd 665" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 675 Firmware Search vendor "Qualcomm" for product "Sd 675 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 675 Search vendor "Qualcomm" for product "Sd 675" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 712 Firmware Search vendor "Qualcomm" for product "Sd 712 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 712 Search vendor "Qualcomm" for product "Sd 712" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 710 Firmware Search vendor "Qualcomm" for product "Sd 710 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 710 Search vendor "Qualcomm" for product "Sd 710" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 670 Firmware Search vendor "Qualcomm" for product "Sd 670 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 670 Search vendor "Qualcomm" for product "Sd 670" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 730 Firmware Search vendor "Qualcomm" for product "Sd 730 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 730 Search vendor "Qualcomm" for product "Sd 730" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 820a Firmware Search vendor "Qualcomm" for product "Sd 820a Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 820a Search vendor "Qualcomm" for product "Sd 820a" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 845 Firmware Search vendor "Qualcomm" for product "Sd 845 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 845 Search vendor "Qualcomm" for product "Sd 845" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 850 Firmware Search vendor "Qualcomm" for product "Sd 850 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 850 Search vendor "Qualcomm" for product "Sd 850" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 855 Firmware Search vendor "Qualcomm" for product "Sd 855 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 855 Search vendor "Qualcomm" for product "Sd 855" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sda660 Firmware Search vendor "Qualcomm" for product "Sda660 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sda660 Search vendor "Qualcomm" for product "Sda660" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sdm439 Firmware Search vendor "Qualcomm" for product "Sdm439 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sdm439 Search vendor "Qualcomm" for product "Sdm439" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sdm660 Firmware Search vendor "Qualcomm" for product "Sdm660 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sdm660 Search vendor "Qualcomm" for product "Sdm660" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sdx20 Firmware Search vendor "Qualcomm" for product "Sdx20 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sdx20 Search vendor "Qualcomm" for product "Sdx20" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sdx24 Firmware Search vendor "Qualcomm" for product "Sdx24 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sdx24 Search vendor "Qualcomm" for product "Sdx24" | - | - |
Safe
|