CVE-2019-10595
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Possible buffer overwrite in message handler due to lack of validation of tid value calculated from packets received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, APQ8064, APQ8096AU, IPQ4019, IPQ8064, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909, MSM8909W, MSM8939, MSM8996AU, QCA4531, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCA9558, QCA9880, QCA9886, QCA9980, SDA660, SDM630, SDM636, SDM660, SDX20, SDX24
Una posible sobrescritura del búfer en el manejador de mensajes debido a una falta de comprobación del valor de tid calculado a partir de los paquetes recibidos desde el firmware en los productos Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking en las versiones APQ8009, APQ8053, APQ8064, APQ8096AU, IPQ4019, IPQ8064, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909, MSM8909W, MSM8939, MSM8996AU, QCA4531, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCA9558, QCA9880, QCA9886, QCA9980, SDA660, SDM630, SDM636, SDM660, SDX20, SDX24.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-03-29 CVE Reserved
- 2019-12-18 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-787: Out-of-bounds Write
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin | 2021-07-21 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Qualcomm Search vendor "Qualcomm" | Apq8009 Firmware Search vendor "Qualcomm" for product "Apq8009 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Apq8009 Search vendor "Qualcomm" for product "Apq8009" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Apq8053 Firmware Search vendor "Qualcomm" for product "Apq8053 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Apq8053 Search vendor "Qualcomm" for product "Apq8053" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Apq8064 Firmware Search vendor "Qualcomm" for product "Apq8064 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Apq8064 Search vendor "Qualcomm" for product "Apq8064" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Apq8096au Firmware Search vendor "Qualcomm" for product "Apq8096au Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Apq8096au Search vendor "Qualcomm" for product "Apq8096au" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Ipq4019 Firmware Search vendor "Qualcomm" for product "Ipq4019 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Ipq4019 Search vendor "Qualcomm" for product "Ipq4019" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Ipq8064 Firmware Search vendor "Qualcomm" for product "Ipq8064 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Ipq8064 Search vendor "Qualcomm" for product "Ipq8064" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Mdm9206 Firmware Search vendor "Qualcomm" for product "Mdm9206 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Mdm9206 Search vendor "Qualcomm" for product "Mdm9206" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Mdm9207c Firmware Search vendor "Qualcomm" for product "Mdm9207c Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Mdm9207c Search vendor "Qualcomm" for product "Mdm9207c" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Mdm9607 Firmware Search vendor "Qualcomm" for product "Mdm9607 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Mdm9607 Search vendor "Qualcomm" for product "Mdm9607" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Mdm9615 Firmware Search vendor "Qualcomm" for product "Mdm9615 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Mdm9615 Search vendor "Qualcomm" for product "Mdm9615" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Mdm9640 Firmware Search vendor "Qualcomm" for product "Mdm9640 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Mdm9640 Search vendor "Qualcomm" for product "Mdm9640" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Mdm9650 Firmware Search vendor "Qualcomm" for product "Mdm9650 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Mdm9650 Search vendor "Qualcomm" for product "Mdm9650" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Msm8909 Firmware Search vendor "Qualcomm" for product "Msm8909 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Msm8909 Search vendor "Qualcomm" for product "Msm8909" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Msm8909 Firmware Search vendor "Qualcomm" for product "Msm8909 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Msm8909 Search vendor "Qualcomm" for product "Msm8909" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Msm8939 Firmware Search vendor "Qualcomm" for product "Msm8939 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Msm8939 Search vendor "Qualcomm" for product "Msm8939" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Msm8996au Firmware Search vendor "Qualcomm" for product "Msm8996au Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Msm8996au Search vendor "Qualcomm" for product "Msm8996au" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Qca4531 Firmware Search vendor "Qualcomm" for product "Qca4531 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Qca4531 Search vendor "Qualcomm" for product "Qca4531" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Qca6174a Firmware Search vendor "Qualcomm" for product "Qca6174a Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Qca6174a Search vendor "Qualcomm" for product "Qca6174a" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Qca6574au Firmware Search vendor "Qualcomm" for product "Qca6574au Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Qca6574au Search vendor "Qualcomm" for product "Qca6574au" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Qca9377 Firmware Search vendor "Qualcomm" for product "Qca9377 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Qca9377 Search vendor "Qualcomm" for product "Qca9377" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Qca9379 Firmware Search vendor "Qualcomm" for product "Qca9379 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Qca9379 Search vendor "Qualcomm" for product "Qca9379" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Qca9558 Firmware Search vendor "Qualcomm" for product "Qca9558 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Qca9558 Search vendor "Qualcomm" for product "Qca9558" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Qca9880 Firmware Search vendor "Qualcomm" for product "Qca9880 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Qca9880 Search vendor "Qualcomm" for product "Qca9880" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Qca9886 Firmware Search vendor "Qualcomm" for product "Qca9886 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Qca9886 Search vendor "Qualcomm" for product "Qca9886" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Qca9980 Firmware Search vendor "Qualcomm" for product "Qca9980 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Qca9980 Search vendor "Qualcomm" for product "Qca9980" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sda660 Firmware Search vendor "Qualcomm" for product "Sda660 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sda660 Search vendor "Qualcomm" for product "Sda660" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sdm630 Firmware Search vendor "Qualcomm" for product "Sdm630 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sdm630 Search vendor "Qualcomm" for product "Sdm630" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sdm636 Firmware Search vendor "Qualcomm" for product "Sdm636 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sdm636 Search vendor "Qualcomm" for product "Sdm636" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sdm660 Firmware Search vendor "Qualcomm" for product "Sdm660 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sdm660 Search vendor "Qualcomm" for product "Sdm660" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sdx20 Firmware Search vendor "Qualcomm" for product "Sdx20 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sdx20 Search vendor "Qualcomm" for product "Sdx20" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sdx24 Firmware Search vendor "Qualcomm" for product "Sdx24 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sdx24 Search vendor "Qualcomm" for product "Sdx24" | - | - |
Safe
|