CVE-2019-2295

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Information disclosure due to lack of address range check done on the SysDBG buffers in SDI code. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, MDM9205, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCS404, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, Snapdragon_High_Med_2016, SXR1130

Una divulgación de información debido a una falta de comprobación del rango de direcciones realizada en los buffers SysDBG en el código SDI. En los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking en las versiones APQ8009, APQ8017, APQ8053, MDM9205, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCS404, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, Snapdragon_High_Med_2016, SXR1130.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-12-10 CVE Reserved
2019-11-21 CVE Published
2023-03-08 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin	2019-11-25

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Qualcomm Search vendor "Qualcomm"	Apq8009 Firmware Search vendor "Qualcomm" for product "Apq8009 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Apq8009 Search vendor "Qualcomm" for product "Apq8009"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Apq8017 Firmware Search vendor "Qualcomm" for product "Apq8017 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Apq8017 Search vendor "Qualcomm" for product "Apq8017"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Apq8053 Firmware Search vendor "Qualcomm" for product "Apq8053 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Apq8053 Search vendor "Qualcomm" for product "Apq8053"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Mdm9205 Firmware Search vendor "Qualcomm" for product "Mdm9205 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Mdm9205 Search vendor "Qualcomm" for product "Mdm9205"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Msm8905 Firmware Search vendor "Qualcomm" for product "Msm8905 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Msm8905 Search vendor "Qualcomm" for product "Msm8905"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Msm8909 Firmware Search vendor "Qualcomm" for product "Msm8909 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Msm8909 Search vendor "Qualcomm" for product "Msm8909"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Msm8917 Firmware Search vendor "Qualcomm" for product "Msm8917 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Msm8917 Search vendor "Qualcomm" for product "Msm8917"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Msm8920 Firmware Search vendor "Qualcomm" for product "Msm8920 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Msm8920 Search vendor "Qualcomm" for product "Msm8920"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Msm8937 Firmware Search vendor "Qualcomm" for product "Msm8937 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Msm8937 Search vendor "Qualcomm" for product "Msm8937"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Msm8940 Firmware Search vendor "Qualcomm" for product "Msm8940 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Msm8940 Search vendor "Qualcomm" for product "Msm8940"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Msm8953 Firmware Search vendor "Qualcomm" for product "Msm8953 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Msm8953 Search vendor "Qualcomm" for product "Msm8953"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Msm8998 Firmware Search vendor "Qualcomm" for product "Msm8998 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Msm8998 Search vendor "Qualcomm" for product "Msm8998"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Nicobar Firmware Search vendor "Qualcomm" for product "Nicobar Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Nicobar Search vendor "Qualcomm" for product "Nicobar"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Qcs404 Firmware Search vendor "Qualcomm" for product "Qcs404 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Qcs404 Search vendor "Qualcomm" for product "Qcs404"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Qcs405 Firmware Search vendor "Qualcomm" for product "Qcs405 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Qcs405 Search vendor "Qualcomm" for product "Qcs405"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Qcs605 Firmware Search vendor "Qualcomm" for product "Qcs605 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Qcs605 Search vendor "Qualcomm" for product "Qcs605"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Qm215 Firmware Search vendor "Qualcomm" for product "Qm215 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Qm215 Search vendor "Qualcomm" for product "Qm215"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sda660 Firmware Search vendor "Qualcomm" for product "Sda660 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sda660 Search vendor "Qualcomm" for product "Sda660"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sda845 Firmware Search vendor "Qualcomm" for product "Sda845 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sda845 Search vendor "Qualcomm" for product "Sda845"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sdm429 Firmware Search vendor "Qualcomm" for product "Sdm429 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sdm429 Search vendor "Qualcomm" for product "Sdm429"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sdm439 Firmware Search vendor "Qualcomm" for product "Sdm439 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sdm439 Search vendor "Qualcomm" for product "Sdm439"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sdm450 Firmware Search vendor "Qualcomm" for product "Sdm450 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sdm450 Search vendor "Qualcomm" for product "Sdm450"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sdm630 Firmware Search vendor "Qualcomm" for product "Sdm630 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sdm630 Search vendor "Qualcomm" for product "Sdm630"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sdm632 Firmware Search vendor "Qualcomm" for product "Sdm632 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sdm632 Search vendor "Qualcomm" for product "Sdm632"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sdm636 Firmware Search vendor "Qualcomm" for product "Sdm636 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sdm636 Search vendor "Qualcomm" for product "Sdm636"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sdm660 Firmware Search vendor "Qualcomm" for product "Sdm660 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sdm660 Search vendor "Qualcomm" for product "Sdm660"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sdm670 Firmware Search vendor "Qualcomm" for product "Sdm670 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sdm670 Search vendor "Qualcomm" for product "Sdm670"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sdm710 Firmware Search vendor "Qualcomm" for product "Sdm710 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sdm710 Search vendor "Qualcomm" for product "Sdm710"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sdm845 Firmware Search vendor "Qualcomm" for product "Sdm845 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sdm845 Search vendor "Qualcomm" for product "Sdm845"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sdm850 Firmware Search vendor "Qualcomm" for product "Sdm850 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sdm850 Search vendor "Qualcomm" for product "Sdm850"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Snapdragon High Med 2016 Firmware Search vendor "Qualcomm" for product "Snapdragon High Med 2016 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Snapdragon High Med 2016 Search vendor "Qualcomm" for product "Snapdragon High Med 2016"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sxr1130 Firmware Search vendor "Qualcomm" for product "Sxr1130 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sxr1130 Search vendor "Qualcomm" for product "Sxr1130"	-	-	Safe