CVE-2019-10606

{"id": "CVE-2019-10606", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2020-01-21T07:15:11.993", "references": [{"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", "tags": ["Patch", "Vendor Advisory"], "source": "product-security@qualcomm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "Out-of-bound access will occur in USB driver due to lack of check to validate the frame size passed by user in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, QCS605, SDX24"}, {"lang": "es", "value": "Se presentar\u00e1 un acceso fuera del l\u00edmite en el controlador USB debido a una falta de comprobaci\u00f3n al validar el tama\u00f1o de la trama pasada por parte del usuario en los productos Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables en las versiones MDM9607, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, QCS605, SDX24."}], "lastModified": "2020-01-24T13:52:10.143", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E9765187-8653-4D66-B230-B2CE862AC5C0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A35FECFB-60AE-42A8-BCBB-FEA7D5826D49"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5DEE828B-09A7-4AC1-8134-491A7C87C118"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE28A59C-7AA6-4B85-84E8-07852B96108E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:msm8917:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "369295A2-8236-44B6-A09F-7CB0BD20527F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:msm8917_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BD0305A-E31C-4888-B97E-CE571D40560A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:msm8920:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "50F55EB4-B6C3-41FE-9B8F-F17D94F170F2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:msm8920_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88413610-9B54-485B-A7A7-8CE4D68D6C9E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:msm8937:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A58B5A6E-84B9-4356-9CFE-4E80BD81FB33"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:msm8937_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3D56596-D726-44FD-ADEA-901D972AC66A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:msm8940:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "68AF5243-40F1-4C9A-BBCD-FA259C0B008B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:msm8940_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "372B5A77-74D4-437F-A228-040963861232"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D0D665C1-3EBA-42F2-BF56-55E6C365F7DF"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B05FD66D-13A6-40E9-A64B-E428378F237E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sdx24:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "96DD6B48-2554-464D-A061-DBB4B8E00758"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sdx24_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9BE864E-7B1E-44D5-A10A-60078095DE33"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "product-security@qualcomm.com"}