Details of VAR-201911-1428

ID

VAR-201911-1428

CVE

CVE-2019-2266

TITLE

plural Snapdragon Products use free memory vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-012281

DESCRIPTION

Possible double free issue in kernel while handling the camera sensor and its sub modules power sequence in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MDM9206, MDM9207C, MDM9607, MSM8909, MSM8909W, Nicobar, QCA9980, QCS405, QCS605, SDM845, SDX24, SM7150, SM8150. plural Snapdragon The product contains a vulnerability related to the use of freed memory.Information is acquired, information is falsified, and denial of service (DoS) May be in a state

Trust: 1.62

sources: NVD: CVE-2019-2266 // JVNDB: JVNDB-2019-012281

IOT TAXONOMY

category:	['other device', 'embedded device']	sub_category:	SoC	Trust: 0.1
category:	['other device', 'embedded device']	sub_category:	general	Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	qualcomm	model:	ipq4019	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8053	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9206	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8909	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm8150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx24	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm7150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	nicobar	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8909w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9207c	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs405	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9607	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8064	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9980	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8053	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	ipq4019	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	ipq8064	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9206	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9207c	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9607	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	msm8909	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	msm8909w	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	nicobar	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qca9980	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-012281 // NVD: CVE-2019-2266

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-2266
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-2266
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201911-1249
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2019-2266
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2019-2266
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-2266
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2019-012281 // CNNVD: CNNVD-201911-1249 // NVD: CVE-2019-2266

PROBLEMTYPE DATA

problemtype:	CWE-415	Trust: 1.0
problemtype:	CWE-416	Trust: 0.8

sources: JVNDB: JVNDB-2019-012281 // NVD: CVE-2019-2266

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-1249

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201911-1249

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-012281

PATCH

title:	October 2019 Security Bulletin	url:	https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin	Trust: 0.8
title:	Multiple Qualcomm Product resource management error vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103614	Trust: 0.6

sources: JVNDB: JVNDB-2019-012281 // CNNVD: CNNVD-201911-1249

EXTERNAL IDS

db:	NVD	id:	CVE-2019-2266	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-012281	Trust: 0.8
db:	CNNVD	id:	CNNVD-201911-1249	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2019-012281 // CNNVD: CNNVD-201911-1249 // NVD: CVE-2019-2266

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-2266	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2266	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2019-012281 // CNNVD: CNNVD-201911-1249 // NVD: CVE-2019-2266

SOURCES

db:	OTHER	id:	-
db:	JVNDB	id:	JVNDB-2019-012281
db:	CNNVD	id:	CNNVD-201911-1249
db:	NVD	id:	CVE-2019-2266

LAST UPDATE DATE

2025-01-30T19:54:31.393000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2019-012281	date:	2019-11-28T00:00:00
db:	CNNVD	id:	CNNVD-201911-1249	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-2266	date:	2024-11-21T04:40:34.557

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2019-012281	date:	2019-11-28T00:00:00
db:	CNNVD	id:	CNNVD-201911-1249	date:	2019-11-21T00:00:00
db:	NVD	id:	CVE-2019-2266	date:	2019-11-21T15:15:15.230