Details of VAR-201911-1669

ID

VAR-201911-1669

CVE

CVE-2019-10503

TITLE

plural Snapdragon Vulnerability related to array index verification in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-012330

DESCRIPTION

Out-of-bounds access can occur in camera driver due to improper validation of array index in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, QCN7605, SDA660, SDM450, SDM630, SDM636, SDM660, SDX20. plural Snapdragon The product contains a vulnerability related to array index validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.62

sources: NVD: CVE-2019-10503 // JVNDB: JVNDB-2019-012330

IOT TAXONOMY

category:	['other device', 'embedded device']	sub_category:	SoC	Trust: 0.1
category:	['other device', 'embedded device']	sub_category:	general	Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	qualcomm	model:	msm8909	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8053	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8953	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm636	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8917	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8096au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8996au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8998	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8009	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8098	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sda660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9607	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm450	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8017	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9206	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm630	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn7605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9640	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8909w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9207c	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8905	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8920	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8940	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx20	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8937	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8009	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	apq8017	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	apq8053	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	apq8096au	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	apq8098	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9206	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9207c	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9607	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9640	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9650	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-012330 // NVD: CVE-2019-10503

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-10503
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-10503
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201911-1234
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2019-10503
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2019-10503
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-10503
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2019-012330 // CNNVD: CNNVD-201911-1234 // NVD: CVE-2019-10503

PROBLEMTYPE DATA

problemtype:

CWE-129

Trust: 1.8

sources: JVNDB: JVNDB-2019-012330 // NVD: CVE-2019-10503

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-1234

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201911-1234

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-012330

PATCH

title:	October 2019 Security Bulletin	url:	https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin	Trust: 0.8
title:	Multiple Qualcomm Product input verification error vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103690	Trust: 0.6

sources: JVNDB: JVNDB-2019-012330 // CNNVD: CNNVD-201911-1234

EXTERNAL IDS

db:	NVD	id:	CVE-2019-10503	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-012330	Trust: 0.8
db:	CNNVD	id:	CNNVD-201911-1234	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2019-012330 // CNNVD: CNNVD-201911-1234 // NVD: CVE-2019-10503

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10503	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10503	Trust: 0.8
url:	https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-january-2020-31267	Trust: 0.6
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2019-012330 // CNNVD: CNNVD-201911-1234 // NVD: CVE-2019-10503

SOURCES

db:	OTHER	id:	-
db:	JVNDB	id:	JVNDB-2019-012330
db:	CNNVD	id:	CNNVD-201911-1234
db:	NVD	id:	CVE-2019-10503

LAST UPDATE DATE

2025-01-30T21:06:38.270000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2019-012330	date:	2019-11-29T00:00:00
db:	CNNVD	id:	CNNVD-201911-1234	date:	2020-07-14T00:00:00
db:	NVD	id:	CVE-2019-10503	date:	2024-11-21T04:19:17.993

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2019-012330	date:	2019-11-29T00:00:00
db:	CNNVD	id:	CNNVD-201911-1234	date:	2019-11-21T00:00:00
db:	NVD	id:	CVE-2019-10503	date:	2019-11-21T15:15:12.650