Sign-up

ID

VAR-202002-0411


CVE

CVE-2019-14046


TITLE

plural Snapdragon Product Index Validation Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-014517

DESCRIPTION

Out of bound access while allocating memory for an array in camera due to improper validation of elements parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS605, SDM439, SDX24. plural Snapdragon The product contains a vulnerability in array index validation.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Qualcomm SDX24 and so on are the products of American Qualcomm. SDX24 is a modem. QCS605 is a central processing unit (CPU) product. SDM439 is a central processing unit (CPU) product. Kernel in Qualcomm QCS605, SDM439 and SDX24 has an input validation error vulnerability. The vulnerability stems from a network system or product that did not properly validate the input data. No detailed vulnerability details are provided at this time

Trust: 2.16

sources: NVD: CVE-2019-14046 // JVNDB: JVNDB-2019-014517 // CNVD: CNVD-2020-09961

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

category:['other device', 'embedded device']sub_category:SoC

Trust: 0.1

category:['other device', 'embedded device']sub_category:general

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2020-09961

AFFECTED PRODUCTS

vendor:qualcommmodel:sdx24scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:sdm439scope: - version: -

Trust: 1.4

vendor:qualcommmodel:sdx24scope: - version: -

Trust: 1.4

vendor:qualcommmodel:qcs605scope: - version: -

Trust: 1.4

sources: CNVD: CNVD-2020-09961 // JVNDB: JVNDB-2019-014517 // CNNVD: CNNVD-202002-211 // NVD: CVE-2019-14046

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-14046
value: HIGH

Trust: 1.0

NVD: JVNDB-2019-014517
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-09961
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202002-211
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-14046
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-014517
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-09961
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-14046
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-014517
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-09961 // JVNDB: JVNDB-2019-014517 // CNNVD: CNNVD-202002-211 // NVD: CVE-2019-14046

PROBLEMTYPE DATA

problemtype:CWE-129

Trust: 1.8

sources: JVNDB: JVNDB-2019-014517 // NVD: CVE-2019-14046

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202002-211

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202002-211

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-014517

PATCH
title:February 2020 Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin
Trust: 0.8
title:Patch for Multiple Qualcomm Product Input Validation Error Vulnerabilities (CNVD-2020-09961)url:https://www.cnvd.org.cn/patchInfo/show/201059
Trust: 0.6
title:Multiple Qualcomm Product input verification error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=107680
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-09961 // 
            
            
            
            JVNDB: JVNDB-2019-014517 // 
            
            
            
            CNNVD: CNNVD-202002-211

EXTERNAL IDS
db:NVDid:CVE-2019-14046
Trust: 3.1
db:JVNDBid:JVNDB-2019-014517
Trust: 0.8
db:CNVDid:CNVD-2020-09961
Trust: 0.6
db:CNNVDid:CNNVD-202002-211
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2020-09961 // 
            
            
            
            JVNDB: JVNDB-2019-014517 // 
            
            
            
            CNNVD: CNNVD-202002-211 // 
            
            
            
            NVD: CVE-2019-14046

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-14046
Trust: 2.0
url:https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14046
Trust: 0.8
url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-february-2020-31507
Trust: 0.6
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2020-09961 // 
            
            
            
            JVNDB: JVNDB-2019-014517 // 
            
            
            
            CNNVD: CNNVD-202002-211 // 
            
            
            
            NVD: CVE-2019-14046

SOURCES
db:OTHERid: - 
db:CNVDid:CNVD-2020-09961
db:JVNDBid:JVNDB-2019-014517
db:CNNVDid:CNNVD-202002-211
db:NVDid:CVE-2019-14046

LAST UPDATE DATE
2025-01-30T21:21:29.266000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-09961date:2020-02-17T00:00:00
db:JVNDBid:JVNDB-2019-014517date:2020-02-25T00:00:00
db:CNNVDid:CNNVD-202002-211date:2020-03-02T00:00:00
db:NVDid:CVE-2019-14046date:2024-11-21T04:25:58.533

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-09961date:2020-02-17T00:00:00
db:JVNDBid:JVNDB-2019-014517date:2020-02-25T00:00:00
db:CNNVDid:CNNVD-202002-211date:2020-02-07T00:00:00
db:NVDid:CVE-2019-14046date:2020-02-07T05:15:11.777