CVE-2019-10520

Published Dec 12, 2019

Last updated 4 years ago

CVSS medium 5.5

Overview

Description: An unprivileged application can allocate GPU memory by calling memory allocation ioctl function and can exhaust all the memory which results in out of memory in Snapdragon Mobile, Snapdragon Voice & Music in QCS405, SD 210/SD 212/SD 205, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855
Source: product-security@qualcomm.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.9
Impact score: 6.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:N/I:N/A:C

Weaknesses

nvd@nist.gov: CWE-772

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "36F5A18B-8C9E-4A38-B994-E3E2696BB83D"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:qcs405:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B703667D-DE09-40AF-BA44-E0E56252A790"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0FA80D57-3191-47CF-AD3F-9F2D64E443FE"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B2AFB212-F01A-4CEB-8DB4-2E0CC2308CB6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0986EF1-0974-488E-84C4-6880F876CE55"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8C08BA58-2EBC-4A22-85A4-2ECD54693B9B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "27110478-4C08-49E6-BD53-8BAAD9D5BD65"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3664D302-D22A-4B25-B534-3097AE2F8573"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:sd_665_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A00C8264-02FC-4191-A4D9-363A99627176"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:sd_665:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "63D21FBC-976A-488A-A329-FBAEB8017C6D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:sd_675_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F900C8F-9763-441A-B97E-E5394A68A08A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:sd_675:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "589C1001-E9F6-41A6-BCC8-A94A3C97F2E6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:sd_712_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6BFF8872-645F-4A05-BAF9-7797CFBE37C6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:sd_712:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9CB91AFF-C149-4F5C-92EC-E78E66935528"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:sd_710_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B529780-DB0A-4F9C-AE63-6DEC593B86E5"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:sd_710:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "669E7360-E8C3-4BB8-A3B6-61BD58AFAF62"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:sd_670_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D49606C5-7306-4F33-864C-C1905594F09C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:sd_670:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B43964AF-7CEC-420A-935B-D3895B2BAC70"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:sd_730_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F5E6464-2341-40EC-B276-6CE49CF1DFDD"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:sd_730:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "73D9A6B7-2147-4992-ADC3-6A8DE3D3E0A5"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A2D2B3B-CB28-46AA-9117-A7FA371FDE80"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DE18BF66-B0DB-48BB-B43A-56F01821F5A3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C10C7CB-3B66-4F17-8146-6A85611E2BA9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B9DA765F-53DE-4FB0-B825-6C11B3177641"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:sd_855_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91400943-3D25-4E44-9FFD-9E3076305D80"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:sd_855:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "57B16867-710D-4748-8636-635E2C6F7389"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References