CVE-2019-10563

Published Nov 21, 2019

Last updated 3 years ago

CVSS high 7.8

Overview

Description: Buffer over-read can occur in fast message handler due to improper input validation while processing a message from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053, APQ8096AU, MSM8996AU, MSM8998, QCN7605, QCS405, QCS605, SDA660, SDM636, SDM660, SDX20, SDX24
Source: product-security@qualcomm.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 4.6
Impact score: 6.4
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-125

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:apq8053:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "19B59B60-A298-4A56-A45A-E34B7AAB43D7"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:apq8053_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B052615D-857A-46D4-9098-1CBFA14687C6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:apq8096au:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B1F31FFB-982A-4308-82F8-C2480DABDED8"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:apq8096au_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD17C0A3-A200-4659-968B-B2DA03CB683F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8CA1E7B0-782B-4757-B118-802943798984"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "95CB08EC-AE12-4A54-AA3C-998F01FC8763"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:msm8998_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E9154AF-E52E-4E84-9322-2CA7EBD3E6FE"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:msm8998:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4796F9BD-61B3-45ED-B5E3-B061887285E2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:qcn7605_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C9D1966-30F0-414D-BE75-0A14B12A1457"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:qcn7605:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CD28C87D-1D28-4C84-BFE4-56EE3BF2C6B0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "36F5A18B-8C9E-4A38-B994-E3E2696BB83D"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:qcs405:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B703667D-DE09-40AF-BA44-E0E56252A790"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B05FD66D-13A6-40E9-A64B-E428378F237E"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D0D665C1-3EBA-42F2-BF56-55E6C365F7DF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2326BD7-28A5-4244-8501-B109913E7AE6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:sda660:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "532D244B-8B5A-4923-B7F1-9DC0A5FC0E9D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:sdm636_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8F00D854-0AC7-415F-B19A-642CB9F72210"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:sdm636:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F977B432-2709-4D75-AA3E-F440285B7BA2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24D7B67C-6FEC-48F8-9D46-778E4528BC20"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:sdm660:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "05006807-D961-446C-B8DC-C87507F1316E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A0CE1B23-6FE3-41C4-B264-C7A9E8BDBEC1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "794BA13C-3C63-4695-AA45-676F85D904BE"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:sdx24_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9BE864E-7B1E-44D5-A10A-60078095DE33"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:sdx24:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "96DD6B48-2554-464D-A061-DBB4B8E00758"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References