Vulnerability-Lookup

CVE-2019-14051 (GCVE-0-2019-14051)

Vulnerability from cvelistv5 – Published: 2020-02-07 05:00 – Updated: 2024-08-05 00:05

Summary

Subsequent additions performed during Module loading while allocating the memory would lead to integer overflow and then to buffer overflow in Snapdragon Industrial IOT in MDM9206, MDM9607

Severity ?

No CVSS data available.

CWE

Integer Overflow to Buffer Overflow Issue in Kernel

Assigner

qualcomm

References

URL

	Vendor	Product	Version
	Qualcomm, Inc.	Snapdragon Industrial IOT	Affected: MDM9206, MDM9607

GSD-2019-14051

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Subsequent additions performed during Module loading while allocating the memory would lead to integer overflow and then to buffer overflow in Snapdragon Industrial IOT in MDM9206, MDM9607

Aliases

CVE-2019-14051

Aliases

CVE-2019-14051

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-14051",
    "description": "Subsequent additions performed during Module loading while allocating the memory would lead to integer overflow and then to buffer overflow in Snapdragon Industrial IOT in MDM9206, MDM9607",
    "id": "GSD-2019-14051"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-14051"
      ],
      "details": "Subsequent additions performed during Module loading while allocating the memory would lead to integer overflow and then to buffer overflow in Snapdragon Industrial IOT in MDM9206, MDM9607",
      "id": "GSD-2019-14051",
      "modified": "2023-12-13T01:23:52.511500Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@qualcomm.com",
        "ID": "CVE-2019-14051",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Snapdragon Industrial IOT",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "MDM9206, MDM9607"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Qualcomm, Inc."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Subsequent additions performed during Module loading while allocating the memory would lead to integer overflow and then to buffer overflow in Snapdragon Industrial IOT in MDM9206, MDM9607"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Integer Overflow to Buffer Overflow Issue in Kernel"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin",
            "refsource": "CONFIRM",
            "url": "https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security.cna@qualcomm.com",
          "ID": "CVE-2019-14051"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Subsequent additions performed during Module loading while allocating the memory would lead to integer overflow and then to buffer overflow in Snapdragon Industrial IOT in MDM9206, MDM9607"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-190"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-02-10T01:01Z",
      "publishedDate": "2020-02-07T05:15Z"
    }
  }
}

GHSA-F8G3-423W-47GV

Vulnerability from github – Published: 2022-05-24 17:08 – Updated: 2022-05-24 17:08

Details

Subsequent additions performed during Module loading while allocating the memory would lead to integer overflow and then to buffer overflow in Snapdragon Industrial IOT in MDM9206, MDM9607

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-14051"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-02-07T05:15:00Z",
    "severity": "HIGH"
  },
  "details": "Subsequent additions performed during Module loading while allocating the memory would lead to integer overflow and then to buffer overflow in Snapdragon Industrial IOT in MDM9206, MDM9607",
  "id": "GHSA-f8g3-423w-47gv",
  "modified": "2022-05-24T17:08:13Z",
  "published": "2022-05-24T17:08:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14051"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTFR-2020-AVI-069

Vulnerability from certfr_avis - Published: 2020-02-04 - Updated: 2020-02-04

De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Google	Android	Google Android toutes versions sans le correctif du 03 février 2020

References

Title

Publication Time

CNVD-2020-09967

Vulnerability from cnvd - Published: 2020-02-17

Title

Qualcomm MDM9206和MDM9607输入验证错误漏洞

Description

Qualcomm MDM9206和MDM9607都是美国高通（Qualcomm）公司的一款中央处理器（CPU）产品。 Qualcomm MDM9206和MDM9607中的Kernel存在输入验证错误漏洞。该漏洞源于网络系统或产品未对输入的数据进行正确的验证。攻击者可利用该漏洞造成缓冲区溢出等。

Severity

高

Patch Name

Qualcomm MDM9206和MDM9607输入验证错误漏洞的补丁

Patch Description

Qualcomm MDM9206和MDM9607都是美国高通（Qualcomm）公司的一款中央处理器（CPU）产品。 Qualcomm MDM9206和MDM9607中的Kernel存在输入验证错误漏洞。该漏洞源于网络系统或产品未对输入的数据进行正确的验证。攻击者可利用该漏洞造成缓冲区溢出等。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-14051

Impacted products

Name
['Qualcomm MDM9206', 'Qualcomm MDM9607']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-14051"
    }
  },
  "description": "Qualcomm MDM9206\u548cMDM9607\u90fd\u662f\u7f8e\u56fd\u9ad8\u901a\uff08Qualcomm\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u4e2d\u592e\u5904\u7406\u5668\uff08CPU\uff09\u4ea7\u54c1\u3002\n\nQualcomm MDM9206\u548cMDM9607\u4e2d\u7684Kernel\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u5bf9\u8f93\u5165\u7684\u6570\u636e\u8fdb\u884c\u6b63\u786e\u7684\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u7f13\u51b2\u533a\u6ea2\u51fa\u7b49\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-09967",
  "openTime": "2020-02-17",
  "patchDescription": "Qualcomm MDM9206\u548cMDM9607\u90fd\u662f\u7f8e\u56fd\u9ad8\u901a\uff08Qualcomm\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u4e2d\u592e\u5904\u7406\u5668\uff08CPU\uff09\u4ea7\u54c1\u3002\r\n\r\nQualcomm MDM9206\u548cMDM9607\u4e2d\u7684Kernel\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u5bf9\u8f93\u5165\u7684\u6570\u636e\u8fdb\u884c\u6b63\u786e\u7684\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u7f13\u51b2\u533a\u6ea2\u51fa\u7b49\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Qualcomm MDM9206\u548cMDM9607\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Qualcomm MDM9206",
      "Qualcomm MDM9607"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-14051",
  "serverity": "\u9ad8",
  "submitTime": "2020-02-11",
  "title": "Qualcomm MDM9206\u548cMDM9607\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}

FKIE_CVE-2019-14051

Vulnerability from fkie_nvd - Published: 2020-02-07 05:15 - Updated: 2024-11-21 04:25

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Subsequent additions performed during Module loading while allocating the memory would lead to integer overflow and then to buffer overflow in Snapdragon Industrial IOT in MDM9206, MDM9607

References

	URL	Tags
	product-security@qualcomm.com	https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin	Vendor Advisory

Impacted products

Vendor	Product	Version
qualcomm	mdm9206_firmware	-
qualcomm	mdm9206	-
qualcomm	mdm9607_firmware	-
qualcomm	mdm9607	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A960B86A-C397-4ACB-AEE6-55F316D32949",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D79B8959-3D1E-4B48-9181-D75FE90AAF98",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A35FECFB-60AE-42A8-BCBB-FEA7D5826D49",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9765187-8653-4D66-B230-B2CE862AC5C0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Subsequent additions performed during Module loading while allocating the memory would lead to integer overflow and then to buffer overflow in Snapdragon Industrial IOT in MDM9206, MDM9607"
    },
    {
      "lang": "es",
      "value": "Las adiciones posteriores llevadas a  cabo durante la carga del M\u00f3dulo mientras se asigna la memoria conllevar\u00eda a un desbordamiento de enteros y luego al desbordamiento del b\u00fafer en los productos Snapdragon Industrial IOT en las versiones  MDM9206, MDM9607."
    }
  ],
  "id": "CVE-2019-14051",
  "lastModified": "2024-11-21T04:25:59.160",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-07T05:15:11.903",
  "references": [
    {
      "source": "product-security@qualcomm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin"
    }
  ],
  "sourceIdentifier": "product-security@qualcomm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-202002-0413

Vulnerability from variot - Updated: 2024-11-23 21:59

Subsequent additions performed during Module loading while allocating the memory would lead to integer overflow and then to buffer overflow in Snapdragon Industrial IOT in MDM9206, MDM9607. (DoS) It may be put into a state. Qualcomm MDM9206 and MDM9607 are both a central processing unit (CPU) product from Qualcomm.

Kernel in Qualcomm MDM9206 and MDM9607 has an input validation error vulnerability. The vulnerability stems from a network system or product that did not properly validate the input data. An attacker could use this vulnerability to cause a buffer overflow and so on

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202002-0413",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mdm9607",
        "scope": "eq",
        "trust": 2.2,
        "vendor": "qualcomm",
        "version": null
      },
      {
        "model": "mdm9206",
        "scope": "eq",
        "trust": 2.2,
        "vendor": "qualcomm",
        "version": null
      },
      {
        "model": "mdm9206",
        "scope": null,
        "trust": 1.4,
        "vendor": "qualcomm",
        "version": null
      },
      {
        "model": "mdm9607",
        "scope": null,
        "trust": 1.4,
        "vendor": "qualcomm",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-09967"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014526"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-207"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-14051"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:qualcomm:mdm9206_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:qualcomm:mdm9607_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014526"
      }
    ]
  },
  "cve": "CVE-2019-14051",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-14051",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.1,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.2,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-014526",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2020-09967",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2019-14051",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-014526",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-14051",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2019-014526",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-09967",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202002-207",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-14051",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-09967"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-14051"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014526"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-207"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-14051"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Subsequent additions performed during Module loading while allocating the memory would lead to integer overflow and then to buffer overflow in Snapdragon Industrial IOT in MDM9206, MDM9607. (DoS) It may be put into a state. Qualcomm MDM9206 and MDM9607 are both a central processing unit (CPU) product from Qualcomm. \n\r\n\r\nKernel in Qualcomm MDM9206 and MDM9607 has an input validation error vulnerability. The vulnerability stems from a network system or product that did not properly validate the input data. An attacker could use this vulnerability to cause a buffer overflow and so on",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-14051"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014526"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-09967"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-14051"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-14051",
        "trust": 3.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014526",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-09967",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-207",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-14051",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-09967"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-14051"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014526"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-207"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-14051"
      }
    ]
  },
  "id": "VAR-202002-0413",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-09967"
      }
    ],
    "trust": 0.06
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-09967"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:59:29.941000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "February 2020 Security Bulletin",
        "trust": 0.8,
        "url": "https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin"
      },
      {
        "title": "Patch for Qualcomm MDM9206 and MDM9607 Input Validation Error Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/201061"
      },
      {
        "title": "Qualcomm MDM9206  and MDM9607 Enter the fix for the verification error vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=107676"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-09967"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014526"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-207"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-190",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014526"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-14051"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14051"
      },
      {
        "trust": 1.7,
        "url": "https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14051"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-february-2020-31507"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/190.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-09967"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-14051"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014526"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-207"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-14051"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-09967"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-14051"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014526"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-207"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-14051"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-09967"
      },
      {
        "date": "2020-02-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-14051"
      },
      {
        "date": "2020-02-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014526"
      },
      {
        "date": "2020-02-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202002-207"
      },
      {
        "date": "2020-02-07T05:15:11.903000",
        "db": "NVD",
        "id": "CVE-2019-14051"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-09967"
      },
      {
        "date": "2020-02-10T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-14051"
      },
      {
        "date": "2020-02-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014526"
      },
      {
        "date": "2020-03-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202002-207"
      },
      {
        "date": "2024-11-21T04:25:59.160000",
        "db": "NVD",
        "id": "CVE-2019-14051"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-207"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Qualcomm MDM9206 and MDM9607 Input Validation Error Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-09967"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-207"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-207"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-14051 (GCVE-0-2019-14051)

GSD-2019-14051

GHSA-F8G3-423W-47GV

CERTFR-2020-AVI-069

Solution

CNVD-2020-09967

FKIE_CVE-2019-14051

VAR-202002-0413

Tags

Sightings

Nomenclature