CVE-2019-2236 : Null pointer dereference during secure application termination using specific ap

Null pointer dereference during secure application termination using specific application ids. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCA8081, QCS605, Qualcomm 215, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

Published 2019-07-25 17:15:12

Updated 2019-07-26 17:44:08

Source Qualcomm, Inc.

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2019-2236

Qualcomm » Mdm9206 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9206 » Version: N/A
Qualcomm » Mdm9607 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9607 » Version: N/A
Qualcomm » Mdm9650 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9650 » Version: N/A
Qualcomm » Sd 410 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 410 » Version: N/A
Qualcomm » Sd 425 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 425 » Version: N/A
Qualcomm » Sd 430 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 430 » Version: N/A
Qualcomm » Sd 625 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 625 » Version: N/A
Qualcomm » Sd 650 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 650 » Version: N/A
Qualcomm » Sd 820 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 820 » Version: N/A
Qualcomm » Sd 835 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 835 » Version: N/A
Qualcomm » Sd 412 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 412 » Version: N/A
Qualcomm » Sd 652 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 652 » Version: N/A
Qualcomm » Sd 450 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 450 » Version: N/A
Qualcomm » Mdm9655 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9655 » Version: N/A
Qualcomm » Sd 820a Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 820a » Version: N/A
Qualcomm » Sd 427 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_427_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 427 » Version: N/A
Qualcomm » Sd 435 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_435_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 435 » Version: N/A
Qualcomm » Sdm630 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm630 » Version: N/A
Qualcomm » Sdm660 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm660 » Version: N/A
Qualcomm » Msm8996au Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8996au » Version: N/A
Qualcomm » Snapdragon High Med 2016 Firmware » Version: N/A
cpe:2.3:o:qualcomm:snapdragon_high_med_2016_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Snapdragon High Med 2016 » Version: N/A
Qualcomm » Sdm439 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm439_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm439 » Version: N/A
Qualcomm » Sda660 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sda660 » Version: N/A
Qualcomm » Ipq8074 Firmware » Version: N/A
cpe:2.3:o:qualcomm:ipq8074_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Ipq8074 » Version: N/A
Qualcomm » Sxr1130 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sxr1130_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sxr1130 » Version: N/A
Qualcomm » Sd 439 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_439_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 439 » Version: N/A
Qualcomm » Sd 429 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_429_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 429 » Version: N/A
Qualcomm » Sd 632 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_632_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 632 » Version: N/A
Qualcomm » Sd 636 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_636_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 636 » Version: N/A
Qualcomm » Sd 712 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_712_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 712 » Version: N/A
Qualcomm » Sd 710 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_710_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 710 » Version: N/A
Qualcomm » Sd 670 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_670_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 670 » Version: N/A
Qualcomm » Qualcomm 215 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qualcomm_215_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qualcomm 215 » Version: N/A
Qualcomm » Qcs605 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcs605 » Version: N/A
Qualcomm » Sd 675 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_675_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 675 » Version: N/A
Qualcomm » Sd 8cx Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_8cx_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 8cx » Version: N/A
Qualcomm » Qca8081 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca8081 » Version: N/A
Qualcomm » Sd 730 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_730_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 730 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2019-2236

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 10 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-2236

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:N/I:N/A:P	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2019-2236

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2019-2236

https://www.qualcomm.com/company/product-security/bulletins

Security Advisories | Product Security | Qualcomm
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2019-2236

Products affected by CVE-2019-2236

Exploit prediction scoring system (EPSS) score for CVE-2019-2236

CVSS scores for CVE-2019-2236

CWE ids for CVE-2019-2236

References for CVE-2019-2236