CVE-2019-2255 : An unprivileged user can craft a bitstream such that the payload encoded in the

An unprivileged user can craft a bitstream such that the payload encoded in the bitstream gains code execution in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

Published 2019-06-14 17:29:02

Updated 2020-08-24 17:37:01

Source Qualcomm, Inc.

View at NVD, CVE.org

Products affected by CVE-2019-2255

Qualcomm » Sd 210 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 210 » Version: N/A
Qualcomm » Sd 212 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 212 » Version: N/A
Qualcomm » Sd 425 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 425 » Version: N/A
Qualcomm » Sd 430 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 430 » Version: N/A
Qualcomm » Sd 625 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 625 » Version: N/A
Qualcomm » Sd 820 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 820 » Version: N/A
Qualcomm » Sd 835 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 835 » Version: N/A
Qualcomm » Sd 845 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 845 » Version: N/A
Qualcomm » Sd 205 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 205 » Version: N/A
Qualcomm » Sd 450 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 450 » Version: N/A
Qualcomm » Msm8909w Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8909w » Version: N/A
Qualcomm » Sd 850 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 850 » Version: N/A
Qualcomm » Sd 820a Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 820a » Version: N/A
Qualcomm » Sd 427 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_427_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 427 » Version: N/A
Qualcomm » Sd 435 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_435_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 435 » Version: N/A
Qualcomm » Sdm630 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm630 » Version: N/A
Qualcomm » Sdm660 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm660 » Version: N/A
Qualcomm » Msm8996au Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8996au » Version: N/A
Qualcomm » Snapdragon High Med 2016 Firmware » Version: N/A
cpe:2.3:o:qualcomm:snapdragon_high_med_2016_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Snapdragon High Med 2016 » Version: N/A
Qualcomm » Sdm439 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm439_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm439 » Version: N/A
Qualcomm » Sda660 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sda660 » Version: N/A
Qualcomm » Sxr1130 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sxr1130_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sxr1130 » Version: N/A
Qualcomm » Sd 439 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_439_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 439 » Version: N/A
Qualcomm » Sd 429 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_429_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 429 » Version: N/A
Qualcomm » Sd 632 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_632_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 632 » Version: N/A
Qualcomm » Sd 636 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_636_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 636 » Version: N/A
Qualcomm » Sd 712 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_712_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 712 » Version: N/A
Qualcomm » Sd 710 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_710_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 710 » Version: N/A
Qualcomm » Sd 670 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_670_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 670 » Version: N/A
Qualcomm » Sd 855 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_855_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 855 » Version: N/A
Qualcomm » Qcs605 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcs605 » Version: N/A
Qualcomm » Sd 675 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_675_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 675 » Version: N/A
Qualcomm » Sd 8cx Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_8cx_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 8cx » Version: N/A
Qualcomm » Qm215 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qm215_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qm215 » Version: N/A
Qualcomm » Sd 730 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_730_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 730 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2019-2255

EPSS FAQ

0.66%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 69 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-2255

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2019-2255

https://www.qualcomm.com/company/product-security/bulletins

Security Advisories | Product Security | Qualcomm
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2019-2255

Products affected by CVE-2019-2255

Exploit prediction scoring system (EPSS) score for CVE-2019-2255

CVSS scores for CVE-2019-2255

References for CVE-2019-2255