1. Home
  2. CVE Database
  3. CVE-2019-2343
MEDIUM · 5.5

CVE-2019-2343

Out of bound read and information disclosure in firmware due to insufficient checking of an embedded structure that can be sent from a kernel driver in Snapdragon Auto, Snapdragon Compute, Snapdragon ...

Vulnerability Description

Out of bound read and information disclosure in firmware due to insufficient checking of an embedded structure that can be sent from a kernel driver in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

CVSS Score

5.5

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
QualcommMsm8909W Firmware-
QualcommMsm8909W-
QualcommMsm8996Au Firmware-
QualcommMsm8996Au-
QualcommQcs605 Firmware-
QualcommQcs605-
QualcommQualcomm 215 Firmware-
QualcommQualcomm 215-
QualcommSd 210 Firmware-
QualcommSd 210-
QualcommSd 212 Firmware-
QualcommSd 212-
QualcommSd 205 Firmware-
QualcommSd 205-
QualcommSd 425 Firmware-
QualcommSd 425-
QualcommSd 427 Firmware-
QualcommSd 427-
QualcommSd 430 Firmware-
QualcommSd 430-

Related Weaknesses (CWE)

CWE-125

References

FAQ

What is CVE-2019-2343?

CVE-2019-2343 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Out of bound read and information disclosure in firmware due to insufficient checking of an embedded structure that can be sent from a kernel driver in Snapdragon Auto, Snapdragon Compute, Snapdragon ...

How severe is CVE-2019-2343?

CVE-2019-2343 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-2343?

Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Msm8909W Firmware, Qualcomm Msm8909W, Qualcomm Msm8996Au Firmware, Qualcomm Msm8996Au, Qualcomm Qcs605 Firmware.