1. Home
  2. CVE Database
  3. CVE-2019-2346
HIGH · 7.8

CVE-2019-2346

Firmware is getting into loop of overwriting memory when scan command is given from host because of improper validation. in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snap...

Vulnerability Description

Firmware is getting into loop of overwriting memory when scan command is given from host because of improper validation. in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, QCA8081, QCS404, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
QualcommIpq8074 Firmware-
QualcommIpq8074-
QualcommQca8081 Firmware-
QualcommQca8081-
QualcommQcs404 Firmware-
QualcommQcs404-
QualcommQcs405 Firmware-
QualcommQcs405-
QualcommQcs605 Firmware-
QualcommQcs605-
QualcommSd 425 Firmware-
QualcommSd 425-
QualcommSd 427 Firmware-
QualcommSd 427-
QualcommSd 430 Firmware-
QualcommSd 430-
QualcommSd 435 Firmware-
QualcommSd 435-
QualcommSd 450 Firmware-
QualcommSd 450-

Related Weaknesses (CWE)

CWE-129

References

FAQ

What is CVE-2019-2346?

CVE-2019-2346 is a vulnerability with a CVSS score of 7.8 (HIGH). Firmware is getting into loop of overwriting memory when scan command is given from host because of improper validation. in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snap...

How severe is CVE-2019-2346?

CVE-2019-2346 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-2346?

Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Ipq8074 Firmware, Qualcomm Ipq8074, Qualcomm Qca8081 Firmware, Qualcomm Qca8081, Qualcomm Qcs404 Firmware.