CVE-2019-2308

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

User application could potentially make RPC call to the fastrpc driver and the driver will allow the message to go through to the remote subsystem in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24

References

https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin

Details

Source: MITRE

Published: 2019-07-25

Updated: 2020-08-24

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

AND

OR

cpe:2.3:o:qualcomm:mdm9150_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:qualcomm:mdm9150:-:*:*:*:*:*:*:*

Configuration 2

AND

OR

cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*

Configuration 3

AND

OR

cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*

Configuration 4

AND

OR

cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*

Configuration 5

AND

OR

cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*

Configuration 6

AND

OR

cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:qualcomm:qcs405:-:*:*:*:*:*:*:*

Configuration 7

AND

OR

cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*

Configuration 8

AND

OR

cpe:2.3:o:qualcomm:qualcomm_215_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:qualcomm:qualcomm_215:-:*:*:*:*:*:*:*

Configuration 9

AND

OR

cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*

Configuration 10

AND

OR

cpe:2.3:o:qualcomm:sd_427_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:qualcomm:sd_427:-:*:*:*:*:*:*:*

Configuration 11

AND

OR

cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*

Configuration 12

AND

OR

cpe:2.3:o:qualcomm:sd_435_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:qualcomm:sd_435:-:*:*:*:*:*:*:*

Configuration 13

AND

OR

cpe:2.3:o:qualcomm:sd_439_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:qualcomm:sd_439:-:*:*:*:*:*:*:*

Configuration 14

AND

OR

cpe:2.3:o:qualcomm:sd_429_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:qualcomm:sd_429:-:*:*:*:*:*:*:*

Configuration 15

AND

OR

cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*

Configuration 16

AND

OR

cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*

Configuration 17

AND

OR

cpe:2.3:o:qualcomm:sd_632_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:qualcomm:sd_632:-:*:*:*:*:*:*:*

Configuration 18

AND

OR

cpe:2.3:o:qualcomm:sd_636_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:qualcomm:sd_636:-:*:*:*:*:*:*:*

Configuration 19

AND

OR

cpe:2.3:o:qualcomm:sd_665_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:qualcomm:sd_665:-:*:*:*:*:*:*:*

Configuration 20

AND

OR

cpe:2.3:o:qualcomm:sd_675_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:qualcomm:sd_675:-:*:*:*:*:*:*:*

Configuration 21

AND

OR

cpe:2.3:o:qualcomm:sd_712_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:qualcomm:sd_712:-:*:*:*:*:*:*:*

Configuration 22

AND

OR

cpe:2.3:o:qualcomm:sd_710_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:qualcomm:sd_710:-:*:*:*:*:*:*:*

Configuration 23

AND

OR

cpe:2.3:o:qualcomm:sd_670_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:qualcomm:sd_670:-:*:*:*:*:*:*:*

Configuration 24

AND

OR

cpe:2.3:o:qualcomm:sd_730_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:qualcomm:sd_730:-:*:*:*:*:*:*:*

Configuration 25

AND

OR

cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*

Configuration 26

AND

OR

cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*

Configuration 27

AND

OR

cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*

Configuration 28

AND

OR

cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*

Configuration 29

AND

OR

cpe:2.3:o:qualcomm:sd_855_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:qualcomm:sd_855:-:*:*:*:*:*:*:*

Configuration 30

AND

OR

cpe:2.3:o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:qualcomm:sda660:-:*:*:*:*:*:*:*

Configuration 31

AND

OR

cpe:2.3:o:qualcomm:sdm439_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:qualcomm:sdm439:-:*:*:*:*:*:*:*

Configuration 32

AND

OR

cpe:2.3:o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:qualcomm:sdm630:-:*:*:*:*:*:*:*

Configuration 33

AND

OR

cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:qualcomm:sdm660:-:*:*:*:*:*:*:*

Configuration 34

AND

OR

cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*

Configuration 35

AND

OR

cpe:2.3:o:qualcomm:sdx24_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:qualcomm:sdx24:-:*:*:*:*:*:*:*

Tenable Plugins

View all (2 total)

IDNameProductFamilySeverity
151690Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9362)NessusOracle Linux Local Security Checks
high
151689Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9363)NessusOracle Linux Local Security Checks
high