cvelist/2019/2xxx/CVE-2019-2338.json

{
   "CVE_data_meta": {
      "ASSIGNER": "product-security@qualcomm.com",
      "ID": "CVE-2019-2338",
      "STATE": "PUBLIC"
   },
   "affects": {
      "vendor": {
         "vendor_data": [
            {
               "product": {
                  "product_data": [
                     {
                        "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking",
                        "version": {
                           "version_data": [
                              {
                                 "version_value": "MDM9205, MSM8998, QCS404, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name": "Qualcomm, Inc."
            }
         ]
      }
   },
   "data_format": "MITRE",
   "data_type": "CVE",
   "data_version": "4.0",
   "description": {
      "description_data": [
         {
            "lang": "eng",
            "value": "Crafted image that has a valid signature from a non-QC entity can be loaded which can read/write memory that belongs to the secure world in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, MSM8998, QCS404, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130"
         }
      ]
   },
   "problemtype": {
      "problemtype_data": [
         {
            "description": [
               {
                  "lang": "eng",
                  "value": "Use of Out-of-range Pointer Offset in QTEE"
               }
            ]
         }
      ]
   },
   "references": {
      "reference_data": [
         {
            "name": "https://www.qualcomm.com/company/product-security/bulletins/november-2019-bulletin",
            "refsource": "CONFIRM",
            "url": "https://www.qualcomm.com/company/product-security/bulletins/november-2019-bulletin"
         }
      ]
   }
}
- Synchronized data. 2018-12-10 11:03:16 -05:00			`{`
Qualcomm_12-12-2019 2019-12-12 13:56:26 +05:30			`"CVE_data_meta": {`
			`"ASSIGNER": "product-security@qualcomm.com",`
			`"ID": "CVE-2019-2338",`
			`"STATE": "PUBLIC"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
"-Synchronized-Data." 2019-03-18 06:58:40 +00:00			`{`
Qualcomm_12-12-2019 2019-12-12 13:56:26 +05:30			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "MDM9205, MSM8998, QCS404, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Qualcomm, Inc."`
"-Synchronized-Data." 2019-03-18 06:58:40 +00:00			`}`
Qualcomm_12-12-2019 2019-12-12 13:56:26 +05:30			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
			`"value": "Crafted image that has a valid signature from a non-QC entity can be loaded which can read/write memory that belongs to the secure world in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, MSM8998, QCS404, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130"`
			`}`
			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "Use of Out-of-range Pointer Offset in QTEE"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "https://www.qualcomm.com/company/product-security/bulletins/november-2019-bulletin",`
			`"refsource": "CONFIRM",`
			`"url": "https://www.qualcomm.com/company/product-security/bulletins/november-2019-bulletin"`
			`}`
			`]`
			`}`
"-Synchronized-Data." 2019-03-18 06:58:40 +00:00			`}`