CVE-2019-2257
First published: Mon May 06 2019(Updated: )
Wrong permissions in configuration file can lead to unauthorized permission in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 615/16/SD 415, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 855, SDA660, SDM660, SDX20, SDX24
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Android | ||
| Qualcomm Mdm9150 Firmware | ||
| Qualcomm Mdm9150 | ||
| Qualcomm Mdm9607 Firmware | ||
| Qualcomm Mdm9607 | ||
| Qualcomm Mdm9650 Firmware | ||
| Qualcomm Mdm9650 | ||
| Qualcomm Msm8909w Firmware | ||
| Qualcomm Msm8909w | ||
| Qualcomm Msm8996au Firmware | ||
| Qualcomm Msm8996au | ||
| Qualcomm Qcs405 Firmware | ||
| Qualcomm Qcs405 | ||
| Qualcomm Qcs605 Firmware | ||
| Qualcomm Qcs605 | ||
| Qualcomm Sd 210 Firmware | ||
| Qualcomm Sd 210 | ||
| Qualcomm Sd 212 Firmware | ||
| Qualcomm Sd 212 | ||
| Qualcomm Sd 205 Firmware | ||
| Qualcomm Sd 205 | ||
| Qualcomm Sd 615 Firmware | ||
| Qualcomm Sd 615 | ||
| Qualcomm Sd 616 Firmware | ||
| Qualcomm Sd 616 | ||
| Qualcomm Sd 415 Firmware | ||
| Qualcomm Sd 415 | ||
| Qualcomm Sd 636 Firmware | ||
| Qualcomm Sd 636 | ||
| Qualcomm Sd 712 Firmware | ||
| Qualcomm Sd 712 | ||
| Qualcomm Sd 710 Firmware | ||
| Qualcomm Sd 710 | ||
| Qualcomm Sd 670 Firmware | ||
| Qualcomm Sd 670 | ||
| Qualcomm Sd 820 Firmware | ||
| Qualcomm Sd 820 | ||
| Qualcomm Sd 820a Firmware | ||
| Qualcomm Sd 820a | ||
| Qualcomm Sd 855 Firmware | ||
| Qualcomm Sd 855 | ||
| Qualcomm Sda660 Firmware | ||
| Qualcomm Sda660 | ||
| Qualcomm Sdm660 Firmware | ||
| Qualcomm Sdm660 | ||
| Qualcomm Sdx20 Firmware | ||
| Qualcomm Sdx20 | ||
| Qualcomm Sdx24 Firmware | ||
| Google Android |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-2257?
CVE-2019-2257 is a vulnerability related to wrong permissions in configuration file that can lead to unauthorized permission in certain Qualcomm products running Android.
Which Qualcomm products are affected by CVE-2019-2257?
CVE-2019-2257 affects Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, SD 210, SD 212, SD 205, SD 415, SD 615, SD 616, SD 636, SD 712, SD 710, SD 670, SD 820, SD 820a, SD 855, SDA660, SDM660, SDX20, SDX24 with certain firmware versions.
What is the severity of CVE-2019-2257?
CVE-2019-2257 has a severity rating of high.
How can CVE-2019-2257 be fixed?
To fix CVE-2019-2257, it is recommended to follow the instructions provided in the official Android security bulletin and to update the affected Qualcomm products with the latest firmware patches.
What is CWE-732?
CWE-732 is a classification for the vulnerability related to incorrect permissions.
- agent/type
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/qualcomm
- canonical/qualcomm mdm9150 firmware
- canonical/qualcomm mdm9150
- canonical/qualcomm mdm9607 firmware
- canonical/qualcomm mdm9607
- canonical/qualcomm mdm9650 firmware
- canonical/qualcomm mdm9650
- canonical/qualcomm msm8909w firmware
- canonical/qualcomm msm8909w
- canonical/qualcomm msm8996au firmware
- canonical/qualcomm msm8996au
- canonical/qualcomm qcs405 firmware
- canonical/qualcomm qcs405
- canonical/qualcomm qcs605 firmware
- canonical/qualcomm qcs605
- canonical/qualcomm sd 210 firmware
- canonical/qualcomm sd 210
- canonical/qualcomm sd 212 firmware
- canonical/qualcomm sd 212
- canonical/qualcomm sd 205 firmware
- canonical/qualcomm sd 205
- canonical/qualcomm sd 615 firmware
- canonical/qualcomm sd 615
- canonical/qualcomm sd 616 firmware
- canonical/qualcomm sd 616
- canonical/qualcomm sd 415 firmware
- canonical/qualcomm sd 415
- canonical/qualcomm sd 636 firmware
- canonical/qualcomm sd 636
- canonical/qualcomm sd 712 firmware
- canonical/qualcomm sd 712
- canonical/qualcomm sd 710 firmware
- canonical/qualcomm sd 710
- canonical/qualcomm sd 670 firmware
- canonical/qualcomm sd 670
- canonical/qualcomm sd 820 firmware
- canonical/qualcomm sd 820
- canonical/qualcomm sd 820a firmware
- canonical/qualcomm sd 820a
- canonical/qualcomm sd 855 firmware
- canonical/qualcomm sd 855
- canonical/qualcomm sda660 firmware
- canonical/qualcomm sda660
- canonical/qualcomm sdm660 firmware
- canonical/qualcomm sdm660
- canonical/qualcomm sdx20 firmware
- canonical/qualcomm sdx20
- canonical/qualcomm sdx24 firmware
- canonical/google android
- vendor/google