PT-2020-10889 · Qualcomm · Qcm2150+27

Published

2020-03-05

Updated

2020-03-05

CVE-2019-2317

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon versions (affected versions not specified)

Description The issue concerns the predictability of the Initial Sequence Number in the TCP SYN packet due to a brute-forceable secret key. This affects various Qualcomm Snapdragon products, including Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, and Snapdragon Wearables, across specific chipsets such as MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, Nicobar, QCM2150, QM215, SC8180X, SDM429, SDM439, SDM450, SDM632, SDX24, SDX55, SM6150, SM7150, and SM8150.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use of Insufficiently Random Values

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-330

Related Identifiers

CVE-2019-2317

Affected Products

Msm8905

Msm8909W

Msm8917

Msm8920

Msm8937

Msm8940

Msm8953

Nicobar

Qcm2150

Qm215

Sc8180X

Sdm429

Sdm439

Sdm450

Sdm632

Sdx24

Sdx55

Sm6150

Sm7150

Sm8150

Snapdragon Auto

Snapdragon Compute

Snapdragon Consumer Iot

Snapdragon Industrial Iot

Snapdragon Iot

Snapdragon Mobile

Snapdragon Voice & Music

Snapdragon Wearables

PT-2020-10889 · Qualcomm · Qcm2150+27

CVE-2019-2317

Weakness Enumeration

Related Identifiers

Affected Products

References · 2