PT-2020-9433 · Qualcomm · Snapdragon Industrial Iot+11

Published

2020-01-21

Updated

2020-01-23

CVE-2019-14008

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon versions MDM9150, MDM9607, MDM9650, SDM660, SDM845, SM8150, SM8250, SXR2130

Description: The issue is related to a possible null pointer dereference in location assistance data processing due to a missing null check on resources before using them. This affects various Snapdragon products, including Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, and Snapdragon Mobile.

Recommendations: For versions MDM9150, MDM9607, MDM9650, SDM660, SDM845, SM8150, SM8250, SXR2130, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

CVE-2019-14008

Affected Products

Mdm9150

Mdm9607

Mdm9650

Sdm660

Sdm845

Sm8150

Sm8250

Sxr2130

Snapdragon Auto

Snapdragon Consumer Iot

Snapdragon Industrial Iot

Snapdragon Mobile

PT-2020-9433 · Qualcomm · Snapdragon Industrial Iot+11

CVE-2019-14008

Weakness Enumeration

Related Identifiers

Affected Products

References · 3