CVE-2019-14011

Name of the Vulnerable Software and Affected Versions: Snapdragon Auto versions APQ8009 through SXR1130 Snapdragon Compute versions APQ8009 through SXR1130 Snapdragon Consumer IOT versions APQ8009 through SXR1130 Snapdragon Industrial IOT versions APQ8009 through SXR1130 Snapdragon IoT versions APQ8009 through SXR1130 Snapdragon Mobile versions APQ8009 through SXR1130 Snapdragon Voice & Music versions APQ8009 through SXR1130 Snapdragon Wearables versions APQ8009 through SXR1130

Description: The issue is related to multiple Read overflows due to improper length checks while decoding 3G attach accept, SMS, pdn connection reject, esm data transport, and bearer modify context reject. This affects various Snapdragon products.

Recommendations: For all affected versions, consider disabling the decoding functionality for 3G attach accept, SMS, pdn connection reject, esm data transport, and bearer modify context reject until a patch is available. Restrict access to the vulnerable components in the affected Snapdragon products to minimize the risk of exploitation. Avoid using the vulnerable Snapdragon products in sensitive environments until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.