CVE-2019-14012

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon versions MSM8905 through MSM8909 Qualcomm Snapdragon versions MSM8917 through MSM8920 Qualcomm Snapdragon versions MSM8937 through MSM8940 Qualcomm Snapdragon versions MSM8953 Qualcomm Snapdragon versions Nicobar Qualcomm Snapdragon versions QCM2150 Qualcomm Snapdragon versions QM215 Qualcomm Snapdragon versions Rennell Qualcomm Snapdragon versions SC7180 Qualcomm Snapdragon versions SC8180X Qualcomm Snapdragon versions SDA845 Qualcomm Snapdragon versions SDM429 Qualcomm Snapdragon versions SDM439 Qualcomm Snapdragon versions SDM450 Qualcomm Snapdragon versions SDM632 Qualcomm Snapdragon versions SDM845 Qualcomm Snapdragon versions SDM850 Qualcomm Snapdragon versions SDX24 Qualcomm Snapdragon versions SM6150 Qualcomm Snapdragon versions SM7150 Qualcomm Snapdragon versions SM8150

Description: The issue is related to a null pointer dereference that occurs when the array of video codecs from media info is referenced without null checking while processing SDP messages. This affects various Qualcomm Snapdragon products, including Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, and Snapdragon Wearables.

Recommendations: For Qualcomm Snapdragon versions MSM8905 through MSM8909, consider disabling the processing of SDP messages until a patch is available. For Qualcomm Snapdragon versions MSM8917 through MSM8920, restrict access to the media info array to minimize the risk of exploitation. For Qualcomm Snapdragon versions MSM8937 through MSM8940, avoid using the video codecs array in the affected API endpoint until the issue is resolved. For Qualcomm Snapdragon versions MSM8953, Nicobar, QCM2150, QM215, Rennell, SC7180, SC8180X, SDA845, SDM429, SDM439, SDM450, SDM632, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, at the moment, there is no information about a newer version that contains a fix for this vulnerability.