CVE-2019-14020

Name of the Vulnerable Software and Affected Versions: Snapdragon Auto versions prior to the fixed version Snapdragon Compute versions prior to the fixed version Snapdragon Consumer IOT versions prior to the fixed version Snapdragon Industrial IOT versions prior to the fixed version Snapdragon Mobile versions prior to the fixed version Snapdragon Wearables versions prior to the fixed version APQ8053 versions prior to the fixed version APQ8076 versions prior to the fixed version APQ8096 versions prior to the fixed version APQ8096AU versions prior to the fixed version APQ8098 versions prior to the fixed version MDM9150 versions prior to the fixed version MDM9205 versions prior to the fixed version MDM9206 versions prior to the fixed version MDM9607 versions prior to the fixed version MDM9615 versions prior to the fixed version MDM9625 versions prior to the fixed version MDM9635M versions prior to the fixed version MDM9640 versions prior to the fixed version MDM9645 versions prior to the fixed version MDM9650 versions prior to the fixed version MDM9655 versions prior to the fixed version MSM8905 versions prior to the fixed version MSM8909 versions prior to the fixed version MSM8909W versions prior to the fixed version MSM8917 versions prior to the fixed version MSM8920 versions prior to the fixed version MSM8937 versions prior to the fixed version MSM8940 versions prior to the fixed version MSM8953 versions prior to the fixed version MSM8996AU versions prior to the fixed version MSM8998 versions prior to the fixed version Nicobar versions prior to the fixed version QCM2150 versions prior to the fixed version QCS605 versions prior to the fixed version QM215 versions prior to the fixed version Rennell versions prior to the fixed version SC7180 versions prior to the fixed version SC8180X versions prior to the fixed version SDA660 versions prior to the fixed version SDA845 versions prior to the fixed version SDM429 versions prior to the fixed version SDM429W versions prior to the fixed version SDM439 versions prior to the fixed version SDM450 versions prior to the fixed version SDM630 versions prior to the fixed version SDM632 versions prior to the fixed version SDM636 versions prior to the fixed version SDM660 versions prior to the fixed version SDM670 versions prior to the fixed version SDM710 versions prior to the fixed version SDM845 versions prior to the fixed version SDM850 versions prior to the fixed version SDX20 versions prior to the fixed version SDX24 versions prior to the fixed version SDX55 versions prior to the fixed version SM6150 versions prior to the fixed version SM7150 versions prior to the fixed version SM8150 versions prior to the fixed version SXR1130 versions prior to the fixed version

Description: The issue is related to multiple Read overflows due to improper length checks while decoding certain requests, including dedicated eps bearer req, act def context req, cs serv notification, emm info, and guti realloc cmd. This affects various Snapdragon products, including Auto, Compute, Consumer IOT, Industrial IOT, Mobile, and Wearables, as well as specific chipsets.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.