CVE-2019-14021

Name of the Vulnerable Software and Affected Versions: Snapdragon Auto versions prior to the fixed version Snapdragon Compute versions prior to the fixed version Snapdragon Consumer IOT versions prior to the fixed version Snapdragon Industrial IOT versions prior to the fixed version Snapdragon Mobile versions prior to the fixed version Snapdragon Wearables versions prior to the fixed version APQ8096AU version prior to the fixed version APQ8098 version prior to the fixed version MDM9150 version prior to the fixed version MDM9206 version prior to the fixed version MDM9607 version prior to the fixed version MDM9640 version prior to the fixed version MDM9650 version prior to the fixed version MSM8905 version prior to the fixed version MSM8909 version prior to the fixed version MSM8909W version prior to the fixed version MSM8917 version prior to the fixed version MSM8920 version prior to the fixed version MSM8937 version prior to the fixed version MSM8940 version prior to the fixed version MSM8953 version prior to the fixed version MSM8996AU version prior to the fixed version MSM8998 version prior to the fixed version Nicobar version prior to the fixed version QCM2150 version prior to the fixed version QCS605 version prior to the fixed version QM215 version prior to the fixed version Rennell version prior to the fixed version SC7180 version prior to the fixed version SC8180X version prior to the fixed version SDA660 version prior to the fixed version SDA845 version prior to the fixed version SDM429 version prior to the fixed version SDM429W version prior to the fixed version SDM439 version prior to the fixed version SDM450 version prior to the fixed version SDM630 version prior to the fixed version SDM632 version prior to the fixed version SDM636 version prior to the fixed version SDM660 version prior to the fixed version SDM670 version prior to the fixed version SDM710 version prior to the fixed version SDM845 version prior to the fixed version SDM850 version prior to the fixed version SDX20 version prior to the fixed version SDX24 version prior to the fixed version SDX55 version prior to the fixed version SM6150 version prior to the fixed version SM7150 version prior to the fixed version SM8150 version prior to the fixed version SXR1130 version prior to the fixed version

Description: A possible buffer overrun occurs when processing EFS filename and payload sent over the diag interface due to a lack of check for filename length and payload size received. This issue affects various Snapdragon products, including Auto, Compute, Consumer IOT, Industrial IOT, Mobile, and Wearables, as well as specific chipsets.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.