PT-2020-9450 · Qualcomm · Sdm710+19

Published

2020-01-21

Updated

2020-01-24

CVE-2019-14024

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon versions in MSM8917, MSM8953, Nicobar, QM215, Rennell, SDM429, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR2130

Description: A possible stack-use-after-scope issue exists in the NFC use case for card emulation. This issue may be present in various Qualcomm Snapdragon products, including Snapdragon Auto, Snapdragon Industrial IOT, and Snapdragon Mobile.

Recommendations: For Qualcomm Snapdragon versions in MSM8917, MSM8953, Nicobar, QM215, Rennell, SDM429, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR2130, consider disabling the NFC card emulation feature until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

CVE-2019-14024

Affected Products

Msm8917

Msm8953

Nicobar

Qm215

Rennell

Sdm429

Sdm439

Sdm450

Sdm632

Sdm670

Sdm710

Sdm845

Sm6150

Sm7150

Sm8150

Sm8250

Sxr2130

Snapdragon Auto

Snapdragon Industrial Iot

Snapdragon Mobile

PT-2020-9450 · Qualcomm · Sdm710+19

CVE-2019-14024

Weakness Enumeration

Related Identifiers

Affected Products

References · 2