CVE-2019-14025

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon Auto versions prior to the fixed version Qualcomm Snapdragon Compute versions prior to the fixed version Qualcomm Snapdragon Consumer IOT versions prior to the fixed version Qualcomm Snapdragon Industrial IOT versions prior to the fixed version Qualcomm Snapdragon Mobile versions prior to the fixed version Qualcomm Snapdragon Wired Infrastructure and Networking versions prior to the fixed version Kamorta versions prior to the fixed version QCS404 versions prior to the fixed version QCS610 versions prior to the fixed version Rennell versions prior to the fixed version SC7180 versions prior to the fixed version SDX55 versions prior to the fixed version SM6150 versions prior to the fixed version SM7150 versions prior to the fixed version SM8250 versions prior to the fixed version SXR2130 versions prior to the fixed version

Description: When a new session is created, an object is returned that contains TZ addresses and it gets passed to HLOS as a handle to refer to a particular session, which can cause TZ to jump to an invalid address.

Recommendations: As a temporary workaround, consider restricting access to the session creation mechanism until a patch is available. For each affected version, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.