CVE-2019-14026

Name of the Vulnerable Software and Affected Versions: Snapdragon Auto versions APQ8009 through SXR2130 Snapdragon Compute versions APQ8009 through SXR2130 Snapdragon Connectivity versions APQ8009 through SXR2130 Snapdragon Consumer Electronics Connectivity versions APQ8009 through SXR2130 Snapdragon Consumer IOT versions APQ8009 through SXR2130 Snapdragon Industrial IOT versions APQ8009 through SXR2130 Snapdragon Mobile versions APQ8009 through SXR2130 Snapdragon Voice & Music versions APQ8009 through SXR2130 Snapdragon Wired Infrastructure and Networking versions APQ8009 through SXR2130

Description: A possible buffer overflow in the WLAN WMI handler due to a lack of ssid length check when copying data. This issue affects various Snapdragon products, including Auto, Compute, Connectivity, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, and Wired Infrastructure and Networking.

Recommendations: For Snapdragon Auto versions APQ8009 through SXR2130, consider disabling the WLAN WMI handler until a patch is available. For Snapdragon Compute versions APQ8009 through SXR2130, restrict access to the WLAN WMI handler to minimize the risk of exploitation. For Snapdragon Connectivity versions APQ8009 through SXR2130, avoid using the ssid parameter in the affected API endpoint until the issue is resolved. For Snapdragon Consumer Electronics Connectivity versions APQ8009 through SXR2130, apply configuration changes to limit the impact of the buffer overflow. For Snapdragon Consumer IOT versions APQ8009 through SXR2130, temporarily disable the WLAN WMI handler until a patch is available. For Snapdragon Industrial IOT versions APQ8009 through SXR2130, restrict access to the WLAN WMI handler to minimize the risk of exploitation. For Snapdragon Mobile versions APQ8009 through SXR2130, consider disabling the WLAN WMI handler until a patch is available. For Snapdragon Voice & Music versions APQ8009 through SXR2130, avoid using the ssid parameter in the affected API endpoint until the issue is resolved. For Snapdragon Wired Infrastructure and Networking versions APQ8009 through SXR2130, apply configuration changes to limit the impact of the buffer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.