PT-2020-9453 · Qualcomm · Sdm710+24

Published

2020-03-05

Updated

2020-03-09

CVE-2019-14027

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon versions APQ8098, IPQ6018, IPQ8074, MSM8998, Nicobar, QCA8081, QCN7605, QCS404, QCS605, Rennell, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130, SXR2130

Description: The issue is caused by a buffer overflow due to the lack of an upper bound check on channel length, which is used for a loop. This affects various Qualcomm Snapdragon products, including Compute, Connectivity, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, Mobile, and Wired Infrastructure and Networking.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

CVE-2019-14027

Affected Products

Apq8098

Ipq6018

Ipq8074

Msm8998

Nicobar

Qca8081

Qcn7605

Qcs404

Qcs605

Rennell

Sc8180X

Sda660

Sda845

Sdm630

Sdm636

Sdm660

Sdm670

Sdm710

Sdm845

Sdm850

Sm6150

Sm7150

Sm8150

Sxr1130

Sxr2130

PT-2020-9453 · Qualcomm · Sdm710+24

CVE-2019-14027

Weakness Enumeration

Related Identifiers

Affected Products

References · 3