CVE-2019-14047

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon versions in APQ8053, APQ8096AU, MDM9607, MSM8909W, MSM8996, MSM8996AU, QCN7605, QCS605, SC8180X, SDA845, SDX20, SDX24, SDX55, SM8150, SXR1130

Description: The issue arises when the IPA driver processes a route add rule IOCTL without validating the rule ID before adding it to the IPA HW commit list. This affects various Snapdragon products, including Auto, Compute, Connectivity, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, and Wearables.

Recommendations: For Qualcomm Snapdragon versions in APQ8053, APQ8096AU, MDM9607, MSM8909W, MSM8996, MSM8996AU, QCN7605, QCS605, SC8180X, SDA845, SDX20, SDX24, SDX55, SM8150, SXR1130, consider disabling the IPA driver's route add rule IOCTL processing until a patch is available. As a temporary workaround, restrict access to the IPA HW commit list to minimize the risk of exploitation. Avoid using the rule ID in the affected IPA driver until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.