CVE-2019-14052

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon Auto versions APQ8009 through SXR1130 Qualcomm Snapdragon Compute versions APQ8009 through SXR1130 Qualcomm Snapdragon Consumer IOT versions APQ8009 through SXR1130 Qualcomm Snapdragon Industrial IOT versions APQ8009 through SXR1130 Qualcomm Snapdragon Mobile versions APQ8009 through SXR1130 Qualcomm Snapdragon Voice & Music versions APQ8009 through SXR1130 Qualcomm Snapdragon Wearables versions APQ8009 through SXR1130

Description: Accessing an uninitialized data structure could result in partially copying of contents and thus incorrect processing. This issue affects various Qualcomm Snapdragon products.

Recommendations: For Qualcomm Snapdragon Auto versions APQ8009 through SXR1130, update to a version that initializes data structures properly to prevent incorrect processing. For Qualcomm Snapdragon Compute versions APQ8009 through SXR1130, ensure that all data structures are initialized before use to avoid partially copying contents. For Qualcomm Snapdragon Consumer IOT versions APQ8009 through SXR1130, apply configuration changes to prevent accessing uninitialized data structures. For Qualcomm Snapdragon Industrial IOT versions APQ8009 through SXR1130, restrict access to sensitive data to minimize the risk of exploitation. For Qualcomm Snapdragon Mobile versions APQ8009 through SXR1130, consider disabling vulnerable functions until a patch is available. For Qualcomm Snapdragon Voice & Music versions APQ8009 through SXR1130, avoid using vulnerable parameters in API endpoints until the issue is resolved. For Qualcomm Snapdragon Wearables versions APQ8009 through SXR1130, update to a version that properly initializes data structures to prevent incorrect processing.