CVE-2019-14054

Name of the Vulnerable Software and Affected Versions: Snapdragon Compute versions prior to the fixed version Snapdragon Consumer IOT versions prior to the fixed version Snapdragon Industrial IOT versions prior to the fixed version Snapdragon Mobile versions prior to the fixed version Snapdragon Wired Infrastructure and Networking versions prior to the fixed version Kamorta versions prior to the fixed version MSM8998 versions prior to the fixed version QCS404 versions prior to the fixed version QCS605 versions prior to the fixed version SDA660 versions prior to the fixed version SDA845 versions prior to the fixed version SDM630 versions prior to the fixed version SDM636 versions prior to the fixed version SDM660 versions prior to the fixed version SDM670 versions prior to the fixed version SDM710 versions prior to the fixed version SDM845 versions prior to the fixed version SDM850 versions prior to the fixed version SM8150 versions prior to the fixed version SXR1130 versions prior to the fixed version SXR2130 versions prior to the fixed version

Description: The issue is related to improper permissions in the XBL SEC region, which allows a user to update XBL SEC code and data. This can also divert the RAM dump path to the normal cold boot path.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.