CVE-2019-14060

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon versions (affected versions not specified)

Description: The issue arises from the use of uninitialized stack data. This occurs when memory is not allocated for a blob or when the allocated blob is less than the required struct size, due to a lack of check on the return value for read or write blob operations. This affects various Qualcomm Snapdragon products, including Auto, Compute, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wearables, and Wired Infrastructure and Networking, across a range of chipsets such as APQ8009, APQ8017, and others.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.