PT-2020-9488 · Qualcomm · Snapdragon Industrial Iot+26

Published

2020-02-07

Updated

2020-02-10

CVE-2019-14063

CVSS v2.0

9.4

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:C

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon versions (affected versions not specified)

Description: The issue is related to out of bound access due to invalid inputs to dapm mux settings, resulting in kernel failure. This affects various Qualcomm Snapdragon products, including Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking, in multiple chipsets such as IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9607, Nicobar, QCS405, Rennell, SA6155P, Saipan, SC8180X, SDM630, SDM636, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2019-14063

Affected Products

Ipq4019

Ipq6018

Ipq8064

Ipq8074

Mdm9607

Nicobar

Qcs405

Rennell

Sa6155P

Sc8180X

Sdm630

Sdm636

Sdm660

Sdx55

Sm6150

Sm7150

Sm8150

Sm8250

Sxr2130

Saipan

Snapdragon Auto

Snapdragon Compute

Snapdragon Consumer Iot

Snapdragon Industrial Iot

Snapdragon Mobile

Snapdragon Voice & Music

Snapdragon Wired Infrastructure/Networking

PT-2020-9488 · Qualcomm · Snapdragon Industrial Iot+26

CVE-2019-14063

Weakness Enumeration

Related Identifiers

Affected Products

References · 2