CVE-2019-14067

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon versions APQ8009 through SXR2130

Description: Using non-time-constant functions like memcmp to compare sensitive data can lead to information leakage through timing side channel issue. This issue affects various Qualcomm Snapdragon products, including Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, and Snapdragon Wired Infrastructure and Networking.

Recommendations: For Qualcomm Snapdragon versions APQ8009 through SXR2130, consider using time-constant functions to compare sensitive data as a mitigation measure. As a temporary workaround, consider disabling the use of memcmp function for sensitive data comparisons until a patch is available. Restrict access to sensitive data to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.