CVE-2019-14068

Name of the Vulnerable Software and Affected Versions: Snapdragon Auto versions APQ8009 through SM8250 Snapdragon Compute versions APQ8009 through SM8250 Snapdragon Consumer IOT versions APQ8009 through SM8250 Snapdragon Industrial IOT versions APQ8009 through SM8250 Snapdragon Mobile versions APQ8009 through SM8250 Snapdragon Voice & Music versions APQ8009 through SM8250 Snapdragon Wearables versions APQ8009 through SM8250 Snapdragon Wired Infrastructure and Networking versions APQ8009 through SM8250

Description: The issue is related to out of bound access in msm routing due to a lack of size check before accessing. This affects various Snapdragon products, including Auto, Compute, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wearables, and Wired Infrastructure and Networking.

Recommendations: For Snapdragon Auto versions APQ8009 through SM8250, consider disabling the vulnerable msm routing function until a patch is available. For Snapdragon Compute versions APQ8009 through SM8250, restrict access to the vulnerable msm routing module to minimize the risk of exploitation. For Snapdragon Consumer IOT versions APQ8009 through SM8250, avoid using the vulnerable msm routing parameter in the affected API endpoint until the issue is resolved. For Snapdragon Industrial IOT versions APQ8009 through SM8250, apply configuration changes to limit the impact of the out of bound access issue. For Snapdragon Mobile versions APQ8009 through SM8250, update the software to a version that includes the fix for the out of bound access issue. For Snapdragon Voice & Music versions APQ8009 through SM8250, temporarily disable the msm routing function to prevent exploitation. For Snapdragon Wearables versions APQ8009 through SM8250, restrict access to the vulnerable msm routing module to minimize the risk of exploitation. For Snapdragon Wired Infrastructure and Networking versions APQ8009 through SM8250, consider applying a workaround to limit the impact of the out of bound access issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.