CVE-2019-14070

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon versions APQ8009 through SXR2130

Description: A possible use after free issue exists in pcm volume controls due to a race condition in private data used in mixer controls. This issue affects various Qualcomm Snapdragon products, including Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, and Snapdragon Wired Infrastructure and Networking.

Recommendations: For Qualcomm Snapdragon versions APQ8009 through SXR2130, consider disabling the vulnerable mixer controls until a patch is available. Restrict access to the private data used in mixer controls to minimize the risk of exploitation. Avoid using the vulnerable pcm volume controls in the affected products until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.