PT-2020-9495 · Qualcomm · Snapdragon

Avel

Published

2020-03-05

Updated

2021-07-21

CVE-2019-14072

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon versions APQ8009 through SM8250

Description: An unhandled paging request is observed due to dereferencing an already freed object because of a race condition between sparse free and sparse bind ioctls which access the same physical entry in various Snapdragon products, including Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, and Snapdragon Wearables.

Recommendations: For Qualcomm Snapdragon versions APQ8009 through SM8250, at the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Race Condition

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-416

Related Identifiers

CVE-2019-14072

Affected Products

Snapdragon

PT-2020-9495 · Qualcomm · Snapdragon

CVE-2019-14072

Weakness Enumeration

Related Identifiers

Affected Products

References · 3