CVE-2019-14074

Name of the Vulnerable Software and Affected Versions: Snapdragon Auto versions APQ8009 through SXR2130 Snapdragon Compute versions APQ8009 through SXR2130 Snapdragon Connectivity versions APQ8009 through SXR2130 Snapdragon Consumer Electronics Connectivity versions APQ8009 through SXR2130 Snapdragon Consumer IOT versions APQ8009 through SXR2130 Snapdragon Industrial IOT versions APQ8009 through SXR2130 Snapdragon Mobile versions APQ8009 through SXR2130 Snapdragon Voice & Music versions APQ8009 through SXR2130 Snapdragon Wearables versions APQ8009 through SXR2130 Snapdragon Wired Infrastructure and Networking versions APQ8009 through SXR2130

Description: A heap overflow issue exists in the diag command handler due to the lack of check of packet length received from the user. This issue affects various Snapdragon products.

Recommendations: For all affected versions, consider implementing a check for packet length in the diag command handler to prevent heap overflow. As a temporary workaround, consider restricting access to the diag command handler until a patch is available. For specific versions, update to a newer version that includes the fix for this issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.