CVE-2019-14075

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon versions MDM9607, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCS605, Rennell, Saipan, SDM450, SDM630, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SM8250, SXR2130

Description: The issue is a null pointer dereference in the radio interface layer due to a lack of null check in the sapmodule destructor. This affects various Qualcomm Snapdragon products, including Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, and Snapdragon Mobile.

Recommendations: For Qualcomm Snapdragon versions MDM9607, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCS605, Rennell, Saipan, SDM450, SDM630, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SM8250, SXR2130, consider disabling the sapmodule destructor until a patch is available. As a temporary workaround, restrict access to the radio interface layer to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.