CVE-2019-14078

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon versions in APQ8009, APQ8098, MSM8909, MSM8998, SDA660, SDA845, SDM630, SDM636, SDM660, SDM845

Description: The issue is related to out of bound memory access while processing qpay due to not validating the length of the response buffer provided by the User. This affects various Qualcomm Snapdragon products, including Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, and Snapdragon Wired Infrastructure and Networking.

Recommendations: For APQ8009, consider validating the length of the response buffer provided by the User to prevent out of bound memory access. For APQ8098, ensure proper validation of the response buffer length to mitigate the issue. For MSM8909, validate the response buffer length to prevent exploitation. For MSM8998, proper validation of the response buffer length is necessary to resolve the issue. For SDA660, SDA845, SDM630, SDM636, SDM660, and SDM845, validate the response buffer length to prevent out of bound memory access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.