CVE-2019-14083

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon Auto versions APQ8009, APQ8053, APQ8096, APQ8098, IPQ6018, IPQ8074, MSM8996AU, MSM8998, Nicobar, QCA6174A, QCA6390, QCA6574AU, QCA8081, QCA9377, QCA9379, QCN7605, QCS404, QCS405, QCS605, Rennell, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130

Description: The issue arises when parsing Service Descriptor Extended Attribute received as part of SDF frame, where an incorrect length specified in the attribute length field of extended SSI can lead to integer underflow. This affects various Qualcomm Snapdragon products.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.