CVE-2019-14089

Name of the Vulnerable Software and Affected Versions: Snapdragon Auto versions prior to the fixed version Snapdragon Compute versions prior to the fixed version Snapdragon Consumer IOT versions prior to the fixed version Snapdragon Industrial IOT versions prior to the fixed version Snapdragon Mobile versions prior to the fixed version Snapdragon Voice & Music versions prior to the fixed version Snapdragon Wired Infrastructure and Networking versions prior to the fixed version Kamorta versions prior to the fixed version Nicobar versions prior to the fixed version QCS404 versions prior to the fixed version QCS610 versions prior to the fixed version Rennell versions prior to the fixed version SA515M versions prior to the fixed version SA6155P versions prior to the fixed version SC7180 versions prior to the fixed version SC8180X versions prior to the fixed version SDX55 versions prior to the fixed version SM6150 versions prior to the fixed version SM7150 versions prior to the fixed version SM8150 versions prior to the fixed version SM8250 versions prior to the fixed version SXR2130 versions prior to the fixed version

Description: The issue is related to the Keymaster attestation key and device IDs provisioning process, which is incorrectly allowed to be re-provisioned after a user data erase or a factory reset. This process is supposed to be a one-time process.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.