CVE-2019-14115

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon Auto versions APQ8009 through SXR2130 Qualcomm Snapdragon Compute versions APQ8009 through SXR2130 Qualcomm Snapdragon Connectivity versions APQ8009 through SXR2130 Qualcomm Snapdragon Consumer IOT versions APQ8009 through SXR2130 Qualcomm Snapdragon Industrial IOT versions APQ8009 through SXR2130 Qualcomm Snapdragon Mobile versions APQ8009 through SXR2130 Qualcomm Snapdragon Voice & Music versions APQ8009 through SXR2130 Qualcomm Snapdragon Wearables versions APQ8009 through SXR2130 Qualcomm Snapdragon Wired Infrastructure and Networking versions APQ8009 through SXR2130

Description: An information disclosure issue occurs due to the current logic releasing secure touch without clearing the display session. This can result in a user reading secure input while touch is in a non-secure domain, as the secure display is active.

Recommendations: For all affected versions, consider implementing a logic change to clear the display session when secure touch is released, to prevent information disclosure. As a temporary workaround, restrict access to secure input when the touch is in a non-secure domain. Avoid using secure display in non-secure domains until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.