PT-2020-9532 · Qualcomm · Snapdragon Wearables+16
Published
2020-09-08
·
Updated
2020-09-11
·
CVE-2019-14117
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Qualcomm Snapdragon versions (affected versions not specified)
Description:
The issue occurs when the page list is updated by a privileged user, causing previous list elements to be freed but not deleted from the list. This results in a use after free, leading to an unhandled page fault exception in the rmnet driver. The affected products include Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, and Snapdragon Wearables, found in various chipsets such as Bitra, MDM9607, QCS405, Saipan, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, and SXR2130.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bitra
Mdm9607
Qcs405
Sc8180X
Sdx55
Sm6150
Sm7150
Sm8150
Sm8250
Sxr2130
Saipan
Snapdragon Auto
Snapdragon Compute
Snapdragon Industrial Iot
Snapdragon Mobile
Snapdragon Voice & Music
Snapdragon Wearables