CVE-2019-14119

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon versions (affected versions not specified)

Description: The issue arises while processing SMCInvoke asynchronous message header, where the message count is modified, leading to a Time-of-Check-to-Time-of-Use (TOCTOU) race condition, which can result in memory corruption. This affects various Qualcomm Snapdragon products, including Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, and Snapdragon Wired Infrastructure and Networking, in multiple chipsets such as IPQ6018, Kamorta, MDM9205, MDM9607, Nicobar, QCS404, QCS405, QCS605, QCS610, Rennell, SA415M, SA515M, SA6155P, SC7180, SC8180X, SDM670, SDM710, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, and SXR2130.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.