CVE-2019-14015

HIGH

Qualcomm Snapdragon Firmware - Stack-based Buffer Overflow in Identification Stage Initialization

Title source: llm

Description

A stack-based buffer overflow exists in the initialization of the identification stage due to lack of check on the number of templates provided. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8096, APQ8096AU, MDM9205, MSM8996, MSM8996AU, Nicobar, QCS404, QCS405, QCS605, Rennell, SA6155P, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin

Scores

CVSS v3 7.8

EPSS 0.0003

EPSS Percentile 10.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (28)

qualcomm/apq8096_firmware

qualcomm/apq8096au_firmware

qualcomm/mdm9205_firmware

qualcomm/msm8996_firmware

qualcomm/msm8996au_firmware

qualcomm/nicobar_firmware

qualcomm/qcs404_firmware

qualcomm/qcs405_firmware

qualcomm/qcs605_firmware

qualcomm/rennell_firmware

... and 18 more

Published Mar 05, 2020

Tracked Since Feb 18, 2026