CVE-2019-14025

MEDIUM

Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, Mobile, Wir...

Title source: llm

Description

u'When a new session is created, Object is returned that contains TZ addresses and it get passed to HLOS as an handle to refer to a particular session and can cause TZ to jump to a invalid address' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, QCS610, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130

References (2)

Core 2

Core References

Broken Link x_refsource_confirm

https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin

Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin

Scores

CVSS v3 5.5

EPSS 0.0005

EPSS Percentile 15.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

Status published

Products (10)

qualcomm/kamorta_firmware

qualcomm/qcs404_firmware

qualcomm/qcs610_firmware

qualcomm/rennell_firmware

qualcomm/sc7180_firmware

qualcomm/sdx55_firmware

qualcomm/sm6150_firmware

qualcomm/sm7150_firmware

qualcomm/sm8250_firmware

qualcomm/sxr2130_firmware

Published Sep 08, 2020

Tracked Since Feb 18, 2026