CVE-2019-14038

HIGH

Qualcomm APQ8009 Firmware - Out-of-bounds Read in ADSP Parse Function

Title source: llm
STIX 2.1

Description

Buffer over-read in ADSP parse function due to lack of check for availability of sufficient data payload received in command response in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, QCS605, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM670, SDM710, SDM845, SDX20, SDX24

References (1)

Core 1
Core References

Scores

CVSS v3 7.1
EPSS 0.0019
EPSS Percentile 8.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Details

CWE
CWE-125 CWE-20
Status published
Products (23)
qualcomm/apq8009_firmware
qualcomm/apq8053_firmware
qualcomm/apq8098_firmware
qualcomm/mdm9206_firmware
qualcomm/mdm9207c_firmware
qualcomm/mdm9607_firmware
qualcomm/mdm9640_firmware
qualcomm/mdm9650_firmware
qualcomm/msm8905_firmware
qualcomm/msm8909w_firmware
... and 13 more
Published Jun 02, 2020
Tracked Since Feb 18, 2026