CVE-2019-14038
HIGHQualcomm Apq8009 Firmware - Improper Input Validation
Title source: ruleDescription
Buffer over-read in ADSP parse function due to lack of check for availability of sufficient data payload received in command response in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, QCS605, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM670, SDM710, SDM845, SDX20, SDX24
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.qualcomm.com/company/product-security/bulletins/may-2020-bulletin
Scores
CVSS v3
7.1
EPSS
0.0004
EPSS Percentile
13.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Details
CWE
CWE-125
CWE-20
Status
published
Products (23)
qualcomm/apq8009_firmware
qualcomm/apq8053_firmware
qualcomm/apq8098_firmware
qualcomm/mdm9206_firmware
qualcomm/mdm9207c_firmware
qualcomm/mdm9607_firmware
qualcomm/mdm9640_firmware
qualcomm/mdm9650_firmware
qualcomm/msm8905_firmware
qualcomm/msm8909w_firmware
... and 13 more
Published
Jun 02, 2020
Tracked Since
Feb 18, 2026