CVE-2019-14047

HIGH

Qualcomm Multiple Chipsets Firmware - Improper Input Validation in IPA Driver

Title source: llm

Description

While IPA driver processes route add rule IOCTL, there is no input validation of the rule ID prior to adding the rule to the IPA HW commit list in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, APQ8096AU, MDM9607, MSM8909W, MSM8996, MSM8996AU, QCN7605, QCS605, SC8180X, SDA845, SDX20, SDX24, SDX55, SM8150, SXR1130

References (2)

Core 2

Core References

Broken Link x_refsource_confirm

https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin

Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/june-2020-security-bulletin

Scores

CVSS v3 7.8

EPSS 0.0003

EPSS Percentile 9.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-20

Status published

Products (15)

qualcomm/apq8053_firmware

qualcomm/apq8096au_firmware

qualcomm/mdm9607_firmware

qualcomm/msm8909w_firmware

qualcomm/msm8996_firmware

qualcomm/msm8996au_firmware

qualcomm/qcn7605_firmware

qualcomm/qcs605_firmware

qualcomm/sc8180x_firmware

qualcomm/sda845_firmware

... and 5 more

Published Jun 22, 2020

Tracked Since Feb 18, 2026