CVE-2019-14054
HIGHQualcomm Kamorta and Multiple Snapdragon Firmware - Unauthenticated Code Execution via XBL_SEC Region Permissions
Title source: llmDescription
Improper permissions in XBL_SEC region enable user to update XBL_SEC code and data and divert the RAM dump path to normal cold boot path in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, MSM8998, QCS404, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM8150, SXR1130, SXR2130
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.qualcomm.com/company/product-security/bulletins/may-2020-bulletin
Scores
CVSS v3
7.8
EPSS
0.0003
EPSS Percentile
7.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (16)
qualcomm/kamorta_firmware
qualcomm/msm8998_firmware
qualcomm/qcs404_firmware
qualcomm/qcs605_firmware
qualcomm/sda660_firmware
qualcomm/sda845_firmware
qualcomm/sdm630_firmware
qualcomm/sdm636_firmware
qualcomm/sdm660_firmware
qualcomm/sdm670_firmware
... and 6 more
Published
Jun 02, 2020
Tracked Since
Feb 18, 2026