CVE-2019-14060

HIGH

Snapdragon Auto Snapdragon Compute Snapdragon Consumer IOT Snapdrag...

Title source: llm

Description

Uninitialized stack data gets used If memory is not allocated for blob or if the allocated blob is less than the struct size required due to lack of check of return value for read or write blob in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

References (1)

[Vendor Advisory] https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin

Scores

CVSS v3 7.8

EPSS 0.0003

EPSS Percentile 9.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-824

Status published

Products (50)

qualcomm/apq8009_firmware

qualcomm/apq8017_firmware

qualcomm/apq8053_firmware

qualcomm/apq8098_firmware

qualcomm/ipq4019_firmware

qualcomm/ipq6018_firmware

qualcomm/ipq8064_firmware

qualcomm/ipq8074_firmware

qualcomm/mdm9150_firmware

qualcomm/mdm9206_firmware

... and 40 more

Published Feb 07, 2020

Tracked Since Feb 18, 2026