CVE-2019-14070

HIGH

Snapdragon Auto- Snapdragon Compute - Use After Free

Title source: llm

Description

Possible use after free issue in pcm volume controls due to race condition exist in private data used in mixer controls in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_confirm

https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin

Scores

CVSS v3 7.0

EPSS 0.0003

EPSS Percentile 8.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-362 CWE-416

Status published

Products (50)

qualcomm/apq8009_firmware

qualcomm/apq8017_firmware

qualcomm/apq8053_firmware

qualcomm/apq8064_firmware

qualcomm/apq8096au_firmware

qualcomm/apq8098_firmware

qualcomm/ipq4019_firmware

qualcomm/ipq6018_firmware

qualcomm/ipq8064_firmware

qualcomm/ipq8074_firmware

... and 40 more

Published Apr 16, 2020

Tracked Since Feb 18, 2026