CVE-2019-14079

HIGH

Qualcomm Multiple Chipsets Firmware - Use-After-Free via DMA Buffer Unmapping

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-14079. PoCs published by parallelbeings.

AI-analyzed exploit summary This repository contains a functional Python PoC for CVE-2019-14079, a USB driver vulnerability in Qualcomm chips causing kernel panic and device restart via crafted USB control requests. The exploit leverages uninitialized variable usage in the USB gadget core.c, demonstrated with a simple script using pyusb.

Description

Access to the uninitialized variable when the driver tries to unmap the dma buffer of a request which was never mapped in the first place leading to kernel failure in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8053, MDM9607, MDM9640, MSM8909W, MSM8953, QCA6574AU, QCS605, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SM8150, SXR1130

Exploits (1)

nomisec WORKING POC 34 stars

by parallelbeings · poc

https://github.com/parallelbeings/CVE-2019-14079

View Code ZIP pw:eip

This repository contains a functional Python PoC for CVE-2019-14079, a USB driver vulnerability in Qualcomm chips causing kernel panic and device restart via crafted USB control requests. The exploit leverages uninitialized variable usage in the USB gadget core.c, demonstrated with a simple script using pyusb.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Qualcomm USB driver (Android devices with affected chipsets)

No auth needed

Prerequisites: Physical USB access to target device · Linux host with pyusb installed · Target device in charging mode (no USB debugging)

MITRE ATT&CK

T1499.004 - Application or System Exploitation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin

Scores

CVSS v3 7.8

EPSS 0.0210

EPSS Percentile 84.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-908

Status published

Products (20)

qualcomm/apq8009_firmware

qualcomm/apq8053_firmware

qualcomm/mdm9607_firmware

qualcomm/mdm9640_firmware

qualcomm/msm8909w_firmware

qualcomm/msm8953_firmware

qualcomm/qca6574au_firmware

qualcomm/qcs605_firmware

qualcomm/sda845_firmware

qualcomm/sdm429_firmware

... and 10 more

Published Mar 05, 2020

Tracked Since Feb 18, 2026