CVE-2019-14080

CRITICAL

Qualcomm Snapdragon Firmware - Out-of-Bounds Write via SDP SAR Attribute Parsing

Title source: llm

Description

Out of bound write can happen due to lack of check of array index value while parsing SDP attribute for SAR in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, Kamorta, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCM2150, QCS605, QM215, Rennell, SA415M, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, SXR1130

References (2)

Core 2

Core References

Broken Link x_refsource_confirm

https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin

Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/june-2020-security-bulletin

Scores

CVSS v3 9.8

EPSS 0.0037

EPSS Percentile 58.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-129 CWE-787

Status published

Products (40)

qualcomm/apq8053_firmware

qualcomm/apq8096au_firmware

qualcomm/kamorta_firmware

qualcomm/mdm9607_firmware

qualcomm/mdm9640_firmware

qualcomm/mdm9650_firmware

qualcomm/msm8905_firmware

qualcomm/msm8909_firmware

qualcomm/msm8917_firmware

qualcomm/msm8920_firmware

... and 30 more

Published Jun 22, 2020

Tracked Since Feb 18, 2026