CVE-2019-14083

CRITICAL

Qualcomm Snapdragon Firmware - Integer Underflow in SDF Frame Service Descriptor Extended Attribute Parsing

Title source: llm

Description

While parsing Service Descriptor Extended Attribute received as part of SDF frame, there is a possibility that incorrect length is specified in the attribute length field of extended SSI which can lead to integer underflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, APQ8096, APQ8098, IPQ6018, IPQ8074, MSM8996AU, MSM8998, Nicobar, QCA6174A, QCA6390, QCA6574AU, QCA8081, QCA9377, QCA9379, QCN7605, QCS404, QCS405, QCS605, Rennell, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin

Scores

CVSS v3 9.8

EPSS 0.0040

EPSS Percentile 60.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-191

Status published

Products (37)

qualcomm/apq8009_firmware

qualcomm/apq8053_firmware

qualcomm/apq8096_firmware

qualcomm/apq8098_firmware

qualcomm/ipq6018_firmware

qualcomm/ipq8074_firmware

qualcomm/msm8996au_firmware

qualcomm/msm8998_firmware

qualcomm/nicobar_firmware

qualcomm/qca6174a_firmware

... and 27 more

Published Mar 05, 2020

Tracked Since Feb 18, 2026