CVE-2019-14091

HIGH

Snapdragon Auto - Memory Corruption

Title source: llm

Description

Double free issue in NPU due to lack of resource locking mechanism to avoid race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, QCS405, Rennell, Saipan, SC8180X, SDX55, SM8150, SM8250, SXR2130

References (2)

[Broken Link] https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin

[Vendor Advisory] https://www.qualcomm.com/company/product-security/bulletins/june-2020-security-bulletin

Scores

CVSS v3 7.8

EPSS 0.0003

EPSS Percentile 9.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-667 CWE-415

Status published

Affected Products (9)

qualcomm/mdm9607_firmware

qualcomm/qcs405_firmware

qualcomm/rennell_firmware

qualcomm/saipan_firmware

qualcomm/sc8180x_firmware

qualcomm/sdx55_firmware

qualcomm/sm8150_firmware

qualcomm/sm8250_firmware

qualcomm/sxr2130_firmware

Timeline

Published Jun 22, 2020

Tracked Since Feb 18, 2026