CVE-2019-14112

CRITICAL

Snapdragon Auto, Snapdragon Compute, etc. - Buffer Overflow

Title source: llm

Description

Potential buffer overflow while processing CBF frames due to lack of check of buffer length before copy in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in APQ8098, IPQ6018, IPQ8074, MSM8998, Nicobar, QCA8081, QCN7605, QCS404, QCS605, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130, SXR2130

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin

Scores

CVSS v3 9.8

EPSS 0.0036

EPSS Percentile 57.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-120

Status published

Products (26)

qualcomm/apq8098_firmware

qualcomm/ipq6018_firmware

qualcomm/ipq8074_firmware

qualcomm/msm8998_firmware

qualcomm/nicobar_firmware

qualcomm/qca8081_firmware

qualcomm/qcn7605_firmware

qualcomm/qcs404_firmware

qualcomm/qcs605_firmware

qualcomm/rennell_firmware

... and 16 more

Published Apr 16, 2020

Tracked Since Feb 18, 2026