Lucene search

[email protected]CVE-2019-14117

HistorySep 08, 2020 - 10:15 a.m.

CVE-2019-14117

2020-09-0810:15:13

CWE-416

[email protected]

web.nvd.nist.gov

cve-2019-14117

page list

use after free

snapdragon auto

snapdragon compute

snapdragon industrial iot

snapdragon mobile

snapdragon voice & music

snapdragon wearables

bitra

mdm9607

qcs405

saipan

sc8180x

sdx55

sm6150

sm7150

sm8150

sm8250

sxr2130

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.8%

JSON

u’Whenever the page list is updated via privileged user, the previous list elements are freed but are not deleted from the list which results in a use after free causing an unhandled page fault exception in rmnet driver’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Bitra, MDM9607, QCS405, Saipan, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

Affected configurations

NVD

Node

qualcommbitraMatch-

AND

qualcommbitra_firmwareMatch-

Node

qualcommmdm9607Match-

AND

qualcommmdm9607_firmwareMatch-

Node

qualcommqcs405Match-

AND

qualcommqcs405_firmwareMatch-

Node

qualcommsaipanMatch-

AND

qualcommsaipan_firmwareMatch-

Node

qualcommsc8180xMatch-

AND

qualcommsc8180x_firmwareMatch-

Node

qualcommsdx55Match-

AND

qualcommsdx55_firmwareMatch-

Node

qualcommsm6150Match-

AND

qualcommsm6150_firmwareMatch-

Node

qualcommsm7150Match-

AND

qualcommsm7150_firmwareMatch-

Node

qualcommsm8150_firmwareMatch-

AND

qualcommsm8150Match-

Node

qualcommsm8250_firmwareMatch-

AND

qualcommsm8250Match-

Node

qualcommsxr2130_firmwareMatch-

AND

qualcommsxr2130Match-

CPENameOperatorVersion
qualcomm:bitra_firmwarequalcomm bitra firmwareeq-

CPE	Name	Operator	Version
qualcomm:bitra_firmware	qualcomm bitra firmware	eq	-

CNA Affected

[
  {
    "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "Bitra, MDM9607, QCS405, Saipan, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin

www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.8%

JSON

Related for CVE-2019-14117

nvd1 cvelist1 prion1