Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-14085

Possible Integer underflow in WLAN function due to lack of check of data received from user side in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCN7605, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM8150, SXR1130

Published

2020-03-05T09:15:17.750

Last Modified

2024-11-21T04:26:03.690

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-191

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	qualcomm	qcn7605_firmware	-	Yes
Hardware	qualcomm	qcn7605	-	No
Operating System	qualcomm	qcs605_firmware	-	Yes
Hardware	qualcomm	qcs605	-	No
Operating System	qualcomm	sda845_firmware	-	Yes
Hardware	qualcomm	sda845	-	No
Operating System	qualcomm	sdm670_firmware	-	Yes
Hardware	qualcomm	sdm670	-	No
Operating System	qualcomm	sdm710_firmware	-	Yes
Hardware	qualcomm	sdm710	-	No
Operating System	qualcomm	sdm845_firmware	-	Yes
Hardware	qualcomm	sdm845	-	No
Operating System	qualcomm	sdm850_firmware	-	Yes
Hardware	qualcomm	sdm850	-	No
Operating System	qualcomm	sm8150_firmware	-	Yes
Hardware	qualcomm	sm8150	-	No
Operating System	qualcomm	sxr1130_firmware	-	Yes
Hardware	qualcomm	sxr1130	-	No

References

https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin Vendor Advisory ([email protected])
https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)