Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-14088

Possible use after free issue while CRM is accessing the link pointer from device private data due to lack of resource protection in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, MDM9206, MDM9207C, MDM9607, QCS605, SDM429W, SDX24, SM8150, SXR1130

Published

2020-02-07T05:15:12.873

Last Modified

2024-11-21T04:26:04.070

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.9

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-416
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System qualcomm apq8009_firmware - Yes
Hardware qualcomm apq8009 - No
Operating System qualcomm mdm9206_firmware - Yes
Hardware qualcomm mdm9206 - No
Operating System qualcomm mdm9207c_firmware - Yes
Hardware qualcomm mdm9207c - No
Operating System qualcomm mdm9607_firmware - Yes
Hardware qualcomm mdm9607 - No
Operating System qualcomm qcs605_firmware - Yes
Hardware qualcomm qcs605 - No
Operating System qualcomm sdm429w_firmware - Yes
Hardware qualcomm sdm429w - No
Operating System qualcomm sdx24_firmware - Yes
Hardware qualcomm sdx24 - No
Operating System qualcomm sm8150_firmware - Yes
Hardware qualcomm sm8150 - No
Operating System qualcomm sxr1130_firmware - Yes
Hardware qualcomm sxr1130 - No
References