Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-14008

Possible null pointer dereference issue in location assistance data processing due to missing null check on resources before using it in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9607, MDM9650, SDM660, SDM845, SM8150, SM8250, SXR2130

Published

2020-01-21T07:15:12.353

Last Modified

2024-11-21T04:25:53.167

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

6.9

Weaknesses

Type: Primary
CWE-476

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	qualcomm	mdm9150_firmware	-	Yes
Hardware	qualcomm	mdm9150	-	No
Operating System	qualcomm	mdm9607_firmware	-	Yes
Hardware	qualcomm	mdm9607	-	No
Operating System	qualcomm	mdm9650_firmware	-	Yes
Hardware	qualcomm	mdm9650	-	No
Operating System	qualcomm	sdm660_firmware	-	Yes
Hardware	qualcomm	sdm660	-	No
Operating System	qualcomm	sdm845_firmware	-	Yes
Hardware	qualcomm	sdm845	-	No
Operating System	qualcomm	sm8150_firmware	-	Yes
Hardware	qualcomm	sm8150	-	No
Operating System	qualcomm	sm8250_firmware	-	Yes
Hardware	qualcomm	sm8250	-	No
Operating System	qualcomm	sxr2130_firmware	-	Yes
Hardware	qualcomm	sxr2130	-	No

References

https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin Vendor Advisory ([email protected])
https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)