Vulnerabilities > CVE-2019-14008 - NULL Pointer Dereference vulnerability in Qualcomm products

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

qualcomm

CWE-476

NVD

Published: 2020-01-21

Updated: 2020-01-23

Summary

Possible null pointer dereference issue in location assistance data processing due to missing null check on resources before using it in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9607, MDM9650, SDM660, SDM845, SM8150, SM8250, SXR2130

Vulnerable Configurations

Part	Description	Count
OS	Qualcomm Qualcomm Mdm9150 Firmware - Qualcomm Mdm9607 Firmware - Qualcomm Mdm9650 Firmware - Qualcomm Sdm660 Firmware - Qualcomm Sdm845 Firmware - Qualcomm Sm8150 Firmware - Qualcomm Sm8250 Firmware - Qualcomm Sxr2130 Firmware -	8
Hardware	Qualcomm Qualcomm Mdm9150 - Qualcomm Mdm9607 - Qualcomm Mdm9650 - Qualcomm Sdm660 - Qualcomm Sdm845 - Qualcomm Sm8150 - Qualcomm Sm8250 - Qualcomm Sxr2130 -	8

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin