Vulnerabilities > CVE-2019-14023 - Unspecified vulnerability in Qualcomm products

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

qualcomm

NVD

Published: 2020-01-21

Updated: 2020-01-24

Summary

String format issue will occur while processing HLOS data as there is no user input validation to ensure inputs are properly NULL terminated before string copy in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, Nicobar, Rennell, SA6155P, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

Vulnerable Configurations

Part	Description	Count
OS	Qualcomm Qualcomm Mdm9607 Firmware - Qualcomm Nicobar Firmware - Qualcomm Rennell Firmware - Qualcomm Sa6155P Firmware - Qualcomm Sdx55 Firmware - Qualcomm Sm6150 Firmware - Qualcomm Sm7150 Firmware - Qualcomm Sm8150 Firmware - Qualcomm Sm8250 Firmware - Qualcomm Sxr2130 Firmware -	10
Hardware	Qualcomm Qualcomm Mdm9607 - Qualcomm Nicobar - Qualcomm Rennell - Qualcomm Sa6155P - Qualcomm Sdx55 - Qualcomm Sm6150 - Qualcomm Sm7150 - Qualcomm Sm8150 - Qualcomm Sm8250 - Qualcomm Sxr2130 -	10

References

https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin