Vulnerabilities > CVE-2019-14088 - Use After Free vulnerability in Qualcomm products

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

qualcomm

CWE-416

NVD

Published: 2020-02-07

Updated: 2020-02-12

Summary

Possible use after free issue while CRM is accessing the link pointer from device private data due to lack of resource protection in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, MDM9206, MDM9207C, MDM9607, QCS605, SDM429W, SDX24, SM8150, SXR1130

Vulnerable Configurations

Part	Description	Count
OS	Qualcomm Qualcomm Apq8009 Firmware - Qualcomm Mdm9206 Firmware - Qualcomm Mdm9207C Firmware - Qualcomm Mdm9607 Firmware - Qualcomm Qcs605 Firmware - Qualcomm Sdm429W Firmware - Qualcomm Sdx24 Firmware - Qualcomm Sm8150 Firmware - Qualcomm Sxr1130 Firmware -	9
Hardware	Qualcomm Qualcomm Apq8009 - Qualcomm Mdm9206 - Qualcomm Mdm9207C - Qualcomm Mdm9607 - Qualcomm Qcs605 - Qualcomm Sdm429W - Qualcomm Sdx24 - Qualcomm Sm8150 - Qualcomm Sxr1130 -	9

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References