Vulnerabilities > CVE-2019-14105 - Out-of-bounds Write vulnerability in Qualcomm Sda845 Firmware, Sdm845 Firmware and Sm8150 Firmware

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

qualcomm

CWE-787

NVD

Published: 2020-04-16

Updated: 2020-04-22

Summary

Kernel was reading the CSL defined reserved field as uint16 instead of uint32 which could lead to memory overflow in Snapdragon Industrial IOT, Snapdragon Mobile in SDA845, SDM845, SM8150

Vulnerable Configurations

Part	Description	Count
OS	Qualcomm Qualcomm Sda845 Firmware - Qualcomm Sdm845 Firmware - Qualcomm Sm8150 Firmware -	3
Hardware	Qualcomm Qualcomm Sda845 - Qualcomm Sdm845 - Qualcomm Sm8150 -	3

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin