Vulnerabilities > CVE-2019-14131 - Out-of-bounds Write vulnerability in Qualcomm products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

qualcomm

CWE-787

critical

NVD

Published: 2020-04-16

Updated: 2021-07-21

Summary

Out of bound write can occur in radio measurement request if STA receives multiple invalid rrm measurement request from AP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053, APQ8096AU, MSM8998, Nicobar, QCA6574AU, QCS605, Rennell, SA6155P, Saipan, SC8180X, SDM660, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

Vulnerable Configurations

Part	Description	Count
OS	Qualcomm Qualcomm Apq8053 Firmware - Qualcomm Apq8096Au Firmware - Qualcomm Msm8998 Firmware - Qualcomm Nicobar Firmware - Qualcomm Qca6574Au Firmware - Qualcomm Qcs605 Firmware - Qualcomm Rennell Firmware - Qualcomm Sa6155P Firmware - Qualcomm Saipan Firmware - Qualcomm Sc8180X Firmware - Qualcomm Sdm660 Firmware - Qualcomm Sdm710 Firmware - Qualcomm Sdm845 Firmware - Qualcomm Sdx20 Firmware - Qualcomm Sdx24 Firmware - Qualcomm Sdx55 Firmware - Qualcomm Sm6150 Firmware - Qualcomm Sm7150 Firmware - Qualcomm Sm8150 Firmware - Qualcomm Sm8250 Firmware - Qualcomm Sxr2130 Firmware -	21
Hardware	Qualcomm Qualcomm Apq8053 - Qualcomm Apq8096Au - Qualcomm Msm8998 - Qualcomm Nicobar - Qualcomm Qca6574Au - Qualcomm Qcs605 - Qualcomm Rennell - Qualcomm Sa6155P - Qualcomm Saipan - Qualcomm Sc8180X - Qualcomm Sdm660 - Qualcomm Sdm710 - Qualcomm Sdm845 - Qualcomm Sdx20 - Qualcomm Sdx24 - Qualcomm Sdx55 - Qualcomm Sm6150 - Qualcomm Sm7150 - Qualcomm Sm8150 - Qualcomm Sm8250 - Qualcomm Sxr2130 -	21

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin