CVE-2019-14105

CVE Database · CVE-2019-14105

CVE-2019-14105

· HIGHModified

CVSS v3.1

7.8

EPSS

0.20%

Published

Apr 16, 2020

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Kernel was reading the CSL defined reserved field as uint16 instead of uint32 which could lead to memory overflow in Snapdragon Industrial IOT, Snapdragon Mobile in SDA845, SDM845, SM8150

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-787

Affected Products (6)

qualcomm · sda845_firmwarevulnerable

qualcomm · sda845

qualcomm · sdm845_firmwarevulnerable

qualcomm · sdm845

qualcomm · sm8150_firmwarevulnerable

qualcomm · sm8150

References (2)

https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin

Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs