January 2020 Security Bulletin

Version 1.0

Published: 01/06/2020

This security bulletin is intended to help Qualcomm Technologies, Inc. (QTI) customers incorporate security updates in launched or upcoming devices. This document includes (i) a description of security vulnerabilities that have been addressed in QTI’s proprietary code and (ii) links to related code that has been contributed to Code Aurora Forum (CAF), a Linux Foundation Collaborative Project, to address security vulnerabilities for customers who incorporate Linux-based software from CAF into their devices.

Please reach out to [email protected] for any questions related to this bulletin.

Announcements

We have discontinued publication of the open source public bulletin at https://www.codeaurora.org/security-advisories/security-bulletins. Starting from September 2019, we will have one single monthly bulletin listing both open-source and closed-source vulnerabilities.

Acknowledgements

We would like to thank these researchers for their contributions in reporting these issues to us.

CVE-2019-10561	dex (Marcel Busch) of FAU Security Team, FAU Erlangen-Nuremberg
CVE-2019-10582, CVE-2019-10583	Reported to us through Google Android Security team; please see bulletins at https://source.android.com/security/overview/acknowledgements/ for individual credit information. For issues rated medium or lower, the individual credit information may appear in a future Android major release bulletin.

Table of Vulnerabilities

Public ID	Security Rating	Technology Area	Date Reported
CVE-2019-10532	High	Video	Internal
CVE-2019-10548	High	Data Network Stack & Connectivity	Internal
CVE-2019-10561	Medium	Content Protection	02/05/2019
CVE-2019-10578	High	Video	Internal
CVE-2019-10579	High	Video	Internal
CVE-2019-10582	High	Linux	05/06/2019
CVE-2019-10583	High	Linux	05/06/2019
CVE-2019-10611	High	Video	Internal
CVE-2019-14002	High	Telephony	10/19/2019
CVE-2019-14003	High	Video	Internal
CVE-2019-14004	High	Video	Internal
CVE-2019-14005	High	Video	Internal
CVE-2019-14006	High	Video	Internal
CVE-2019-14008	High	GPS HLOS Driver	Internal
CVE-2019-14013	High	Video	Internal
CVE-2019-14014	High	Video	Internal
CVE-2019-14016	High	Video	Internal
CVE-2019-14017	High	Video	Internal
CVE-2019-2267	High	QTEE	Internal

CVE-2019-10532

CVE ID	CVE-2019-10532
Title	Buffer Over-read Issue in Video
Description	Null-pointer dereference issue can occur while calculating string length when source string length is zero
Technology Area	Video
Vulnerability Type	CWE-126 Buffer Over-read
Access Vector	Remote
Security Rating	High
Date Reported	Internal
Customer Notified Date	10/07/2019
Affected Chipsets*	APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, Nicobar, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130

CVE-2019-10548

CVE ID	CVE-2019-10548
Title	Use-After-Free Issue in HLOS Data
Description	While trying to obtain datad ipc handle during DPL initialization, Heap use-after-free issue can occur if modem SSR occurs at same time
Technology Area	Data Network Stack & Connectivity
Vulnerability Type	CWE-416 Use After Free
Access Vector	Local
Security Rating	High
Date Reported	Internal
Customer Notified Date	07/01/2019
Affected Chipsets*	APQ8009, APQ8053, APQ8096AU, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SXR1130

CVE-2019-10561

CVE ID	CVE-2019-10561
Title	Configuration Issue in Content Protection
Description	Improper initialization of local variables which are parameters to sfs api may cause invalid pointer dereference and leads to denial of service
Technology Area	Content Protection
Vulnerability Type	CWE-16 Configuration
Access Vector	Local
Security Rating	Medium
Date Reported	02/05/2019
Customer Notified Date	07/01/2019
Affected Chipsets*	APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9206, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QM215, SDA660, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660

CVE-2019-10578

CVE ID	CVE-2019-10578
Title	Improper Input Validation in Video
Description	Null pointer dereference can occur while parsing the clip which is nonstandard
Technology Area	Video
Vulnerability Type	CWE-20 Improper Input Validation
Access Vector	Remote
Security Rating	High
Date Reported	Internal
Customer Notified Date	10/07/2019
Affected Chipsets*	APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, Rennell, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

CVE-2019-10579

CVE ID	CVE-2019-10579
Title	Buffer Over-read in Video
Description	Buffer over-read can occur while playing the video clip which is not standard
Technology Area	Video
Vulnerability Type	CWE-126 Buffer Over-read
Access Vector	Remote
Security Rating	High
Date Reported	Internal
Customer Notified Date	10/07/2019
Affected Chipsets*	APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

CVE-2019-10582

CVE ID	CVE-2019-10582
Title	Use After Free Issue in Sensors HAL
Description	Use after free issue due to using of invalidated iterator to delete an object in sensors HAL
Technology Area	Linux
Vulnerability Type	CWE-416 Use After Free
Access Vector	Local
Security Rating	High
Date Reported	05/06/2019
Customer Notified Date	10/07/2019
Affected Chipsets*	APQ8096AU, MSM8909W, Nicobar, QCS605, SA6155P, SDA845, SDM429W, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR1130, SXR2130

CVE-2019-10583

CVE ID	CVE-2019-10583
Title	Use After Free Issue in Camera
Description	Use after free issue occurs when camera access sensors data through direct report mode
Technology Area	Linux
Vulnerability Type	CWE-416 Use After Free
Access Vector	Local
Security Rating	High
Date Reported	05/06/2019
Customer Notified Date	10/07/2019
Affected Chipsets*	APQ8096AU, MDM9607, MSM8909W, Nicobar, QCS605, SA6155P, SDA845, SDM429W, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR1130, SXR2130

CVE-2019-10611

CVE ID	CVE-2019-10611
Title	Integer Overflow to Buffer Overflow Issue in Video
Description	Buffer overflow can occur while processing clip due to lack of check of object size before parsing
Technology Area	Video
Vulnerability Type	CWE-680 Integer Overflow to Buffer Overflow
Access Vector	Remote
Security Rating	High
Date Reported	Internal
Customer Notified Date	10/07/2019
Affected Chipsets*	APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, Nicobar, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130

CVE-2019-14002

CVE ID	CVE-2019-14002
Title	Improper Access Control Issue in Telephony
Description	APKs without proper permission may bind to CallEnhancementService and can lead to unauthorized access to call status
Technology Area	Telephony
Vulnerability Type	CWE-284 Improper Access Control
Access Vector	Local
Security Rating	High
Date Reported	10/19/2019
Customer Notified Date	10/07/2019
Affected Chipsets*	APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCA6574AU, QCS605, QM215, SA6155P, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SM6150, SM8150, SM8250, SXR2130

CVE-2019-14003

CVE ID	CVE-2019-14003
Title	Improper Input Validation in Video
Description	Null pointer exception can happen while parsing invalid MKV clip where cue information is parsed before segment information
Technology Area	Video
Vulnerability Type	CWE-20 Improper Input Validation
Access Vector	Remote
Security Rating	High
Date Reported	Internal
Customer Notified Date	10/07/2019
Affected Chipsets*	APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

CVE-2019-14004

CVE ID	CVE-2019-14004
Title	Improper Input Validation in Video
Description	Buffer overflow occurs while processing invalid MKV clip, which has invalid EBML size
Technology Area	Video
Vulnerability Type	CWE-20 Improper Input Validation
Access Vector	Remote
Security Rating	High
Date Reported	Internal
Customer Notified Date	10/07/2019
Affected Chipsets*	APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

CVE-2019-14005

CVE ID	CVE-2019-14005
Title	Buffer Copy Without Checking Size of Input in Video
Description	Buffer overflow occur while playing the clip which is nonstandard due to lack of check of size duration
Technology Area	Video
Vulnerability Type	CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector	Remote
Security Rating	High
Date Reported	Internal
Customer Notified Date	10/07/2019
Affected Chipsets*	APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130

CVE-2019-14006

CVE ID	CVE-2019-14006
Title	Improper Input Validation in Video
Description	Buffer overflow occur while playing the clip which is nonstandard due to lack of offset length check
Technology Area	Video
Vulnerability Type	CWE-20 Improper Input Validation
Access Vector	Remote
Security Rating	High
Date Reported	Internal
Customer Notified Date	10/07/2019
Affected Chipsets*	APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130

CVE-2019-14008

CVE ID	CVE-2019-14008
Title	Null Pointer Dereference Issue in GPS
Description	Possible null pointer dereference issue in location assistance data processing due to missing null check on resources before using it
Technology Area	GPS HLOS Driver
Vulnerability Type	CWE-476 NULL Pointer Dereference
Access Vector	Remote
Security Rating	High
Date Reported	Internal
Customer Notified Date	10/07/2019
Affected Chipsets*	MDM9150, MDM9607, MDM9650, SDM660, SDM845, SM8150, SM8250, SXR2130

CVE-2019-14013

CVE ID	CVE-2019-14013
Title	Buffer Copy Without Checking Size of Input in Video
Description	While parsing invalid super index table, elements within super index table may exceed total chunk size and invalid data is read into the table
Technology Area	Video
Vulnerability Type	CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector	Remote
Security Rating	High
Date Reported	Internal
Customer Notified Date	10/07/2019
Affected Chipsets*	APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

CVE-2019-14014

CVE ID	CVE-2019-14014
Title	Buffer Copy Without Checking Size of Input in Video
Description	Possible buffer overflow when byte array receives incorrect input from reading source as array is not null terminated
Technology Area	Video
Vulnerability Type	CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector	Remote
Security Rating	High
Date Reported	Internal
Customer Notified Date	10/07/2019
Affected Chipsets*	Nicobar, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR2130

CVE-2019-14016

CVE ID	CVE-2019-14016
Title	Integer Overflow to Buffer Overflow in Video
Description	Integer overflow occurs while playing the clip which is nonstandard
Technology Area	Video
Vulnerability Type	CWE-680 Integer Overflow to Buffer Overflow
Access Vector	Remote
Security Rating	High
Date Reported	Internal
Customer Notified Date	10/07/2019
Affected Chipsets*	APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130

CVE-2019-14017

CVE ID	CVE-2019-14017
Title	Buffer Copy Without Checking Size of Input in Video
Description	Heap buffer overflow can occur while parsing invalid MKV clip which is not standard and have invalid vorbis codec data
Technology Area	Video
Vulnerability Type	CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector	Remote
Security Rating	High
Date Reported	Internal
Customer Notified Date	10/07/2019
Affected Chipsets*	APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

CVE-2019-2267

CVE ID	CVE-2019-2267
Title	Permissions, Privileges and Access Control in Boot
Description	Locked regions may be modified through other interfaces in secure boot loader image due to improper access control.
Technology Area	QTEE
Vulnerability Type	CWE-264 Permissions, Privileges, and Access Controls
Access Vector	Local
Security Rating	High
Date Reported	Internal
Customer Notified Date	05/06/2019
Affected Chipsets*	MDM9205, QCS404, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM8150, SXR1130, SXR2130

* Data is generated only at the time of bulletin creation

This table summarizes security vulnerabilities that were addressed through open source software located at the corresponding open source project links

Table of Vulnerabilities

Public ID	Security Rating	Technology Area	Date Reported
CVE-2019-10558	High	DSP Service	Internal
CVE-2019-10581	High	Audio	Internal
CVE-2019-10585	High	DSP Service	05/23/2019
CVE-2019-10602	High	Display	Internal
CVE-2019-10606	High	Connectivity	Internal
CVE-2019-14010	High	Audio	Internal
CVE-2019-14023	High	Data Network Stack & Connectivity	Internal
CVE-2019-14024	High	NFC	Internal
CVE-2019-14034	High	Multimedia	Internal
CVE-2019-14036	High	WLAN HOST	Internal

CVE-2019-10558

CVE ID	CVE-2019-10558
Title	Improper Restriction of Operation Within the Bounds of a Memory Buffer in DSP Services
Description	While transferring data from APPS to DSP, Out of bound in FastRPC HLOS Driver due to the data buffer which can be controlled by DSP
Technology Area	DSP Service
Vulnerability Type	CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Access Vector	Local
Security Rating	High
Date Reported	Internal
Customer Notified Date	10/07/2019
Affected Chipsets*	APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM6150, SM8150, SM8250, SXR1130, SXR2130
Patch*	https://source.codeaurora.org/quic/la/kernel/msm-4.14/commit/?id=d511cdd22c505bafb4b418ca98de22b66373e022

CVE-2019-10581

CVE ID	CVE-2019-10581
Title	Use After Free Issue in Audio
Description	NULL is assigned to local instance of audio device pointer after free instead of global static pointer and can lead to use after free issue
Technology Area	Audio
Vulnerability Type	CWE-416 Use After Free
Access Vector	Remote
Security Rating	High
Date Reported	Internal
Customer Notified Date	10/07/2019
Affected Chipsets*	APQ8009, APQ8053, MDM9206, MDM9207C, MDM9607, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8998, Nicobar, QCS605, Rennell, SA6155P, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130
Patch*	https://source.codeaurora.org/quic/la/platform/hardware/qcom/audio/commit/?h=acc64548dbbf89aa9a4c5c0d13b9637505c8f7ee

CVE-2019-10585

CVE ID	CVE-2019-10585
Title	Use After Free issue in DSP Services
Description	Possible integer overflow happens when mmap find function will increment refcount every time when it invokes and can lead to use after free issue
Technology Area	DSP Service
Vulnerability Type	CWE-416 Use After Free
Access Vector	Local
Security Rating	High
Date Reported	05/23/2019
Customer Notified Date	10/07/2019
Affected Chipsets*	APQ8009, APQ8053, MDM9607, MDM9640, MSM8909W, MSM8917, MSM8953, Nicobar, QCS605, QM215, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM8150, SM8250, SXR1130, SXR2130
Patch*	https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=8d1b367cf622f63e75d9ed87a901d9865459309f

CVE-2019-10602

CVE ID	CVE-2019-10602
Title	Use After Free Issue in Display
Description	Potential use-after-free heap error during Validate/Present calls on display HW composer
Technology Area	Display
Vulnerability Type	CWE-416 Use After Free
Access Vector	Local
Security Rating	High
Date Reported	Internal
Customer Notified Date	10/07/2019
Affected Chipsets*	APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCS605, SDA660, SDM845, SDX20, SM8150
Patch*	https://source.codeaurora.org/quic/la/platform/hardware/qcom/display/commit/?id=e6d40402fa2a8e8958c038dc8801ae206fdad3ef https://source.codeaurora.org/quic/la/platform/hardware/qcom/display/commit/?id=5deee8ab6355b86aa4efbce5ae54d360b26e6afe

CVE-2019-10606

CVE ID	CVE-2019-10606
Title	Buffer Copy Without Checking Size of Input in USB
Description	Out-of-bound access will occur in USB driver due to lack of check to validate the frame size passed by user
Technology Area	Connectivity
Vulnerability Type	CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector	Local
Security Rating	High
Date Reported	Internal
Customer Notified Date	10/07/2019
Affected Chipsets*	MDM9607, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, QCS605, SDX24
Patch*	https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=f4cfee6d9c53c1aadfc68bc1184a08c0397fba1c https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=dfe360f15a675c908f90a5d6aa13248380aa1dc6

CVE-2019-14010

CVE ID	CVE-2019-14010
Title	Improper Input Validation in Audio
Description	The device may enter into error state when some tool or application gets failure at 1st buffer map all and performs 2nd buffer map which happens to be at same physical address
Technology Area	Audio
Vulnerability Type	CWE-20 Improper Input Validation
Access Vector	Remote
Security Rating	High
Date Reported	Internal
Customer Notified Date	10/07/2019
Affected Chipsets*	MDM9607, Nicobar, Rennell, SA6155P, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130
Patch*	https://source.codeaurora.org/quic/la/platform/vendor/opensource/audio-kernel/commit/?id=1209ddf2dbb00898883ee8c738d465c843819c7e https://source.codeaurora.org/quic/la/platform/vendor/opensource/audio-kernel/commit/?id=b13a605ff599cdde00f24d8ec6d69c5279027af6

CVE-2019-14023

CVE ID	CVE-2019-14023
Title	String format Issue in HLOS Data
Description	String format issue will occur while processing HLOS data as there is no user input validation to ensure inputs are properly NULL terminated before string copy
Technology Area	Data Network Stack & Connectivity
Vulnerability Type	CWE-133 String Errors
Access Vector	Local
Security Rating	High
Date Reported	Internal
Customer Notified Date	10/07/2019
Affected Chipsets*	MDM9607, Nicobar, Rennell, SA6155P, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130
Patch*	https://source.codeaurora.org/quic/la/kernel/msm-4.14/commit/?id=b6e067c17fd710bf4714213ab10ba90d5a774aef

CVE-2019-14024

CVE ID	CVE-2019-14024
Title	Use After Free Issue in NFC Module
Description	Possible stack-use-after-scope issue in NFC usecase for card emulation
Technology Area	NFC
Vulnerability Type	CWE-416 Use After Free
Access Vector	Local
Security Rating	High
Date Reported	Internal
Customer Notified Date	10/07/2019
Affected Chipsets*	MSM8917, MSM8953, Nicobar, QM215, Rennell, SDM429, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR2130
Patch*	https://source.codeaurora.org/quic/la/platform/vendor/nxp/opensource/packages/apps/Nfc/commit/?id=47e5aedc1c765076ec401f423b6db2c1477b8925

CVE-2019-14034

CVE ID	CVE-2019-14034
Title	Use After Free Issue in Multimedia
Description	Use after free while processing eeprom query as there is a chance to not unlock mutex after error occurs
Technology Area	Multimedia
Vulnerability Type	CWE-416 Use After Free
Access Vector	Local
Security Rating	High
Date Reported	Internal
Customer Notified Date	10/07/2019
Affected Chipsets*	APQ8009, APQ8053, MSM8909W, MSM8917, MSM8953, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
Patch*	https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=50565af0db84465844e4a1351210732111575a33 https://source.codeaurora.org/quic/la/kernel/msm-4.14/commit/?id=bbd5ba65fb26fad49f06927015ddf5e0bcffab0c https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=2f73f3f8c5e589f7cdf719bcc83524048fff9344 https://source.codeaurora.org/quic/la/kernel/msm-4.14/commit/?id=79a752b3135415c49baa14cc515812d057e1f0c7

CVE-2019-14036

CVE ID	CVE-2019-14036
Title	Improper Validation of Array Index in WLAN Host
Description	Possible buffer overflow issue in error processing due to improper validation of array index value
Technology Area	WLAN HOST
Vulnerability Type	CWE-129 Improper Validation of Array Index
Access Vector	Local
Security Rating	High
Date Reported	Internal
Customer Notified Date	10/07/2019
Affected Chipsets*	APQ8064, APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MDM9607, MDM9615, MDM9640, MSM8996AU, QCN7605
Patch*	https://source.codeaurora.org/quic/qsdk/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn/commit/?id=a2cf7fba4485dbf8d5a13db1630a58be1d527173

* Data is generated only at the time of bulletin creation

Industry Coordination

Security ratings of issues included in Android security bulletins and these bulletins match in the most common scenarios but may differ in some cases due to one of the following reasons:

Consideration of security protections such as SELinux not enforced on some platforms
Differences in assessment of some specific scenarios that involves local denial of service or privilege escalation vulnerabilities in the high level OS kernel

Version History

Version	Date	Comments
1.0	January 6, 2020	Bulletin Published

All Qualcomm products mentioned herein are products of Qualcomm Technologies, Inc. and/or its subsidiaries.

About Qualcomm Careers Offices Contact Us Support Email Subscriptions

References to "Qualcomm" may mean Qualcomm Incorporated, or subsidiaries or business units within the Qualcomm corporate structure, as applicable.

Qualcomm Incorporated includes Qualcomm's licensing business, QTL, and the vast majority of its patent portfolio. Qualcomm Technologies, Inc., a wholly-owned subsidiary of Qualcomm Incorporated, operates, along with its subsidiaries, substantially all of Qualcomm's engineering, research and development functions, and substantially all of its products and services businesses. Qualcomm products referenced on this page are products of Qualcomm Technologies, Inc. and/or its subsidiaries.

Materials that are as of a specific date, including but not limited to press releases, presentations, blog posts and webcasts, may have been superseded by subsequent events or disclosures.

Nothing in these materials is an offer to sell any of the components or devices referenced herein.