January 2020

January 2020 Security Bulletin

Version 1.0

Published: 01/06/2020

This security bulletin is intended to help Qualcomm Technologies, Inc. (QTI) customers incorporate security updates in launched or upcoming devices. This document includes (i) a description of security vulnerabilities that have been addressed in QTI’s proprietary code and (ii) links to related code that has been contributed to Code Aurora Forum (CAF), a Linux Foundation Collaborative Project, to address security vulnerabilities for customers who incorporate Linux-based software from CAF into their devices.

Please reach out to securitybulletin@qti.qualcomm.com for any questions related to this bulletin.

Announcements

We have discontinued publication of the open source public bulletin at https://www.codeaurora.org/security-advisories/security-bulletins. Starting from September 2019, we will have one single monthly bulletin listing both open-source and closed-source vulnerabilities.

Acknowledgements

We would like to thank these researchers for their contributions in reporting these issues to us.

CVE-2019-10561 dex (Marcel Busch) of FAU Security Team, FAU Erlangen-Nuremberg
CVE-2019-10582, CVE-2019-10583 Reported to us through Google Android Security team; please see bulletins at https://source.android.com/security/overview/acknowledgements/ for individual credit information. For issues rated medium or lower, the individual credit information may appear in a future Android major release bulletin.

Table of Vulnerabilities

Public ID Security Rating Technology Area Date Reported
CVE-2019-10532 High Video Internal
CVE-2019-10548 High Data Network Stack & Connectivity Internal
CVE-2019-10561 Medium Content Protection 02/05/2019
CVE-2019-10578 High Video Internal
CVE-2019-10579 High Video Internal
CVE-2019-10582 High Linux 05/06/2019
CVE-2019-10583 High Linux 05/06/2019
CVE-2019-10611 High Video Internal
CVE-2019-14002 High Telephony 10/19/2019
CVE-2019-14003 High Video Internal
CVE-2019-14004 High Video Internal
CVE-2019-14005 High Video Internal
CVE-2019-14006 High Video Internal
CVE-2019-14008 High GPS HLOS Driver Internal
CVE-2019-14013 High Video Internal
CVE-2019-14014 High Video Internal
CVE-2019-14016 High Video Internal
CVE-2019-14017 High Video Internal
CVE-2019-2267 High QTEE Internal

 

CVE-2019-10532

CVE ID CVE-2019-10532
Title Buffer Over-read Issue in Video
Description Null-pointer dereference issue can occur while calculating string length when source string length is zero
Technology Area Video
Vulnerability Type CWE-126 Buffer Over-read
Access Vector Remote
Security Rating High
Date Reported Internal
Customer Notified Date 10/07/2019
Affected Chipsets* APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, Nicobar, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130

CVE-2019-10548

CVE ID CVE-2019-10548
Title Use-After-Free Issue in HLOS Data
Description While trying to obtain datad ipc handle during DPL initialization, Heap use-after-free issue can occur if modem SSR occurs at same time
Technology Area Data Network Stack & Connectivity
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 07/01/2019
Affected Chipsets* APQ8009, APQ8053, APQ8096AU, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SXR1130

CVE-2019-10561

CVE ID CVE-2019-10561
Title Configuration Issue in Content Protection
Description Improper initialization of local variables which are parameters to sfs api may cause invalid pointer dereference and leads to denial of service
Technology Area Content Protection
Vulnerability Type CWE-16 Configuration
Access Vector Local
Security Rating Medium
Date Reported 02/05/2019
Customer Notified Date 07/01/2019
Affected Chipsets* APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9206, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QM215, SDA660, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660

CVE-2019-10578

CVE ID CVE-2019-10578
Title Improper Input Validation in Video
Description Null pointer dereference can occur while parsing the clip which is nonstandard
Technology Area Video
Vulnerability Type CWE-20 Improper Input Validation
Access Vector Remote
Security Rating High
Date Reported Internal
Customer Notified Date 10/07/2019
Affected Chipsets* APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, Rennell, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

CVE-2019-10579

CVE ID CVE-2019-10579
Title Buffer Over-read in Video
Description Buffer over-read can occur while playing the video clip which is not standard
Technology Area Video
Vulnerability Type CWE-126 Buffer Over-read
Access Vector Remote
Security Rating High
Date Reported Internal
Customer Notified Date 10/07/2019
Affected Chipsets* APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

CVE-2019-10582

CVE ID CVE-2019-10582
Title Use After Free Issue in Sensors HAL
Description Use after free issue due to using of invalidated iterator to delete an object in sensors HAL
Technology Area Linux
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating High
Date Reported 05/06/2019
Customer Notified Date 10/07/2019
Affected Chipsets* APQ8096AU, MSM8909W, Nicobar, QCS605, SA6155P, SDA845, SDM429W, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR1130, SXR2130

CVE-2019-10583

CVE ID CVE-2019-10583
Title Use After Free Issue in Camera
Description Use after free issue occurs when camera access sensors data through direct report mode
Technology Area Linux
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating High
Date Reported 05/06/2019
Customer Notified Date 10/07/2019
Affected Chipsets* APQ8096AU, MDM9607, MSM8909W, Nicobar, QCS605, SA6155P, SDA845, SDM429W, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR1130, SXR2130

CVE-2019-10611

CVE ID CVE-2019-10611
Title Integer Overflow to Buffer Overflow Issue in Video
Description Buffer overflow can occur while processing clip due to lack of check of object size before parsing
Technology Area Video
Vulnerability Type CWE-680 Integer Overflow to Buffer Overflow
Access Vector Remote
Security Rating High
Date Reported Internal
Customer Notified Date 10/07/2019
Affected Chipsets* APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, Nicobar, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130

CVE-2019-14002

CVE ID CVE-2019-14002
Title Improper Access Control Issue in Telephony
Description APKs without proper permission may bind to CallEnhancementService and can lead to unauthorized access to call status
Technology Area Telephony
Vulnerability Type CWE-284 Improper Access Control
Access Vector Local
Security Rating High
Date Reported 10/19/2019
Customer Notified Date 10/07/2019
Affected Chipsets* APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCA6574AU, QCS605, QM215, SA6155P, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SM6150, SM8150, SM8250, SXR2130

CVE-2019-14003

CVE ID CVE-2019-14003
Title Improper Input Validation in Video
Description Null pointer exception can happen while parsing invalid MKV clip where cue information is parsed before segment information
Technology Area Video
Vulnerability Type CWE-20 Improper Input Validation
Access Vector Remote
Security Rating High
Date Reported Internal
Customer Notified Date 10/07/2019
Affected Chipsets* APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

CVE-2019-14004

CVE ID CVE-2019-14004
Title Improper Input Validation in Video
Description Buffer overflow occurs while processing invalid MKV clip, which has invalid EBML size
Technology Area Video
Vulnerability Type CWE-20 Improper Input Validation
Access Vector Remote
Security Rating High
Date Reported Internal
Customer Notified Date 10/07/2019
Affected Chipsets* APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

CVE-2019-14005

CVE ID CVE-2019-14005
Title Buffer Copy Without Checking Size of Input in Video
Description Buffer overflow occur while playing the clip which is nonstandard due to lack of check of size duration
Technology Area Video
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector Remote
Security Rating High
Date Reported Internal
Customer Notified Date 10/07/2019
Affected Chipsets* APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130

CVE-2019-14006

CVE ID CVE-2019-14006
Title Improper Input Validation in Video
Description Buffer overflow occur while playing the clip which is nonstandard due to lack of offset length check
Technology Area Video
Vulnerability Type CWE-20 Improper Input Validation
Access Vector Remote
Security Rating High
Date Reported Internal
Customer Notified Date 10/07/2019
Affected Chipsets* APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130

CVE-2019-14008

CVE ID CVE-2019-14008
Title Null Pointer Dereference Issue in GPS
Description Possible null pointer dereference issue in location assistance data processing due to missing null check on resources before using it
Technology Area GPS HLOS Driver
Vulnerability Type CWE-476 NULL Pointer Dereference
Access Vector Remote
Security Rating High
Date Reported Internal
Customer Notified Date 10/07/2019
Affected Chipsets* MDM9150, MDM9607, MDM9650, SDM660, SDM845, SM8150, SM8250, SXR2130

CVE-2019-14013

CVE ID CVE-2019-14013
Title Buffer Copy Without Checking Size of Input in Video
Description While parsing invalid super index table, elements within super index table may exceed total chunk size and invalid data is read into the table
Technology Area Video
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector Remote
Security Rating High
Date Reported Internal
Customer Notified Date 10/07/2019
Affected Chipsets* APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

CVE-2019-14014

CVE ID CVE-2019-14014
Title Buffer Copy Without Checking Size of Input in Video
Description Possible buffer overflow when byte array receives incorrect input from reading source as array is not null terminated
Technology Area Video
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector Remote
Security Rating High
Date Reported Internal
Customer Notified Date 10/07/2019
Affected Chipsets* Nicobar, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR2130

CVE-2019-14016

CVE ID CVE-2019-14016
Title Integer Overflow to Buffer Overflow in Video
Description Integer overflow occurs while playing the clip which is nonstandard
Technology Area Video
Vulnerability Type CWE-680 Integer Overflow to Buffer Overflow
Access Vector Remote
Security Rating High
Date Reported Internal
Customer Notified Date 10/07/2019
Affected Chipsets* APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130

CVE-2019-14017

CVE ID CVE-2019-14017
Title Buffer Copy Without Checking Size of Input in Video
Description Heap buffer overflow can occur while parsing invalid MKV clip which is not standard and have invalid vorbis codec data
Technology Area Video
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector Remote
Security Rating High
Date Reported Internal
Customer Notified Date 10/07/2019
Affected Chipsets* APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

CVE-2019-2267

CVE ID CVE-2019-2267
Title Permissions, Privileges and Access Control in Boot
Description Locked regions may be modified through other interfaces in secure boot loader image due to improper access control.
Technology Area QTEE
Vulnerability Type CWE-264 Permissions, Privileges, and Access Controls
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 05/06/2019
Affected Chipsets* MDM9205, QCS404, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM8150, SXR1130, SXR2130

* Data is generated only at the time of bulletin creation

This table summarizes security vulnerabilities that were addressed through open source software located at the corresponding open source project links

Table of Vulnerabilities

Public ID Security Rating Technology Area Date Reported
CVE-2019-10558 High DSP Service Internal
CVE-2019-10581 High Audio Internal
CVE-2019-10585 High DSP Service 05/23/2019
CVE-2019-10602 High Display Internal
CVE-2019-10606 High Connectivity Internal
CVE-2019-14010 High Audio Internal
CVE-2019-14023 High Data Network Stack & Connectivity Internal
CVE-2019-14024 High NFC Internal
CVE-2019-14034 High Multimedia Internal
CVE-2019-14036 High WLAN HOST Internal

CVE-2019-10558

CVE ID CVE-2019-10558
Title Improper Restriction of Operation Within the Bounds of a Memory Buffer in DSP Services
Description While transferring data from APPS to DSP, Out of bound in FastRPC HLOS Driver due to the data buffer which can be controlled by DSP
Technology Area DSP Service
Vulnerability Type CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 10/07/2019
Affected Chipsets* APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM6150, SM8150, SM8250, SXR1130, SXR2130
Patch*

CVE-2019-10581

CVE ID CVE-2019-10581
Title Use After Free Issue in Audio
Description NULL is assigned to local instance of audio device pointer after free instead of global static pointer and can lead to use after free issue
Technology Area Audio
Vulnerability Type CWE-416 Use After Free
Access Vector Remote
Security Rating High
Date Reported Internal
Customer Notified Date 10/07/2019
Affected Chipsets* APQ8009, APQ8053, MDM9206, MDM9207C, MDM9607, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8998, Nicobar, QCS605, Rennell, SA6155P, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130
Patch*

CVE-2019-10585

CVE ID CVE-2019-10585
Title Use After Free issue in DSP Services
Description Possible integer overflow happens when mmap find function will increment refcount every time when it invokes and can lead to use after free issue
Technology Area DSP Service
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating High
Date Reported 05/23/2019
Customer Notified Date 10/07/2019
Affected Chipsets* APQ8009, APQ8053, MDM9607, MDM9640, MSM8909W, MSM8917, MSM8953, Nicobar, QCS605, QM215, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM8150, SM8250, SXR1130, SXR2130
Patch*

CVE-2019-10602

CVE ID CVE-2019-10602
Title Use After Free Issue in Display
Description Potential use-after-free heap error during Validate/Present calls on display HW composer
Technology Area Display
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 10/07/2019
Affected Chipsets* APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCS605, SDA660, SDM845, SDX20, SM8150
Patch*

CVE-2019-10606

CVE ID CVE-2019-10606
Title Buffer Copy Without Checking Size of Input in USB
Description Out-of-bound access will occur in USB driver due to lack of check to validate the frame size passed by user
Technology Area Connectivity
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 10/07/2019
Affected Chipsets* MDM9607, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, QCS605, SDX24
Patch*

CVE-2019-14010

CVE ID CVE-2019-14010
Title Improper Input Validation in Audio
Description The device may enter into error state when some tool or application gets failure at 1st buffer map all and performs 2nd buffer map which happens to be at same physical address
Technology Area Audio
Vulnerability Type CWE-20 Improper Input Validation
Access Vector Remote
Security Rating High
Date Reported Internal
Customer Notified Date 10/07/2019
Affected Chipsets* MDM9607, Nicobar, Rennell, SA6155P, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130
Patch*

CVE-2019-14023

CVE ID CVE-2019-14023
Title String format Issue in HLOS Data
Description String format issue will occur while processing HLOS data as there is no user input validation to ensure inputs are properly NULL terminated before string copy
Technology Area Data Network Stack & Connectivity
Vulnerability Type CWE-133 String Errors
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 10/07/2019
Affected Chipsets* MDM9607, Nicobar, Rennell, SA6155P, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130
Patch*

CVE-2019-14024

CVE ID CVE-2019-14024
Title Use After Free Issue in NFC Module
Description Possible stack-use-after-scope issue in NFC usecase for card emulation
Technology Area NFC
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 10/07/2019
Affected Chipsets* MSM8917, MSM8953, Nicobar, QM215, Rennell, SDM429, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR2130
Patch*

CVE-2019-14034

CVE ID CVE-2019-14034
Title Use After Free Issue in Multimedia
Description Use after free while processing eeprom query as there is a chance to not unlock mutex after error occurs
Technology Area Multimedia
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 10/07/2019
Affected Chipsets* APQ8009, APQ8053, MSM8909W, MSM8917, MSM8953, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
Patch*

CVE-2019-14036

CVE ID CVE-2019-14036
Title Improper Validation of Array Index in WLAN Host
Description Possible buffer overflow issue in error processing due to improper validation of array index value
Technology Area WLAN HOST
Vulnerability Type CWE-129 Improper Validation of Array Index
Access Vector Local
Security Rating High
Date Reported Internal
Customer Notified Date 10/07/2019
Affected Chipsets* APQ8064, APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MDM9607, MDM9615, MDM9640, MSM8996AU, QCN7605
Patch*

* Data is generated only at the time of bulletin creation

Industry Coordination

Security ratings of issues included in Android security bulletins and these bulletins match in the most common scenarios but may differ in some cases due to one of the following reasons:

 

  • Consideration of security protections such as SELinux not enforced on some platforms
  • Differences in assessment of some specific scenarios that involves local denial of service or privilege escalation vulnerabilities in the high level OS kernel

 

Version History

Version Date Comments
1.0 January 6, 2020 Bulletin Published

All Qualcomm products mentioned herein are products of Qualcomm Technologies, Inc. and/or its subsidiaries.

©2020 Qualcomm Technologies, Inc. and/or its affiliated companies.

References to "Qualcomm" may mean Qualcomm Incorporated, or subsidiaries or business units within the Qualcomm corporate structure, as applicable.

Qualcomm Incorporated includes Qualcomm's licensing business, QTL, and the vast majority of its patent portfolio. Qualcomm Technologies, Inc., a wholly-owned subsidiary of Qualcomm Incorporated, operates, along with its subsidiaries, substantially all of Qualcomm's engineering, research and development functions, and substantially all of its products and services businesses. Qualcomm products referenced on this page are products of Qualcomm Technologies, Inc. and/or its subsidiaries.

Materials that are as of a specific date, including but not limited to press releases, presentations, blog posts and webcasts, may have been superseded by subsequent events or disclosures.

Nothing in these materials is an offer to sell any of the components or devices referenced herein.