March 2020

March 2020 Security Bulletin

Version 1.0

Published: 03/02/2020

This security bulletin is intended to help Qualcomm Technologies, Inc. (QTI) customers incorporate security updates in launched or upcoming devices. This document includes (i) a description of security vulnerabilities that have been addressed in QTI’s proprietary code and (ii) links to related code that has been contributed to Code Aurora Forum (CAF), a Linux Foundation Collaborative Project, to address security vulnerabilities for customers who incorporate Linux-based software from CAF into their devices.

Please reach out to securitybulletin@qti.qualcomm.com for any questions related to this bulletin.

Announcements

We have discontinued publication of the open source public bulletin at https://www.codeaurora.org/security-advisories/security-bulletins. Starting from September 2019, we will have one single monthly bulletin listing both open-source and closed-source vulnerabilities

Acknowledgements

We would like to thank these researchers for their contributions in reporting these issues to us.

CVE-2019-14026, CVE-2019-14027, CVE-2019-14028, CVE-2019-14083	Peter Park (peterpark)
CVE-2019-14029	Anonymous Researcher
CVE-2019-14072	(avel)
CVE-2019-14095	Etienne Helluy-Lafont Universit´e de Lille

Table of Vulnerabilities

Public ID	Security Rating	Technology Area	Date Reported
CVE-2019-10546	Critical	WLAN Firmware	Internal
CVE-2019-10549	High	Data Modem	Internal
CVE-2019-10550	High	Data Modem	Internal
CVE-2019-10552	High	Multi-Mode Call Processor	Internal
CVE-2019-10553	High	Multi-Mode Call Processor	Internal
CVE-2019-10554	High	Multi-Mode Call Processor	Internal
CVE-2019-10577	High	Data Modem	Internal
CVE-2019-10586	Critical	Data Modem	Internal
CVE-2019-10587	Critical	Data Modem	Internal
CVE-2019-10591	High	Video	Internal
CVE-2019-10593	Critical	Data Modem	Internal
CVE-2019-10594	Critical	Data Modem	Internal
CVE-2019-10603	High	Data Network Stack & Connectivity	Internal
CVE-2019-10604	High	DebugTools	Internal
CVE-2019-10612	Critical	KERNEL	Internal
CVE-2019-10616	High	SoC Infrastructure	Internal
CVE-2019-14000	High	Qualcomm IPC	Internal
CVE-2019-14015	High	Fingerprint	Internal
CVE-2019-14026	High	WLAN Firmware	06/10/2019
CVE-2019-14027	High	WLAN Firmware	06/10/2019
CVE-2019-14028	High	WLAN Firmware	06/10/2019
CVE-2019-14030	Critical	Core Power SW	Internal
CVE-2019-14031	Critical	WLAN Firmware	Internal
CVE-2019-14045	Critical	Video	Internal
CVE-2019-14048	High	Video	Internal
CVE-2019-14050	High	Fingerprint	08/01/2019
CVE-2019-14061	High	Video	Internal
CVE-2019-14071	Critical	System Debug	Internal
CVE-2019-14081	High	WLAN Firmware	Internal
CVE-2019-14082	High	WLAN Firmware	Internal
CVE-2019-14083	Critical	WLAN Firmware	05/25/2019
CVE-2019-14085	High	WLAN Firmware	Internal
CVE-2019-14086	Critical	WLAN Firmware	Internal
CVE-2019-14095	Critical	BTSOC	09/03/2019
CVE-2019-14097	Critical	WLAN Firmware	Internal
CVE-2019-14098	Critical	WLAN Firmware	Internal
CVE-2019-2300	High	WLAN Firmware	Internal
CVE-2019-2311	High	WLAN Firmware	Internal
CVE-2019-2317	Critical	Data Modem	Internal

CVE-2019-10546

CVE ID	CVE-2019-10546
Title	Buffer Copy Without Checking Size of Input in WLAN
Description	Buffer overflow can occur in WLAN firmware while parsing beacon/probe_response frames during roaming
Technology Area	WLAN Firmware
Vulnerability Type	CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector	Remote
Security Rating	Critical
Date Reported	Internal
Customer Notified Date	12/02/2019
Affected Chipsets*	APQ8096, APQ8096AU, IPQ6018, IPQ8074, MDM9607, MDM9640, MDM9650, MSM8996AU, Nicobar, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCS404, QCS605, Rennell, SA6155P, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

CVE-2019-10549

CVE ID	CVE-2019-10549
Title	Null Pointer Dereference Issue in Modem Data
Description	Null pointer dereference issue can happen due to improper validation of CSEQ header response received from network
Technology Area	Data Modem
Vulnerability Type	CWE-476 NULL Pointer Dereference
Access Vector	Remote
Security Rating	High
Date Reported	Internal
Customer Notified Date	09/02/2019
Affected Chipsets*	MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, Nicobar, QCM2150, QM215, Rennell, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDX24, SDX55, SM6150, SM7150, SM8150

CVE-2019-10550

CVE ID	CVE-2019-10550
Title	Buffer Over-read Issue in Modem Data
Description	Buffer Over-read when UE is trying to process the message received form the network without zero termination
Technology Area	Data Modem
Vulnerability Type	CWE-126 Buffer Over-read
Access Vector	Remote
Security Rating	High
Date Reported	Internal
Customer Notified Date	09/02/2019
Affected Chipsets*	MDM9206, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130

CVE-2019-10552

CVE ID	CVE-2019-10552
Title	Buffer Over-read Issue in Multi-mode Call Processor
Description	Multiple Buffer Over-read issue can happen due to improper length checks while decoding Service Reject/RAU Reject/PTMSI Realloc cmd
Technology Area	Multi-Mode Call Processor
Vulnerability Type	CWE-126 Buffer Over-read
Access Vector	Remote
Security Rating	High
Date Reported	Internal
Customer Notified Date	09/02/2019
Affected Chipsets*	APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130

CVE-2019-10553

CVE ID	CVE-2019-10553
Title	Buffer Over-read Issue in Multi-mode Call processor
Description	Multiple Read overflows due to improper length checks while decoding authentication in Cs domain/RAU Reject and TC cmd
Technology Area	Multi-Mode Call Processor
Vulnerability Type	CWE-126 Buffer Over-read
Access Vector	Remote
Security Rating	High
Date Reported	Internal
Customer Notified Date	09/02/2019
Affected Chipsets*	APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130

CVE-2019-10554

CVE ID	CVE-2019-10554
Title	Buffer Over-read Issue in Multi Mode Call Processor
Description	Multiple Read overflows issue due to improper length check while decoding Identity Request in CSdomain/Authentication Reject in CS domain/ PRAU accept/while logging DL message
Technology Area	Multi-Mode Call Processor
Vulnerability Type	CWE-126 Buffer Over-read
Access Vector	Remote
Security Rating	High
Date Reported	Internal
Customer Notified Date	09/02/2019
Affected Chipsets*	APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130

CVE-2019-10577

CVE ID	CVE-2019-10577
Title	Buffer Over-read Issue in Modem Data
Description	Improper input validation while processing SIP URI received from the network will lead to buffer over-read and then to denial of service
Technology Area	Data Modem
Vulnerability Type	CWE-126 Buffer Over-read
Access Vector	Remote
Security Rating	High
Date Reported	Internal
Customer Notified Date	09/02/2019
Affected Chipsets*	APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

CVE-2019-10586

CVE ID	CVE-2019-10586
Title	Buffer Copy Without Checking Size of Input in Data Modem
Description	Filling media attribute tag names without validating the destination buffer size which can result in the buffer overflow
Technology Area	Data Modem
Vulnerability Type	CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector	Remote
Security Rating	Critical
Date Reported	Internal
Customer Notified Date	09/02/2019
Affected Chipsets*	APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130

CVE-2019-10587

CVE ID	CVE-2019-10587
Title	Buffer Copy Without Checking Size of Input in Data Modem
Description	Possible Stack overflow can occur when processing a large SDP body or non standard SDP body without right delimiters
Technology Area	Data Modem
Vulnerability Type	CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector	Remote
Security Rating	Critical
Date Reported	Internal
Customer Notified Date	09/02/2019
Affected Chipsets*	APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130

CVE-2019-10591

CVE ID	CVE-2019-10591
Title	Null Pointer Dereference Issue in Video
Description	Null pointer dereference can happen when parsing udta atom which is non-standard and having invalid depth
Technology Area	Video
Vulnerability Type	CWE-129 Improper Validation of Array Index
Access Vector	Remote
Security Rating	High
Date Reported	Internal
Customer Notified Date	12/02/2019
Affected Chipsets*	APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8939, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

CVE-2019-10593

CVE ID	CVE-2019-10593
Title	Improper Validation of Array Index in Data Modem
Description	Buffer overflow can occur when processing non standard SDP video Image attribute parameter in a VILTE\VOLTE call
Technology Area	Data Modem
Vulnerability Type	CWE-129 Improper Validation of Array Index
Access Vector	Remote
Security Rating	Critical
Date Reported	Internal
Customer Notified Date	09/02/2019
Affected Chipsets*	APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130

CVE-2019-10594

CVE ID	CVE-2019-10594
Title	Improper Validation of Array Index in Data Modem
Description	Stack overflow can occur when SDP is received with multiple payload types in the FMTP attribute of a video M line
Technology Area	Data Modem
Vulnerability Type	CWE-129 Improper Validation of Array Index
Access Vector	Remote
Security Rating	Critical
Date Reported	Internal
Customer Notified Date	09/02/2019
Affected Chipsets*	APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130

CVE-2019-10603

CVE ID	CVE-2019-10603
Title	Use After Free Issue in HLOS Data
Description	Use after free issue occurs If the real device interface goes down and a route lookup is performed while sending a raw IPv6 message
Technology Area	Data Network Stack & Connectivity
Vulnerability Type	CWE-416 Use After Free
Access Vector	Local
Security Rating	High
Date Reported	Internal
Customer Notified Date	09/02/2019
Affected Chipsets*	APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8917, MSM8937, MSM8996AU, QCN7605, SDA845, SDM630, SDM636, SDM660, SDX20, SXR1130

CVE-2019-10604

CVE ID	CVE-2019-10604
Title	Buffer Copy Without Checking Size of Input in Debug Tools
Description	Possibility of heap-buffer-overflow during last iteration of loop while populating image version information in diag command response packet,
Technology Area	DebugTools
Vulnerability Type	CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector	Local
Security Rating	High
Date Reported	Internal
Customer Notified Date	12/02/2019
Affected Chipsets*	APQ8053, APQ8096AU, APQ8098, MDM9607, MDM9640, MSM8909W, MSM8917, MSM8953, Nicobar, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDM429, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

CVE-2019-10612

CVE ID	CVE-2019-10612
Title	Untrusted Pointer Dereference Issue in Kernel
Description	UTCB object has a function pointer called by the reaper to deallocate its memory resources and this address can potentially be corrupted by stack overflow
Technology Area	KERNEL
Vulnerability Type	CWE-822 Untrusted Pointer Dereference
Access Vector	Remote
Security Rating	Critical
Date Reported	Internal
Customer Notified Date	09/02/2019
Affected Chipsets*	MDM9205, MDM9650, QCS605, SA6155P, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

CVE-2019-10616

CVE ID	CVE-2019-10616
Title	Null Pointer Dereference Issue in Trustzone
Description	Possibility of null pointer access if the SPDM commands are executed in the non-standard way in TZ.
Technology Area	SoC Infrastructure
Vulnerability Type	CWE-476 NULL Pointer Dereference
Access Vector	Local
Security Rating	High
Date Reported	Internal
Customer Notified Date	09/02/2019
Affected Chipsets*	APQ8009, APQ8016, MDM9150, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8998, SA6155P, SDX24

CVE-2019-14000

CVE ID	CVE-2019-14000
Title	Information Exposure Issue in Qualcomm IPC
Description	Lack of check that the RX FIFO write index that is read from shared RAM is less than the FIFO size results into memory corruption and potential information leakage
Technology Area	Qualcomm IPC
Vulnerability Type	CWE-200 Information Exposure
Access Vector	Local
Security Rating	High
Date Reported	Internal
Customer Notified Date	12/02/2019
Affected Chipsets*	APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCS404, QCS405, QCS605, QM215, Rennell, SA6155P, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

CVE-2019-14015

CVE ID	CVE-2019-14015
Title	Buffer Copy Without Checking Size of Input in Biometrics
Description	A stack-based buffer overflow exists in the initialization of the identification stage due to lack of check on the number of templates provided.
Technology Area	Fingerprint
Vulnerability Type	CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector	Local
Security Rating	High
Date Reported	Internal
Customer Notified Date	12/02/2019
Affected Chipsets*	APQ8096, APQ8096AU, MDM9205, MSM8996, MSM8996AU, Nicobar, QCS404, QCS405, QCS605, Rennell, SA6155P, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130

CVE-2019-14026

CVE ID	CVE-2019-14026
Title	Buffer Copy without checking size of input in WLAN
Description	Possible buffer overflow in WLAN WMI handler due to lack of ssid length check when copying data
Technology Area	WLAN Firmware
Vulnerability Type	CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector	Local
Security Rating	High
Date Reported	06/10/2019
Customer Notified Date	10/07/2019
Affected Chipsets*	APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996AU, MSM8998, Nicobar, QCA6174A, QCA6574, QCA6574AU, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9886, QCN7605, QCS404, QCS405, QCS605, Rennell, SA6155P, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

CVE-2019-14027

CVE ID	CVE-2019-14027
Title	Buffer Copy Without Checking Size of Input in WLAN
Description	Buffer overflow due to lack of upper bound check on channel length which is used for a loop.
Technology Area	WLAN Firmware
Vulnerability Type	CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector	Local
Security Rating	High
Date Reported	06/10/2019
Customer Notified Date	10/07/2019
Affected Chipsets*	APQ8098, IPQ6018, IPQ8074, MSM8998, Nicobar, QCA8081, QCN7605, QCS404, QCS605, Rennell, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130, SXR2130

CVE-2019-14028

CVE ID	CVE-2019-14028
Title	Buffer Copy Without Checking Size of Input in WLAN
Description	Buffer overwrite during memcpy due to lack of check on SSID length validation
Technology Area	WLAN Firmware
Vulnerability Type	CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector	Local
Security Rating	High
Date Reported	06/10/2019
Customer Notified Date	10/07/2019
Affected Chipsets*	APQ8009, APQ8017, APQ8053, APQ8064, APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996AU, MSM8998, Nicobar, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9886, QCN7605, QCS404, QCS405, QCS605, Rennell, SA6155P, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

CVE-2019-14030

CVE ID	CVE-2019-14030
Title	Buffer Copy Without Checking Size of Input in TrustZone
Description	The size of a buffer is determined by addition and multiplications operations that have the potential to overflow due to lack of bound check
Technology Area	Core Power SW
Vulnerability Type	CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector	Local
Security Rating	Critical
Date Reported	Internal
Customer Notified Date	12/02/2019
Affected Chipsets*	MDM9205, QCS404, Rennell, SC8180X, SDM845, SDM850, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

CVE-2019-14031

CVE ID	CVE-2019-14031
Title	Buffer Copy Without Checking Size of Input in WLAN
Description	Buffer overflow can occur while parsing RSN IE containing list of PMK ID`s which are more than the buffer size
Technology Area	WLAN Firmware
Vulnerability Type	CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector	Remote
Security Rating	Critical
Date Reported	Internal
Customer Notified Date	10/07/2019
Affected Chipsets*	APQ8009, APQ8017, APQ8053, APQ8064, APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9886, QCN7605, QCS405, QCS605, SA6155P, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

CVE-2019-14045

CVE ID	CVE-2019-14045
Title	Buffer Copy Without Checking Size of Input in Video
Description	Possible buffer overflow while processing clientlog and serverlog due to lack of validation of data received in logs
Technology Area	Video
Vulnerability Type	CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector	Remote
Security Rating	Critical
Date Reported	Internal
Customer Notified Date	11/04/2019
Affected Chipsets*	APQ8096AU, QCS605, SDM439, SM8150, SXR1130

CVE-2019-14048

CVE ID	CVE-2019-14048
Title	Buffer Copy Without Checking Size of Input in Video
Description	Possible out of bound memory access while playing a crafted clip in media player
Technology Area	Video
Vulnerability Type	CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector	Local
Security Rating	High
Date Reported	Internal
Customer Notified Date	12/02/2019
Affected Chipsets*	SM8150

CVE-2019-14050

CVE ID	CVE-2019-14050
Title	Integer Overflow to Buffer Overflow Issue in Biometrics
Description	Out-of-bound writes occurs due to lack of check of buffer size will cause buffer overflow only in 32bit architecture.
Technology Area	Fingerprint
Vulnerability Type	CWE-680 Integer Overflow to Buffer Overflow
Access Vector	Local
Security Rating	High
Date Reported	08/01/2019
Customer Notified Date	11/04/2019
Affected Chipsets*	APQ8009, MDM9150, MDM9205, MDM9607, MDM9650, MSM8905, Nicobar, QCS405, QCS605, Rennell, SA6155P, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, SXR1130

CVE-2019-14061

CVE ID	CVE-2019-14061
Title	Buffer Over-read Issue in Video
Description	Null-pointer dereference can occur while accessing the segment element info when it is not allocated and assigned
Technology Area	Video
Vulnerability Type	CWE-126 Buffer Over-read
Access Vector	Remote
Security Rating	High
Date Reported	Internal
Customer Notified Date	12/02/2019
Affected Chipsets*	APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

CVE-2019-14071

CVE ID	CVE-2019-14071
Title	Improper Access Control Issue in TrustZone
Description	Compromised reset handler may bypass access control due to AC config is being reset if debug path is enabled to collect secure or non-secure ram dumps
Technology Area	System Debug
Vulnerability Type	CWE-284 Improper Access Control
Access Vector	Local
Security Rating	Critical
Date Reported	Internal
Customer Notified Date	12/02/2019
Affected Chipsets*	APQ8017, APQ8053, APQ8096, APQ8096AU, IPQ6018, MDM9205, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS404, QCS405, QCS605, QM215, Rennell, SA6155P, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130

CVE-2019-14081

CVE ID	CVE-2019-14081
Title	Buffer Over-read Issue in WLAN
Description	Buffer Over-read when WLAN module gets a WMI message for SAR limits with invalid number of limits to be enforced
Technology Area	WLAN Firmware
Vulnerability Type	CWE-126 Buffer Over-read
Access Vector	Local
Security Rating	High
Date Reported	Internal
Customer Notified Date	11/04/2019
Affected Chipsets*	APQ8098, IPQ8074, MSM8998, QCA8081, QCN7605, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM8150, SXR1130

CVE-2019-14082

CVE ID	CVE-2019-14082
Title	Buffer Over-read Issue in WLAN
Description	Potential buffer over-read due to lack of bound check of memory offset passed in WLAN firmware
Technology Area	WLAN Firmware
Vulnerability Type	CWE-126 Buffer Over-read
Access Vector	Remote
Security Rating	High
Date Reported	Internal
Customer Notified Date	11/04/2019
Affected Chipsets*	IPQ8074, MDM9206, MDM9207C, MDM9607, QCN7605, SM8150

CVE-2019-14083

CVE ID	CVE-2019-14083
Title	Buffer Copy Without Checking Size of Input in WLAN
Description	While parsing Service Descriptor Extended Attribute received as part of SDF frame, there is a possibility that incorrect length is specified in the attribute length field of extended SSI which can lead to integer underflow
Technology Area	WLAN Firmware
Vulnerability Type	CWE-191 Integer Underflow (Wrap or Wraparound)
Access Vector	Remote
Security Rating	Critical
Date Reported	05/25/2019
Customer Notified Date	12/02/2019
Affected Chipsets*	APQ8009, APQ8053, APQ8096, APQ8098, IPQ6018, IPQ8074, MSM8996AU, MSM8998, Nicobar, QCA6174A, QCA6390, QCA6574AU, QCA8081, QCA9377, QCA9379, QCN7605, QCS404, QCS405, QCS605, Rennell, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130

CVE-2019-14085

CVE ID	CVE-2019-14085
Title	Integer Underflow Issue in WLAN
Description	Possible Integer underflow in WLAN function due to lack of check of data received from user side
Technology Area	WLAN Firmware
Vulnerability Type	CWE-191 Integer Underflow (Wrap or Wraparound)
Access Vector	Local
Security Rating	High
Date Reported	Internal
Customer Notified Date	11/04/2019
Affected Chipsets*	QCN7605, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM8150, SXR1130

CVE-2019-14086

CVE ID	CVE-2019-14086
Title	Buffer Copy Without Checking Size of Input in WLAN
Description	Possible integer overflow while checking the length of frame which is a 32 bit integer and is added to another 32 bit integer which can lead to unexpected result during the check
Technology Area	WLAN Firmware
Vulnerability Type	CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector	Remote
Security Rating	Critical
Date Reported	Internal
Customer Notified Date	12/02/2019
Affected Chipsets*	APQ8098, MDM9607, MSM8998, QCA6584, QCN7605, QCS605, SDA660, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130

CVE-2019-14095

CVE ID	CVE-2019-14095
Title	Buffer Copy Without Checking Size of input in Bluetooth
Description	Buffer overflow occurs while processing LMP packet in which name length parameter exceeds value specified in BT-specification
Technology Area	BTSOC
Vulnerability Type	CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector	Remote
Security Rating	Critical
Date Reported	09/03/2019
Customer Notified Date	01/06/2020
Affected Chipsets*	APQ8009, APQ8016, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6174A, QCA6390, QCA6574AU, QCA9377, QCA9379, QCA9886, QCM2150, QCN7605, QCS404, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

CVE-2019-14097

CVE ID	CVE-2019-14097
Title	Buffer Copy without checking size of input in WLAN
Description	Possible buffer overflow in WLAN Parser due to lack of length check when copying data
Technology Area	WLAN Firmware
Vulnerability Type	CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector	Remote
Security Rating	Critical
Date Reported	Internal
Customer Notified Date	12/02/2019
Affected Chipsets*	APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9607, MDM9640, MDM9650, MSM8996AU, MSM8998, Nicobar, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCN7605, QCS405, QCS605, Rennell, SA6155P, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

CVE-2019-14098

CVE ID	CVE-2019-14098
Title	Buffer Copy Without Checking Size of Input in WLAN
Description	Possible buffer overflow in data offload handler due to lack of check of keydata length when copying data
Technology Area	WLAN Firmware
Vulnerability Type	CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector	Remote
Security Rating	Critical
Date Reported	Internal
Customer Notified Date	12/02/2019
Affected Chipsets*	APQ8009, APQ8017, APQ8053, APQ8064, APQ8096, APQ8096AU, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996AU, Nicobar, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, QCA9886, QCS405, QCS605, Rennell, SA6155P, SC8180X, SDA660, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130

CVE-2019-2300

CVE ID	CVE-2019-2300
Title	Buffer Copy Without Checking Size of Input in WLAN
Description	Possible buffer overflow in WLAN handler due to lack of validation of destination buffer size before copying into it
Technology Area	WLAN Firmware
Vulnerability Type	CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector	Remote
Security Rating	High
Date Reported	Internal
Customer Notified Date	10/07/2019
Affected Chipsets*	APQ8009, APQ8017, APQ8053, APQ8096, APQ8098, IPQ8074, MDM9206, MDM9207C, MDM9607, MSM8996, MSM8996AU, MSM8998, QCA6174A, QCA6574AU, QCA8081, QCA9377, QCA9379, QCA9886, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130

CVE-2019-2311

CVE ID	CVE-2019-2311
Title	Buffer Copy Without Checking Size of Input in WLAN
Description	Possible buffer overflow in WLAN handler due to lack of validation of destination buffer size before copying it
Technology Area	WLAN Firmware
Vulnerability Type	CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector	Remote
Security Rating	High
Date Reported	Internal
Customer Notified Date	10/07/2019
Affected Chipsets*	APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996, MSM8996AU, MSM8998, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9886, QCS605, SA6155P, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130

CVE-2019-2317

CVE ID	CVE-2019-2317
Title	Use of Insufficiently Random Values in Data Modem
Description	The secret key used to make the Initial Sequence Number in the TCP SYN packet could be brute forced and therefore can be predicted
Technology Area	Data Modem
Vulnerability Type	CWE-330 Use of Insufficiently Random Values
Access Vector	Remote
Security Rating	Critical
Date Reported	Internal
Customer Notified Date	06/03/2019
Affected Chipsets*	MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, Nicobar, QCM2150, QM215, SC8180X, SDM429, SDM439, SDM450, SDM632, SDX24, SDX55, SM6150, SM7150, SM8150

* Data is generated only at the time of bulletin creation

This table summarizes security vulnerabilities that were addressed through open source software located at the corresponding open source project links

Table of Vulnerabilities

Public ID	Security Rating	Technology Area	Date Reported
CVE-2018-11838	High	WLAN HOST	Internal
CVE-2019-10526	High	WLAN HOST	Internal
CVE-2019-10569	High	Audio	Internal
CVE-2019-14029	High	Graphics	09/10/2019
CVE-2019-14032	High	Audio	Internal
CVE-2019-14068	High	Audio	Internal
CVE-2019-14072	High	Graphics	08/07/2019
CVE-2019-14079	High	Connectivity	09/04/2019

CVE-2018-11838

CVE ID	CVE-2018-11838
Title	Double Free issue in WLAN
Description	Possible double free issue in WLAN due to lack of checking memory free condition.
Technology Area	WLAN HOST
Vulnerability Type	CWE-415 Double Free
Access Vector	Local
Security Rating	High
Date Reported	Internal
Customer Notified Date	12/02/2019
Affected Chipsets*	APQ8053, MDM9640, SDA660, SDM636, SDM660, SDX20
Patch*	https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=d98aa07b53021e269afa337e89408418103367be https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=815cf7b4de9bfe7ed77a04db5c3462d5a29b8e43

CVE-2019-10526

CVE ID	CVE-2019-10526
Title	Improper Validation of Array Index in WLAN
Description	Out of bound write in WLAN driver due to NULL character not properly placed after SSID name
Technology Area	WLAN HOST
Vulnerability Type	CWE-129 Improper Validation of Array Index
Access Vector	Remote
Security Rating	High
Date Reported	Internal
Customer Notified Date	12/02/2019
Affected Chipsets*	APQ8009, APQ8017, APQ8053, APQ8096AU, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS405, QCS605, SC8180X, SDA845, SDM450, SDX20, SDX24, SDX55, SXR1130
Patch*	https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=f5e23c59116af3c7b9597c8aebcaeeb9935f1b96 https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=f7c43c43192396a06b2b12b40934c9e5c79c9911

CVE-2019-10569

CVE ID	CVE-2019-10569
Title	Stack Based Buffer Overflow Issue in Audio
Description	Stack buffer overflow due to instance id is misplaced inside definition of hardware accelerated effects in makefile
Technology Area	Audio
Vulnerability Type	CWE-121 Stack-based Buffer Overflow
Access Vector	Local
Security Rating	High
Date Reported	Internal
Customer Notified Date	12/02/2019
Affected Chipsets*	APQ8053, APQ8098, MDM9607, MDM9640, MSM8998, QCS605, SC8180X, SDM439, SDM630, SDM636, SDM660, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130
Patch*	https://source.codeaurora.org/quic/la/platform/hardware/qcom/audio/commit/?id=bbf4497352958dd27036503a43cd8a031e7eb9b1

CVE-2019-14029

CVE ID	CVE-2019-14029
Title	Use After Free Issue in Graphics
Description	Use-after-free in graphics module due to destroying already queued syncobj in error case
Technology Area	Graphics
Vulnerability Type	CWE-416 Use After Free
Access Vector	Local
Security Rating	High
Date Reported	09/10/2019
Customer Notified Date	12/02/2019
Affected Chipsets*	APQ8009, APQ8053, APQ8096AU, APQ8098, MDM9607, MSM8909W, MSM8953, MSM8996AU, Nicobar, QCS405, QCS605, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
Patch*	https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=a8dfad11eb0f3368b517c260d0fe98c84d30ccf4

CVE-2019-14032

CVE ID	CVE-2019-14032
Title	Use After Free Issue in Audio
Description	Memory use after free issue in audio due to lack of resource control
Technology Area	Audio
Vulnerability Type	CWE-416 Use After Free
Access Vector	Local
Security Rating	High
Date Reported	Internal
Customer Notified Date	12/02/2019
Affected Chipsets*	APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8953, MSM8996AU, Nicobar, QCS405, QCS605, Rennell, SA6155P, Saipan, SC8180X, SDA845, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
Patch*	https://source.codeaurora.org/quic/la/platform/vendor/opensource/audio-kernel/commit/?id=5ee3d202971888366b6d734de2f92f37cb90656e

CVE-2019-14068

CVE ID	CVE-2019-14068
Title	Buffer Copy Without Checking Size of Input in Audio
Description	Out of bound access in msm routing due to lack of check of size before accessing
Technology Area	Audio
Vulnerability Type	CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector	Local
Security Rating	High
Date Reported	Internal
Customer Notified Date	12/02/2019
Affected Chipsets*	APQ8009, APQ8053, APQ8096AU, MDM9607, MSM8905, MSM8909W, Nicobar, QCS405, QCS605, Rennell, Saipan, SDM429W, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
Patch*	https://source.codeaurora.org/quic/la/platform/vendor/opensource/audio-kernel/commit/?id=0274b6d95e23a112fc75ca44f0634632885852fc https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=66b26c141c4ecaa3c4e0d4dba53a4421550a329c

CVE-2019-14072

CVE ID	CVE-2019-14072
Title	Use After Free Issue in Linux Graphics
Description	Unhandled paging request is observed due to dereferencing an already freed object because of race condition between sparse free and sparse bind ioctls which access the same physical entry
Technology Area	Graphics
Vulnerability Type	CWE-416 Use After Free
Access Vector	Local
Security Rating	High
Date Reported	08/07/2019
Customer Notified Date	12/02/2019
Affected Chipsets*	APQ8009, APQ8096AU, APQ8098, MDM9607, MSM8909W, MSM8939, MSM8953, MSM8996AU, Nicobar, QCS405, QCS605, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
Patch*	https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=1819c4b207f7bcdfff75fff5a629f8766c296fbd

CVE-2019-14079

CVE ID	CVE-2019-14079
Title	Use of uninitialized Variable in USB Connectivity
Description	Access to the uninitialized variable when the driver tries to unmap the dma buffer of a request which was never mapped in the first place leading to kernel failure
Technology Area	Connectivity
Vulnerability Type	CWE-457 Use of Uninitialized Variable
Access Vector	Local
Security Rating	High
Date Reported	09/04/2019
Customer Notified Date	12/02/2019
Affected Chipsets*	APQ8009, APQ8053, MDM9607, MDM9640, MSM8909W, MSM8953, QCA6574AU, QCS605, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SM8150, SXR1130
Patch*	https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=d33730844c128e688a8e1e7c354a6efd7bff1bfe

Industry Coordination

Security ratings of issues included in Android security bulletins and these bulletins match in the most common scenarios but may differ in some cases due to one of the following reasons:

Consideration of security protections such as SELinux not enforced on some platforms
Differences in assessment of some specific scenarios that involves local denial of service or privilege escalation vulnerabilities in the high level OS kernel

Version History

Version	Date	Comments
1.0	March 2, 2020	Bulletin Published

All Qualcomm products mentioned herein are products of Qualcomm Technologies, Inc. and/or its subsidiaries.

Qualcomm is a trademark of Qualcomm Incorporated, registered in the United States and other countries. Other product and brand names may be trademarks or registered trademarks of their respective owners.

This technical data may be subject to U.S. and international export, re-export, or transfer (“export”) laws. Diversion contrary to U.S. and international law is strictly prohibited.

About Qualcomm Careers Offices Contact Us Support Email Subscriptions

References to "Qualcomm" may mean Qualcomm Incorporated, or subsidiaries or business units within the Qualcomm corporate structure, as applicable.

Qualcomm Incorporated includes Qualcomm's licensing business, QTL, and the vast majority of its patent portfolio. Qualcomm Technologies, Inc., a wholly-owned subsidiary of Qualcomm Incorporated, operates, along with its subsidiaries, substantially all of Qualcomm's engineering, research and development functions, and substantially all of its products and services businesses. Qualcomm products referenced on this page are products of Qualcomm Technologies, Inc. and/or its subsidiaries.

Materials that are as of a specific date, including but not limited to press releases, presentations, blog posts and webcasts, may have been superseded by subsequent events or disclosures.

Nothing in these materials is an offer to sell any of the components or devices referenced herein.