Vulnerability Name: CVE-2019-14117 (CCN-187930) Assigned: 2019-07-19 Published: 2020-08-05 Updated: 2020-09-11 Summary: u'Whenever the page list is updated via privileged user, the previous list elements are freed but are not deleted from the list which results in a use after free causing an unhandled page fault exception in rmnet driver' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Bitra, MDM9607, QCS405, Saipan, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 CVSS v3 Severity: 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
4.4 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 3.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): HighUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): High
CVSS v2 Severity: 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Complete
Vulnerability Type: CWE-416 Vulnerability Consequences: Denial of Service References: Source: MITRECVE-2019-14117 qualcomm-cve201914117-dos(187930) https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin August 2020 Security Bulletin https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin Vulnerable Configuration: Configuration 1 :cpe:/o:qualcomm:bitra_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:bitra:-:*:*:*:*:*:*:* Configuration 2 :cpe:/o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:mdm9607:-:*:*:*:*:*:*:* Configuration 3 :cpe:/o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:qcs405:-:*:*:*:*:*:*:* Configuration 4 :cpe:/o:qualcomm:saipan_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:saipan:-:*:*:*:*:*:*:* Configuration 5 :cpe:/o:qualcomm:sc8180x_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sc8180x:-:*:*:*:*:*:*:* Configuration 6 :cpe:/o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sdx55:-:*:*:*:*:*:*:* Configuration 7 :cpe:/o:qualcomm:sm6150_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sm6150:-:*:*:*:*:*:*:* Configuration 8 :cpe:/o:qualcomm:sm7150_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sm7150:-:*:*:*:*:*:*:* Configuration 9 :cpe:/o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sm8150:-:*:*:*:*:*:*:* Configuration 10 :cpe:/o:qualcomm:sm8250_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sm8250:-:*:*:*:*:*:*:* Configuration 11 :cpe:/o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sxr2130:-:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/h:qualcomm:snapdragon_mobile:-:*:*:*:*:*:*:* OR cpe:/h:qualcomm:snapdragon_auto:-:*:*:*:*:*:*:* OR cpe:/h:qualcomm:snapdragon_compute:-:*:*:*:*:*:*:* OR cpe:/h:qualcomm:snapdragon_industrial_internet_of_things:-:*:*:*:*:*:*:* OR cpe:/h:qualcomm:snapdragon_voice_&_music:-:*:*:*:*:*:*:* OR cpe:/o:qualcomm:snapdragon_wearables:-:*:*:*:*:*:*:* BACK
qualcomm bitra firmware -
qualcomm bitra -
qualcomm mdm9607 firmware -
qualcomm mdm9607 -
qualcomm qcs405 firmware -
qualcomm qcs405 -
qualcomm saipan firmware -
qualcomm saipan -
qualcomm sc8180x firmware -
qualcomm sc8180x -
qualcomm sdx55 firmware -
qualcomm sdx55 -
qualcomm sm6150 firmware -
qualcomm sm6150 -
qualcomm sm7150 firmware -
qualcomm sm7150 -
qualcomm sm8150 firmware -
qualcomm sm8150 -
qualcomm sm8250 firmware -
qualcomm sm8250 -
qualcomm sxr2130 firmware -
qualcomm sxr2130 -
qualcomm snapdragon mobile -
qualcomm snapdragon auto -
qualcomm snapdragon compute -
qualcomm snapdragon industrial internet of things -
qualcomm snapdragon voice & music -
qualcomm snapdragon wearables -
Denotes that component is vulnerable