CVE-2019-14024

Possible stack-use-after-scope issue in NFC usecase for card emulation in Snapdragon Auto, Snapdragon Industrial IOT, Snapdragon Mobile in MSM8917, MSM8953, Nicobar, QM215, Rennell, SDM429, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR2130

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:qualcomm:msm8917_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:msm8917:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:qualcomm:msm8953_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:msm8953:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:qualcomm:nicobar_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:nicobar:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:qualcomm:qm215_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qm215:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:qualcomm:rennell_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:rennell:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:qualcomm:sdm429_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdm429:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:qualcomm:sdm439_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdm439:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:qualcomm:sdm450_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdm450:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:qualcomm:sdm632_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdm632:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:qualcomm:sdm670_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdm670:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:qualcomm:sdm710_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdm710:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:qualcomm:sdm845_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdm845:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:qualcomm:sm6150_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sm6150:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:qualcomm:sm7150_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sm7150:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sm8150:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:qualcomm:sm8250_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sm8250:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sxr2130:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-01-21 07:15

Updated : 2024-02-28 17:28

NVD link : CVE-2019-14024

Mitre link : CVE-2019-14024

CVE.ORG link : CVE-2019-14024

JSON object : View

Products Affected

qualcomm

sdm429_firmware
sdm450
msm8953
sdm439_firmware
sm8150_firmware
rennell
sdm845_firmware
sdm450_firmware
qm215
sxr2130_firmware
sdm632_firmware
rennell_firmware
sdm670
sdm429
sdm670_firmware
sdm439
sdm845
sm6150_firmware
nicobar_firmware
msm8953_firmware
sdm710_firmware
sm7150_firmware
qm215_firmware
sdm710
sm8150
nicobar
sxr2130
sm8250_firmware
sm7150
msm8917
sdm632
msm8917_firmware
sm6150
sm8250

CWE

CWE-416

Use After Free

7.8 /10