CVE-2019-14001

Published: Apr 16, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Wrong public key usage from existing oem_keystore for hash generation in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, QM215, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDX20

Affected (23)

Products: Qualcomm: Apq8009 Firmware, Apq8017 Firmware, Apq8053 Firmware, Apq8096au Firmware, Mdm9206 Firmware, Mdm9207c Firmware, Mdm9607 Firmware, Mdm9650 Firmware, Msm8905 Firmware, Msm8909w Firmware, Msm8917 Firmware, Msm8953 Firmware, Msm8996au Firmware, Qm215 Firmware, Sdm429 Firmware, Sdm429w Firmware, Sdm439 Firmware, Sdm450 Firmware, Sdm630 Firmware, Sdm632 Firmware, Sdm636 Firmware, Sdm660 Firmware, Sdx20 Firmware

23 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Apq8009 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Apq8009	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Apq8017 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Apq8017	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Apq8053 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Apq8053	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Apq8096au Firmware	All versions

Running on/with	Platform Versions
Qualcomm Apq8096au	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9206 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9206	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9207c Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9207c	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9607 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9607	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9650 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9650	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8905 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8905	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8909w Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8909w	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8917 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8917	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8953 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8953	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8996au Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8996au	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qm215 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qm215	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm429 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm429	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm429w Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm429w	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm439 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm439	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm450 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm450	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm630 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm630	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm632 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm632	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm636 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm636	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm660 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm660	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdx20 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdx20	All versions

Related CWEs

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

References (2)

https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin

Source: product-security@qualcomm.com

PatchVendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.