← Back

CVE-2019-14024

nvd nist
Published: Jan 21, 2020Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

Possible stack-use-after-scope issue in NFC usecase for card emulation in Snapdragon Auto, Snapdragon Industrial IOT, Snapdragon Mobile in MSM8917, MSM8953, Nicobar, QM215, Rennell, SDM429, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR2130

Affected (17)

Qualcomm
17 products
Msm8917 Firmware
Msm8953 Firmware
Nicobar Firmware
Qm215 Firmware
Rennell Firmware
Sdm429 Firmware
Sdm439 Firmware
Sdm450 Firmware
Sdm632 Firmware
Sdm670 Firmware
Sdm710 Firmware
Sdm845 Firmware
Sm6150 Firmware
Sm7150 Firmware
Sm8150 Firmware
Sm8250 Firmware
Sxr2130 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Msm8917 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Msm8917
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Msm8953 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Msm8953
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nicobar Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Nicobar
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Qm215 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Qm215
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rennell Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Rennell
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sdm429 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sdm429
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sdm439 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sdm439
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sdm450 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sdm450
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sdm632 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sdm632
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sdm670 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sdm670
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sdm710 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sdm710
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sdm845 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sdm845
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sm6150 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sm6150
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sm7150 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sm7150
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sm8150 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sm8150
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sm8250 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sm8250
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sxr2130 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sxr2130
All versions

Related CWEs

CWE-416
Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (2)

Source: product-security@qualcomm.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.