CVE-2019-14025 — MEDIUM (5.5)

Vulnerability Description

u'When a new session is created, Object is returned that contains TZ addresses and it get passed to HLOS as an handle to refer to a particular session and can cause TZ to jump to a invalid address' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, QCS610, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Qualcomm	Kamorta Firmware	-
Qualcomm	Kamorta	-
Qualcomm	Qcs404 Firmware	-
Qualcomm	Qcs404	-
Qualcomm	Qcs610 Firmware	-
Qualcomm	Qcs610	-
Qualcomm	Rennell Firmware	-
Qualcomm	Rennell	-
Qualcomm	Sc7180 Firmware	-
Qualcomm	Sc7180	-
Qualcomm	Sdx55 Firmware	-
Qualcomm	Sdx55	-
Qualcomm	Sm6150 Firmware	-
Qualcomm	Sm6150	-
Qualcomm	Sm7150 Firmware	-
Qualcomm	Sm7150	-
Qualcomm	Sm8250 Firmware	-
Qualcomm	Sm8250	-
Qualcomm	Sxr2130 Firmware	-
Qualcomm	Sxr2130	-

References

FAQ

What is CVE-2019-14025?

CVE-2019-14025 is a vulnerability with a CVSS score of 5.5 (MEDIUM). u'When a new session is created, Object is returned that contains TZ addresses and it get passed to HLOS as an handle to refer to a particular session and can cause TZ to jump to a invalid address' in...

How severe is CVE-2019-14025?

CVE-2019-14025 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-14025?

Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Kamorta Firmware, Qualcomm Kamorta, Qualcomm Qcs404 Firmware, Qualcomm Qcs404, Qualcomm Qcs610 Firmware.