Vulnerability Description
While IPA driver processes route add rule IOCTL, there is no input validation of the rule ID prior to adding the rule to the IPA HW commit list in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, APQ8096AU, MDM9607, MSM8909W, MSM8996, MSM8996AU, QCN7605, QCS605, SC8180X, SDA845, SDX20, SDX24, SDX55, SM8150, SXR1130
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Apq8053 Firmware | - |
| Qualcomm | Apq8053 | - |
| Qualcomm | Apq8096Au Firmware | - |
| Qualcomm | Apq8096Au | - |
| Qualcomm | Mdm9607 Firmware | - |
| Qualcomm | Mdm9607 | - |
| Qualcomm | Msm8909W Firmware | - |
| Qualcomm | Msm8909W | - |
| Qualcomm | Msm8996 Firmware | - |
| Qualcomm | Msm8996 | - |
| Qualcomm | Msm8996Au Firmware | - |
| Qualcomm | Msm8996Au | - |
| Qualcomm | Qcn7605 Firmware | - |
| Qualcomm | Qcn7605 | - |
| Qualcomm | Qcs605 Firmware | - |
| Qualcomm | Qcs605 | - |
| Qualcomm | Sc8180X Firmware | - |
| Qualcomm | Sc8180X | - |
| Qualcomm | Sda845 Firmware | - |
| Qualcomm | Sda845 | - |
Related Weaknesses (CWE)
References
- https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletinBroken Link
- https://www.qualcomm.com/company/product-security/bulletins/june-2020-security-bVendor Advisory
- https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletinBroken Link
FAQ
What is CVE-2019-14047?
CVE-2019-14047 is a vulnerability with a CVSS score of 7.8 (HIGH). While IPA driver processes route add rule IOCTL, there is no input validation of the rule ID prior to adding the rule to the IPA HW commit list in Snapdragon Auto, Snapdragon Compute, Snapdragon Conne...
How severe is CVE-2019-14047?
CVE-2019-14047 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-14047?
Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Apq8053 Firmware, Qualcomm Apq8053, Qualcomm Apq8096Au Firmware, Qualcomm Apq8096Au, Qualcomm Mdm9607 Firmware.