Vulnerability Description
Improper permissions in XBL_SEC region enable user to update XBL_SEC code and data and divert the RAM dump path to normal cold boot path in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, MSM8998, QCS404, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM8150, SXR1130, SXR2130
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Kamorta Firmware | - |
| Qualcomm | Kamorta | - |
| Qualcomm | Msm8998 Firmware | - |
| Qualcomm | Msm8998 | - |
| Qualcomm | Qcs404 Firmware | - |
| Qualcomm | Qcs404 | - |
| Qualcomm | Qcs605 Firmware | - |
| Qualcomm | Qcs605 | - |
| Qualcomm | Sda660 Firmware | - |
| Qualcomm | Sda660 | - |
| Qualcomm | Sda845 Firmware | - |
| Qualcomm | Sda845 | - |
| Qualcomm | Sdm630 Firmware | - |
| Qualcomm | Sdm630 | - |
| Qualcomm | Sdm636 Firmware | - |
| Qualcomm | Sdm636 | - |
| Qualcomm | Sdm660 Firmware | - |
| Qualcomm | Sdm660 | - |
| Qualcomm | Sdm670 Firmware | - |
| Qualcomm | Sdm670 | - |
References
- https://www.qualcomm.com/company/product-security/bulletins/may-2020-bulletinVendor Advisory
- https://www.qualcomm.com/company/product-security/bulletins/may-2020-bulletinVendor Advisory
FAQ
What is CVE-2019-14054?
CVE-2019-14054 is a vulnerability with a CVSS score of 7.8 (HIGH). Improper permissions in XBL_SEC region enable user to update XBL_SEC code and data and divert the RAM dump path to normal cold boot path in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Indu...
How severe is CVE-2019-14054?
CVE-2019-14054 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-14054?
Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Kamorta Firmware, Qualcomm Kamorta, Qualcomm Msm8998 Firmware, Qualcomm Msm8998, Qualcomm Qcs404 Firmware.