Vulnerability Description
Unhandled paging request is observed due to dereferencing an already freed object because of race condition between sparse free and sparse bind ioctls which access the same physical entry in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8096AU, APQ8098, MDM9607, MSM8909W, MSM8939, MSM8953, MSM8996AU, Nicobar, QCS405, QCS605, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Apq8009 Firmware | - |
| Qualcomm | Apq8009 | - |
| Qualcomm | Apq8096Au Firmware | - |
| Qualcomm | Apq8096Au | - |
| Qualcomm | Apq8098 Firmware | - |
| Qualcomm | Apq8098 | - |
| Qualcomm | Mdm9607 Firmware | - |
| Qualcomm | Mdm9607 | - |
| Qualcomm | Msm8909W Firmware | - |
| Qualcomm | Msm8909W | - |
| Qualcomm | Msm8939 Firmware | - |
| Qualcomm | Msm8939 | - |
| Qualcomm | Msm8953 Firmware | - |
| Qualcomm | Msm8953 | - |
| Qualcomm | Msm8996Au Firmware | - |
| Qualcomm | Msm8996Au | - |
| Qualcomm | Nicobar Firmware | - |
| Qualcomm | Nicobar | - |
| Qualcomm | Qcs405 Firmware | - |
| Qualcomm | Qcs405 | - |
Related Weaknesses (CWE)
References
- https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletinVendor Advisory
- https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletinVendor Advisory
FAQ
What is CVE-2019-14072?
CVE-2019-14072 is a vulnerability with a CVSS score of 7.0 (HIGH). Unhandled paging request is observed due to dereferencing an already freed object because of race condition between sparse free and sparse bind ioctls which access the same physical entry in Snapdrago...
How severe is CVE-2019-14072?
CVE-2019-14072 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-14072?
Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Apq8009 Firmware, Qualcomm Apq8009, Qualcomm Apq8096Au Firmware, Qualcomm Apq8096Au, Qualcomm Apq8098 Firmware.