Vulnerability Description
u'Keymaster attestation key and device IDs provisioning which is a one time process is incorrectly allowed to be re-provisioned after a user data erase or a factory reset' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Kamorta, Nicobar, QCS404, QCS610, Rennell, SA515M, SA6155P, SC7180, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Kamorta Firmware | - |
| Qualcomm | Kamorta | - |
| Qualcomm | Nicobar Firmware | - |
| Qualcomm | Nicobar | - |
| Qualcomm | Qcs404 Firmware | - |
| Qualcomm | Qcs404 | - |
| Qualcomm | Qcs610 Firmware | - |
| Qualcomm | Qcs610 | - |
| Qualcomm | Rennell Firmware | - |
| Qualcomm | Rennell | - |
| Qualcomm | Sa515M Firmware | - |
| Qualcomm | Sa515M | - |
| Qualcomm | Sa6155P Firmware | - |
| Qualcomm | Sa6155P | - |
| Qualcomm | Sc7180 Firmware | - |
| Qualcomm | Sc7180 | - |
| Qualcomm | Sc8180X Firmware | - |
| Qualcomm | Sc8180X | - |
| Qualcomm | Sdx55 Firmware | - |
| Qualcomm | Sdx55 | - |
Related Weaknesses (CWE)
References
- https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletinBroken Link
- https://www.qualcomm.com/company/product-security/bulletins/august-2020-securityVendor Advisory
- https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletinBroken Link
FAQ
What is CVE-2019-14089?
CVE-2019-14089 is a vulnerability with a CVSS score of 7.8 (HIGH). u'Keymaster attestation key and device IDs provisioning which is a one time process is incorrectly allowed to be re-provisioned after a user data erase or a factory reset' in Snapdragon Auto, Snapdrag...
How severe is CVE-2019-14089?
CVE-2019-14089 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-14089?
Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Kamorta Firmware, Qualcomm Kamorta, Qualcomm Nicobar Firmware, Qualcomm Nicobar, Qualcomm Qcs404 Firmware.