Vulnerability Description
Possible buffer overflow and over read possible due to missing bounds checks for fixed limits if we consider widevine HLOS client as non-trustable in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Kamorta Firmware | - |
| Qualcomm | Kamorta | - |
| Qualcomm | Qcs404 Firmware | - |
| Qualcomm | Qcs404 | - |
| Qualcomm | Rennell Firmware | - |
| Qualcomm | Rennell | - |
| Qualcomm | Sc7180 Firmware | - |
| Qualcomm | Sc7180 | - |
| Qualcomm | Sdx55 Firmware | - |
| Qualcomm | Sdx55 | - |
| Qualcomm | Sm6150 Firmware | - |
| Qualcomm | Sm6150 | - |
| Qualcomm | Sm7150 Firmware | - |
| Qualcomm | Sm7150 | - |
| Qualcomm | Sm8250 Firmware | - |
| Qualcomm | Sm8250 | - |
| Qualcomm | Sxr2130 Firmware | - |
| Qualcomm | Sxr2130 | - |
Related Weaknesses (CWE)
References
- https://www.qualcomm.com/company/product-security/bulletins/july-2020-bulletinBroken Link
- https://www.qualcomm.com/company/product-security/bulletins/july-2020-security-bVendor Advisory
- https://www.qualcomm.com/company/product-security/bulletins/july-2020-bulletinBroken Link
FAQ
What is CVE-2019-14123?
CVE-2019-14123 is a vulnerability with a CVSS score of 7.8 (HIGH). Possible buffer overflow and over read possible due to missing bounds checks for fixed limits if we consider widevine HLOS client as non-trustable in Snapdragon Auto, Snapdragon Compute, Snapdragon Mo...
How severe is CVE-2019-14123?
CVE-2019-14123 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-14123?
Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Kamorta Firmware, Qualcomm Kamorta, Qualcomm Qcs404 Firmware, Qualcomm Qcs404, Qualcomm Rennell Firmware.