CVE-2019-14025 - Qualcomm Qcs404 Firmware, Qualcomm Sm8250 Firmware and Qualcomm Sdx55 Firmware

September 8, 2020

Moderate 5.5

u'When a new session is created, Object is returned that contains TZ addresses and it get passed to HLOS as an handle to refer to a particular session and can cause TZ to jump to a invalid address' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, QCS610, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130

Affected software

Qualcomm Qcs404 Firmware

Qualcomm Sm8250 Firmware

Qualcomm Sdx55 Firmware

Qualcomm Sm7150 Firmware

Qualcomm Kamorta Firmware

Qualcomm Qcs610 Firmware

Qualcomm Rennell Firmware

Qualcomm Sc7180 Firmware

Qualcomm Sm6150 Firmware

Qualcomm Sxr2130 Firmware

Reference links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin

CVE-2019-14025 - Qualcomm Qcs404 Firmware, Qualcomm Sm8250 Firmware and Qualcomm Sdx55 Firmware

Affected software

Reference links

Get alerted to vulnerabilities in your software