CVE-2019-14053 - Qualcomm Sdm429 Firmware, Qualcomm Ipq8074 Firmware and Qualcomm Sm6150 Firmware

Critical 7.1

When attempting to create a new XFRM policy, a stack out-of-bounds read will occur if the user provides a template where the mode is set to a value that does not resolve to a valid XFRM mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, QCA4531, QCN7605, QCS605, QM215, SA415M, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

Affected software

Qualcomm Sdm429 Firmware

Qualcomm Ipq8074 Firmware

Qualcomm Sm6150 Firmware

Qualcomm Sdm632 Firmware

Qualcomm Qm215 Firmware

Qualcomm Sdm450 Firmware

Qualcomm Qca4531 Firmware

Qualcomm Apq8053 Firmware

Qualcomm Sdm630 Firmware

Qualcomm Sdx20 Firmware

Qualcomm Sda845 Firmware

Qualcomm Apq8009 Firmware

Qualcomm Ipq4019 Firmware

Qualcomm Sdm429w Firmware

Qualcomm Msm8909w Firmware

Qualcomm Apq8096au Firmware

Qualcomm Sdm636 Firmware

Qualcomm Mdm9607 Firmware

Qualcomm Msm8996au Firmware

Qualcomm Sdm439 Firmware

Qualcomm Sm8150 Firmware

Qualcomm Mdm9650 Firmware

Qualcomm Msm8905 Firmware

Qualcomm Sdx24 Firmware

Qualcomm Sm7150 Firmware

Qualcomm Sm8250 Firmware

Qualcomm Sdx55 Firmware

Qualcomm Sc8180x Firmware

Qualcomm Apq8098 Firmware

Qualcomm Mdm9640 Firmware

Qualcomm Qcs605 Firmware

Qualcomm Sdm845 Firmware

Qualcomm Sxr2130 Firmware

Qualcomm Mdm9207c Firmware

Qualcomm Msm8953 Firmware

Qualcomm Qcn7605 Firmware

Qualcomm Sdm660 Firmware

Qualcomm Msm8917 Firmware

Qualcomm Mdm9206 Firmware

Qualcomm Sa415m Firmware

Qualcomm Sda660 Firmware

Reference links

Get alerted to vulnerabilities in your software

CVE alerts, vulnerability alerts, latest versions and news matched to your software stack.