CVE-2019-14123 - Qualcomm Sc7180 Firmware, Qualcomm Rennell Firmware and Qualcomm Sdx55 Firmware

July 30, 2020

Critical 7.8

Possible buffer overflow and over read possible due to missing bounds checks for fixed limits if we consider widevine HLOS client as non-trustable in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130

Affected software

Qualcomm Sc7180 Firmware

Qualcomm Rennell Firmware

Qualcomm Sdx55 Firmware

Qualcomm Sm6150 Firmware

Qualcomm Sm7150 Firmware

Qualcomm Kamorta Firmware

Qualcomm Qcs404 Firmware

Qualcomm Sxr2130 Firmware

Qualcomm Sm8250 Firmware

Reference links

https://www.qualcomm.com/company/product-security/bulletins/july-2020-bulletin
https://www.qualcomm.com/company/product-security/bulletins/july-2020-security-bulletin

CVE-2019-14123 - Qualcomm Sc7180 Firmware, Qualcomm Rennell Firmware and Qualcomm Sdx55 Firmware

Affected software

Reference links

Get alerted to vulnerabilities in your software