CVE-2019-14131

EUVD-2019-5381
Out of bound write can occur in radio measurement request if STA receives multiple invalid rrm measurement request from AP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053, APQ8096AU, MSM8998, Nicobar, QCA6574AU, QCS605, Rennell, SA6155P, Saipan, SC8180X, SDM660, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
Affected Products (NVD)
VendorProductVersion
qualcommapq8053_firmware
-
qualcommapq8096au_firmware
-
qualcommmsm8998_firmware
-
qualcommnicobar_firmware
-
qualcommqca6574au_firmware
-
qualcommqcs605_firmware
-
qualcommrennell_firmware
-
qualcommsa6155p_firmware
-
qualcommsaipan_firmware
-
qualcommsc8180x_firmware
-
qualcommsdm660_firmware
-
qualcommsdm710_firmware
-
qualcommsdm845_firmware
-
qualcommsdx20_firmware
-
qualcommsdx24_firmware
-
qualcommsdx55_firmware
-
qualcommsm6150_firmware
-
qualcommsm7150_firmware
-
qualcommsm8150_firmware
-
qualcommsm8250_firmware
-
qualcommsxr2130_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin
https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin