CVE-2019-14049
First published: Mon Feb 03 2020(Updated: )
Stage-2 fault will occur while writing to an ION system allocation which has been assigned to non-HLOS memory which is non-standard in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MSM8953, QCN7605, QCS605, SC8180X, SDA845, SDM429, SDM439, SDM450, SDM632, SDX20, SDX24, SDX55, SM8150, SXR1130
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Android | ||
| Qualcomm APQ8017 | ||
| Qualcomm APQ8017 | ||
| Qualcomm APQ8053 | ||
| Qualcomm APQ8053 Firmware | ||
| Qualcomm APQ8096AU Firmware | ||
| Qualcomm APQ8096AU Firmware | ||
| Qualcomm MDM9206 | ||
| Qualcomm MDM9206 firmware | ||
| qualcomm MDM9207C firmware | ||
| Qualcomm 9207 LTE Modem | ||
| Qualcomm MD9607 Firmware | ||
| Qualcomm MDM9607 firmware | ||
| Qualcomm MDM9640 Firmware | ||
| Qualcomm MDM9640 Firmware | ||
| Qualcomm 8953Pro Firmware | ||
| Qualcomm MSM8953 Firmware | ||
| Qualcomm QCN7605 Firmware | ||
| Qualcomm QCN7605 Firmware | ||
| Qualcomm QCS605 | ||
| Qualcomm QCS605 Firmware | ||
| qualcomm SC8180X firmware | ||
| Qualcomm SC8180X | ||
| Qualcomm SD 845 Firmware | ||
| Qualcomm Snapdragon 845 | ||
| Qualcomm SDM429W | ||
| Qualcomm SD429 | ||
| Qualcomm SDM439 Firmware | ||
| Qualcomm SDM439 Firmware | ||
| Qualcomm SDM450 | ||
| Qualcomm Snapdragon 450 | ||
| Qualcomm SDM632 Firmware | ||
| Qualcomm SDM632 Firmware | ||
| Qualcomm SDX20 Firmware | ||
| Qualcomm SDX20 Firmware | ||
| Qualcomm SDX24 | ||
| Qualcomm SDX24 | ||
| Qualcomm SDX55M Firmware | ||
| Qualcomm SDX55 Firmware | ||
| Qualcomm SM8150P Firmware | ||
| Qualcomm SM8150 Fusion | ||
| Qualcomm SXR1130 | ||
| Qualcomm SXR1130 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin
- https://source.codeaurora.org/quic/la/kernel/msm-4.14/commit/?id=31142010ccaf6ddad331a7919a7fbf3da80b8359
- https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=e8d9006612136f93811638c267d8375c55a88437
- https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=5f7eaf83d
- https://source.android.com/docs/security/bulletin/2020-02-01 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2019-14049?
CVE-2019-14049 has a medium severity rating, indicating a potential risk depending on the exploitation scenario.
How do I fix CVE-2019-14049?
Fixes for CVE-2019-14049 involve updating affected Qualcomm firmware to the latest security patches provided by the vendor.
What devices are impacted by CVE-2019-14049?
CVE-2019-14049 affects various devices using Qualcomm Snapdragon chipsets including the APQ8017, APQ8053, and others in the Qualcomm product line.
What type of vulnerability is CVE-2019-14049?
CVE-2019-14049 is categorized as a fault occurring within the ION memory allocation system, specifically affecting non-HLOS memory.
Is CVE-2019-14049 exploitable remotely?
CVE-2019-14049 may allow local privilege escalation, potentially making it exploitable if the attacker has local access to the device.
- agent/type
- agent/weakness
- agent/remedy
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/google
- canonical/android
- vendor/qualcomm
- canonical/qualcomm apq8017
- canonical/qualcomm apq8053
- canonical/qualcomm apq8053 firmware
- canonical/qualcomm apq8096au firmware
- canonical/qualcomm mdm9206
- canonical/qualcomm mdm9206 firmware
- canonical/qualcomm mdm9207c firmware
- canonical/qualcomm 9207 lte modem
- canonical/qualcomm md9607 firmware
- canonical/qualcomm mdm9607 firmware
- canonical/qualcomm mdm9640 firmware
- canonical/qualcomm 8953pro firmware
- canonical/qualcomm msm8953 firmware
- canonical/qualcomm qcn7605 firmware
- canonical/qualcomm qcs605
- canonical/qualcomm qcs605 firmware
- canonical/qualcomm sc8180x firmware
- canonical/qualcomm sc8180x
- canonical/qualcomm sd 845 firmware
- canonical/qualcomm snapdragon 845
- canonical/qualcomm sdm429w
- canonical/qualcomm sd429
- canonical/qualcomm sdm439 firmware
- canonical/qualcomm sdm450
- canonical/qualcomm snapdragon 450
- canonical/qualcomm sdm632 firmware
- canonical/qualcomm sdx20 firmware
- canonical/qualcomm sdx24
- canonical/qualcomm sdx55m firmware
- canonical/qualcomm sdx55 firmware
- canonical/qualcomm sm8150p firmware
- canonical/qualcomm sm8150 fusion
- canonical/qualcomm sxr1130
- canonical/qualcomm sxr1130 firmware