CVE-2019-14085: Integer Underflow
First published: Mon Mar 02 2020(Updated: )
Possible Integer underflow in WLAN function due to lack of check of data received from user side in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCN7605, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM8150, SXR1130
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Android | ||
| Qualcomm QCN7605 Firmware | ||
| Qualcomm QCN7605 Firmware | ||
| Qualcomm ZZ QCS605 firmware | ||
| Qualcomm QCS605 Firmware | ||
| Qualcomm SD845 Firmware | ||
| Qualcomm Snapdragon 845 | ||
| Qualcomm SD 670 Firmware | ||
| Qualcomm SDM670 Firmware | ||
| Qualcomm SD710 Firmware | ||
| Qualcomm Snapdragon 710 | ||
| Qualcomm SDA/SDM845 Firmware | ||
| Qualcomm Snapdragon 845 | ||
| Qualcomm Snapdragon 850 Firmware | ||
| Qualcomm SD850 | ||
| Qualcomm SM8150P Firmware | ||
| Qualcomm SM8150 Fusion | ||
| Qualcomm SXR1130 | ||
| Qualcomm SXR1130 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-14085?
CVE-2019-14085 is classified as a high-severity vulnerability due to possible integer underflow in WLAN functions.
What systems are affected by CVE-2019-14085?
CVE-2019-14085 affects several Qualcomm chipsets including QCN7605, QCS605, SDA845, and SDM series.
How do I fix CVE-2019-14085?
To address CVE-2019-14085, ensure that the firmware for affected Qualcomm devices is updated to the latest version.
What is the exploit method for CVE-2019-14085?
CVE-2019-14085 can be exploited through a lack of validation for data received from user space in WLAN functions.
Is CVE-2019-14085 specific to any mobile operating systems?
CVE-2019-14085 particularly impacts devices running the Android operating system that utilize vulnerable Qualcomm chipsets.
- agent/type
- agent/first-publish-date
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/last-modified-date
- agent/source
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/google
- canonical/android
- vendor/qualcomm
- canonical/qualcomm qcn7605 firmware
- canonical/qualcomm zz qcs605 firmware
- canonical/qualcomm qcs605 firmware
- canonical/qualcomm sd845 firmware
- canonical/qualcomm snapdragon 845
- canonical/qualcomm sd 670 firmware
- canonical/qualcomm sdm670 firmware
- canonical/qualcomm sd710 firmware
- canonical/qualcomm snapdragon 710
- canonical/qualcomm sda/sdm845 firmware
- canonical/qualcomm snapdragon 850 firmware
- canonical/qualcomm sd850
- canonical/qualcomm sm8150p firmware
- canonical/qualcomm sm8150 fusion
- canonical/qualcomm sxr1130
- canonical/qualcomm sxr1130 firmware