First published: Mon Mar 02 2020(Updated: )
Possible integer overflow while checking the length of frame which is a 32 bit integer and is added to another 32 bit integer which can lead to unexpected result during the check in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8098, MDM9607, MSM8998, QCA6584, QCN7605, QCS605, SDA660, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130
Credit: product-security@qualcomm.com
Affected Software | Affected Version | How to fix |
---|---|---|
Android | ||
Qualcomm 8098 Firmware | ||
Qualcomm APQ8098 | ||
Qualcomm MD9607 Firmware | ||
Qualcomm MDM9607 firmware | ||
Qualcomm MSM8998 | ||
Qualcomm 8998 | ||
Qualcomm QCA6584 | ||
Qualcomm QCA6584AU firmware | ||
Qualcomm QCN7605 Firmware | ||
Qualcomm QCN7605 Firmware | ||
Qualcomm QCS605 | ||
Qualcomm QCS605 Firmware | ||
Qualcomm SDA660 | ||
Qualcomm SDA660 | ||
Qualcomm SDM630 | ||
Qualcomm SDM630 Firmware | ||
Qualcomm SD 636 Firmware | ||
Qualcomm SDM636 Firmware | ||
Qualcomm SD660 Firmware | ||
Qualcomm Snapdragon 660 | ||
Qualcomm SD 670 Firmware | ||
Qualcomm SDM670 Firmware | ||
Qualcomm SD 710 Firmware | ||
Qualcomm Snapdragon 710 | ||
Qualcomm SDA/SDM845 Firmware | ||
Qualcomm Snapdragon 845 | ||
Qualcomm Snapdragon 850 Firmware | ||
Qualcomm SD850 | ||
Qualcomm SM6150P firmware | ||
Qualcomm SM6150P | ||
qualcomm SM7150P firmware | ||
qualcomm SM7150 firmware | ||
Qualcomm SM8150P Firmware | ||
Qualcomm SM8150 Fusion | ||
Qualcomm SXR1130 | ||
Qualcomm SXR1130 Firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-14086 is classified as a high severity vulnerability due to the potential for integer overflow.
Fixing CVE-2019-14086 involves updating the affected Qualcomm firmware to the latest patched version.
CVE-2019-14086 affects various Qualcomm products including Snapdragon platforms and certain firmware versions.
The risks associated with CVE-2019-14086 include potential denial of service or unauthorized access due to integer overflow.
Yes, CVE-2019-14086 has been publicly disclosed and is documented in security bulletins.