CVE-2019-14091: Double Free
First published: Mon Jun 22 2020(Updated: )
Double free issue in NPU due to lack of resource locking mechanism to avoid race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, QCS405, Rennell, Saipan, SC8180X, SDX55, SM8150, SM8250, SXR2130
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Qualcomm MD9607 Firmware | ||
| Qualcomm MDM9607 firmware | ||
| Qualcomm QCS405 Firmware | ||
| Qualcomm QCS405 Firmware | ||
| Qualcomm Rennell Firmware | ||
| Qualcomm Rennell Firmware | ||
| Qualcomm Saipan Firmware | ||
| Qualcomm Saipan Firmware | ||
| qualcomm SC8180X firmware | ||
| Qualcomm SC8180X | ||
| Qualcomm SDX55M Firmware | ||
| Qualcomm SDX55 Firmware | ||
| Qualcomm SM8150P Firmware | ||
| Qualcomm SM8150 Fusion | ||
| Qualcomm SM8250 | ||
| qualcomm SM8250 firmware | ||
| Qualcomm SXR2130P Firmware | ||
| Qualcomm SXR2130 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-14091?
CVE-2019-14091 is classified as a high-severity vulnerability due to the potential for a double free condition leading to denial of service or memory corruption.
How do I fix CVE-2019-14091?
To remediate CVE-2019-14091, ensure that you update to the patched firmware versions provided by Qualcomm for affected devices.
Which devices are affected by CVE-2019-14091?
CVE-2019-14091 affects various Qualcomm hardware including MDM9607, QCS405, Rennell, Saipan, SC8180X, SDX55, SM8150, SM8250, and SXR2130.
What types of vulnerabilities are associated with CVE-2019-14091?
CVE-2019-14091 is associated with memory management vulnerabilities specifically related to a double free condition in the NPU.
Is there a risk of exploitation for CVE-2019-14091?
Yes, the exploitation of CVE-2019-14091 could lead to potential system instability or malicious access if not addressed.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/qualcomm
- canonical/qualcomm md9607 firmware
- canonical/qualcomm mdm9607 firmware
- canonical/qualcomm qcs405 firmware
- canonical/qualcomm rennell firmware
- canonical/qualcomm saipan firmware
- canonical/qualcomm sc8180x firmware
- canonical/qualcomm sc8180x
- canonical/qualcomm sdx55m firmware
- canonical/qualcomm sdx55 firmware
- canonical/qualcomm sm8150p firmware
- canonical/qualcomm sm8150 fusion
- canonical/qualcomm sm8250
- canonical/qualcomm sm8250 firmware
- canonical/qualcomm sxr2130p firmware
- canonical/qualcomm sxr2130 firmware