CVE-2019-14117: Use After Free
First published: Tue Sep 08 2020(Updated: )
u'Whenever the page list is updated via privileged user, the previous list elements are freed but are not deleted from the list which results in a use after free causing an unhandled page fault exception in rmnet driver' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Bitra, MDM9607, QCS405, Saipan, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Qualcomm Bitra Firmware | ||
| Qualcomm Bitra | ||
| Qualcomm Mdm9607 Firmware | ||
| Qualcomm Mdm9607 | ||
| Qualcomm Qcs405 Firmware | ||
| Qualcomm Qcs405 | ||
| Qualcomm Saipan Firmware | ||
| Qualcomm Saipan | ||
| Qualcomm Sc8180x Firmware | ||
| Qualcomm Sc8180x | ||
| Qualcomm Sdx55 Firmware | ||
| Qualcomm Sdx55 | ||
| Qualcomm Sm6150 Firmware | ||
| Qualcomm Sm6150 | ||
| Qualcomm Sm7150 Firmware | ||
| Qualcomm Sm7150 | ||
| Qualcomm Sm8150 Firmware | ||
| Qualcomm Sm8150 | ||
| Qualcomm Sm8250 Firmware | ||
| Qualcomm SM8250 | ||
| Qualcomm Sxr2130 Firmware | ||
| Qualcomm Sxr2130 | ||
| Google Android |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://source.codeaurora.org/quic/la/kernel/msm-4.14/commit/?id=06d7c43e7e4e224ab96bb1e069d495a8dd95c60a
- https://source.android.com/docs/security/bulletin/2020-09-01 (Advisory)
- https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin
- https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Frequently Asked Questions
What is the severity of CVE-2019-14117?
The severity of CVE-2019-14117 is 7.8 (high).
What software is affected by CVE-2019-14117?
Google Android, Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Qualcomm Bitra Firmware, Qualcomm Mdm9607 Firmware, Qualcomm Qcs405 Firmware, Qualcomm Saipan Firmware, Qualcomm Sc8180x Firmware, Qualcomm Sdx55 Firmware, Qualcomm Sm6150 Firmware, Qualcomm Sm8150 Firmware, Qualcomm Sm8250 Firmware, Qualcomm Sxr2130 Firmware.
What is the impact of CVE-2019-14117?
CVE-2019-14117 can result in a use after free causing an unhandled page fault exception in the rmnet driver.
How can I fix CVE-2019-14117?
Apply the necessary security patches and updates provided by the vendor.
Where can I find more information about CVE-2019-14117?
You can find more information about CVE-2019-14117 at the following references: [link1], [link2], [link3].
- agent/references
- agent/type
- agent/first-publish-date
- agent/author
- agent/severity
- agent/weakness
- agent/remedy
- agent/description
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/qualcomm
- canonical/qualcomm bitra firmware
- canonical/qualcomm bitra
- canonical/qualcomm mdm9607 firmware
- canonical/qualcomm mdm9607
- canonical/qualcomm qcs405 firmware
- canonical/qualcomm qcs405
- canonical/qualcomm saipan firmware
- canonical/qualcomm saipan
- canonical/qualcomm sc8180x firmware
- canonical/qualcomm sc8180x
- canonical/qualcomm sdx55 firmware
- canonical/qualcomm sdx55
- canonical/qualcomm sm6150 firmware
- canonical/qualcomm sm6150
- canonical/qualcomm sm7150 firmware
- canonical/qualcomm sm7150
- canonical/qualcomm sm8150 firmware
- canonical/qualcomm sm8150
- canonical/qualcomm sm8250 firmware
- canonical/qualcomm sm8250
- canonical/qualcomm sxr2130 firmware
- canonical/qualcomm sxr2130
- vendor/google
- canonical/google android