CVE-2019-14123: Input Validation
First published: Mon Jul 06 2020(Updated: )
Possible buffer overflow and over read possible due to missing bounds checks for fixed limits if we consider widevine HLOS client as non-trustable in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Android | ||
| qualcomm Kamorta firmware | ||
| qualcomm Kamorta | ||
| qualcomm QCS404 firmware | ||
| qualcomm QCS404 | ||
| qualcomm Rennell firmware | ||
| qualcomm Rennell | ||
| Qualcomm SC7180P Firmware | ||
| Qualcomm SC7180P Firmware | ||
| Qualcomm sdx55 firmware | ||
| Qualcomm sdx55 | ||
| Qualcomm SM6150 | ||
| Qualcomm SM6150 Firmware | ||
| Qualcomm SM7150 Firmware | ||
| qualcomm SM7150 firmware | ||
| qualcomm SM8250 firmware | ||
| Qualcomm SM8250 | ||
| qualcomm SXR2130 firmware | ||
| qualcomm SXR2130 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://source.android.com/docs/security/bulletin/2020-07-01/#asterisk
- https://source.android.com/docs/security/bulletin/2020-07-01 (Advisory)
- https://www.qualcomm.com/company/product-security/bulletins/july-2020-bulletin
- https://www.qualcomm.com/company/product-security/bulletins/july-2020-security-bulletin
Frequently Asked Questions
What is CVE-2019-14123?
CVE-2019-14123 is a vulnerability that could lead to buffer overflow and over read due to missing bounds checks in certain Qualcomm firmware and Google Android devices.
Which software products are affected by CVE-2019-14123?
CVE-2019-14123 affects Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, Rennell, SC7180, SDX55, SM6 firmware, and Google Android.
What is the severity level of CVE-2019-14123?
CVE-2019-14123 has a severity level of 7.8 (High).
How can I fix the CVE-2019-14123 vulnerability?
To fix the CVE-2019-14123 vulnerability, update the affected Qualcomm firmware and Google Android devices to the latest security patches provided by Qualcomm and Google.
Where can I find more information about CVE-2019-14123?
More information about CVE-2019-14123 can be found in the Android Security Bulletin for July 2020 and the Qualcomm Product Security Bulletins for July 2020.
- agent/references
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/author
- agent/severity
- agent/description
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/google
- canonical/google android
- vendor/qualcomm
- canonical/qualcomm kamorta firmware
- canonical/qualcomm kamorta
- canonical/qualcomm qcs404 firmware
- canonical/qualcomm qcs404
- canonical/qualcomm rennell firmware
- canonical/qualcomm rennell
- canonical/qualcomm sc7180p firmware
- canonical/qualcomm sdx55 firmware
- canonical/qualcomm sdx55
- canonical/qualcomm sm6150
- canonical/qualcomm sm6150 firmware
- canonical/qualcomm sm7150 firmware
- canonical/qualcomm sm8250 firmware
- canonical/qualcomm sm8250
- canonical/qualcomm sxr2130 firmware
- canonical/qualcomm sxr2130