CVE-2019-14025

Summary

u'When a new session is created, Object is returned that contains TZ addresses and it get passed to HLOS as an handle to refer to a particular session and can cause TZ to jump to a invalid address' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, QCS610, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130

Affected Software

VendorProductVersion RangeStatus
Qualcomm, Inc.Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and NetworkingKamorta, QCS404, QCS610, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130affected

Weaknesses

  • Untrusted Pointer Dereference Issue in Content Protection

ADP Enrichment

CVE Program Container

Additional References

References