January 2020 Security Bulletin
Version 1.0
Published: 01/06/2020
This security bulletin is intended to help Qualcomm Technologies, Inc. (QTI) customers incorporate security updates in launched or upcoming devices. This document includes (i) a description of security vulnerabilities that have been addressed in QTI’s proprietary code and (ii) links to related code that has been contributed to Code Aurora Forum (CAF), a Linux Foundation Collaborative Project, to address security vulnerabilities for customers who incorporate Linux-based software from CAF into their devices.
Please reach out to [email protected] for any questions related to this bulletin.
Announcements
We have discontinued publication of the open source public bulletin at https://www.codeaurora.org/security-advisories/security-bulletins . Starting from September 2019, we will have one single monthly bulletin listing both open-source and closed-source vulnerabilities.
Acknowledgements
We would like to thank these researchers for their contributions in reporting these issues to us.
| CVE-2019-10561 | dex (Marcel Busch) of FAU Security Team, FAU Erlangen-Nuremberg |
| CVE-2019-10582, CVE-2019-10583 | Reported to us through Google Android Security team; please see bulletins at https://source.android.com/security/overview/acknowledgements/ for individual credit information. For issues rated medium or lower, the individual credit information may appear in a future Android major release bulletin. |
Table of Vulnerabilities
| Public ID | Security Rating | Technology Area | Date Reported |
| CVE-2019-10532 | High | Video | Internal |
| CVE-2019-10548 | High | Data Network Stack & Connectivity | Internal |
| CVE-2019-10561 | Medium | Content Protection | 02/05/2019 |
| CVE-2019-10578 | High | Video | Internal |
| CVE-2019-10579 | High | Video | Internal |
| CVE-2019-10582 | High | Linux | 05/06/2019 |
| CVE-2019-10583 | High | Linux | 05/06/2019 |
| CVE-2019-10611 | High | Video | Internal |
| CVE-2019-14002 | High | Telephony | 10/19/2019 |
| CVE-2019-14003 | High | Video | Internal |
| CVE-2019-14004 | High | Video | Internal |
| CVE-2019-14005 | High | Video | Internal |
| CVE-2019-14006 | High | Video | Internal |
| CVE-2019-14008 | High | GPS HLOS Driver | Internal |
| CVE-2019-14013 | High | Video | Internal |
| CVE-2019-14014 | High | Video | Internal |
| CVE-2019-14016 | High | Video | Internal |
| CVE-2019-14017 | High | Video | Internal |
| CVE-2019-2267 | High | QTEE | Internal |
CVE-2019-10532
| CVE ID | CVE-2019-10532 |
| Title | Buffer Over-read Issue in Video |
| Description | Null-pointer dereference issue can occur while calculating string length when source string length is zero |
| Technology Area | Video |
| Vulnerability Type | CWE-126 Buffer Over-read |
| Access Vector | Remote |
| Security Rating | High |
| Date Reported | Internal |
| Customer Notified Date | 10/07/2019 |
| Affected Chipsets* | APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, Nicobar, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130 |
CVE-2019-10548
| CVE ID | CVE-2019-10548 |
| Title | Use-After-Free Issue in HLOS Data |
| Description | While trying to obtain datad ipc handle during DPL initialization, Heap use-after-free issue can occur if modem SSR occurs at same time |
| Technology Area | Data Network Stack & Connectivity |
| Vulnerability Type | CWE-416 Use After Free |
| Access Vector | Local |
| Security Rating | High |
| Date Reported | Internal |
| Customer Notified Date | 07/01/2019 |
| Affected Chipsets* | APQ8009, APQ8053, APQ8096AU, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SXR1130 |
CVE-2019-10561
| CVE ID | CVE-2019-10561 |
| Title | Configuration Issue in Content Protection |
| Description | Improper initialization of local variables which are parameters to sfs api may cause invalid pointer dereference and leads to denial of service |
| Technology Area | Content Protection |
| Vulnerability Type | CWE-16 Configuration |
| Access Vector | Local |
| Security Rating | Medium |
| Date Reported | 02/05/2019 |
| Customer Notified Date | 07/01/2019 |
| Affected Chipsets* | APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9206, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QM215, SDA660, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660 |
CVE-2019-10578
| CVE ID | CVE-2019-10578 |
| Title | Improper Input Validation in Video |
| Description | Null pointer dereference can occur while parsing the clip which is nonstandard |
| Technology Area | Video |
| Vulnerability Type | CWE-20 Improper Input Validation |
| Access Vector | Remote |
| Security Rating | High |
| Date Reported | Internal |
| Customer Notified Date | 10/07/2019 |
| Affected Chipsets* | APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, Rennell, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 |
CVE-2019-10579
| CVE ID | CVE-2019-10579 |
| Title | Buffer Over-read in Video |
| Description | Buffer over-read can occur while playing the video clip which is not standard |
| Technology Area | Video |
| Vulnerability Type | CWE-126 Buffer Over-read |
| Access Vector | Remote |
| Security Rating | High |
| Date Reported | Internal |
| Customer Notified Date | 10/07/2019 |
| Affected Chipsets* | APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 |
CVE-2019-10582
| CVE ID | CVE-2019-10582 |
| Title | Use After Free Issue in Sensors HAL |
| Description | Use after free issue due to using of invalidated iterator to delete an object in sensors HAL |
| Technology Area | Linux |
| Vulnerability Type | CWE-416 Use After Free |
| Access Vector | Local |
| Security Rating | High |
| Date Reported | 05/06/2019 |
| Customer Notified Date | 10/07/2019 |
| Affected Chipsets* | APQ8096AU, MSM8909W, Nicobar, QCS605, SA6155P, SDA845, SDM429W, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR1130, SXR2130 |
CVE-2019-10583
| CVE ID | CVE-2019-10583 |
| Title | Use After Free Issue in Camera |
| Description | Use after free issue occurs when camera access sensors data through direct report mode |
| Technology Area | Linux |
| Vulnerability Type | CWE-416 Use After Free |
| Access Vector | Local |
| Security Rating | High |
| Date Reported | 05/06/2019 |
| Customer Notified Date | 10/07/2019 |
| Affected Chipsets* | APQ8096AU, MDM9607, MSM8909W, Nicobar, QCS605, SA6155P, SDA845, SDM429W, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR1130, SXR2130 |
CVE-2019-10611
| CVE ID | CVE-2019-10611 |
| Title | Integer Overflow to Buffer Overflow Issue in Video |
| Description | Buffer overflow can occur while processing clip due to lack of check of object size before parsing |
| Technology Area | Video |
| Vulnerability Type | CWE-680 Integer Overflow to Buffer Overflow |
| Access Vector | Remote |
| Security Rating | High |
| Date Reported | Internal |
| Customer Notified Date | 10/07/2019 |
| Affected Chipsets* | APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, Nicobar, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130 |
CVE-2019-14002
| CVE ID | CVE-2019-14002 |
| Title | Improper Access Control Issue in Telephony |
| Description | APKs without proper permission may bind to CallEnhancementService and can lead to unauthorized access to call status |
| Technology Area | Telephony |
| Vulnerability Type | CWE-284 Improper Access Control |
| Access Vector | Local |
| Security Rating | High |
| Date Reported | 10/19/2019 |
| Customer Notified Date | 10/07/2019 |
| Affected Chipsets* | APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCA6574AU, QCS605, QM215, SA6155P, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SM6150, SM8150, SM8250, SXR2130 |
CVE-2019-14003
| CVE ID | CVE-2019-14003 |
| Title | Improper Input Validation in Video |
| Description | Null pointer exception can happen while parsing invalid MKV clip where cue information is parsed before segment information |
| Technology Area | Video |
| Vulnerability Type | CWE-20 Improper Input Validation |
| Access Vector | Remote |
| Security Rating | High |
| Date Reported | Internal |
| Customer Notified Date | 10/07/2019 |
| Affected Chipsets* | APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 |
CVE-2019-14004
| CVE ID | CVE-2019-14004 |
| Title | Improper Input Validation in Video |
| Description | Buffer overflow occurs while processing invalid MKV clip, which has invalid EBML size |
| Technology Area | Video |
| Vulnerability Type | CWE-20 Improper Input Validation |
| Access Vector | Remote |
| Security Rating | High |
| Date Reported | Internal |
| Customer Notified Date | 10/07/2019 |
| Affected Chipsets* | APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 |
CVE-2019-14005
| CVE ID | CVE-2019-14005 |
| Title | Buffer Copy Without Checking Size of Input in Video |
| Description | Buffer overflow occur while playing the clip which is nonstandard due to lack of check of size duration |
| Technology Area | Video |
| Vulnerability Type | CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow') |
| Access Vector | Remote |
| Security Rating | High |
| Date Reported | Internal |
| Customer Notified Date | 10/07/2019 |
| Affected Chipsets* | APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130 |
CVE-2019-14006
| CVE ID | CVE-2019-14006 |
| Title | Improper Input Validation in Video |
| Description | Buffer overflow occur while playing the clip which is nonstandard due to lack of offset length check |
| Technology Area | Video |
| Vulnerability Type | CWE-20 Improper Input Validation |
| Access Vector | Remote |
| Security Rating | High |
| Date Reported | Internal |
| Customer Notified Date | 10/07/2019 |
| Affected Chipsets* | APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130 |
CVE-2019-14008
| CVE ID | CVE-2019-14008 |
| Title | Null Pointer Dereference Issue in GPS |
| Description | Possible null pointer dereference issue in location assistance data processing due to missing null check on resources before using it |
| Technology Area | GPS HLOS Driver |
| Vulnerability Type | CWE-476 NULL Pointer Dereference |
| Access Vector | Remote |
| Security Rating | High |
| Date Reported | Internal |
| Customer Notified Date | 10/07/2019 |
| Affected Chipsets* | MDM9150, MDM9607, MDM9650, SDM660, SDM845, SM8150, SM8250, SXR2130 |
CVE-2019-14013
| CVE ID | CVE-2019-14013 |
| Title | Buffer Copy Without Checking Size of Input in Video |
| Description | While parsing invalid super index table, elements within super index table may exceed total chunk size and invalid data is read into the table |
| Technology Area | Video |
| Vulnerability Type | CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow') |
| Access Vector | Remote |
| Security Rating | High |
| Date Reported | Internal |
| Customer Notified Date | 10/07/2019 |
| Affected Chipsets* | APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 |
CVE-2019-14014
| CVE ID | CVE-2019-14014 |
| Title | Buffer Copy Without Checking Size of Input in Video |
| Description | Possible buffer overflow when byte array receives incorrect input from reading source as array is not null terminated |
| Technology Area | Video |
| Vulnerability Type | CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow') |
| Access Vector | Remote |
| Security Rating | High |
| Date Reported | Internal |
| Customer Notified Date | 10/07/2019 |
| Affected Chipsets* | Nicobar, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR2130 |
CVE-2019-14016
| CVE ID | CVE-2019-14016 |
| Title | Integer Overflow to Buffer Overflow in Video |
| Description | Integer overflow occurs while playing the clip which is nonstandard |
| Technology Area | Video |
| Vulnerability Type | CWE-680 Integer Overflow to Buffer Overflow |
| Access Vector | Remote |
| Security Rating | High |
| Date Reported | Internal |
| Customer Notified Date | 10/07/2019 |
| Affected Chipsets* | APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130 |
CVE-2019-14017
| CVE ID | CVE-2019-14017 |
| Title | Buffer Copy Without Checking Size of Input in Video |
| Description | Heap buffer overflow can occur while parsing invalid MKV clip which is not standard and have invalid vorbis codec data |
| Technology Area | Video |
| Vulnerability Type | CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow') |
| Access Vector | Remote |
| Security Rating | High |
| Date Reported | Internal |
| Customer Notified Date | 10/07/2019 |
| Affected Chipsets* | APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 |
CVE-2019-2267
| CVE ID | CVE-2019-2267 |
| Title | Permissions, Privileges and Access Control in Boot |
| Description | Locked regions may be modified through other interfaces in secure boot loader image due to improper access control. |
| Technology Area | QTEE |
| Vulnerability Type | CWE-264 Permissions, Privileges, and Access Controls |
| Access Vector | Local |
| Security Rating | High |
| Date Reported | Internal |
| Customer Notified Date | 05/06/2019 |
| Affected Chipsets* | MDM9205, QCS404, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM8150, SXR1130, SXR2130 |
* Data is generated only at the time of bulletin creation
This table summarizes security vulnerabilities that were addressed through open source software located at the corresponding open source project links
Table of Vulnerabilities
| Public ID | Security Rating | Technology Area | Date Reported |
| CVE-2019-10558 | High | DSP Service | Internal |
| CVE-2019-10581 | High | Audio | Internal |
| CVE-2019-10585 | High | DSP Service | 05/23/2019 |
| CVE-2019-10602 | High | Display | Internal |
| CVE-2019-10606 | High | Connectivity | Internal |
| CVE-2019-14010 | High | Audio | Internal |
| CVE-2019-14023 | High | Data Network Stack & Connectivity | Internal |
| CVE-2019-14024 | High | NFC | Internal |
| CVE-2019-14034 | High | Multimedia | Internal |
| CVE-2019-14036 | High | WLAN HOST | Internal |
CVE-2019-10558
| CVE ID | CVE-2019-10558 |
| Title | Improper Restriction of Operation Within the Bounds of a Memory Buffer in DSP Services |
| Description | While transferring data from APPS to DSP, Out of bound in FastRPC HLOS Driver due to the data buffer which can be controlled by DSP |
| Technology Area | DSP Service |
| Vulnerability Type | CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer |
| Access Vector | Local |
| Security Rating | High |
| Date Reported | Internal |
| Customer Notified Date | 10/07/2019 |
| Affected Chipsets* | APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM6150, SM8150, SM8250, SXR1130, SXR2130 |
| Patch* |
CVE-2019-10581
| CVE ID | CVE-2019-10581 |
| Title | Use After Free Issue in Audio |
| Description | NULL is assigned to local instance of audio device pointer after free instead of global static pointer and can lead to use after free issue |
| Technology Area | Audio |
| Vulnerability Type | CWE-416 Use After Free |
| Access Vector | Remote |
| Security Rating | High |
| Date Reported | Internal |
| Customer Notified Date | 10/07/2019 |
| Affected Chipsets* | APQ8009, APQ8053, MDM9206, MDM9207C, MDM9607, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8998, Nicobar, QCS605, Rennell, SA6155P, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 |
| Patch* |
CVE-2019-10585
| CVE ID | CVE-2019-10585 |
| Title | Use After Free issue in DSP Services |
| Description | Possible integer overflow happens when mmap find function will increment refcount every time when it invokes and can lead to use after free issue |
| Technology Area | DSP Service |
| Vulnerability Type | CWE-416 Use After Free |
| Access Vector | Local |
| Security Rating | High |
| Date Reported | 05/23/2019 |
| Customer Notified Date | 10/07/2019 |
| Affected Chipsets* | APQ8009, APQ8053, MDM9607, MDM9640, MSM8909W, MSM8917, MSM8953, Nicobar, QCS605, QM215, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM8150, SM8250, SXR1130, SXR2130 |
| Patch* |
CVE-2019-10602
| CVE ID | CVE-2019-10602 |
| Title | Use After Free Issue in Display |
| Description | Potential use-after-free heap error during Validate/Present calls on display HW composer |
| Technology Area | Display |
| Vulnerability Type | CWE-416 Use After Free |
| Access Vector | Local |
| Security Rating | High |
| Date Reported | Internal |
| Customer Notified Date | 10/07/2019 |
| Affected Chipsets* | APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCS605, SDA660, SDM845, SDX20, SM8150 |
| Patch* |
CVE-2019-10606
| CVE ID | CVE-2019-10606 |
| Title | Buffer Copy Without Checking Size of Input in USB |
| Description | Out-of-bound access will occur in USB driver due to lack of check to validate the frame size passed by user |
| Technology Area | Connectivity |
| Vulnerability Type | CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow') |
| Access Vector | Local |
| Security Rating | High |
| Date Reported | Internal |
| Customer Notified Date | 10/07/2019 |
| Affected Chipsets* | MDM9607, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, QCS605, SDX24 |
| Patch* |
CVE-2019-14010
| CVE ID | CVE-2019-14010 |
| Title | Improper Input Validation in Audio |
| Description | The device may enter into error state when some tool or application gets failure at 1st buffer map all and performs 2nd buffer map which happens to be at same physical address |
| Technology Area | Audio |
| Vulnerability Type | CWE-20 Improper Input Validation |
| Access Vector | Remote |
| Security Rating | High |
| Date Reported | Internal |
| Customer Notified Date | 10/07/2019 |
| Affected Chipsets* | MDM9607, Nicobar, Rennell, SA6155P, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 |
| Patch* |
CVE-2019-14023
| CVE ID | CVE-2019-14023 |
| Title | String format Issue in HLOS Data |
| Description | String format issue will occur while processing HLOS data as there is no user input validation to ensure inputs are properly NULL terminated before string copy |
| Technology Area | Data Network Stack & Connectivity |
| Vulnerability Type | CWE-133 String Errors |
| Access Vector | Local |
| Security Rating | High |
| Date Reported | Internal |
| Customer Notified Date | 10/07/2019 |
| Affected Chipsets* | MDM9607, Nicobar, Rennell, SA6155P, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 |
| Patch* |
CVE-2019-14024
| CVE ID | CVE-2019-14024 |
| Title | Use After Free Issue in NFC Module |
| Description | Possible stack-use-after-scope issue in NFC usecase for card emulation |
| Technology Area | NFC |
| Vulnerability Type | CWE-416 Use After Free |
| Access Vector | Local |
| Security Rating | High |
| Date Reported | Internal |
| Customer Notified Date | 10/07/2019 |
| Affected Chipsets* | MSM8917, MSM8953, Nicobar, QM215, Rennell, SDM429, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR2130 |
| Patch* |
CVE-2019-14034
| CVE ID | CVE-2019-14034 |
| Title | Use After Free Issue in Multimedia |
| Description | Use after free while processing eeprom query as there is a chance to not unlock mutex after error occurs |
| Technology Area | Multimedia |
| Vulnerability Type | CWE-416 Use After Free |
| Access Vector | Local |
| Security Rating | High |
| Date Reported | Internal |
| Customer Notified Date | 10/07/2019 |
| Affected Chipsets* | APQ8009, APQ8053, MSM8909W, MSM8917, MSM8953, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 |
| Patch* |
|
CVE-2019-14036
| CVE ID | CVE-2019-14036 |
| Title | Improper Validation of Array Index in WLAN Host |
| Description | Possible buffer overflow issue in error processing due to improper validation of array index value |
| Technology Area | WLAN HOST |
| Vulnerability Type | CWE-129 Improper Validation of Array Index |
| Access Vector | Local |
| Security Rating | High |
| Date Reported | Internal |
| Customer Notified Date | 10/07/2019 |
| Affected Chipsets* | APQ8064, APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MDM9607, MDM9615, MDM9640, MSM8996AU, QCN7605 |
| Patch* |
* Data is generated only at the time of bulletin creation
Industry Coordination
Security ratings of issues included in Android security bulletins and these bulletins match in the most common scenarios but may differ in some cases due to one of the following reasons:
- Consideration of security protections such as SELinux not enforced on some platforms
- Differences in assessment of some specific scenarios that involves local denial of service or privilege escalation vulnerabilities in the high level OS kernel
Version History
| Version | Date | Comments |
| 1.0 | January 6, 2020 | Bulletin Published |
All Qualcomm products mentioned herein are products of Qualcomm Technologies, Inc. and/or its subsidiaries.
- Announcements
- Acknowledgements
- Table of Vulnerabilities
- CVE-2019-10532
- CVE-2019-10548
- CVE-2019-10561
- CVE-2019-10578
- CVE-2019-10579
- CVE-2019-10582
- CVE-2019-10583
- CVE-2019-10611
- CVE-2019-14002
- CVE-2019-14003
- CVE-2019-14004
- CVE-2019-14005
- CVE-2019-14006
- CVE-2019-14008
- CVE-2019-14013
- CVE-2019-14014
- CVE-2019-14016
- CVE-2019-14017
- CVE-2019-2267
- Table of Vulnerabilities
- CVE-2019-10558
- CVE-2019-10581
- CVE-2019-10585
- CVE-2019-10602
- CVE-2019-10606
- CVE-2019-14010
- CVE-2019-14023
- CVE-2019-14024
- CVE-2019-14034
- CVE-2019-14036
- Industry Coordination
- Version History
