June 2020 Security Bulletin
Version 1.0
Published: 06/01/2020
This security bulletin is intended to help Qualcomm Technologies, Inc. (QTI) customers incorporate security updates in launched or upcoming devices. This document includes (i) a description of security vulnerabilities that have been addressed in QTI’s proprietary code and (ii) links to related code that has been contributed to Code Aurora Forum (CAF), a Linux Foundation Collaborative Project, to address security vulnerabilities for customers who incorporate Linux-based software from CAF into their devices.
Please reach out to [email protected] for any questions related to this bulletin.
Table of Contents
| Announcements: |
| Acknowledgements: |
| Proprietary Software Issues: |
| Open Source Software Issues: |
| Industry Coordination: |
| Version History: |
Announcements
None
Acknowledgements
We would like to thank these researchers for their contributions in reporting these issues to us.
| CVE-2020-3628 | Shupeng Gao |
| CVE-2020-3676 | Maksymilian Motyl, Security Consultant for Trustwave SpiderLabs |
| CVE-2019-10626 | Gengjia Chen (chengjia4574) |
| CVE-2019-14091 | Jianqiang Zhao(@jianqiangzhao) and pjf(weibo.com/jfpan) of IceSword Lab, Qihoo 360 |
| CVE-2019-14094 | Arash Tohidi (h4ul4) |
Proprietary Software Issues
The tables below summarize security vulnerabilities that were addressed through proprietary software
This table list high impact security vulnerabilities. Patches have been released for affected products. OEMs have been notified and strongly recommended to release patches on end devices.
| Public ID | Security Rating | Technology Area | Date Reported |
| CVE-2019-14073 | Critical | Data Modem | Internal |
| CVE-2019-14080 | Critical | Data Modem | Internal |
| CVE-2019-10597 | High | KERNEL | Internal |
| CVE-2019-14062 | High | Multi-Mode Call Processor | Internal |
| CVE-2019-14076 | High | Content Protection | 07/16/2019 |
| CVE-2020-3614 | High | WLAN Firmware | Internal |
| CVE-2020-3626 | High | RIL | Internal |
| CVE-2020-3628 | High | On-device Logging | 07/30/2019 |
| CVE-2020-3635 | High | Performance | 02/04/2020 |
| CVE-2020-3642 | High | Camera Driver | Internal |
| CVE-2020-3658 | High | Video | Internal |
| CVE-2020-3660 | High | Video | Internal |
| CVE-2020-3661 | High | Video | Internal |
| CVE-2020-3662 | High | Video | Internal |
| CVE-2020-3663 | High | Video | Internal |
| CVE-2020-3676 | High | Performance | 02/04/2020 |
Proprietary Software Issues
The tables below summarize security vulnerabilities that were addressed through proprietary software
This table list high impact security vulnerabilities. Patches have been released for affected products. OEMs have been notified and strongly recommended to release patches on end devices.
| Public ID | Security Rating | Technology Area | Date Reported |
| CVE-2019-14092 | Medium | Telephony | 10/22/2019 |
| CVE-2019-14094 | Medium | Core Services | 09/12/2019 |
CVE-2019-14073
| CVE ID | CVE-2019-14073 |
| Title | Buffer Copy Without Checking Size of Input in Modem Data |
| Description | Copying RTCP messages into the output buffer without checking the destination buffer size which could lead to a remote stack overflow when processing large data or non-standard feedback messages |
| Technology Area | Data Modem |
| Vulnerability Type | CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow') |
| Access Vector | Remote |
| Security Rating | Critical |
| Date Reported | Internal |
| Customer Notified Date | 12/02/2019 |
| Affected Chipsets* | APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SA415M, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130 |
CVE-2019-14080
| CVE ID | CVE-2019-14080 |
| Title | Improper Validation of Array Index in Modem Data |
| Description | Out of bound write can happen due to lack of check of array index value while parsing SDP attribute for SAR |
| Technology Area | Data Modem |
| Vulnerability Type | CWE-129 Improper Validation of Array Index |
| Access Vector | Remote |
| Security Rating | Critical |
| Date Reported | Internal |
| Customer Notified Date | 12/02/2019 |
| Affected Chipsets* | APQ8053, APQ8096AU, Kamorta, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCM2150, QCS605, QM215, Rennell, SA415M, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, SXR1130 |
CVE-2019-10597
| CVE ID | CVE-2019-10597 |
| Title | Improper Input Validation in Kernel |
| Description | kernel writes to user passed address without any checks can lead to arbitrary memory write |
| Technology Area | KERNEL |
| Vulnerability Type | CWE-20 Improper Input Validation |
| Access Vector | Local |
| Security Rating | High |
| Date Reported | Internal |
| Customer Notified Date | 12/02/2019 |
| Affected Chipsets* | IPQ6018, IPQ8074, MSM8996, MSM8996AU, Nicobar, QCS605, Rennell, Saipan, SC7180, SC8180X, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 |
CVE-2019-14062
| CVE ID | CVE-2019-14062 |
| Title | Buffer Copy Without Checking Size of Input in Multi Mode Call Processor |
| Description | Buffer overflows while decoding setup message from Network due to lack of check of IE message length received from network |
| Technology Area | Multi-Mode Call Processor |
| Vulnerability Type | CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow') |
| Access Vector | Remote |
| Security Rating | High |
| Date Reported | Internal |
| Customer Notified Date | 12/02/2019 |
| Affected Chipsets* | APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SA415M, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130 |
CVE-2019-14076
| CVE ID | CVE-2019-14076 |
| Title | Buffer Copy Without Checking Size of Input in TrustZone |
| Description | Buffer overflow occurs while processing an subsample data length out of range due to lack of user input validation |
| Technology Area | Content Protection |
| Vulnerability Type | CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow') |
| Access Vector | Local |
| Security Rating | High |
| Date Reported | 07/16/2019 |
| Customer Notified Date | 12/02/2019 |
| Affected Chipsets* | APQ8009, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8998, Nicobar, QCS404, QCS405, QCS605, Rennell, SA415M, SC7180, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 |
CVE-2020-3614
| CVE ID | CVE-2020-3614 |
| Title | Buffer Copy Without Checking Size of Input in WLAN |
| Description | Possible buffer overflow while copying the frame to local buffer due to lack of check of length before copying |
| Technology Area | WLAN Firmware |
| Vulnerability Type | CWE-680 Integer Overflow to Buffer Overflow |
| Access Vector | Remote |
| Security Rating | High |
| Date Reported | Internal |
| Customer Notified Date | 03/02/2020 |
| Affected Chipsets* | APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6174A, QCA6574AU, QCA6584AU, QCA9377, QCA9379, QCA9886, QCM2150, QCS405, QCS605, QM215, Rennell, SC7180, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130 |
CVE-2020-3626
| CVE ID | CVE-2020-3626 |
| Title | Permissions, privileges and Access Controls issues in RIL |
| Description | Any application can bind to it and exercise the APIs due to no protection for AIDL uimlpaservice |
| Technology Area | RIL |
| Vulnerability Type | CWE-264 Permissions, Privileges, and Access Controls |
| Access Vector | Local |
| Security Rating | High |
| Date Reported | Internal |
| Customer Notified Date | 03/02/2020 |
| Affected Chipsets* | APQ8053, APQ8096AU, APQ8098, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 |
CVE-2020-3628
| CVE ID | CVE-2020-3628 |
| Title | Improper Access Control Issue in On-Device Logging |
| Description | Improper access due to socket opened by the logging application without specifying localhost address |
| Technology Area | On-device Logging |
| Vulnerability Type | CWE-284 Improper Access Control |
| Access Vector | Remote |
| Security Rating | High |
| Date Reported | 07/30/2019 |
| Customer Notified Date | 03/02/2020 |
| Affected Chipsets* | APQ8053, Rennell, SDX20 |
CVE-2020-3635
| CVE ID | CVE-2020-3635 |
| Title | Stack Based Buffer Overflow in Performance |
| Description | Stack based overflow If the maximum number of arguments allowed per request in perflock exceeds |
| Technology Area | Performance |
| Vulnerability Type | CWE-121 Stack-based Buffer Overflow |
| Access Vector | Local |
| Security Rating | High |
| Date Reported | 02/04/2020 |
| Customer Notified Date | 02/03/2020 |
| Affected Chipsets* | APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, Saipan, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 |
CVE-2020-3642
| CVE ID | CVE-2020-3642 |
| Title | Use After Free Issue in Camera |
| Description | Use after free issue in camera applications when used randomly over multiple operations due to pointer not set to NULL after free/destroy of the object |
| Technology Area | Camera Driver |
| Vulnerability Type | CWE-416 Use After Free |
| Access Vector | Local |
| Security Rating | High |
| Date Reported | Internal |
| Customer Notified Date | 03/02/2020 |
| Affected Chipsets* | Kamorta, QCS605, Rennell, Saipan, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 |
CVE-2020-3658
| CVE ID | CVE-2020-3658 |
| Title | Buffer Over Read Issue in Video |
| Description | Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms |
| Technology Area | Video |
| Vulnerability Type | CWE-126 Buffer Over-read |
| Access Vector | Remote |
| Security Rating | High |
| Date Reported | Internal |
| Customer Notified Date | 03/02/2020 |
| Affected Chipsets* | APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 |
CVE-2020-3660
| CVE ID | CVE-2020-3660 |
| Title | Improper Validation of Array Index in Video |
| Description | Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms |
| Technology Area | Video |
| Vulnerability Type | CWE-129 Improper Validation of Array Index |
| Access Vector | Remote |
| Security Rating | High |
| Date Reported | Internal |
| Customer Notified Date | 03/02/2020 |
| Affected Chipsets* | APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130 |
CVE-2020-3661
| CVE ID | CVE-2020-3661 |
| Title | Buffer over-read Issue in Video |
| Description | Buffer overflow will happen while parsing mp4 clip with corrupted sample atoms values which exceeds MAX_UINT32 range due to lack of validation checks |
| Technology Area | Video |
| Vulnerability Type | CWE-126 Buffer Over-read |
| Access Vector | Remote |
| Security Rating | High |
| Date Reported | Internal |
| Customer Notified Date | 03/02/2020 |
| Affected Chipsets* | APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 |
CVE-2020-3662
| CVE ID | CVE-2020-3662 |
| Title | Buffer Over-read Issue in Video |
| Description | Buffer overflow can occur while parsing eac3 header while playing the clip which is nonstandard |
| Technology Area | Video |
| Vulnerability Type | CWE-126 Buffer Over-read |
| Access Vector | Remote |
| Security Rating | High |
| Date Reported | Internal |
| Customer Notified Date | 03/02/2020 |
| Affected Chipsets* | APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130 |
CVE-2020-3663
| CVE ID | CVE-2020-3663 |
| Title | Buffer Copy Without Checking Size of Input in Video |
| Description | Buffer over-write may occur during fetching track decoder specific information if cb size exceeds buffer size |
| Technology Area | Video |
| Vulnerability Type | CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow') |
| Access Vector | Remote |
| Security Rating | High |
| Date Reported | Internal |
| Customer Notified Date | 03/02/2020 |
| Affected Chipsets* | APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 |
CVE-2020-3676
| CVE ID | CVE-2020-3676 |
| Title | Improper Validation of Array Index in Android Performance |
| Description | Possible memory corruption in perfservice due to improper validation array length taken from user application. |
| Technology Area | Performance |
| Vulnerability Type | CWE-129 Improper Validation of Array Index |
| Access Vector | Local |
| Security Rating | High |
| Date Reported | 02/04/2020 |
| Customer Notified Date | 04/06/2020 |
| Affected Chipsets* | APQ8096AU, APQ8098, Kamorta, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, Saipan, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 |
CVE-2019-14092
| CVE ID | CVE-2019-14092 |
| Title | Information Exposure Issue in Telephony |
| Description | System Services exports services without permission protect and can lead to information exposure |
| Technology Area | Telephony |
| Vulnerability Type | CWE-200 Information Exposure |
| Access Vector | Local |
| Security Rating | Medium |
| Date Reported | 10/22/2019 |
| Customer Notified Date | 12/02/2019 |
| Affected Chipsets* | MDM9206, MDM9207C, MDM9607, Rennell, Saipan, SM8150, SM8250, SXR2130 |
CVE-2019-14094
| CVE ID | CVE-2019-14094 |
| Title | Buffer Over read Issue in Diag Services |
| Description | Integer overflow in diag command handler when user inputs a large value for number of tasks field in the request packet |
| Technology Area | Core Services |
| Vulnerability Type | CWE-126 Buffer Over-read |
| Access Vector | Local |
| Security Rating | Medium |
| Date Reported | 09/12/2019 |
| Customer Notified Date | 12/02/2019 |
| Affected Chipsets* | APQ8009, APQ8053, APQ8096AU, APQ8098, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QM215, Rennell, SA415M, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 |
* Data is generated only at the time of bulletin creation
Open Source Software Issues
The tables below summarize security vulnerabilities that were addressed through open source software
This table list high impact security vulnerabilities. Patches have been released for affected products. OEMs have been notified and strongly recommended to release patches on end devices.
| Public ID | Security Rating | Technology Area | Date Reported |
| CVE-2019-14047 | High | Data Network Stack & Connectivity | Internal |
| CVE-2020-3613 | High | DSP Service | Internal |
| CVE-2020-3665 | High | WLAN HOST | Internal |
This table list moderate security vulnerabilities. OEMs have been notified and encouraged to patch these issues.
| Public ID | Security Rating | Technology Area | Date Reported |
| CVE-2019-10626 | Medium | Audio | 07/16/2019 |
| CVE-2019-14091 | Medium | NPU | 08/11/2019 |
CVE-2019-14047
| CVE ID | CVE-2019-14047 |
| Title | Improper Input Validation in HLOS Data |
| Description | While IPA driver processes route add rule IOCTL, there is no input validation of the rule ID prior to adding the rule to the IPA HW commit list |
| Technology Area | Data Network Stack & Connectivity |
| Vulnerability Type | CWE-20 Improper Input Validation |
| Access Vector | Local |
| Security Rating | High |
| Date Reported | Internal |
| Customer Notified Date | 12/02/2019 |
| Affected Chipsets* | APQ8053, APQ8096AU, MDM9607, MSM8909W, MSM8996, MSM8996AU, QCN7605, QCS605, SC8180X, SDA845, SDX20, SDX24, SDX55, SM8150, SXR1130 |
| Patch* |
CVE-2020-3613
| CVE ID | CVE-2020-3613 |
| Title | Double Free Issue in DSP Services |
| Description | Double free issue in kernel memory mapping due to lack of memory protection mechanism |
| Technology Area | DSP Service |
| Vulnerability Type | CWE-415 Double Free |
| Access Vector | Local |
| Security Rating | High |
| Date Reported | Internal |
| Customer Notified Date | 02/03/2020 |
| Affected Chipsets* | SM8150 |
| Patch* |
CVE-2020-3665
| CVE ID | CVE-2020-3665 |
| Title | Improper Validation of Array Index in WLAN HOST |
| Description | A possible buffer overflow would occur while processing command from firmware due to the group_id obtained from the firmware being out of range |
| Technology Area | WLAN HOST |
| Vulnerability Type | CWE-129 Improper Validation of Array Index |
| Access Vector | Local |
| Security Rating | High |
| Date Reported | Internal |
| Customer Notified Date | 03/02/2020 |
| Affected Chipsets* | APQ8009, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, MSM8996, MSM8996AU, QCA6174A, QCA9377, QCA9379, SDM439, SDM636, SDM660, SDX20, SDX24, SM8150 |
| Patch* |
CVE-2019-10626
| CVE ID | CVE-2019-10626 |
| Title | Information Exposure Issue inVideo |
| Description | Payload size is not validated before reading memory that may cause issue of accessing invalid pointer or some garbage data |
| Technology Area | Audio |
| Vulnerability Type | CWE-200 Information Exposure |
| Access Vector | Local |
| Security Rating | Medium |
| Date Reported | 07/16/2019 |
| Customer Notified Date | 12/02/2019 |
| Affected Chipsets* | APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Rennell, Saipan, SC8180X, SDA660, SDA845, SDM429W, SDM439, SDM670, SDM710, SDX20, SDX24, SDX55, SM8150, SM8250, SXR1130, SXR2130 |
| Patch* |
CVE-2019-14091
| CVE ID | CVE-2019-14091 |
| Title | Double Free Issue in Neural Processing Unit |
| Description | Double free issue in NPU due to lack of resource locking mechanism to avoid race condition |
| Technology Area | NPU |
| Vulnerability Type | CWE-415 Double Free |
| Access Vector | Local |
| Security Rating | Medium |
| Date Reported | 08/11/2019 |
| Customer Notified Date | 12/02/2019 |
| Affected Chipsets* | MDM9607, QCS405, Rennell, Saipan, SC8180X, SDX55, SM8150, SM8250, SXR2130 |
| Patch* |
* Data is generated only at the time of bulletin creation
Industry Coordination
Security ratings of issues included in Android security bulletins and these bulletins match in the most common scenarios but may differ in some cases due to one of the following reasons:
- Consideration of security protections such as SELinux not enforced on some platforms
- Differences in assessment of some specific scenarios that involves local denial of service or privilege escalation vulnerabilities in the high level OS kernel
Version History
| Version | Date | Comments |
| 1.0 | June 1, 2020 | Bulletin Published |
All Qualcomm products mentioned herein are products of Qualcomm Technologies, Inc. and/or its subsidiaries.
Qualcomm is a trademark of Qualcomm Incorporated, registered in the United States and other countries. Other product and brand names may be trademarks or registered trademarks of their respective owners.
This technical data may be subject to U.S. and international export, re-export, or transfer (“export”) laws. Diversion contrary to U.S. and international law is strictly prohibited.
- Table of Contents
- Announcements
- Acknowledgements
- Proprietary Software Issues
- Proprietary Software Issues
- CVE-2019-14073
- CVE-2019-14080
- CVE-2019-10597
- CVE-2019-14062
- CVE-2019-14076
- CVE-2020-3614
- CVE-2020-3626
- CVE-2020-3628
- CVE-2020-3635
- CVE-2020-3642
- CVE-2020-3658
- CVE-2020-3660
- CVE-2020-3661
- CVE-2020-3662
- CVE-2020-3663
- CVE-2020-3676
- CVE-2019-14092
- CVE-2019-14094
- Open Source Software Issues
- CVE-2019-14047
- CVE-2020-3613
- CVE-2020-3665
- CVE-2019-10626
- CVE-2019-14091
- Industry Coordination
- Version History
