CVE-2019-14047 Information
Feb 14, 2021
cve
Description
While IPA driver processes route add rule IOCTL there is no input validation of the rule ID prior to adding the rule to the IPA HW commit list in Snapdragon Auto Snapdragon Compute Snapdragon Connectivity Snapdragon Consumer Electronics Connectivity Snapdragon Consumer IOT Snapdragon Industrial IOT Snapdragon Mobile Snapdragon Voice & Music Snapdragon Wearables in APQ8053 APQ8096AU MDM9607 MSM8909W MSM8996 MSM8996AU QCN7605 QCS605 SC8180X SDA845 SDX20 SDX24 SDX55 SM8150 SXR1130
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Reference
https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin https://www.qualcomm.com/company/product-security/bulletins/june-2020-security-bulletin
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
7.8
Share on: