7.8

CVE-2019-14055

Possibility of use-after-free and double free because of not marking buffer as NULL after freeing can lead to dangling pointer access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8939, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS605, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM8150, SM8250, SXR1130, SXR2130

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QualcommApq8009 Firmware Version-
   QualcommApq8009 Version-
QualcommApq8017 Firmware Version-
   QualcommApq8017 Version-
QualcommApq8053 Firmware Version-
   QualcommApq8053 Version-
QualcommApq8096au Firmware Version-
   QualcommApq8096au Version-
QualcommApq8098 Firmware Version-
   QualcommApq8098 Version-
QualcommMdm9206 Firmware Version-
   QualcommMdm9206 Version-
QualcommMdm9207c Firmware Version-
   QualcommMdm9207c Version-
QualcommMdm9607 Firmware Version-
   QualcommMdm9607 Version-
QualcommMdm9640 Firmware Version-
   QualcommMdm9640 Version-
QualcommMdm9650 Firmware Version-
   QualcommMdm9650 Version-
QualcommMsm8905 Firmware Version-
   QualcommMsm8905 Version-
QualcommMsm8909w Firmware Version-
   QualcommMsm8909w Version-
QualcommMsm8939 Firmware Version-
   QualcommMsm8939 Version-
QualcommMsm8953 Firmware Version-
   QualcommMsm8953 Version-
QualcommMsm8996au Firmware Version-
   QualcommMsm8996au Version-
QualcommMsm8998 Firmware Version-
   QualcommMsm8998 Version-
QualcommNicobar Firmware Version-
   QualcommNicobar Version-
QualcommQcn7605 Firmware Version-
   QualcommQcn7605 Version-
QualcommQcs605 Firmware Version-
   QualcommQcs605 Version-
QualcommSc8180x Firmware Version-
   QualcommSc8180x Version-
QualcommSda660 Firmware Version-
   QualcommSda660 Version-
QualcommSda845 Firmware Version-
   QualcommSda845 Version-
QualcommSdm429 Firmware Version-
   QualcommSdm429 Version-
QualcommSdm429w Firmware Version-
   QualcommSdm429w Version-
QualcommSdm439 Firmware Version-
   QualcommSdm439 Version-
QualcommSdm450 Firmware Version-
   QualcommSdm450 Version-
QualcommSdm630 Firmware Version-
   QualcommSdm630 Version-
QualcommSdm632 Firmware Version-
   QualcommSdm632 Version-
QualcommSdm636 Firmware Version-
   QualcommSdm636 Version-
QualcommSdm660 Firmware Version-
   QualcommSdm660 Version-
QualcommSdm845 Firmware Version-
   QualcommSdm845 Version-
QualcommSdx20 Firmware Version-
   QualcommSdx20 Version-
QualcommSdx24 Firmware Version-
   QualcommSdx24 Version-
QualcommSdx55 Firmware Version-
   QualcommSdx55 Version-
QualcommSm8150 Firmware Version-
   QualcommSm8150 Version-
QualcommSm8250 Firmware Version-
   QualcommSm8250 Version-
QualcommSxr1130 Firmware Version-
   QualcommSxr1130 Version-
QualcommSxr2130 Firmware Version-
   QualcommSxr2130 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.077
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-415 Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.