7.8
CVE-2019-14088
- EPSS 0.04%
- Veröffentlicht 07.02.2020 05:15:12
- Zuletzt bearbeitet 21.11.2024 04:26:04
- Quelle product-security@qualcomm.com
- Teams Watchlist Login
- Unerledigt Login
Possible use after free issue while CRM is accessing the link pointer from device private data due to lack of resource protection in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, MDM9206, MDM9207C, MDM9607, QCS605, SDM429W, SDX24, SM8150, SXR1130
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Qualcomm ≫ Apq8009 Firmware Version-
Qualcomm ≫ Mdm9206 Firmware Version-
Qualcomm ≫ Mdm9207c Firmware Version-
Qualcomm ≫ Mdm9607 Firmware Version-
Qualcomm ≫ Qcs605 Firmware Version-
Qualcomm ≫ Sdm429w Firmware Version-
Qualcomm ≫ Sdx24 Firmware Version-
Qualcomm ≫ Sm8150 Firmware Version-
Qualcomm ≫ Sxr1130 Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.096 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.