7.8
CVE-2019-14091
- EPSS 0.03%
- Published 22.06.2020 07:15:11
- Last modified 21.11.2024 04:26:04
- Source product-security@qualcomm.com
- Teams watchlist Login
- Open Login
Double free issue in NPU due to lack of resource locking mechanism to avoid race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, QCS405, Rennell, Saipan, SC8180X, SDX55, SM8150, SM8250, SXR2130
Data is provided by the National Vulnerability Database (NVD)
Qualcomm ≫ Mdm9607 Firmware Version-
Qualcomm ≫ Qcs405 Firmware Version-
Qualcomm ≫ Rennell Firmware Version-
Qualcomm ≫ Saipan Firmware Version-
Qualcomm ≫ Sc8180x Firmware Version-
Qualcomm ≫ Sdx55 Firmware Version-
Qualcomm ≫ Sm8150 Firmware Version-
Qualcomm ≫ Sm8250 Firmware Version-
Qualcomm ≫ Sxr2130 Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.061 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
CWE-415 Double Free
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.
CWE-667 Improper Locking
The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.