Integer overflow in Qualcomm products - CVE-2019-14056
Published: May 17, 2025
Vulnerability identifier: #VU109326
CSH Severity:
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:
CVE-ID: CVE-2019-14056
CWE-ID: CWE-190
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Qualcomm
Affected software:
Kamorta
MDM9150
MDM9607
MDM9650
Nicobar
QCS405
QCS605
Rennell
SA6155P
SC8180X
SDA660
SDA845
SDM630
SDM636
SDM660
SDM670
SDM710
SDM845
SDX55
SM6150
SM7150
SM8150
SXR1130
SXR2130
MDM9205
QCS404
QCS610
SC7180
SDM850
Kamorta
MDM9150
MDM9607
MDM9650
Nicobar
QCS405
QCS605
Rennell
SA6155P
SC8180X
SDA660
SDA845
SDM630
SDM636
SDM660
SDM670
SDM710
SDM845
SDX55
SM6150
SM7150
SM8150
SXR1130
SXR2130
MDM9205
QCS404
QCS610
SC7180
SDM850
Detailed vulnerability description
The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in TrustZone. #AV# #AU# can #EXT_IMPACT#.
How to mitigate CVE-2019-14056
Install security update from vendor's website.