Key Management Errors in Qualcomm products - CVE-2019-14089
Published: May 17, 2025
Vulnerability identifier: #VU109329
CSH Severity:
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:
CVE-ID: CVE-2019-14089
CWE-ID: CWE-320
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Qualcomm
Affected software:
Kamorta
Nicobar
Rennell
SA6155P
SC8180X
SDX55
SM6150
SM7150
SM8150
SM8250
SXR2130
QCS404
QCS610
SA515M
SC7180
Kamorta
Nicobar
Rennell
SA6155P
SC8180X
SDX55
SM6150
SM7150
SM8150
SM8250
SXR2130
QCS404
QCS610
SA515M
SC7180
Detailed vulnerability description
The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in HLOS. #AV# #AU# can #EXT_IMPACT#.
How to mitigate CVE-2019-14089
Install security update from vendor's website.