#VU109329 Key Management Errors in Qualcomm products - CVE-2019-14089
Published: May 17, 2025
Vulnerability identifier: #VU109329
Vulnerability risk:
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:
CVE-ID: CVE-2019-14089
CWE-ID: CWE-320
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Kamorta
Nicobar
Rennell
SA6155P
SC8180X
SDX55
SM6150
SM7150
SM8150
SM8250
SXR2130
QCS404
QCS610
SA515M
SC7180
Kamorta
Nicobar
Rennell
SA6155P
SC8180X
SDX55
SM6150
SM7150
SM8150
SM8250
SXR2130
QCS404
QCS610
SA515M
SC7180
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in HLOS. #AV# #AU# can #EXT_IMPACT#.
Remediation
Install security update from vendor's website.