#VU109331 Time-of-check Time-of-use (TOCTOU) Race Condition in Qualcomm products - CVE-2019-14119
Published: May 17, 2025
Vulnerability identifier: #VU109331
Vulnerability risk:
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:
CVE-ID: CVE-2019-14119
CWE-ID: CWE-367
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
IPQ6018
MDM9205
QCS404
QCS610
SA415M
SA515M
SC7180
Kamorta
MDM9607
Nicobar
QCS405
QCS605
Rennell
SA6155P
SC8180X
SDM670
SDM710
SDX24
SDX55
SM6150
SM7150
SM8150
SM8250
SXR1130
SXR2130
IPQ6018
MDM9205
QCS404
QCS610
SA415M
SA515M
SC7180
Kamorta
MDM9607
Nicobar
QCS405
QCS605
Rennell
SA6155P
SC8180X
SDM670
SDM710
SDX24
SDX55
SM6150
SM7150
SM8150
SM8250
SXR1130
SXR2130
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in QTEE. #AV# #AU# can #EXT_IMPACT#.
Remediation
Install security update from vendor's website.