CVE-2019-14008
Vulnerability from cvelistv5
Published
2020-01-21 06:30
Modified
2024-08-05 00:05
Severity ?
Summary
Possible null pointer dereference issue in location assistance data processing due to missing null check on resources before using it in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9607, MDM9650, SDM660, SDM845, SM8150, SM8250, SXR2130
References
product-security@qualcomm.comhttps://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletinVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletinVendor Advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:05:44.184Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "MDM9150, MDM9607, MDM9650, SDM660, SDM845, SM8150, SM8250, SXR2130"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Possible null pointer dereference issue in location assistance data processing due to missing null check on resources before using it in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9607, MDM9650, SDM660, SDM845, SM8150, SM8250, SXR2130"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Null Pointer Dereference Issue in GPS",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-21T06:30:52",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@qualcomm.com",
          "ID": "CVE-2019-14008",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "MDM9150, MDM9607, MDM9650, SDM660, SDM845, SM8150, SM8250, SXR2130"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Qualcomm, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Possible null pointer dereference issue in location assistance data processing due to missing null check on resources before using it in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9607, MDM9650, SDM660, SDM845, SM8150, SM8250, SXR2130"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Null Pointer Dereference Issue in GPS"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin",
              "refsource": "CONFIRM",
              "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2019-14008",
    "datePublished": "2020-01-21T06:30:53",
    "dateReserved": "2019-07-19T00:00:00",
    "dateUpdated": "2024-08-05T00:05:44.184Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qualcomm:mdm9150_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E2F2D26-2833-45A4-81F0-8E9F338C1E13\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:qualcomm:mdm9150:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4EB171B1-D163-4801-A241-8DD7193A5DCB\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A35FECFB-60AE-42A8-BCBB-FEA7D5826D49\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9765187-8653-4D66-B230-B2CE862AC5C0\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"35B7E25E-FA92-4C36-883C-CFF36F4B3507\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ECD99C6F-2444-4A5E-A517-0C8023DDF23D\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24D7B67C-6FEC-48F8-9D46-778E4528BC20\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:qualcomm:sdm660:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"05006807-D961-446C-B8DC-C87507F1316E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qualcomm:sdm845_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DED4B719-53B5-4D16-B3FA-ADE29D28ED86\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:qualcomm:sdm845:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D342C86B-E184-457C-9F72-BD853ED79425\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9286B1E8-E39F-4DAA-8969-311CA2A0A8AA\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:qualcomm:sm8150:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"19B9AE36-87A9-4EE7-87C8-CCA2DCF51039\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qualcomm:sm8250_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DDC730C6-FB32-4566-AAE2-B2B261BA9411\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:qualcomm:sm8250:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A432773-467F-492C-AA3A-ADF08A21FB3F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F9FA3B1-E4E4-4D9B-A99C-7BF958D4B993\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:qualcomm:sxr2130:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"95762B01-2762-45BD-8388-5DB77EA6139C\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Possible null pointer dereference issue in location assistance data processing due to missing null check on resources before using it in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9607, MDM9650, SDM660, SDM845, SM8150, SM8250, SXR2130\"}, {\"lang\": \"es\", \"value\": \"Un posible problema de desreferencia del puntero null en el procesamiento de datos de la asistencia de localizaci\\u00f3n debido a la falta de comprobaci\\u00f3n de null en los recursos antes de usarlos en los productos Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile en las versiones MDM9150, MDM9607, MDM9650, SDM660, SDM845, SM8150, SM8250, SXR2130.\"}]",
      "id": "CVE-2019-14008",
      "lastModified": "2024-11-21T04:25:53.167",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:C\", \"baseScore\": 7.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-01-21T07:15:12.353",
      "references": "[{\"url\": \"https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin\", \"source\": \"product-security@qualcomm.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@qualcomm.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-476\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-14008\",\"sourceIdentifier\":\"product-security@qualcomm.com\",\"published\":\"2020-01-21T07:15:12.353\",\"lastModified\":\"2024-11-21T04:25:53.167\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Possible null pointer dereference issue in location assistance data processing due to missing null check on resources before using it in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9607, MDM9650, SDM660, SDM845, SM8150, SM8250, SXR2130\"},{\"lang\":\"es\",\"value\":\"Un posible problema de desreferencia del puntero null en el procesamiento de datos de la asistencia de localizaci\u00f3n debido a la falta de comprobaci\u00f3n de null en los recursos antes de usarlos en los productos Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile en las versiones MDM9150, MDM9607, MDM9650, SDM660, SDM845, SM8150, SM8250, SXR2130.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:mdm9150_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E2F2D26-2833-45A4-81F0-8E9F338C1E13\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:mdm9150:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EB171B1-D163-4801-A241-8DD7193A5DCB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A35FECFB-60AE-42A8-BCBB-FEA7D5826D49\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9765187-8653-4D66-B230-B2CE862AC5C0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35B7E25E-FA92-4C36-883C-CFF36F4B3507\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECD99C6F-2444-4A5E-A517-0C8023DDF23D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24D7B67C-6FEC-48F8-9D46-778E4528BC20\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sdm660:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05006807-D961-446C-B8DC-C87507F1316E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sdm845_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DED4B719-53B5-4D16-B3FA-ADE29D28ED86\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sdm845:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D342C86B-E184-457C-9F72-BD853ED79425\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9286B1E8-E39F-4DAA-8969-311CA2A0A8AA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sm8150:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19B9AE36-87A9-4EE7-87C8-CCA2DCF51039\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sm8250_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDC730C6-FB32-4566-AAE2-B2B261BA9411\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sm8250:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A432773-467F-492C-AA3A-ADF08A21FB3F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F9FA3B1-E4E4-4D9B-A99C-7BF958D4B993\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sxr2130:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95762B01-2762-45BD-8388-5DB77EA6139C\"}]}]}],\"references\":[{\"url\":\"https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin\",\"source\":\"product-security@qualcomm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.