Qualcomm Snapdragon Auto up to SXR1130 IPA Driver input validation

entryeditHistoryDiffjsonxmlCTI

A vulnerability has been found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice , Music and Snapdragon Wearables (Chip Software) and classified as critical. Affected by this vulnerability is an unknown functionality of the component IPA Driver. Upgrading eliminates this vulnerability.

Field06/23/2020 07:06 AM06/23/2020 07:11 AM10/26/2020 10:32 AM
vendorQualcommQualcommQualcomm
nameSnapdragon Auto/Snapdragon Compute/Snapdragon Connectivity/Snapdragon Consumer Electronics Connectivity/Snapdragon Consumer IOT/Snapdragon Industrial IOT/Snapdragon Mobile/Snapdragon Voice / Music/Snapdragon WearablesSnapdragon Auto/Snapdragon Compute/Snapdragon Connectivity/Snapdragon Consumer Electronics Connectivity/Snapdragon Consumer IOT/Snapdragon Industrial IOT/Snapdragon Mobile/Snapdragon Voice / Music/Snapdragon WearablesSnapdragon Auto/Snapdragon Compute/Snapdragon Connectivity/Snapdragon Consumer Electronics Connectivity/Snapdragon Consumer IOT/Snapdragon Industrial IOT/Snapdragon Mobile/Snapdragon Voice / Music/Snapdragon Wearables
versionAPQ8053/APQ8096AU/MDM9607/MSM8909W/MSM8996/MSM8996AU/QCN7605/QCS605/SC8180X/SDA845/SDX20/SDX24/SDX55/SM8150/SXR1130APQ8053/APQ8096AU/MDM9607/MSM8909W/MSM8996/MSM8996AU/QCN7605/QCS605/SC8180X/SDA845/SDX20/SDX24/SDX55/SM8150/SXR1130APQ8053/APQ8096AU/MDM9607/MSM8909W/MSM8996/MSM8996AU/QCN7605/QCS605/SC8180X/SDA845/SDX20/SDX24/SDX55/SM8150/SXR1130
componentIPA DriverIPA DriverIPA Driver
cvss2_vuldb_basescore7.27.27.2
cvss2_vuldb_tempscore6.36.36.3
cvss2_vuldb_avLLL
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciCCC
cvss2_vuldb_iiCCC
cvss2_vuldb_aiCCC
cvss3_meta_basescore7.87.87.8
cvss3_meta_tempscore7.57.57.5
cvss3_vuldb_basescore7.87.87.8
cvss3_vuldb_tempscore7.57.57.5
cvss3_vuldb_avLLL
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cHHH
cvss3_vuldb_iHHH
cvss3_vuldb_aHHH
date1592784000 (06/22/2020)1592784000 (06/22/2020)1592784000 (06/22/2020)
locationWebsiteWebsiteWebsite
typeSecurity BulletinSecurity BulletinSecurity Bulletin
urlhttps://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletinhttps://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletinhttps://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin
price_0day$5k-$25k$5k-$25k$5k-$25k
nameUpgradeUpgradeUpgrade
cveCVE-2019-14047CVE-2019-14047CVE-2019-14047
seealso157079 157080 157082 157083 157084 157085 157086 157087 157088 157134 157135 157136 157137 157138 157139 157140 157141 157142 157143 157144 157145 157146157079 157080 157082 157083 157084 157085 157086 157087 157088 157134 157135 157136 157137 157138 157139 157140 157141 157142 157143 157144 157145 157146157079 157080 157082 157083 157084 157085 157086 157087 157088 157134 157135 157136 157137 157138 157139 157140 157141 157142 157143 157144 157145 157146
risk222
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcCCC
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
cvss3_nvd_basescore7.87.87.8
typeChip SoftwareChip Software
cwe020 (privilege escalation)20 (privilege escalation)
cvss2_nvd_avLL
cvss2_nvd_acLL
cvss2_nvd_auNN
cvss2_nvd_ciCC
cvss2_nvd_iiCC
cvss2_nvd_aiCC
cvss3_nvd_avLL
cvss3_nvd_acLL
cvss3_nvd_prLL
cvss3_nvd_uiNN
cvss3_nvd_sUU
cvss3_nvd_cHH
cvss3_nvd_iHH
cvss3_nvd_aHH
cve_assigned15634944001563494400
cve_nvd_summaryWhile IPA driver processes route add rule IOCTL, there is no input validation of the rule ID prior to adding the rule to the IPA HW commit list in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, APQ8096AU, MDM9607, MSM8909W, MSM8996, MSM8996AU, QCN7605, QCS605, SC8180X, SDA845, SDX20, SDX24, SDX55, SM8150, SXR1130While IPA driver processes route add rule IOCTL, there is no input validation of the rule ID prior to adding the rule to the IPA HW commit list in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, APQ8096AU, MDM9607, MSM8909W, MSM8996, MSM8996AU, QCN7605, QCS605, SC8180X, SDA845, SDX20, SDX24, SDX55, SM8150, SXR1130
confirm_urlhttps://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!