CVE-2019-14088
Google Android V4l2 cam_actuator_driver_cmd Use-After-Free Privilege Escalation Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Possible use after free issue while CRM is accessing the link pointer from device private data due to lack of resource protection in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, MDM9206, MDM9207C, MDM9607, QCS605, SDM429W, SDX24, SM8150, SXR1130
Un posible problema de uso de la memoria previamente liberada mientras CRM accede al puntero de enlace desde los datos privados del dispositivo debido a una falta de protección de recursos en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables en las versiones APQ8009, MDM9206, MDM9207C, MDM9607, QCS605, SDM429W, SDX24, SM8150, SXR1130.
This vulnerability allows local attackers to escalate privileges on affected installations of Google Android. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the cam_actuator_driver_cmd function in the V4l2 driver. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-07-19 CVE Reserved
- 2020-02-07 CVE Published
- 2024-01-31 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-20-199 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin | 2020-02-12 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Qualcomm Search vendor "Qualcomm" | Apq8009 Firmware Search vendor "Qualcomm" for product "Apq8009 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Apq8009 Search vendor "Qualcomm" for product "Apq8009" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Mdm9206 Firmware Search vendor "Qualcomm" for product "Mdm9206 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Mdm9206 Search vendor "Qualcomm" for product "Mdm9206" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Mdm9207c Firmware Search vendor "Qualcomm" for product "Mdm9207c Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Mdm9207c Search vendor "Qualcomm" for product "Mdm9207c" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Mdm9607 Firmware Search vendor "Qualcomm" for product "Mdm9607 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Mdm9607 Search vendor "Qualcomm" for product "Mdm9607" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Qcs605 Firmware Search vendor "Qualcomm" for product "Qcs605 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Qcs605 Search vendor "Qualcomm" for product "Qcs605" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sdm429w Firmware Search vendor "Qualcomm" for product "Sdm429w Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sdm429w Search vendor "Qualcomm" for product "Sdm429w" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sdx24 Firmware Search vendor "Qualcomm" for product "Sdx24 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sdx24 Search vendor "Qualcomm" for product "Sdx24" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sm8150 Firmware Search vendor "Qualcomm" for product "Sm8150 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sm8150 Search vendor "Qualcomm" for product "Sm8150" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sxr1130 Firmware Search vendor "Qualcomm" for product "Sxr1130 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sxr1130 Search vendor "Qualcomm" for product "Sxr1130" | - | - |
Safe
|