cve/2019/CVE-2019-14091.md

### [CVE-2019-14091](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14091)
![](https://img.shields.io/static/v1?label=Product&message=Snapdragon%20Auto%2C%20Snapdragon%20Compute%2C%20Snapdragon%20Consumer%20IOT%2C%20Snapdragon%20Industrial%20IOT%2C%20Snapdragon%20Mobile%2C%20Snapdragon%20Voice%20%26%20Music&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Double%20Free%20Issue%20in%20Neural%20Processing%20Unit&color=brighgreen)

### Description

Double free issue in NPU due to lack of resource locking mechanism to avoid race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, QCS405, Rennell, Saipan, SC8180X, SDX55, SM8150, SM8250, SXR2130

### POC

#### Reference
- https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin

#### Github
No PoCs found on GitHub currently.