{ "id": "CVE-2019-14116", "sourceIdentifier": "product-security@qualcomm.com", "published": "2020-04-16T11:15:15.307", "lastModified": "2024-11-21T04:26:07.230", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Privilege escalation by using an altered debug policy image can occur as the XPU protecting the debug policy regions are disabled during the crash dump boot flow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ6018" }, { "lang": "es", "value": "Una escalada de privilegios mediante el uso de una imagen de la pol\u00edtica de depuraci\u00f3n alterada puede ocurrir ya que las regiones de la pol\u00edtica de depuraci\u00f3n que protegen la XPU son deshabilitadas durante el flujo de inicio de un volcado de bloqueo en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking en la versi\u00f3n IPQ6018." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "baseScore": 7.2, "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE" }, "baseSeverity": "HIGH", "exploitabilityScore": 3.9, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-862" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:qualcomm:ipq6018_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "B04589FF-F299-4EF6-A57B-1AD145372DBB" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:qualcomm:ipq6018:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDC1ADAD-DA77-47EF-8DB9-C36961C560C2" } ] } ] } ], "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin", "source": "product-security@qualcomm.com", "tags": [ "Vendor Advisory" ] }, { "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] } ] }