CVE-2019-14081

Q: What is the severity of CVE-2019-14081?

CVE-2019-14081 has a CVSS score of 7.1 (HIGH). This CVE describes a buffer over-read vulnerability in Qualcomm's WLAN module when processing SAR limits messages with invalid parameters. It affects multiple Snapdragon platforms across consumer, industrial, mobile, and networking products. Attackers could potentially read sensitive memory contents or cause denial of service.

7.1 HIGH

Denial of Service Buffer Overflow

📋 TL;DR

This CVE describes a buffer over-read vulnerability in Qualcomm's WLAN module when processing SAR limits messages with invalid parameters. It affects multiple Snapdragon platforms across consumer, industrial, mobile, and networking products. Attackers could potentially read sensitive memory contents or cause denial of service.

💻 Affected Systems

Products:

APQ8098
IPQ8074
MSM8998
QCA8081
QCN7605
QCS605
SDA660
SDA845
SDM630
SDM636
SDM660
SDM670
SDM710
SDM845
SDM850
SM8150
SXR1130

Versions: All versions prior to vendor patches

Operating Systems: Android, Linux-based embedded systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices using Qualcomm WLAN firmware across multiple product categories including mobile, IoT, and networking equipment.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure of sensitive kernel memory, potential privilege escalation, or system crash leading to denial of service.

🟠

Likely Case

System instability, crashes, or limited information disclosure from adjacent memory regions.

🟢

If Mitigated

Controlled crash or restart of WLAN module with no data compromise if proper memory protections are in place.

🌐 Internet-Facing: MEDIUM - Requires WLAN access but could be exploited by nearby attackers without network authentication.

🏢 Internal Only: LOW - Typically requires local network access or physical proximity to exploit.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending specially crafted WMI messages to the WLAN module, which typically requires WLAN access but not authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Vendor-specific firmware updates

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin

Restart Required: Yes

Instructions:

1. Check with device manufacturer for firmware updates. 2. Apply Qualcomm-provided firmware patches. 3. Reboot device to load new firmware.

🔧 Temporary Workarounds

Disable WLAN if not needed

linux

Turn off wireless functionality to prevent exploitation

nmcli radio wifi off
ip link set wlan0 down

Network segmentation

all

Isolate affected devices on separate VLANs

🧯 If You Can't Patch

Implement strict network access controls to limit WLAN exposure
Monitor for unusual WLAN activity or system crashes

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against manufacturer's patched versions

Check Version:

cat /sys/class/net/wlan0/device/firmware_version

Verify Fix Applied:

Verify firmware version has been updated to patched release

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
WLAN driver crashes
System reboots

Network Indicators:

Unusual WMI protocol traffic
Malformed SAR limit messages

SIEM Query:

event.category:kernel AND (event.message:*panic* OR event.message:*WLAN*crash*)

📊 Metadata

CVE ID: CVE-2019-14081

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE: CWE-125

Published: March 5, 2020

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Apq8098 Firmware by Qualcomm

Ipq8074 Firmware by Qualcomm

Msm8998 Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qcn7605 Firmware by Qualcomm

Qcs605 Firmware by Qualcomm

Sda660 Firmware by Qualcomm

Sda845 Firmware by Qualcomm

Sdm630 Firmware by Qualcomm

Sdm636 Firmware by Qualcomm

Sdm660 Firmware by Qualcomm

Sdm670 Firmware by Qualcomm

Sdm710 Firmware by Qualcomm

Sdm845 Firmware by Qualcomm

Sdm850 Firmware by Qualcomm

Sm8150 Firmware by Qualcomm

Sxr1130 Firmware by Qualcomm