Msm8940 Firmware
Monthly
Non Secure Kernel can cause Trustzone to do an arbitrary memory read which will result into DOS in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
While invoking the API to copy from fd or local buffer to the secure buffer, Parameters being populated are from non secure environment. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
SNDCP module may access array out side its boundary when it receives malformed XID message. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information disclosure due to lack of address range check done on the SysDBG buffers in SDI code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Lack of integrity check allows MODEM to accept any NAS messages which can result into authentication bypass of NAS in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Buffer over read can happen while parsing downlink session management OTA messages if network sends un-intended values in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds access can occur in camera driver due to improper validation of array index in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Use after free issue in Xtra daemon shutdown due to static object instance getting freed from a multiple places in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Non Secure Kernel can cause Trustzone to do an arbitrary memory read which will result into DOS in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
While invoking the API to copy from fd or local buffer to the secure buffer, Parameters being populated are from non secure environment. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
SNDCP module may access array out side its boundary when it receives malformed XID message. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information disclosure due to lack of address range check done on the SysDBG buffers in SDI code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Lack of integrity check allows MODEM to accept any NAS messages which can result into authentication bypass of NAS in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Buffer over read can happen while parsing downlink session management OTA messages if network sends un-intended values in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds access can occur in camera driver due to improper validation of array index in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Use after free issue in Xtra daemon shutdown due to static object instance getting freed from a multiple places in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.