Skip to main content

Msm8996au Firmware

379 CVEs product

Monthly

CVE-2020-3644 MEDIUM This Month

u'Information disclosure issue occurs as in current logic Secure Touch session is released without terminating display session' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Apq8009 Firmware Apq8096Au Firmware Apq8098 Firmware +39
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-3643 MEDIUM This Month

u'Information disclosure issue can occur due to partial secure display-touch session tear-down' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +55
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-3624 HIGH This Week

u'A potential buffer overflow exists due to integer overflow when parsing handler options due to wrong data type usage in operation' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Integer Overflow Apq8009 Firmware Apq8017 Firmware +59
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3622 HIGH This Week

u'Channel name string which has been read from shared memory is potentially subjected to string manipulations but not validated for NULL termination can results into memory corruption' in Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption Apq8009 Apq8017 +128
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3621 MEDIUM This Month

u'Lack of check to ensure that the TX read index & RX write index that are read from shared memory are less than the FIFO size results into memory corruption and potential information leakage' in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8053 Firmware Apq8096Au Firmware +60
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-3620 MEDIUM This Month

u'Lack of check of integer overflow while doing a round up operation for data read from shared memory for G-link SMEM transport can lead to corruption and potential information leak' in Snapdragon. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Integer Overflow Apq8009 Firmware Apq8053 Firmware +61
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-11116 CRITICAL PATCH Act Now

u'Possible out of bound write while processing association response received from host due to lack of check of IE length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8053 Firmware Apq8096Au Firmware +46
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-11115 HIGH PATCH This Week

u'Buffer over read occurs while processing information element from beacon due to lack of check of data received from beacon' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure Apq8009 Firmware Apq8053 Firmware +46
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-3700 HIGH PATCH This Week

Possible out of bounds read due to a missing bounds check and could lead to local information disclosure in the wifi driver with no additional execution privileges needed in Snapdragon Auto,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure Apq8053 Firmware Apq8096Au Firmware +16
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-3699 CRITICAL PATCH Act Now

Possible out of bound access while processing assoc response from host due to improper length check before copying into buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +44
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-3698 CRITICAL PATCH Act Now

Out of bound write while QoS DSCP mapping due to improper input validation for data received from association response frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +43
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-3688 CRITICAL Act Now

Possible buffer overflow while parsing mp4 clip with corrupted sample atoms due to improper validation of index in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +45
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-3665 HIGH This Week

A possible buffer overflow would occur while processing command from firmware due to the group_id obtained from the firmware being out of range in Snapdragon Auto, Snapdragon Compute, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8053 Firmware Apq8096Au Firmware +18
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3663 CRITICAL Act Now

Buffer over-write may occur during fetching track decoder specific information if cb size exceeds buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption Apq8009 Firmware Apq8017 Firmware +42
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-3662 CRITICAL Act Now

Buffer overflow can occur while parsing eac3 header while playing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +30
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-3661 CRITICAL Act Now

Buffer overflow will happen while parsing mp4 clip with corrupted sample atoms values which exceeds MAX_UINT32 range due to lack of validation checks in Snapdragon Auto, Snapdragon Compute,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +41
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-3660 CRITICAL Act Now

Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +34
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-3658 CRITICAL Act Now

Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware +42
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2020-3635 HIGH This Week

Stack based overflow If the maximum number of arguments allowed per request in perflock exceeds in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption Apq8053 Firmware Apq8096Au Firmware +32
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3626 HIGH This Week

Any application can bind to it and exercise the APIs due to no protection for AIDL uimlpaservice in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Privilege Escalation Apq8053 Firmware Apq8096Au Firmware Apq8098 Firmware +33
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3614 CRITICAL Act Now

Possible buffer overflow while copying the frame to local buffer due to lack of check of length before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +52
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-3641 CRITICAL Act Now

Integer overflow may occur if atom size is less than atom offset as there is improper validation of atom size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Integer Overflow Apq8009 Firmware Apq8053 Firmware +36
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-3633 CRITICAL Act Now

Array out of bound may occur while playing mp3 file as no check is there on offset if it is greater than the buffer allocated or not in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Apq8009 Firmware Apq8053 Firmware Apq8096Au Firmware +34
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-3630 HIGH PATCH This Week

Possibility of out of bound access while processing the responses from video firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Apq8009 Firmware Apq8053 Firmware Apq8096Au Firmware +45
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3616 HIGH This Week

Buffer overflow in display function due to memory copy without checking length of size using strcpy function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8017 Firmware Apq8053 Firmware Apq8096Au Firmware +24
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3615 CRITICAL PATCH Act Now

Valid deauth/disassoc frames is dropped in case if RMF is enabled and some rouge peer keep on sending rogue deauth/disassoc frames due to improper enum values used to check the frame subtype in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Information Disclosure Apq8009 Firmware Apq8053 Firmware Apq8096Au Firmware +22
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2020-3610 HIGH PATCH This Week

Possibility of double free of the drawobj that is added to the drawqueue array of the context during IOCTL commands as there is no refcount taken for this object in Snapdragon Auto, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Apq8009 Firmware Apq8053 Firmware Apq8096Au Firmware +34
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3651 HIGH PATCH This Week

Active command timeout since WM status change cmd is not removed from active queue if peer sends multiple deauth frames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +37
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2019-2242 CRITICAL Act Now

Device memory may get corrupted because of buffer overflow/underflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Qualcomm Buffer Overflow Apq8009 Firmware Apq8016 Firmware +46
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-10614 CRITICAL PATCH Act Now

Out of boundary access is possible as there is no validation of data accessed against the received size of the packet in case of malicious firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Qualcomm Memory Corruption Apq8009 Firmware Apq8017 Firmware +43
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-10607 HIGH PATCH This Week

Out of bounds memcpy can occur by providing the embedded NULL character string and length greater than the actual string length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +36
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10601 HIGH PATCH This Week

Out of bound access can occur while processing firmware event due to lack of validation of WMI message received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Apq8096Au Firmware Ipq4019 Firmware Ipq8064 Firmware +13
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10600 HIGH PATCH This Week

Use of local variable as argument to netlink CB callback goes out of it scope when callback triggered lead to invalid stack memory in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Qualcomm Apq8009 Firmware Apq8017 Firmware +48
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10598 HIGH PATCH This Week

Out of bound access can occur while processing peer info in IBSS connection mode due to lack of upper bounds check to ensure that for loop further will not cause an overflow in Snapdragon Auto,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Apq8053 Firmware Apq8096Au Firmware Mdm9607 Firmware +17
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10595 HIGH PATCH This Week

Possible buffer overwrite in message handler due to lack of validation of tid value calculated from packets received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Apq8009 Firmware Apq8053 Firmware Apq8064 Firmware +27
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10584 HIGH PATCH This Week

Possibility of out of bound access in debug queue, if packet size field is corrupted in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware +43
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10572 CRITICAL PATCH Act Now

Improper check in video driver while processing data from video firmware can lead to integer overflow and then buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Qualcomm Buffer Overflow Apq8009 Firmware Apq8017 Firmware +41
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2019-10557 CRITICAL PATCH Act Now

Out-of-bound read in the wireless driver in the Linux kernel due to lack of check of buffer length. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure Qualcomm Apq8009 Firmware +22
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-10544 HIGH PATCH This Week

Improper length check on source buffer to handle userspace data received can lead to out-of-bound access in diag handlers in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +43
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10536 HIGH PATCH This Week

Potential double free scenario if driver receives another DIAG_EVENT_LOG_SUPPORTED event from firmware as the pointer is not set to NULL on first call in Snapdragon Auto, Snapdragon Compute,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +44
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10525 CRITICAL Act Now

Buffer overflow during SIB read when network configures complete sib list along with first and last segment of other SIB in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption Apq8009 Firmware Apq8017 Firmware +50
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-10518 HIGH This Week

Use after free of a pointer in iWLAN scenario during netmgr state transition to CONNECT in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Use After Free Qualcomm Memory Corruption Apq8009 Firmware +48
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10517 HIGH This Week

Memory is being freed up twice when two concurrent threads are executing in parallel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +30
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10516 CRITICAL Act Now

Multiple read overflows in MM while decoding service accept,service reject,attach reject and MT detach in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware +50
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-10513 MEDIUM This Month

Possibility of Null pointer access if the SPDM commands are executed in the non-standard way in Trustzone in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Qualcomm Apq8009 Firmware Apq8017 Firmware +47
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-10500 CRITICAL Act Now

While processing MT Secondary PDP request, Buffer overflow will happen due to incorrect calculation of buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +49
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-10487 CRITICAL Act Now

Buffer over read can happen while parsing SMS OTA messages at transport layer if network sends un-intended values in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware +51
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-10482 MEDIUM This Month

Due to the use of non-time-constant comparison functions there is issue in timing side channels which can be used as a potential side channel for SUI corruption in Snapdragon Auto, Snapdragon. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +46
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2019-10481 HIGH PATCH This Week

Out of bound access occurs while handling the WMI FW event due to lack of check of buffer argument which comes directly from the WLAN FW in Snapdragon Auto, Snapdragon Consumer Electronics. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Apq8096Au Firmware Ipq4019 Firmware Ipq8064 Firmware +10
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10480 HIGH PATCH This Week

Out of bound write can happen in WMI firmware event handler due to lack of validation of data received from WLAN firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Qualcomm Memory Corruption Apq8009 Firmware Apq8017 Firmware +41
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-2337 HIGH This Week

While Skipping unknown IES, EMM is reading the buffer even if the no of bytes to read are more than message length which may cause device to shutdown in Snapdragon Auto, Snapdragon Compute,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Apq8053 Firmware Apq8096Au Firmware +46
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2019-2321 HIGH This Week

Incorrect length used while validating the qsee log buffer sent from HLOS which could then lead to remap conflict in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +47
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-2320 CRITICAL Act Now

Possible out of bounds write in a MT SMS/SS scenario due to improper validation of array index in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +51
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-2310 HIGH PATCH This Week

Out of bound read would occur while trying to read action category and action ID without validating the action length of the Rx Frame body in Snapdragon Auto, Snapdragon Consumer Electronics. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware +33
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2019-2288 HIGH This Week

Out of bound write in TZ while copying the secure dump structure on HLOS provided buffer as a part of memory dump in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +37
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10592 HIGH This Week

Possible integer overflow while multiplying two integers of 32 bit in QDCM API of get display modes as there is no check on the maximum mode count in Snapdragon Auto, Snapdragon Compute, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Qualcomm Buffer Overflow Apq8017 Firmware Apq8053 Firmware +37
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10571 HIGH PATCH This Week

Snapshot of IB can lead to invalid address access due to missing check for size in the related function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Apq8017 Firmware Apq8053 Firmware Apq8096Au Firmware +38
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10559 CRITICAL Act Now

Accessing data buffer beyond the available data while parsing ogg clip can lead to null-pointer dereference and then memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware +35
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-10555 HIGH PATCH This Week

Buffer overflow can occur due to usage of wrong datatype and missing length check before copying into buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Apq8017 Firmware Apq8053 Firmware Apq8096Au Firmware +37
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10530 HIGH PATCH This Week

Lack of check of data truncation on user supplied data in kernel leads to buffer overflow in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Qualcomm Buffer Overflow Mdm9150 Firmware Mdm9206 Firmware +34
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10511 CRITICAL Act Now

Possibility of memory overflow while decoding GSNDCP compressed mode PDU in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +52
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-10494 HIGH PATCH This Week

Race condition between the camera functions due to lack of resource lock which will lead to memory corruption and UAF issue in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +38
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2019-10493 CRITICAL Act Now

Position determination accuracy may be degraded due to wrongly decoded information in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8053 Firmware Mdm9206 Firmware Mdm9207C Firmware +45
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-10485 HIGH This Week

Infinite loop while decoding compressed data can lead to overrun condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +52
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2019-2335 HIGH This Week

While processing Attach Reject message, Valid exit condition is not met resulting into an infinite loop in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +50
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2019-2318 MEDIUM This Month

Non Secure Kernel can cause Trustzone to do an arbitrary memory read which will result into DOS in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Apq8017 Firmware Apq8053 Firmware +17
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-2315 HIGH This Week

While invoking the API to copy from fd or local buffer to the secure buffer, Parameters being populated are from non secure environment. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +40
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-2303 CRITICAL Act Now

SNDCP module may access array out side its boundary when it receives malformed XID message. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware +53
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2019-2297 HIGH PATCH This Week

Buffer overflow can occur while processing non-standard NAN message from user space. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +27
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-2289 CRITICAL Act Now

Lack of integrity check allows MODEM to accept any NAS messages which can result into authentication bypass of NAS in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +52
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2019-2271 CRITICAL Act Now

Buffer over read can happen while parsing downlink session management OTA messages if network sends un-intended values in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware +53
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-2268 CRITICAL PATCH Act Now

Possible OOB read issue in P2P action frames while handling WLAN management frame in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware +24
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2019-2251 HIGH This Week

If a bitmap file is loaded from any un-authenticated source, there is a possibility that the bitmap can potentially cause stack buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption Apq8016 Firmware Apq8096Au Firmware +25
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10566 HIGH PATCH This Week

Buffer overflow can occur in wlan module if supported rates or extended rates element length is greater than max rate set length in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Apq8017 Firmware Apq8053 Firmware Apq8096Au Firmware +23
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10563 HIGH PATCH This Week

Buffer over-read can occur in fast message handler due to improper input validation while processing a message from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Apq8053 Firmware Apq8096Au Firmware Msm8996au Firmware +9
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10535 MEDIUM PATCH This Month

Improper validation for loop variable received from firmware can lead to out of bound access in WLAN function while iterating through loop in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Apq8053 Firmware Apq8096Au Firmware Apq8098 Firmware +10
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-10503 HIGH PATCH This Week

Out-of-bounds access can occur in camera driver due to improper validation of array index in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +24
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10490 MEDIUM This Month

Use after free issue in Xtra daemon shutdown due to static object instance getting freed from a multiple places in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Use After Free Qualcomm Memory Corruption Apq8009 Firmware +37
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-10486 HIGH PATCH This Week

Race condition due to the lack of resource lock which will be concurrently modified in the memcpy statement leads to out of bound access in Snapdragon Auto, Snapdragon Consumer Electronics. Rated high severity (CVSS 7.0).

Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +33
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2019-2332 CRITICAL PATCH Act Now

Memory corruption while accessing the memory as payload size is not validated before access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Qualcomm Memory Corruption Mdm9150 Firmware Mdm9206 Firmware +44
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-2331 CRITICAL PATCH Act Now

Possible Integer overflow because of subtracting two integers without checking if the result would overflow or not in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Qualcomm Buffer Overflow Mdm9150 Firmware Mdm9206 Firmware +44
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2019-2325 CRITICAL PATCH Act Now

Out of boundary access due to token received from ADSP and is used without validation as an index into the array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Information Disclosure Mdm9150 Firmware Mdm9206 Firmware Mdm9607 Firmware +41
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-2323 CRITICAL PATCH Act Now

Lack of check to ensure crypto engine data passed by user is initialized can result in bus error in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Information Disclosure Mdm9150 Firmware Mdm9206 Firmware Mdm9607 Firmware +38
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-2302 CRITICAL Act Now

While processing vendor command which contains corrupted channel count, an integer overflow occurs and finally will lead to heap overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Qualcomm Buffer Overflow Apq8017 Firmware Apq8053 Firmware +28
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2019-2285 CRITICAL Act Now

Out of bound write issue is observed while giving information about properties that have been set so far for playing video in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption Msm8909W Firmware Msm8996au Firmware +34
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-2283 CRITICAL PATCH Act Now

Improper validation of read and write index of tx and rx fifo`s before calculating pointer can lead to out-of-bound access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure Mdm9150 Firmware Mdm9206 Firmware +37
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-2275 MEDIUM This Month

While deserializing any key blob during key operations, buffer overflow could occur exposing partial key information if any key operations are invoked(Depends on CVE-2018-13907) in Snapdragon Auto,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Mdm9150 Firmware Mdm9205 Firmware Mdm9206 Firmware +40
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-2258 CRITICAL Act Now

Improper validation of array index causes OOB write and then leads to memory corruption in MMCP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Mdm9150 Firmware Mdm9607 Firmware Mdm9615 Firmware +47
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-2246 HIGH This Week

Thread start can cause invalid memory writes to arbitrary memory location since the argument is passed by user to kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption Mdm9205 Firmware Mdm9640 Firmware +31
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10542 CRITICAL PATCH Act Now

Buffer over-read may occur when downloading a corrupted firmware file that has chunk length in header which doesn`t match the contents in Snapdragon Auto, Snapdragon Consumer Electronics. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure Mdm9150 Firmware Mdm9206 Firmware +27
NVD
CVSS 3.1
9.8
EPSS
0.7%
EPSS 0% CVSS 5.5
MEDIUM This Month

u'Information disclosure issue occurs as in current logic Secure Touch session is released without terminating display session' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Apq8009 Firmware +41
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

u'Information disclosure issue can occur due to partial secure display-touch session tear-down' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Apq8009 Firmware +57
NVD
EPSS 0% CVSS 7.8
HIGH This Week

u'A potential buffer overflow exists due to integer overflow when parsing handler options due to wrong data type usage in operation' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Integer Overflow +61
NVD
EPSS 0% CVSS 7.8
HIGH This Week

u'Channel name string which has been read from shared memory is potentially subjected to string manipulations but not validated for NULL termination can results into memory corruption' in Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption +130
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

u'Lack of check to ensure that the TX read index & RX write index that are read from shared memory are less than the FIFO size results into memory corruption and potential information leakage' in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware +62
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

u'Lack of check of integer overflow while doing a round up operation for data read from shared memory for G-link SMEM transport can lead to corruption and potential information leak' in Snapdragon. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Integer Overflow +63
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

u'Possible out of bound write while processing association response received from host due to lack of check of IE length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Apq8009 Firmware +48
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

u'Buffer over read occurs while processing information element from beacon due to lack of check of data received from beacon' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure +48
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Possible out of bounds read due to a missing bounds check and could lead to local information disclosure in the wifi driver with no additional execution privileges needed in Snapdragon Auto,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure +18
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Possible out of bound access while processing assoc response from host due to improper length check before copying into buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Apq8009 Firmware +46
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Out of bound write while QoS DSCP mapping due to improper input validation for data received from association response frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Information Disclosure Apq8009 Firmware +45
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Possible buffer overflow while parsing mp4 clip with corrupted sample atoms due to improper validation of index in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware +47
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A possible buffer overflow would occur while processing command from firmware due to the group_id obtained from the firmware being out of range in Snapdragon Auto, Snapdragon Compute, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware +20
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Buffer over-write may occur during fetching track decoder specific information if cb size exceeds buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption +44
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Buffer overflow can occur while parsing eac3 header while playing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware +32
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Buffer overflow will happen while parsing mp4 clip with corrupted sample atoms values which exceeds MAX_UINT32 range due to lack of validation checks in Snapdragon Auto, Snapdragon Compute,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware +43
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Apq8009 Firmware +36
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure +44
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Stack based overflow If the maximum number of arguments allowed per request in perflock exceeds in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption +34
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Any application can bind to it and exercise the APIs due to no protection for AIDL uimlpaservice in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Privilege Escalation Apq8053 Firmware +35
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Possible buffer overflow while copying the frame to local buffer due to lack of check of length before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware +54
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Integer overflow may occur if atom size is less than atom offset as there is improper validation of atom size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Integer Overflow +38
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Array out of bound may occur while playing mp3 file as no check is there on offset if it is greater than the buffer allocated or not in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Apq8009 Firmware +36
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Possibility of out of bound access while processing the responses from video firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Apq8009 Firmware +47
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Buffer overflow in display function due to memory copy without checking length of size using strcpy function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8017 Firmware +26
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Valid deauth/disassoc frames is dropped in case if RMF is enabled and some rouge peer keep on sending rogue deauth/disassoc frames due to improper enum values used to check the frame subtype in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Information Disclosure Apq8009 Firmware +24
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Possibility of double free of the drawobj that is added to the drawqueue array of the context during IOCTL commands as there is no refcount taken for this object in Snapdragon Auto, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Apq8009 Firmware +36
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Active command timeout since WM status change cmd is not removed from active queue if peer sends multiple deauth frames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Information Disclosure Apq8009 Firmware +39
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Device memory may get corrupted because of buffer overflow/underflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Qualcomm Buffer Overflow +48
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Out of boundary access is possible as there is no validation of data accessed against the received size of the packet in case of malicious firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Qualcomm Memory Corruption +45
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Out of bounds memcpy can occur by providing the embedded NULL character string and length greater than the actual string length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Apq8009 Firmware +38
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Out of bound access can occur while processing firmware event due to lack of validation of WMI message received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Apq8096Au Firmware +15
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use of local variable as argument to netlink CB callback goes out of it scope when callback triggered lead to invalid stack memory in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Qualcomm +50
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Out of bound access can occur while processing peer info in IBSS connection mode due to lack of upper bounds check to ensure that for loop further will not cause an overflow in Snapdragon Auto,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Apq8053 Firmware +19
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Possible buffer overwrite in message handler due to lack of validation of tid value calculated from packets received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Apq8009 Firmware +29
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Possibility of out of bound access in debug queue, if packet size field is corrupted in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure +45
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Improper check in video driver while processing data from video firmware can lead to integer overflow and then buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Qualcomm Buffer Overflow +43
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Out-of-bound read in the wireless driver in the Linux kernel due to lack of check of buffer length. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure +24
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Improper length check on source buffer to handle userspace data received can lead to out-of-bound access in diag handlers in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qualcomm Apq8009 Firmware +45
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Potential double free scenario if driver receives another DIAG_EVENT_LOG_SUPPORTED event from firmware as the pointer is not set to NULL on first call in Snapdragon Auto, Snapdragon Compute,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Apq8009 Firmware +46
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Buffer overflow during SIB read when network configures complete sib list along with first and last segment of other SIB in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption +52
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Use after free of a pointer in iWLAN scenario during netmgr state transition to CONNECT in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Use After Free Qualcomm +50
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory is being freed up twice when two concurrent threads are executing in parallel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Apq8009 Firmware +32
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Multiple read overflows in MM while decoding service accept,service reject,attach reject and MT detach in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure +52
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Possibility of Null pointer access if the SPDM commands are executed in the non-standard way in Trustzone in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Qualcomm +49
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

While processing MT Secondary PDP request, Buffer overflow will happen due to incorrect calculation of buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware +51
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Buffer over read can happen while parsing SMS OTA messages at transport layer if network sends un-intended values in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure +53
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

Due to the use of non-time-constant comparison functions there is issue in timing side channels which can be used as a potential side channel for SUI corruption in Snapdragon Auto, Snapdragon. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Qualcomm Information Disclosure Apq8009 Firmware +48
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Out of bound access occurs while handling the WMI FW event due to lack of check of buffer argument which comes directly from the WLAN FW in Snapdragon Auto, Snapdragon Consumer Electronics. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Apq8096Au Firmware +12
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Out of bound write can happen in WMI firmware event handler due to lack of validation of data received from WLAN firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Qualcomm Memory Corruption +43
NVD
EPSS 1% CVSS 7.5
HIGH This Week

While Skipping unknown IES, EMM is reading the buffer even if the no of bytes to read are more than message length which may cause device to shutdown in Snapdragon Auto, Snapdragon Compute,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure +48
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Incorrect length used while validating the qsee log buffer sent from HLOS which could then lead to remap conflict in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware +49
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Possible out of bounds write in a MT SMS/SS scenario due to improper validation of array index in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware +53
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Out of bound read would occur while trying to read action category and action ID without validating the action length of the Rx Frame body in Snapdragon Auto, Snapdragon Consumer Electronics. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure +35
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Out of bound write in TZ while copying the secure dump structure on HLOS provided buffer as a part of memory dump in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware +39
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Possible integer overflow while multiplying two integers of 32 bit in QDCM API of get display modes as there is no check on the maximum mode count in Snapdragon Auto, Snapdragon Compute, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Qualcomm Buffer Overflow +39
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Snapshot of IB can lead to invalid address access due to missing check for size in the related function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Apq8017 Firmware +40
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Accessing data buffer beyond the available data while parsing ogg clip can lead to null-pointer dereference and then memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure +37
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Buffer overflow can occur due to usage of wrong datatype and missing length check before copying into buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Apq8017 Firmware +39
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Lack of check of data truncation on user supplied data in kernel leads to buffer overflow in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Qualcomm Buffer Overflow +36
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Possibility of memory overflow while decoding GSNDCP compressed mode PDU in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware +54
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Race condition between the camera functions due to lack of resource lock which will lead to memory corruption and UAF issue in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Buffer Overflow Qualcomm Apq8009 Firmware +40
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Position determination accuracy may be degraded due to wrongly decoded information in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8053 Firmware +47
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Infinite loop while decoding compressed data can lead to overrun condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Qualcomm Apq8009 Firmware +54
NVD
EPSS 1% CVSS 7.5
HIGH This Week

While processing Attach Reject message, Valid exit condition is not met resulting into an infinite loop in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Qualcomm Apq8009 Firmware +52
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Non Secure Kernel can cause Trustzone to do an arbitrary memory read which will result into DOS in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure +19
NVD
EPSS 0% CVSS 7.8
HIGH This Week

While invoking the API to copy from fd or local buffer to the secure buffer, Parameters being populated are from non secure environment. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Apq8009 Firmware +42
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

SNDCP module may access array out side its boundary when it receives malformed XID message. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure +55
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Buffer overflow can occur while processing non-standard NAN message from user space. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Qualcomm Apq8009 Firmware +29
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Lack of integrity check allows MODEM to accept any NAS messages which can result into authentication bypass of NAS in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Qualcomm Apq8009 Firmware +54
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Buffer over read can happen while parsing downlink session management OTA messages if network sends un-intended values in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure +55
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Possible OOB read issue in P2P action frames while handling WLAN management frame in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure +26
NVD
EPSS 0% CVSS 7.8
HIGH This Week

If a bitmap file is loaded from any un-authenticated source, there is a possibility that the bitmap can potentially cause stack buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption +27
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Buffer overflow can occur in wlan module if supported rates or extended rates element length is greater than max rate set length in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Apq8017 Firmware +25
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Buffer over-read can occur in fast message handler due to improper input validation while processing a message from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Apq8053 Firmware +11
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Improper validation for loop variable received from firmware can lead to out of bound access in WLAN function while iterating through loop in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Apq8053 Firmware +12
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Out-of-bounds access can occur in camera driver due to improper validation of array index in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Qualcomm Apq8009 Firmware +26
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Use after free issue in Xtra daemon shutdown due to static object instance getting freed from a multiple places in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Use After Free Qualcomm +39
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Race condition due to the lack of resource lock which will be concurrently modified in the memcpy statement leads to out of bound access in Snapdragon Auto, Snapdragon Consumer Electronics. Rated high severity (CVSS 7.0).

Qualcomm Information Disclosure Apq8009 Firmware +35
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Memory corruption while accessing the memory as payload size is not validated before access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Qualcomm Memory Corruption +46
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Possible Integer overflow because of subtracting two integers without checking if the result would overflow or not in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Qualcomm Buffer Overflow +46
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Out of boundary access due to token received from ADSP and is used without validation as an index into the array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Information Disclosure Mdm9150 Firmware +43
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Lack of check to ensure crypto engine data passed by user is initialized can result in bus error in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Information Disclosure Mdm9150 Firmware +40
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

While processing vendor command which contains corrupted channel count, an integer overflow occurs and finally will lead to heap overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Qualcomm Buffer Overflow +30
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Out of bound write issue is observed while giving information about properties that have been set so far for playing video in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption +36
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Improper validation of read and write index of tx and rx fifo`s before calculating pointer can lead to out-of-bound access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure +39
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

While deserializing any key blob during key operations, buffer overflow could occur exposing partial key information if any key operations are invoked(Depends on CVE-2018-13907) in Snapdragon Auto,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Mdm9150 Firmware +42
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Improper validation of array index causes OOB write and then leads to memory corruption in MMCP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Mdm9150 Firmware +49
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Thread start can cause invalid memory writes to arbitrary memory location since the argument is passed by user to kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption +33
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Buffer over-read may occur when downloading a corrupted firmware file that has chunk length in header which doesn`t match the contents in Snapdragon Auto, Snapdragon Consumer Electronics. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure +29
NVD
Prev Page 3 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy