Qualcomm
Monthly
Improper Access Control in Multimedia in Snapdragon Mobile and Snapdragon Wear, Non-standard applications without permission may acquire permission of Qualcomm-specific proprietary intents. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
While parsing a Flac file with a corrupted comment block, a buffer over-read can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
While sending the response to a RIL_REQUEST_GET_SMSC_ADDRESS message, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
While parsing an mp4 file, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
While parsing an mp4 file, an integer overflow leading to a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
While parsing an mp4 file, a stack-based buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Validation of Array Index In the adreno OpenGL driver in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur in SurfaceFlinger. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In ADSP RPC in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, a Use After Free condition can occur in versions MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Permissions, Privileges, and Access Controls in TA in Snapdragon Mobile has an options that allows RPMB erase for secure devices in versions SD 210/SD 212/SD 205, SD 845, SD 850. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
A vulnerability when handling incoming 802.11 Association Requests for Cisco Aironet 1800 Series Access Point (APs) on Qualcomm Atheros (QCA) based hardware platforms could allow an unauthenticated,. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 425,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9650, MDM9655, SD 835, SD 845, SD 850, the vswr capture size is larger than the maximum size of a diag logPacket,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, due to a race condition, a Use After. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the kernel IPA driver, a Use. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, improper buffer length validation in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, compromised WLAN FW can potentially. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while notifying a DCI client, a Use. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, insufficient validation of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, legacy code vulnerable after. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a Use After Free condition can occur. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overwrite may occur in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, untrusted pointer dereference in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
drivers/net/ethernet/msm/rndis_ipa.c in the Qualcomm networking driver in Android allows remote attackers to execute arbitrary code via a crafted application compromising a privileged process. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.
In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
In all Qualcomm products with Android releases from CAF using the Linux kernel, user-level permissions can be used to gain access to kernel memory, specifically the ION cache maintenance code is. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.
In all Qualcomm products with Android releases from CAF using the Linux kernel, due to an off-by-one error in a camera driver, an out-of-bounds read/write can occur. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, in function msm_compr_ioctl_shared, variable "ddp->params_length" could be accessed and modified by multiple threads,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
In all Qualcomm products with Android releases from CAF using the Linux kernel, potential use after free scenarios and race conditions can occur when accessing global static variables without using a. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while querying event status via DCI. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
In all Qualcomm products with Android releases from CAF using the Linux kernel, during the wlan calibration data store and retrieve operation, there are some potential race conditions which lead to a. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
In all Qualcomm products with Android releases from CAF using the Linux kernel, while reading audio data from an unspecified driver, a buffer overflow or integer overflow could occur. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.
In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function msm_dba_register_client, if the client registers failed, it would be freed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
In all Qualcomm products with Android releases from CAF using the Linux kernel, in functions msm_isp_check_stream_cfg_cmd & msm_isp_stats_update_cgc_override, 'stream_cfg_cmd->num_streams' is not. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
In all Qualcomm products with Android releases from CAF using the Linux kernel, user controlled variables "nr_cmds" and "nr_bos" number are passed across functions without any check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
In all Qualcomm products with Android releases from CAF using the Linux kernel, if there is more than one thread doing the device open operation, the device may be opened more than once. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
In all Qualcomm products with Android releases from CAF using the Linux kernel, an output buffer is accessed in one thread and can be potentially freed in another. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, when reading from sysfs nodes, one can read more information than it is allowed to. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing a vendor sub-command, a buffer over-read can occur. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, the length of the MAC address is not checked which may cause out of bounds read. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, in an ISP Camera kernel driver function, an incorrect bounds check may potentially lead to an out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, concurrent calls into ioctl RMNET_IOCTL_ADD_MUX_CHANNEL in ipa wan driver may lead to memory corruption due to missing. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, in audio_aio_ion_lookup_vaddr, the buffer length, which is user input, ends up being used to validate if the buffer is. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
In all Qualcomm products with Android releases from CAF using the Linux kernel, using a debugfs node, a write to a PCIe register can cause corruption of kernel memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, out of bounds access is possible in c_show(), due to compat_hwcap_str[] not being NULL-terminated. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a USB driver can lead to a Use After Free condition. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, if a pointer argument coming from userspace is invalid, a driver may use an uninitialized structure to log an error. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, if a userspace string is not NULL-terminated, kernel memory contents can leak to system logs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, in a video driver, memory corruption can potentially occur due to lack of bounds checking in a memcpy(). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
In all Qualcomm products with Android releases from CAF using the Linux kernel, in function __mdss_fb_copy_destscaler_data(), variable ds_data[i].scale may still point to a user-provided address. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
In all Qualcomm products with Android releases from CAF using the Linux kernel, in a driver function, a value from userspace is not properly validated potentially leading to an out of bounds heap. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a driver potentially leading to a use-after-free condition. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.
In all Qualcomm products with Android releases from CAF using the Linux kernel, the camera application can possibly request frame/command buffer processing with invalid values leading to the driver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in an IOCTL handler potentially leading to an integer overflow and then an out-of-bounds write. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver which can lead to a double free. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.
In all Qualcomm products with Android releases from CAF using the Linux kernel, a kernel fault can occur when doing certain operations on a read-only virtual address in userspace. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, in some memory allocation and free functions, a race condition can potentially occur leading to a Use After Free. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.
In all Qualcomm products with Android releases from CAF using the Linux kernel, in a camera driver ioctl, a kernel overwrite can potentially occur. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may improperly pass validation and cause an out of bounds write later. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sde_rotator debug interface for register reading with multiple processes, one process can free the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
In all Qualcomm products with Android releases from CAF using the Linux kernel, array out of bounds access can occur if userspace sends more than 16 multicast addresses. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in boot. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
In all Qualcomm products with Android releases from CAF using the Linux kernel, an audio client pointer is dereferenced before being checked if it is valid. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel memory can potentially be overwritten if an invalid master is sent from userspace. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.
In all Qualcomm products with Android releases from CAF using the Linux kernel, arguments to several QTEE syscalls are not properly validated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an image file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, a driver can potentially leak kernel memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, the length in an HCI command is not properly checked for validity. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, when downloading a file, an excessive amount of memory may be consumed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, there is no size check for the images being flashed onto the NAND memory in their respective partitions, so there is a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
In all Qualcomm products with Android releases from CAF using the Linux kernel, a configuration vulnerability exists when loading a 3rd-party QTEE application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a handover scenario. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, an array index out of bounds vulnerability exists in LPP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, a use-after-free vulnerability exists in IMS RCS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a WLAN driver ioctl. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, there is a TOCTOU race condition in Secure UI. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Improper Access Control in Multimedia in Snapdragon Mobile and Snapdragon Wear, Non-standard applications without permission may acquire permission of Qualcomm-specific proprietary intents. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
While parsing a Flac file with a corrupted comment block, a buffer over-read can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
While sending the response to a RIL_REQUEST_GET_SMSC_ADDRESS message, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
While parsing an mp4 file, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
While parsing an mp4 file, an integer overflow leading to a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
While parsing an mp4 file, a stack-based buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Validation of Array Index In the adreno OpenGL driver in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur in SurfaceFlinger. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In ADSP RPC in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, a Use After Free condition can occur in versions MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Permissions, Privileges, and Access Controls in TA in Snapdragon Mobile has an options that allows RPMB erase for secure devices in versions SD 210/SD 212/SD 205, SD 845, SD 850. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
A vulnerability when handling incoming 802.11 Association Requests for Cisco Aironet 1800 Series Access Point (APs) on Qualcomm Atheros (QCA) based hardware platforms could allow an unauthenticated,. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 425,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9650, MDM9655, SD 835, SD 845, SD 850, the vswr capture size is larger than the maximum size of a diag logPacket,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, due to a race condition, a Use After. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the kernel IPA driver, a Use. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, improper buffer length validation in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, compromised WLAN FW can potentially. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while notifying a DCI client, a Use. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, insufficient validation of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, legacy code vulnerable after. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a Use After Free condition can occur. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overwrite may occur in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, untrusted pointer dereference in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
drivers/net/ethernet/msm/rndis_ipa.c in the Qualcomm networking driver in Android allows remote attackers to execute arbitrary code via a crafted application compromising a privileged process. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.
In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
In all Qualcomm products with Android releases from CAF using the Linux kernel, user-level permissions can be used to gain access to kernel memory, specifically the ION cache maintenance code is. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.
In all Qualcomm products with Android releases from CAF using the Linux kernel, due to an off-by-one error in a camera driver, an out-of-bounds read/write can occur. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, in function msm_compr_ioctl_shared, variable "ddp->params_length" could be accessed and modified by multiple threads,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
In all Qualcomm products with Android releases from CAF using the Linux kernel, potential use after free scenarios and race conditions can occur when accessing global static variables without using a. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while querying event status via DCI. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
In all Qualcomm products with Android releases from CAF using the Linux kernel, during the wlan calibration data store and retrieve operation, there are some potential race conditions which lead to a. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
In all Qualcomm products with Android releases from CAF using the Linux kernel, while reading audio data from an unspecified driver, a buffer overflow or integer overflow could occur. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.
In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function msm_dba_register_client, if the client registers failed, it would be freed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
In all Qualcomm products with Android releases from CAF using the Linux kernel, in functions msm_isp_check_stream_cfg_cmd & msm_isp_stats_update_cgc_override, 'stream_cfg_cmd->num_streams' is not. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
In all Qualcomm products with Android releases from CAF using the Linux kernel, user controlled variables "nr_cmds" and "nr_bos" number are passed across functions without any check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
In all Qualcomm products with Android releases from CAF using the Linux kernel, if there is more than one thread doing the device open operation, the device may be opened more than once. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
In all Qualcomm products with Android releases from CAF using the Linux kernel, an output buffer is accessed in one thread and can be potentially freed in another. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, when reading from sysfs nodes, one can read more information than it is allowed to. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing a vendor sub-command, a buffer over-read can occur. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, the length of the MAC address is not checked which may cause out of bounds read. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, in an ISP Camera kernel driver function, an incorrect bounds check may potentially lead to an out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, concurrent calls into ioctl RMNET_IOCTL_ADD_MUX_CHANNEL in ipa wan driver may lead to memory corruption due to missing. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, in audio_aio_ion_lookup_vaddr, the buffer length, which is user input, ends up being used to validate if the buffer is. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
In all Qualcomm products with Android releases from CAF using the Linux kernel, using a debugfs node, a write to a PCIe register can cause corruption of kernel memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, out of bounds access is possible in c_show(), due to compat_hwcap_str[] not being NULL-terminated. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a USB driver can lead to a Use After Free condition. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, if a pointer argument coming from userspace is invalid, a driver may use an uninitialized structure to log an error. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, if a userspace string is not NULL-terminated, kernel memory contents can leak to system logs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, in a video driver, memory corruption can potentially occur due to lack of bounds checking in a memcpy(). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
In all Qualcomm products with Android releases from CAF using the Linux kernel, in function __mdss_fb_copy_destscaler_data(), variable ds_data[i].scale may still point to a user-provided address. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
In all Qualcomm products with Android releases from CAF using the Linux kernel, in a driver function, a value from userspace is not properly validated potentially leading to an out of bounds heap. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a driver potentially leading to a use-after-free condition. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.
In all Qualcomm products with Android releases from CAF using the Linux kernel, the camera application can possibly request frame/command buffer processing with invalid values leading to the driver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in an IOCTL handler potentially leading to an integer overflow and then an out-of-bounds write. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver which can lead to a double free. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.
In all Qualcomm products with Android releases from CAF using the Linux kernel, a kernel fault can occur when doing certain operations on a read-only virtual address in userspace. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, in some memory allocation and free functions, a race condition can potentially occur leading to a Use After Free. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.
In all Qualcomm products with Android releases from CAF using the Linux kernel, in a camera driver ioctl, a kernel overwrite can potentially occur. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may improperly pass validation and cause an out of bounds write later. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sde_rotator debug interface for register reading with multiple processes, one process can free the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
In all Qualcomm products with Android releases from CAF using the Linux kernel, array out of bounds access can occur if userspace sends more than 16 multicast addresses. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in boot. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
In all Qualcomm products with Android releases from CAF using the Linux kernel, an audio client pointer is dereferenced before being checked if it is valid. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel memory can potentially be overwritten if an invalid master is sent from userspace. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.
In all Qualcomm products with Android releases from CAF using the Linux kernel, arguments to several QTEE syscalls are not properly validated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an image file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, a driver can potentially leak kernel memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, the length in an HCI command is not properly checked for validity. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, when downloading a file, an excessive amount of memory may be consumed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, there is no size check for the images being flashed onto the NAND memory in their respective partitions, so there is a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
In all Qualcomm products with Android releases from CAF using the Linux kernel, a configuration vulnerability exists when loading a 3rd-party QTEE application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a handover scenario. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, an array index out of bounds vulnerability exists in LPP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, a use-after-free vulnerability exists in IMS RCS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a WLAN driver ioctl. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In all Qualcomm products with Android releases from CAF using the Linux kernel, there is a TOCTOU race condition in Secure UI. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.