Skip to main content

Qualcomm

1142 CVEs vendor

Monthly

CVE-2018-5884 HIGH This Week

Improper Access Control in Multimedia in Snapdragon Mobile and Snapdragon Wear, Non-standard applications without permission may acquire permission of Qualcomm-specific proprietary intents. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Qualcomm Mdm9607 Firmware Mdm9206 Firmware Mdm9635M Firmware +9
NVD
CVSS 3.0
8.4
EPSS
0.2%
CVE-2018-5882 CRITICAL Act Now

While parsing a Flac file with a corrupted comment block, a buffer over-read can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Qualcomm Mdm9206 Firmware Mdm9607 Firmware +22
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2018-5878 CRITICAL Act Now

While sending the response to a RIL_REQUEST_GET_SMSC_ADDRESS message, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Mdm9206 Firmware Mdm9607 Firmware Mdm9635M Firmware +9
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2018-5876 HIGH This Week

While parsing an mp4 file, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Mdm9206 Firmware Mdm9607 Firmware Mdm9650 Firmware +21
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-5875 HIGH This Week

While parsing an mp4 file, an integer overflow leading to a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Mdm9206 Firmware Mdm9607 Firmware Mdm9650 Firmware +21
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-5874 HIGH This Week

While parsing an mp4 file, a stack-based buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Qualcomm Buffer Overflow Mdm9206 Firmware Mdm9607 Firmware +22
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-5838 HIGH This Week

Improper Validation of Array Index In the adreno OpenGL driver in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur in SurfaceFlinger. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Mdm9206 Firmware Mdm9607 Firmware Mdm9650 Firmware +23
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11259 HIGH This Week

Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Mdm9206 Firmware Mdm9607 Firmware Mdm9635M Firmware +35
NVD
CVSS 3.0
7.7
EPSS
0.2%
CVE-2018-11258 HIGH This Week

In ADSP RPC in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, a Use After Free condition can occur in versions MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Qualcomm Denial Of Service Use After Free Mdm9206 Firmware +20
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11257 HIGH This Week

Permissions, Privileges, and Access Controls in TA in Snapdragon Mobile has an options that allows RPMB erase for secure devices in versions SD 210/SD 212/SD 205, SD 845, SD 850. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Sd 210 Firmware Sd 212 Firmware Sd 205 Firmware +2
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-5827 HIGH PATCH This Week

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Linux Google Mozilla Qualcomm +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-3568 HIGH PATCH This Week

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Linux Google Mozilla Qualcomm +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-3567 HIGH PATCH This Week

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Linux Google Mozilla Qualcomm +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-0249 MEDIUM This Month

A vulnerability when handling incoming 802.11 Association Requests for Cisco Aironet 1800 Series Access Point (APs) on Qualcomm Atheros (QCA) based hardware platforms could allow an unauthenticated,. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Qualcomm Cisco Aironet Access Point Software
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2018-3594 CRITICAL Act Now

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Buffer Overflow Qualcomm Mdm9206 Firmware +20
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-3593 CRITICAL Act Now

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 425,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Qualcomm Mdm9206 Firmware Mdm9607 Firmware +23
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-3592 CRITICAL Act Now

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Null Pointer Dereference Denial Of Service Qualcomm Mdm9206 Firmware +20
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-3591 CRITICAL Act Now

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Qualcomm Mdm9206 Firmware Mdm9607 Firmware +25
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-3590 CRITICAL Act Now

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Google Memory Corruption Qualcomm +14
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-3589 CRITICAL Act Now

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9650, MDM9655, SD 835, SD 845, SD 850, the vswr capture size is larger than the maximum size of a diag logPacket,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Qualcomm Buffer Overflow Mdm9650 Firmware Mdm9655 Firmware +3
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-5828 HIGH This Week

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Linux Google Mozilla Qualcomm +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-5826 MEDIUM This Month

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, due to a race condition, a Use After. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Denial Of Service Linux Race Condition Mozilla +2
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2018-5825 HIGH This Week

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the kernel IPA driver, a Use. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Linux Google Mozilla +3
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-5824 HIGH This Week

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Linux Google Mozilla Qualcomm +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-5823 HIGH This Week

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, improper buffer length validation in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Linux Google Mozilla Qualcomm +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-5822 HIGH This Week

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, compromised WLAN FW can potentially. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Linux Google Mozilla Qualcomm +1
NVD
CVSS 3.0
7.3
EPSS
0.4%
CVE-2018-5821 HIGH This Week

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Linux Google Mozilla +2
NVD
CVSS 3.0
7.3
EPSS
0.3%
CVE-2018-5820 HIGH This Week

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Linux Google Mozilla +2
NVD
CVSS 3.0
7.3
EPSS
0.4%
CVE-2018-3599 CRITICAL Act Now

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while notifying a DCI client, a Use. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Linux Google Mozilla +3
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2018-3598 HIGH This Week

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, insufficient validation of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Information Disclosure Google Mozilla Qualcomm +1
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2018-3596 CRITICAL Act Now

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, legacy code vulnerable after. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Linux Google Mozilla Qualcomm +1
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2018-3584 HIGH This Week

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a Use After Free condition can occur. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Linux Google Mozilla +3
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2018-3566 HIGH This Week

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overwrite may occur in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Linux Google Mozilla Qualcomm +1
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-3563 HIGH This Week

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, untrusted pointer dereference in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference RCE Denial Of Service Linux Google +3
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2016-5868 HIGH PATCH This Week

drivers/net/ethernet/msm/rndis_ipa.c in the Qualcomm networking driver in Android allows remote attackers to execute arbitrary code via a crafted application compromising a privileged process. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Qualcomm RCE Google Privilege Escalation Android
NVD
CVSS 3.0
7.0
EPSS
0.9%
CVE-2017-9725 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-9724 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, user-level permissions can be used to gain access to kernel memory, specifically the ION cache maintenance code is. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Qualcomm Google Linux Privilege Escalation Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-9720 HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, due to an off-by-one error in a camera driver, an out-of-bounds read/write can occur. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-9677 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, in function msm_compr_ioctl_shared, variable "ddp->params_length" could be accessed and modified by multiple threads,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-9676 MEDIUM PATCH This Month

In all Qualcomm products with Android releases from CAF using the Linux kernel, potential use after free scenarios and race conditions can occur when accessing global static variables without using a. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Denial Of Service Linux Google Qualcomm Information Disclosure +1
NVD
CVSS 3.0
4.7
EPSS
0.1%
CVE-2017-8281 MEDIUM PATCH This Month

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while querying event status via DCI. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
4.7
EPSS
0.1%
CVE-2017-8280 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, during the wlan calibration data store and retrieve operation, there are some potential race conditions which lead to a. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-8278 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, while reading audio data from an unspecified driver, a buffer overflow or integer overflow could occur. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-8277 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function msm_dba_register_client, if the client registers failed, it would be freed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Linux Use After Free Google Qualcomm Information Disclosure +2
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-8251 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, in functions msm_isp_check_stream_cfg_cmd & msm_isp_stats_update_cgc_override, 'stream_cfg_cmd->num_streams' is not. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Linux Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-8250 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, user controlled variables "nr_cmds" and "nr_bos" number are passed across functions without any check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Linux Buffer Overflow Google Integer Overflow Qualcomm +1
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-8247 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, if there is more than one thread doing the device open operation, the device may be opened more than once. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Qualcomm Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-11041 HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, an output buffer is accessed in one thread and can be potentially freed in another. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-11040 MEDIUM This Month

In all Qualcomm products with Android releases from CAF using the Linux kernel, when reading from sysfs nodes, one can read more information than it is allowed to. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-11002 MEDIUM This Month

In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing a vendor sub-command, a buffer over-read can occur. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Linux Buffer Overflow Google Qualcomm Information Disclosure +1
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-11001 MEDIUM This Month

In all Qualcomm products with Android releases from CAF using the Linux kernel, the length of the MAC address is not checked which may cause out of bounds read. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Linux Buffer Overflow Google Qualcomm Information Disclosure +1
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-11000 HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, in an ISP Camera kernel driver function, an incorrect bounds check may potentially lead to an out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-10999 HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, concurrent calls into ioctl RMNET_IOCTL_ADD_MUX_CHANNEL in ipa wan driver may lead to memory corruption due to missing. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-10998 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, in audio_aio_ion_lookup_vaddr, the buffer length, which is user input, ends up being used to validate if the buffer is. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-10997 HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, using a debugfs node, a write to a PCIe register can cause corruption of kernel memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-10996 MEDIUM PATCH This Month

In all Qualcomm products with Android releases from CAF using the Linux kernel, out of bounds access is possible in c_show(), due to compat_hwcap_str[] not being NULL-terminated. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-9685 HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Linux Google Qualcomm Race Condition +1
NVD
CVSS 3.0
8.1
EPSS
0.1%
CVE-2017-9684 HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a USB driver can lead to a Use After Free condition. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Linux Google Qualcomm Race Condition +1
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-9682 MEDIUM This Month

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Linux Google Qualcomm Information Disclosure +1
NVD
CVSS 3.0
4.7
EPSS
0.1%
CVE-2017-9680 HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, if a pointer argument coming from userspace is invalid, a driver may use an uninitialized structure to log an error. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-9679 HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, if a userspace string is not NULL-terminated, kernel memory contents can leak to system logs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-9678 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, in a video driver, memory corruption can potentially occur due to lack of bounds checking in a memcpy(). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-7364 CRITICAL PATCH Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, in function __mdss_fb_copy_destscaler_data(), variable ds_data[i].scale may still point to a user-provided address. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Linux Use After Free Google Qualcomm +2
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2017-8272 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, in a driver function, a value from userspace is not properly validated potentially leading to an out of bounds heap. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Linux Buffer Overflow Google Qualcomm Memory Corruption +1
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-8270 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a driver potentially leading to a use-after-free condition. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Linux Google Qualcomm Race Condition Information Disclosure +1
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-8268 HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, the camera application can possibly request frame/command buffer processing with invalid values leading to the driver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Linux Buffer Overflow Google Qualcomm Information Disclosure +1
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-8267 HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in an IOCTL handler potentially leading to an integer overflow and then an out-of-bounds write. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Linux Buffer Overflow Google Integer Overflow Qualcomm +1
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-8266 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Linux Google Qualcomm Race Condition Information Disclosure +1
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-8265 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver which can lead to a double free. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Linux Google Qualcomm Race Condition Information Disclosure +1
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-8263 HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, a kernel fault can occur when doing certain operations on a read-only virtual address in userspace. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-8262 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, in some memory allocation and free functions, a race condition can potentially occur leading to a Use After Free. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Denial Of Service Linux Google Qualcomm Race Condition +1
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-8261 HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, in a camera driver ioctl, a kernel overwrite can potentially occur. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-8260 HIGH POC PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may improperly pass validation and cause an out of bounds write later. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Qualcomm Google Linux Buffer Overflow Android
NVD GitHub
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-8257 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sde_rotator debug interface for register reading with multiple processes, one process can free the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Linux Google Qualcomm Race Condition Information Disclosure +1
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-8256 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, array out of bounds access can occur if userspace sends more than 16 multicast addresses. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Linux Buffer Overflow Google Qualcomm Information Disclosure +1
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-8255 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in boot. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Linux Buffer Overflow Google Integer Overflow Qualcomm +1
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-8254 MEDIUM PATCH This Month

In all Qualcomm products with Android releases from CAF using the Linux kernel, an audio client pointer is dereferenced before being checked if it is valid. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-8253 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel memory can potentially be overwritten if an invalid master is sent from userspace. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Qualcomm Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-5872 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, arguments to several QTEE syscalls are not properly validated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2016-5871 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an image file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2016-10392 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a driver can potentially leak kernel memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2016-10391 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, the length in an HCI command is not properly checked for validity. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2016-10390 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, when downloading a file, an excessive amount of memory may be consumed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2016-10389 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, there is no size check for the images being flashed onto the NAND memory in their respective partitions, so there is a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-10388 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a configuration vulnerability exists when loading a 3rd-party QTEE application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2016-10387 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a handover scenario. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2016-10386 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an array index out of bounds vulnerability exists in LPP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2016-10385 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a use-after-free vulnerability exists in IMS RCS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Use After Free Google Qualcomm Information Disclosure +2
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2016-10384 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a WLAN driver ioctl. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2016-10383 HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, there is a TOCTOU race condition in Secure UI. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Linux Google Qualcomm Race Condition Information Disclosure +1
NVD
CVSS 3.0
8.1
EPSS
0.1%
EPSS 0% CVSS 8.4
HIGH This Week

Improper Access Control in Multimedia in Snapdragon Mobile and Snapdragon Wear, Non-standard applications without permission may acquire permission of Qualcomm-specific proprietary intents. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Qualcomm Mdm9607 Firmware +11
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

While parsing a Flac file with a corrupted comment block, a buffer over-read can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Qualcomm +24
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

While sending the response to a RIL_REQUEST_GET_SMSC_ADDRESS message, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Mdm9206 Firmware +11
NVD
EPSS 1% CVSS 8.8
HIGH This Week

While parsing an mp4 file, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Mdm9206 Firmware +23
NVD
EPSS 1% CVSS 8.8
HIGH This Week

While parsing an mp4 file, an integer overflow leading to a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Mdm9206 Firmware +23
NVD
EPSS 1% CVSS 8.8
HIGH This Week

While parsing an mp4 file, a stack-based buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Qualcomm Buffer Overflow +24
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper Validation of Array Index In the adreno OpenGL driver in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur in SurfaceFlinger. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Mdm9206 Firmware +25
NVD
EPSS 0% CVSS 7.7
HIGH This Week

Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Mdm9206 Firmware +37
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In ADSP RPC in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, a Use After Free condition can occur in versions MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Qualcomm Denial Of Service +22
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Permissions, Privileges, and Access Controls in TA in Snapdragon Mobile has an options that allows RPMB erase for secure devices in versions SD 210/SD 212/SD 205, SD 845, SD 850. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Sd 210 Firmware +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Linux Google +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Linux Google +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Linux Google +3
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A vulnerability when handling incoming 802.11 Association Requests for Cisco Aironet 1800 Series Access Point (APs) on Qualcomm Atheros (QCA) based hardware platforms could allow an unauthenticated,. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Qualcomm Cisco +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Buffer Overflow +22
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 425,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Qualcomm +25
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Null Pointer Dereference Denial Of Service +22
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Qualcomm +27
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Google +16
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9650, MDM9655, SD 835, SD 845, SD 850, the vswr capture size is larger than the maximum size of a diag logPacket,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Qualcomm Buffer Overflow +5
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Linux Google +3
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, due to a race condition, a Use After. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Denial Of Service Linux +4
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the kernel IPA driver, a Use. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Linux +5
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Linux Google +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, improper buffer length validation in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Linux Google +3
NVD
EPSS 0% CVSS 7.3
HIGH This Week

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, compromised WLAN FW can potentially. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Linux Google +3
NVD
EPSS 0% CVSS 7.3
HIGH This Week

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Linux +4
NVD
EPSS 0% CVSS 7.3
HIGH This Week

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Linux +4
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while notifying a DCI client, a Use. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Linux +5
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, insufficient validation of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Information Disclosure Google +3
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, legacy code vulnerable after. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Linux Google +3
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a Use After Free condition can occur. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Linux +5
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overwrite may occur in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Linux Google +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, untrusted pointer dereference in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference RCE Denial Of Service +5
NVD
EPSS 1% CVSS 7.0
HIGH PATCH This Week

drivers/net/ethernet/msm/rndis_ipa.c in the Qualcomm networking driver in Android allows remote attackers to execute arbitrary code via a crafted application compromising a privileged process. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Qualcomm RCE Google +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Linux +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, user-level permissions can be used to gain access to kernel memory, specifically the ION cache maintenance code is. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Qualcomm Google Linux +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, due to an off-by-one error in a camera driver, an out-of-bounds read/write can occur. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, in function msm_compr_ioctl_shared, variable "ddp->params_length" could be accessed and modified by multiple threads,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In all Qualcomm products with Android releases from CAF using the Linux kernel, potential use after free scenarios and race conditions can occur when accessing global static variables without using a. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Denial Of Service Linux Google +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while querying event status via DCI. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Linux +2
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, during the wlan calibration data store and retrieve operation, there are some potential race conditions which lead to a. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, while reading audio data from an unspecified driver, a buffer overflow or integer overflow could occur. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function msm_dba_register_client, if the client registers failed, it would be freed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Linux Use After Free Google +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, in functions msm_isp_check_stream_cfg_cmd & msm_isp_stats_update_cgc_override, 'stream_cfg_cmd->num_streams' is not. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Linux +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, user controlled variables "nr_cmds" and "nr_bos" number are passed across functions without any check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Linux Buffer Overflow Google +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, if there is more than one thread doing the device open operation, the device may be opened more than once. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Qualcomm Google +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, an output buffer is accessed in one thread and can be potentially freed in another. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In all Qualcomm products with Android releases from CAF using the Linux kernel, when reading from sysfs nodes, one can read more information than it is allowed to. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing a vendor sub-command, a buffer over-read can occur. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Linux Buffer Overflow Google +3
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In all Qualcomm products with Android releases from CAF using the Linux kernel, the length of the MAC address is not checked which may cause out of bounds read. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Linux Buffer Overflow Google +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, in an ISP Camera kernel driver function, an incorrect bounds check may potentially lead to an out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, concurrent calls into ioctl RMNET_IOCTL_ADD_MUX_CHANNEL in ipa wan driver may lead to memory corruption due to missing. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, in audio_aio_ion_lookup_vaddr, the buffer length, which is user input, ends up being used to validate if the buffer is. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, using a debugfs node, a write to a PCIe register can cause corruption of kernel memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In all Qualcomm products with Android releases from CAF using the Linux kernel, out of bounds access is possible in c_show(), due to compat_hwcap_str[] not being NULL-terminated. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Linux +2
NVD
EPSS 0% CVSS 8.1
HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Linux Google +3
NVD
EPSS 0% CVSS 7.0
HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a USB driver can lead to a Use After Free condition. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Linux Google +3
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Linux Google +3
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, if a pointer argument coming from userspace is invalid, a driver may use an uninitialized structure to log an error. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, if a userspace string is not NULL-terminated, kernel memory contents can leak to system logs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, in a video driver, memory corruption can potentially occur due to lack of bounds checking in a memcpy(). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, in function __mdss_fb_copy_destscaler_data(), variable ds_data[i].scale may still point to a user-provided address. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Linux Use After Free +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, in a driver function, a value from userspace is not properly validated potentially leading to an out of bounds heap. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Linux Buffer Overflow Google +3
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a driver potentially leading to a use-after-free condition. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Linux Google Qualcomm +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, the camera application can possibly request frame/command buffer processing with invalid values leading to the driver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Linux Buffer Overflow Google +3
NVD
EPSS 0% CVSS 7.0
HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in an IOCTL handler potentially leading to an integer overflow and then an out-of-bounds write. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Linux Buffer Overflow Google +3
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Linux Google Qualcomm +3
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver which can lead to a double free. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Linux Google Qualcomm +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, a kernel fault can occur when doing certain operations on a read-only virtual address in userspace. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux +2
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, in some memory allocation and free functions, a race condition can potentially occur leading to a Use After Free. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Denial Of Service Linux Google +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, in a camera driver ioctl, a kernel overwrite can potentially occur. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux +2
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may improperly pass validation and cause an out of bounds write later. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Qualcomm Google Linux +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sde_rotator debug interface for register reading with multiple processes, one process can free the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Linux Google Qualcomm +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, array out of bounds access can occur if userspace sends more than 16 multicast addresses. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Linux Buffer Overflow Google +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in boot. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Linux Buffer Overflow Google +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In all Qualcomm products with Android releases from CAF using the Linux kernel, an audio client pointer is dereferenced before being checked if it is valid. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Linux +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel memory can potentially be overwritten if an invalid master is sent from userspace. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Qualcomm Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, arguments to several QTEE syscalls are not properly validated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an image file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a driver can potentially leak kernel memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, the length in an HCI command is not properly checked for validity. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, when downloading a file, an excessive amount of memory may be consumed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, there is no size check for the images being flashed onto the NAND memory in their respective partitions, so there is a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a configuration vulnerability exists when loading a 3rd-party QTEE application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a handover scenario. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an array index out of bounds vulnerability exists in LPP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a use-after-free vulnerability exists in IMS RCS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Use After Free Google +4
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a WLAN driver ioctl. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Google +2
NVD
EPSS 0% CVSS 8.1
HIGH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, there is a TOCTOU race condition in Secure UI. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Linux Google Qualcomm +3
NVD
Prev Page 8 of 13 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy