Skip to main content

Sdx20 Firmware

229 CVEs product

Monthly

CVE-2020-3658 CRITICAL Act Now

Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware +42
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2020-3628 CRITICAL Act Now

Improper access due to socket opened by the logging application without specifying localhost address in Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, Rennell, SDX20. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Apq8053 Firmware Rennell Firmware Sdx20 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2020-3614 CRITICAL Act Now

Possible buffer overflow while copying the frame to local buffer due to lack of check of length before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +52
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-3641 CRITICAL Act Now

Integer overflow may occur if atom size is less than atom offset as there is improper validation of atom size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Integer Overflow Apq8009 Firmware Apq8053 Firmware +36
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-3633 CRITICAL Act Now

Array out of bound may occur while playing mp3 file as no check is there on offset if it is greater than the buffer allocated or not in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Apq8009 Firmware Apq8053 Firmware Apq8096Au Firmware +34
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-3630 HIGH PATCH This Week

Possibility of out of bound access while processing the responses from video firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Apq8009 Firmware Apq8053 Firmware Apq8096Au Firmware +45
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3616 HIGH This Week

Buffer overflow in display function due to memory copy without checking length of size using strcpy function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8017 Firmware Apq8053 Firmware Apq8096Au Firmware +24
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3615 CRITICAL PATCH Act Now

Valid deauth/disassoc frames is dropped in case if RMF is enabled and some rouge peer keep on sending rogue deauth/disassoc frames due to improper enum values used to check the frame subtype in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Information Disclosure Apq8009 Firmware Apq8053 Firmware Apq8096Au Firmware +22
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2020-3610 HIGH PATCH This Week

Possibility of double free of the drawobj that is added to the drawqueue array of the context during IOCTL commands as there is no refcount taken for this object in Snapdragon Auto, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Apq8009 Firmware Apq8053 Firmware Apq8096Au Firmware +34
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3651 HIGH PATCH This Week

Active command timeout since WM status change cmd is not removed from active queue if peer sends multiple deauth frames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +37
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2019-2274 HIGH PATCH This Week

Improper Access Control for RPU write access from secure processor in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Apq8017 Firmware Apq8053 Firmware Apq8098 Firmware +34
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-2242 CRITICAL Act Now

Device memory may get corrupted because of buffer overflow/underflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Qualcomm Buffer Overflow Apq8009 Firmware Apq8016 Firmware +46
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-10614 CRITICAL PATCH Act Now

Out of boundary access is possible as there is no validation of data accessed against the received size of the packet in case of malicious firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Qualcomm Memory Corruption Apq8009 Firmware Apq8017 Firmware +43
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-10607 HIGH PATCH This Week

Out of bounds memcpy can occur by providing the embedded NULL character string and length greater than the actual string length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +36
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10605 HIGH PATCH This Week

Buffer overwrite can occur in IEEE80211 header filling function due to lack of range check of array index received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8053 Firmware Ipq8074 Firmware +11
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10600 HIGH PATCH This Week

Use of local variable as argument to netlink CB callback goes out of it scope when callback triggered lead to invalid stack memory in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Qualcomm Apq8009 Firmware Apq8017 Firmware +48
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10598 HIGH PATCH This Week

Out of bound access can occur while processing peer info in IBSS connection mode due to lack of upper bounds check to ensure that for loop further will not cause an overflow in Snapdragon Auto,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Apq8053 Firmware Apq8096Au Firmware Mdm9607 Firmware +17
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10595 HIGH PATCH This Week

Possible buffer overwrite in message handler due to lack of validation of tid value calculated from packets received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Apq8009 Firmware Apq8053 Firmware Apq8064 Firmware +27
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10584 HIGH PATCH This Week

Possibility of out of bound access in debug queue, if packet size field is corrupted in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware +43
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10572 CRITICAL PATCH Act Now

Improper check in video driver while processing data from video firmware can lead to integer overflow and then buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Qualcomm Buffer Overflow Apq8009 Firmware Apq8017 Firmware +41
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2019-10557 CRITICAL PATCH Act Now

Out-of-bound read in the wireless driver in the Linux kernel due to lack of check of buffer length. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure Qualcomm Apq8009 Firmware +22
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-10544 HIGH PATCH This Week

Improper length check on source buffer to handle userspace data received can lead to out-of-bound access in diag handlers in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +43
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10536 HIGH PATCH This Week

Potential double free scenario if driver receives another DIAG_EVENT_LOG_SUPPORTED event from firmware as the pointer is not set to NULL on first call in Snapdragon Auto, Snapdragon Compute,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +44
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10525 CRITICAL Act Now

Buffer overflow during SIB read when network configures complete sib list along with first and last segment of other SIB in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption Apq8009 Firmware Apq8017 Firmware +50
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-10518 HIGH This Week

Use after free of a pointer in iWLAN scenario during netmgr state transition to CONNECT in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Use After Free Qualcomm Memory Corruption Apq8009 Firmware +48
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10517 HIGH This Week

Memory is being freed up twice when two concurrent threads are executing in parallel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +30
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10516 CRITICAL Act Now

Multiple read overflows in MM while decoding service accept,service reject,attach reject and MT detach in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware +50
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-10500 CRITICAL Act Now

While processing MT Secondary PDP request, Buffer overflow will happen due to incorrect calculation of buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +49
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-10487 CRITICAL Act Now

Buffer over read can happen while parsing SMS OTA messages at transport layer if network sends un-intended values in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware +51
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-10480 HIGH PATCH This Week

Out of bound write can happen in WMI firmware event handler due to lack of validation of data received from WLAN firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Qualcomm Memory Corruption Apq8009 Firmware Apq8017 Firmware +41
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-2337 HIGH This Week

While Skipping unknown IES, EMM is reading the buffer even if the no of bytes to read are more than message length which may cause device to shutdown in Snapdragon Auto, Snapdragon Compute,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Apq8053 Firmware Apq8096Au Firmware +46
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2019-2320 CRITICAL Act Now

Possible out of bounds write in a MT SMS/SS scenario due to improper validation of array index in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +51
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-2310 HIGH PATCH This Week

Out of bound read would occur while trying to read action category and action ID without validating the action length of the Rx Frame body in Snapdragon Auto, Snapdragon Consumer Electronics. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware +33
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2019-10592 HIGH This Week

Possible integer overflow while multiplying two integers of 32 bit in QDCM API of get display modes as there is no check on the maximum mode count in Snapdragon Auto, Snapdragon Compute, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Qualcomm Buffer Overflow Apq8017 Firmware Apq8053 Firmware +37
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10571 HIGH PATCH This Week

Snapshot of IB can lead to invalid address access due to missing check for size in the related function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Apq8017 Firmware Apq8053 Firmware Apq8096Au Firmware +38
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10559 CRITICAL Act Now

Accessing data buffer beyond the available data while parsing ogg clip can lead to null-pointer dereference and then memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware +35
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-10555 HIGH PATCH This Week

Buffer overflow can occur due to usage of wrong datatype and missing length check before copying into buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Apq8017 Firmware Apq8053 Firmware Apq8096Au Firmware +37
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10530 HIGH PATCH This Week

Lack of check of data truncation on user supplied data in kernel leads to buffer overflow in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Qualcomm Buffer Overflow Mdm9150 Firmware Mdm9206 Firmware +34
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10511 CRITICAL Act Now

Possibility of memory overflow while decoding GSNDCP compressed mode PDU in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +52
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-10494 HIGH PATCH This Week

Race condition between the camera functions due to lack of resource lock which will lead to memory corruption and UAF issue in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +38
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2019-10485 HIGH This Week

Infinite loop while decoding compressed data can lead to overrun condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +52
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2019-2335 HIGH This Week

While processing Attach Reject message, Valid exit condition is not met resulting into an infinite loop in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +50
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2019-2303 CRITICAL Act Now

SNDCP module may access array out side its boundary when it receives malformed XID message. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware +53
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2019-2297 HIGH PATCH This Week

Buffer overflow can occur while processing non-standard NAN message from user space. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +27
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-2289 CRITICAL Act Now

Lack of integrity check allows MODEM to accept any NAS messages which can result into authentication bypass of NAS in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +52
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2019-2271 CRITICAL Act Now

Buffer over read can happen while parsing downlink session management OTA messages if network sends un-intended values in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware +53
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-2268 CRITICAL PATCH Act Now

Possible OOB read issue in P2P action frames while handling WLAN management frame in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware +24
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2019-10566 HIGH PATCH This Week

Buffer overflow can occur in wlan module if supported rates or extended rates element length is greater than max rate set length in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Apq8017 Firmware Apq8053 Firmware Apq8096Au Firmware +23
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10563 HIGH PATCH This Week

Buffer over-read can occur in fast message handler due to improper input validation while processing a message from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Apq8053 Firmware Apq8096Au Firmware Msm8996au Firmware +9
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10535 MEDIUM PATCH This Month

Improper validation for loop variable received from firmware can lead to out of bound access in WLAN function while iterating through loop in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Apq8053 Firmware Apq8096Au Firmware Apq8098 Firmware +10
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-10503 HIGH PATCH This Week

Out-of-bounds access can occur in camera driver due to improper validation of array index in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +24
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10490 MEDIUM This Month

Use after free issue in Xtra daemon shutdown due to static object instance getting freed from a multiple places in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Use After Free Qualcomm Memory Corruption Apq8009 Firmware +37
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-10486 HIGH PATCH This Week

Race condition due to the lack of resource lock which will be concurrently modified in the memcpy statement leads to out of bound access in Snapdragon Auto, Snapdragon Consumer Electronics. Rated high severity (CVSS 7.0).

Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +33
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2019-2332 CRITICAL PATCH Act Now

Memory corruption while accessing the memory as payload size is not validated before access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Qualcomm Memory Corruption Mdm9150 Firmware Mdm9206 Firmware +44
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-2331 CRITICAL PATCH Act Now

Possible Integer overflow because of subtracting two integers without checking if the result would overflow or not in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Qualcomm Buffer Overflow Mdm9150 Firmware Mdm9206 Firmware +44
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2019-2325 CRITICAL PATCH Act Now

Out of boundary access due to token received from ADSP and is used without validation as an index into the array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Information Disclosure Mdm9150 Firmware Mdm9206 Firmware Mdm9607 Firmware +41
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-2324 CRITICAL PATCH Act Now

When ADSP is compromised, the audio port index that`s returned from ADSP might be out of the valid range and leads to out of boundary access in Snapdragon Auto, Snapdragon Connectivity, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qualcomm Mdm9150 Firmware Mdm9206 Firmware Mdm9607 Firmware +30
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-2323 CRITICAL PATCH Act Now

Lack of check to ensure crypto engine data passed by user is initialized can result in bus error in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Information Disclosure Mdm9150 Firmware Mdm9206 Firmware Mdm9607 Firmware +38
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-2302 CRITICAL Act Now

While processing vendor command which contains corrupted channel count, an integer overflow occurs and finally will lead to heap overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Qualcomm Buffer Overflow Apq8017 Firmware Apq8053 Firmware +28
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2019-2283 CRITICAL PATCH Act Now

Improper validation of read and write index of tx and rx fifo`s before calculating pointer can lead to out-of-bound access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure Mdm9150 Firmware Mdm9206 Firmware +37
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-2258 CRITICAL Act Now

Improper validation of array index causes OOB write and then leads to memory corruption in MMCP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Mdm9150 Firmware Mdm9607 Firmware Mdm9615 Firmware +47
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-2249 CRITICAL Act Now

Kernel can do a memory read from arbitrary address passed by user during execution of a syscall in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Ipq8074 Firmware Mdm9205 Firmware +25
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2019-10542 CRITICAL PATCH Act Now

Buffer over-read may occur when downloading a corrupted firmware file that has chunk length in header which doesn`t match the contents in Snapdragon Auto, Snapdragon Consumer Electronics. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure Mdm9150 Firmware Mdm9206 Firmware +27
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2019-10541 CRITICAL Act Now

Dereference on uninitialized buffer can happen when parsing FLV clip with corrupted codec specific data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Mdm9206 Firmware Mdm9607 Firmware Msm8909W Firmware +33
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-10534 CRITICAL Act Now

Null-pointer dereference can occur while accessing the super index entry when it is not been allocated in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Qualcomm Mdm9206 Firmware Mdm9607 Firmware +37
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-10533 CRITICAL Act Now

Out of bound access due to improper validation of array index cause the index table entry to get corrupt in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Mdm9206 Firmware Mdm9607 Firmware Msm8909W Firmware +36
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-10529 HIGH POC PATCH This Week

Possible use after free issue due to race condition while attempting to mark the entry pages as dirty using function set_page_dirty() in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service Qualcomm Mdm9150 Firmware Mdm9206 Firmware +39
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
1.7%
CVE-2019-10528 CRITICAL PATCH Act Now

Use after free issue in kernel while accessing freed mdlog session info and its attributes after closing the session in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Use After Free Qualcomm Memory Corruption Mdm9206 Firmware +27
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2019-10524 HIGH PATCH This Week

Lack of check for a negative value returned for get_clk is wrongly interpreted as valid pointer and lead to use after free in clk driver in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Use After Free Qualcomm Memory Corruption Mdm9150 Firmware +40
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10522 CRITICAL Act Now

While playing the clip which is nonstandard buffer overflow can occur while parsing in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Mdm9206 Firmware Mdm9607 Firmware Msm8909W Firmware +39
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2019-10515 MEDIUM PATCH This Month

DCI client which might be preemptively freed up might be accessed for transferring packets leading to kernel error in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Qualcomm Information Disclosure Memory Corruption Mdm9150 Firmware +38
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-10512 HIGH PATCH This Week

Payload size is not checked before using it as array index in audio in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Ipq4019 Firmware Ipq8064 Firmware Ipq8074 Firmware +45
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10505 CRITICAL PATCH Act Now

Out of bound access while processing a non-standard IE measurement request with length crossing past the size of frame in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure Mdm9150 Firmware Mdm9206 Firmware +42
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2019-10491 HIGH PATCH This Week

ADSP can be compromised since it`s a general-purpose CPU processing untrusted data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Ipq4019 Firmware Ipq8064 Firmware Ipq8074 Firmware +44
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10488 HIGH This Week

Null pointer dereference can occur while parsing invalid chunks while playing the nonstandard clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Qualcomm Mdm9150 Firmware Mdm9206 Firmware +42
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2019-2341 HIGH PATCH This Week

Buffer overflow when the audio buffer size provided by user is larger than the maximum allowable audio buffer size. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Mdm9150 Firmware Mdm9206 Firmware Mdm9607 Firmware +41
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-2333 HIGH PATCH This Week

Buffer overflow due to improper validation of buffer size while IPA driver processing to perform read operation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Mdm9150 Firmware Mdm9607 Firmware Mdm9650 Firmware +35
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10539 CRITICAL Act Now

Possible buffer overflow issue due to lack of length check when parsing the extended cap IE header length in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Ipq8074 Firmware Mdm9206 Firmware Mdm9607 Firmware +46
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-10538 CRITICAL PATCH Act Now

Lack of check of address range received from firmware response allows modem to respond arbitrary pages into its address range which can compromise HLOS in Snapdragon Auto, Snapdragon Compute,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Information Disclosure Msm8909W Firmware Msm8996au Firmware Qcs405 Firmware +24
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-10508 HIGH PATCH This Week

Lack of input validation for data received from user space can lead to OOB access in WLAN in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Mdm9150 Firmware Mdm9206 Firmware Mdm9607 Firmware +23
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10507 HIGH PATCH This Week

Lack of check of extscan change results received from firmware can lead to an out of buffer read in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure Mdm9150 Firmware Mdm9206 Firmware +33
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10501 HIGH PATCH This Week

Possible use after free issue due to improper input validation in volume listener library in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Qualcomm Mdm9150 Firmware Mdm9206 Firmware Mdm9607 Firmware +37
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10498 HIGH This Week

Buffer overflow scenario if the client sends more than 5 io_vec requests to the server in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Mdm9150 Firmware Mdm9206 Firmware Mdm9607 Firmware +41
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10497 HIGH PATCH This Week

Use after free issue occurs If another instance of open for voice_svc node has been called from application without closing the previous one. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Use After Free Qualcomm Memory Corruption Mdm9150 Firmware +42
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10489 HIGH This Week

Possible null-pointer dereference can occur while parsing avi clip during copy in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Qualcomm Mdm9206 Firmware Mdm9607 Firmware +40
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2019-2345 HIGH PATCH This Week

Race condition while accessing DMA buffer in jpeg driver in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in. Rated high severity (CVSS 7.0).

Race Condition Qualcomm Information Disclosure Msm8909W Firmware Msm8996au Firmware +20
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2019-2334 HIGH This Week

Null pointer dereferencing can happen when playing the clip with wrong block group id in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Qualcomm Mdm9150 Firmware Mdm9206 Firmware +42
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2019-2330 MEDIUM PATCH This Month

improper input validation in allocation request for secure allocations can lead to page fault. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Ipq4019 Firmware Ipq8064 Firmware Ipq8074 Firmware +35
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2019-2328 HIGH PATCH This Week

Possible buffer overflow when number of channels passed is more than size of channel mapping array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Qualcomm Mdm9150 Firmware Mdm9206 Firmware Mdm9607 Firmware +42
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2327 CRITICAL Act Now

Possible buffer overflow can occur when playing clip with incorrect element size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Mdm9150 Firmware Mdm9206 Firmware Mdm9607 Firmware +41
NVD
CVSS 3.0
9.8
EPSS
0.9%
EPSS 1% CVSS 9.1
CRITICAL Act Now

Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure +44
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Improper access due to socket opened by the logging application without specifying localhost address in Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, Rennell, SDX20. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Apq8053 Firmware +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Possible buffer overflow while copying the frame to local buffer due to lack of check of length before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware +54
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Integer overflow may occur if atom size is less than atom offset as there is improper validation of atom size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Integer Overflow +38
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Array out of bound may occur while playing mp3 file as no check is there on offset if it is greater than the buffer allocated or not in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Apq8009 Firmware +36
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Possibility of out of bound access while processing the responses from video firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Apq8009 Firmware +47
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Buffer overflow in display function due to memory copy without checking length of size using strcpy function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8017 Firmware +26
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Valid deauth/disassoc frames is dropped in case if RMF is enabled and some rouge peer keep on sending rogue deauth/disassoc frames due to improper enum values used to check the frame subtype in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Information Disclosure Apq8009 Firmware +24
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Possibility of double free of the drawobj that is added to the drawqueue array of the context during IOCTL commands as there is no refcount taken for this object in Snapdragon Auto, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Apq8009 Firmware +36
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Active command timeout since WM status change cmd is not removed from active queue if peer sends multiple deauth frames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Information Disclosure Apq8009 Firmware +39
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Improper Access Control for RPU write access from secure processor in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Apq8017 Firmware +36
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Device memory may get corrupted because of buffer overflow/underflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Qualcomm Buffer Overflow +48
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Out of boundary access is possible as there is no validation of data accessed against the received size of the packet in case of malicious firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Qualcomm Memory Corruption +45
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Out of bounds memcpy can occur by providing the embedded NULL character string and length greater than the actual string length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Apq8009 Firmware +38
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Buffer overwrite can occur in IEEE80211 header filling function due to lack of range check of array index received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Apq8009 Firmware +13
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use of local variable as argument to netlink CB callback goes out of it scope when callback triggered lead to invalid stack memory in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Qualcomm +50
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Out of bound access can occur while processing peer info in IBSS connection mode due to lack of upper bounds check to ensure that for loop further will not cause an overflow in Snapdragon Auto,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Apq8053 Firmware +19
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Possible buffer overwrite in message handler due to lack of validation of tid value calculated from packets received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Apq8009 Firmware +29
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Possibility of out of bound access in debug queue, if packet size field is corrupted in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure +45
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Improper check in video driver while processing data from video firmware can lead to integer overflow and then buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Qualcomm Buffer Overflow +43
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Out-of-bound read in the wireless driver in the Linux kernel due to lack of check of buffer length. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure +24
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Improper length check on source buffer to handle userspace data received can lead to out-of-bound access in diag handlers in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qualcomm Apq8009 Firmware +45
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Potential double free scenario if driver receives another DIAG_EVENT_LOG_SUPPORTED event from firmware as the pointer is not set to NULL on first call in Snapdragon Auto, Snapdragon Compute,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Apq8009 Firmware +46
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Buffer overflow during SIB read when network configures complete sib list along with first and last segment of other SIB in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption +52
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Use after free of a pointer in iWLAN scenario during netmgr state transition to CONNECT in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Use After Free Qualcomm +50
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory is being freed up twice when two concurrent threads are executing in parallel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Apq8009 Firmware +32
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Multiple read overflows in MM while decoding service accept,service reject,attach reject and MT detach in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure +52
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

While processing MT Secondary PDP request, Buffer overflow will happen due to incorrect calculation of buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware +51
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Buffer over read can happen while parsing SMS OTA messages at transport layer if network sends un-intended values in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure +53
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Out of bound write can happen in WMI firmware event handler due to lack of validation of data received from WLAN firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Qualcomm Memory Corruption +43
NVD
EPSS 1% CVSS 7.5
HIGH This Week

While Skipping unknown IES, EMM is reading the buffer even if the no of bytes to read are more than message length which may cause device to shutdown in Snapdragon Auto, Snapdragon Compute,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure +48
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Possible out of bounds write in a MT SMS/SS scenario due to improper validation of array index in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware +53
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Out of bound read would occur while trying to read action category and action ID without validating the action length of the Rx Frame body in Snapdragon Auto, Snapdragon Consumer Electronics. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure +35
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Possible integer overflow while multiplying two integers of 32 bit in QDCM API of get display modes as there is no check on the maximum mode count in Snapdragon Auto, Snapdragon Compute, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Qualcomm Buffer Overflow +39
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Snapshot of IB can lead to invalid address access due to missing check for size in the related function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Apq8017 Firmware +40
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Accessing data buffer beyond the available data while parsing ogg clip can lead to null-pointer dereference and then memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure +37
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Buffer overflow can occur due to usage of wrong datatype and missing length check before copying into buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Apq8017 Firmware +39
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Lack of check of data truncation on user supplied data in kernel leads to buffer overflow in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Qualcomm Buffer Overflow +36
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Possibility of memory overflow while decoding GSNDCP compressed mode PDU in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware +54
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Race condition between the camera functions due to lack of resource lock which will lead to memory corruption and UAF issue in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Buffer Overflow Qualcomm Apq8009 Firmware +40
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Infinite loop while decoding compressed data can lead to overrun condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Qualcomm Apq8009 Firmware +54
NVD
EPSS 1% CVSS 7.5
HIGH This Week

While processing Attach Reject message, Valid exit condition is not met resulting into an infinite loop in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Qualcomm Apq8009 Firmware +52
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

SNDCP module may access array out side its boundary when it receives malformed XID message. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure +55
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Buffer overflow can occur while processing non-standard NAN message from user space. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Qualcomm Apq8009 Firmware +29
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Lack of integrity check allows MODEM to accept any NAS messages which can result into authentication bypass of NAS in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Qualcomm Apq8009 Firmware +54
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Buffer over read can happen while parsing downlink session management OTA messages if network sends un-intended values in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure +55
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Possible OOB read issue in P2P action frames while handling WLAN management frame in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure +26
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Buffer overflow can occur in wlan module if supported rates or extended rates element length is greater than max rate set length in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Apq8017 Firmware +25
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Buffer over-read can occur in fast message handler due to improper input validation while processing a message from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Apq8053 Firmware +11
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Improper validation for loop variable received from firmware can lead to out of bound access in WLAN function while iterating through loop in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Apq8053 Firmware +12
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Out-of-bounds access can occur in camera driver due to improper validation of array index in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Qualcomm Apq8009 Firmware +26
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Use after free issue in Xtra daemon shutdown due to static object instance getting freed from a multiple places in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Use After Free Qualcomm +39
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Race condition due to the lack of resource lock which will be concurrently modified in the memcpy statement leads to out of bound access in Snapdragon Auto, Snapdragon Consumer Electronics. Rated high severity (CVSS 7.0).

Qualcomm Information Disclosure Apq8009 Firmware +35
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Memory corruption while accessing the memory as payload size is not validated before access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Qualcomm Memory Corruption +46
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Possible Integer overflow because of subtracting two integers without checking if the result would overflow or not in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Qualcomm Buffer Overflow +46
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Out of boundary access due to token received from ADSP and is used without validation as an index into the array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Information Disclosure Mdm9150 Firmware +43
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

When ADSP is compromised, the audio port index that`s returned from ADSP might be out of the valid range and leads to out of boundary access in Snapdragon Auto, Snapdragon Connectivity, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qualcomm Mdm9150 Firmware +32
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Lack of check to ensure crypto engine data passed by user is initialized can result in bus error in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Information Disclosure Mdm9150 Firmware +40
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

While processing vendor command which contains corrupted channel count, an integer overflow occurs and finally will lead to heap overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Qualcomm Buffer Overflow +30
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Improper validation of read and write index of tx and rx fifo`s before calculating pointer can lead to out-of-bound access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure +39
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Improper validation of array index causes OOB write and then leads to memory corruption in MMCP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Mdm9150 Firmware +49
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Kernel can do a memory read from arbitrary address passed by user during execution of a syscall in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure +27
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Buffer over-read may occur when downloading a corrupted firmware file that has chunk length in header which doesn`t match the contents in Snapdragon Auto, Snapdragon Consumer Electronics. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure +29
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Dereference on uninitialized buffer can happen when parsing FLV clip with corrupted codec specific data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Mdm9206 Firmware +35
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Null-pointer dereference can occur while accessing the super index entry when it is not been allocated in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Qualcomm +39
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Out of bound access due to improper validation of array index cause the index table entry to get corrupt in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Mdm9206 Firmware +38
NVD
EPSS 2% CVSS 8.1
HIGH POC PATCH This Week

Possible use after free issue due to race condition while attempting to mark the entry pages as dirty using function set_page_dirty() in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service Qualcomm +41
NVD Exploit-DB
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Use after free issue in kernel while accessing freed mdlog session info and its attributes after closing the session in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Use After Free Qualcomm +29
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Lack of check for a negative value returned for get_clk is wrongly interpreted as valid pointer and lead to use after free in clk driver in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Use After Free Qualcomm +42
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

While playing the clip which is nonstandard buffer overflow can occur while parsing in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Mdm9206 Firmware +41
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

DCI client which might be preemptively freed up might be accessed for transferring packets leading to kernel error in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Qualcomm Information Disclosure +40
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Payload size is not checked before using it as array index in audio in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Ipq4019 Firmware +47
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Out of bound access while processing a non-standard IE measurement request with length crossing past the size of frame in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure +44
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

ADSP can be compromised since it`s a general-purpose CPU processing untrusted data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Ipq4019 Firmware +46
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Null pointer dereference can occur while parsing invalid chunks while playing the nonstandard clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Qualcomm +44
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Buffer overflow when the audio buffer size provided by user is larger than the maximum allowable audio buffer size. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Mdm9150 Firmware +43
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Buffer overflow due to improper validation of buffer size while IPA driver processing to perform read operation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Mdm9150 Firmware +37
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Possible buffer overflow issue due to lack of length check when parsing the extended cap IE header length in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Ipq8074 Firmware +48
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Lack of check of address range received from firmware response allows modem to respond arbitrary pages into its address range which can compromise HLOS in Snapdragon Auto, Snapdragon Compute,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Information Disclosure Msm8909W Firmware +26
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Lack of input validation for data received from user space can lead to OOB access in WLAN in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Mdm9150 Firmware +25
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Lack of check of extscan change results received from firmware can lead to an out of buffer read in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure +35
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Possible use after free issue due to improper input validation in volume listener library in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Qualcomm Mdm9150 Firmware +39
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Buffer overflow scenario if the client sends more than 5 io_vec requests to the server in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Mdm9150 Firmware +43
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use after free issue occurs If another instance of open for voice_svc node has been called from application without closing the previous one. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Use After Free Qualcomm +44
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Possible null-pointer dereference can occur while parsing avi clip during copy in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Qualcomm +42
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Race condition while accessing DMA buffer in jpeg driver in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in. Rated high severity (CVSS 7.0).

Race Condition Qualcomm Information Disclosure +22
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Null pointer dereferencing can happen when playing the clip with wrong block group id in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Qualcomm +44
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

improper input validation in allocation request for secure allocations can lead to page fault. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Ipq4019 Firmware +37
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Possible buffer overflow when number of channels passed is more than size of channel mapping array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Qualcomm Mdm9150 Firmware +44
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Possible buffer overflow can occur when playing clip with incorrect element size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Mdm9150 Firmware +43
NVD
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy