Skip to main content

Sdx24 Firmware

202 CVEs product

Monthly

CVE-2019-2293 HIGH PATCH This Week

Pointer dereference while freeing IFE resources due to lack of length check of in port resource. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Qualcomm Information Disclosure Memory Corruption Msm8909W Firmware +20
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2290 HIGH PATCH This Week

Multiple open and close from multiple threads will lead camera driver to access destroyed session data pointer in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Qualcomm Information Disclosure Memory Corruption Mdm9206 Firmware +27
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2281 HIGH This Week

An unauthenticated bitmap image can be loaded in to memory and subsequently cause execution of unverified code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Qcs405 Firmware Qcs605 Firmware Sd 636 Firmware +17
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2276 CRITICAL PATCH Act Now

Possible out of bound read occurs while processing beaconing request due to lack of check on action frames received from user controlled space in Snapdragon Auto, Snapdragon Consumer Electronics. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure Mdm9607 Firmware Msm8996au Firmware +20
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2019-2241 MEDIUM This Month

While rendering the layout background, Error status check is not caught properly and also incorrect status handling is being done leading to unintended SUI behaviour in Snapdragon Auto, Snapdragon. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Mdm9150 Firmware Mdm9206 Firmware Mdm9607 Firmware +28
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2019-2240 MEDIUM This Month

While sending the rendered surface content to the screen, Error handling is not properly checked results in an unpredictable behaviour in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Ipq4019 Firmware Ipq8064 Firmware Ipq8074 Firmware +47
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2019-2239 MEDIUM This Month

Sanity checks are missing in layout which can lead to SUI Corruption or can lead to Denial of Service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Qualcomm Mdm9150 Firmware Mdm9206 Firmware Mdm9607 Firmware +47
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2019-2292 HIGH PATCH This Week

Out of bound access can occur due to buffer copy without checking size of input received from WLAN firmware in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Qualcomm Memory Corruption Mdm9150 Firmware Mdm9650 Firmware +29
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2287 CRITICAL PATCH Act Now

Improper validation for inputs received from firmware can lead to an out of bound write issue in video driver. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Qualcomm Memory Corruption Mdm9150 Firmware Mdm9206 Firmware +40
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2019-2279 CRITICAL PATCH Act Now

Shared memory gets updated with invalid data and may lead to access beyond the allocated memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Qualcomm Memory Corruption Mdm9150 Firmware Mdm9607 Firmware +36
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2019-2277 HIGH PATCH This Week

Out of bound read can happen due to lack of NULL termination on user controlled data in WLAN in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure Msm8996au Firmware Qcs405 Firmware +26
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2269 CRITICAL PATCH Act Now

Possible buffer overflow while processing the high level lim process action frame due to improper buffer length validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Qualcomm Mdm9150 Firmware Mdm9650 Firmware Msm8996au Firmware +21
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2019-2264 HIGH PATCH This Week

Null pointer dereference occurs for channel context while opening glink channel in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Use After Free Qualcomm Memory Corruption Mdm9607 Firmware +25
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2260 HIGH PATCH This Week

A race condition occurs while processing perf-event which can lead to a use after free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated high severity (CVSS 7.0).

Race Condition Denial Of Service Qualcomm Mdm9150 Firmware Mdm9206 Firmware +37
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2019-2257 HIGH This Week

Wrong permissions in configuration file can lead to unauthorized permission in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Qualcomm Mdm9150 Firmware Mdm9607 Firmware Mdm9650 Firmware +21
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2247 HIGH PATCH This Week

Possibility of double free issue while running multiple instances of smp2p test because of proper protection is missing while using global variable in Snapdragon Auto, Snapdragon Compute, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Mdm9150 Firmware Mdm9206 Firmware Mdm9607 Firmware +35
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-5918 HIGH This Week

Possible buffer overflow in DRM Trusted application due to lack of check function return values in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Mdm9206 Firmware Mdm9607 Firmware Mdm9650 Firmware +27
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-5917 HIGH This Week

Possible buffer overflow in OEM crypto function due to improper input validation in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU, SD 425, SD 430, SD 450, SD 625, SD 820, SD 820A, SD. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Msm8996au Firmware Sd 425 Firmware Sd 430 Firmware +11
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-5870 HIGH This Week

While loading a service image, an untrusted pointer dereference can occur in Snapdragon Mobile in versions SD 835, SDA660, SDX24. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Sd 835 Firmware Sda660 Firmware Sdx24 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11996 HIGH This Week

When a malformed command is sent to the device programmer, an out-of-bounds access can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Mdm9206 Firmware Mdm9607 Firmware Mdm9650 Firmware +13
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11994 HIGH This Week

SMMU secure camera logic allows secure camera controllers to access HLOS memory during session in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Mdm9206 Firmware Mdm9607 Firmware Mdm9650 Firmware +17
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11921 HIGH This Week

Failure condition is not handled properly and the correct error code is not returned. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Mdm9206 Firmware Mdm9607 Firmware Mdm9650 Firmware +26
NVD
CVSS 3.0
7.8
EPSS
0.2%
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Pointer dereference while freeing IFE resources due to lack of length check of in port resource. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Qualcomm Information Disclosure +22
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Multiple open and close from multiple threads will lead camera driver to access destroyed session data pointer in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Qualcomm Information Disclosure +29
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An unauthenticated bitmap image can be loaded in to memory and subsequently cause execution of unverified code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Qcs405 Firmware +19
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Possible out of bound read occurs while processing beaconing request due to lack of check on action frames received from user controlled space in Snapdragon Auto, Snapdragon Consumer Electronics. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure +22
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

While rendering the layout background, Error status check is not caught properly and also incorrect status handling is being done leading to unintended SUI behaviour in Snapdragon Auto, Snapdragon. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Mdm9150 Firmware +30
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

While sending the rendered surface content to the screen, Error handling is not properly checked results in an unpredictable behaviour in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Ipq4019 Firmware +49
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Sanity checks are missing in layout which can lead to SUI Corruption or can lead to Denial of Service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Qualcomm Mdm9150 Firmware +49
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Out of bound access can occur due to buffer copy without checking size of input received from WLAN firmware in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Qualcomm Memory Corruption +31
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Improper validation for inputs received from firmware can lead to an out of bound write issue in video driver. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Qualcomm Memory Corruption +42
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Shared memory gets updated with invalid data and may lead to access beyond the allocated memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Qualcomm Memory Corruption +38
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Out of bound read can happen due to lack of NULL termination on user controlled data in WLAN in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure +28
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Possible buffer overflow while processing the high level lim process action frame due to improper buffer length validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Qualcomm Mdm9150 Firmware +23
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Null pointer dereference occurs for channel context while opening glink channel in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Use After Free Qualcomm +27
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

A race condition occurs while processing perf-event which can lead to a use after free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated high severity (CVSS 7.0).

Race Condition Denial Of Service Qualcomm +39
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Wrong permissions in configuration file can lead to unauthorized permission in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Qualcomm Mdm9150 Firmware +23
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Possibility of double free issue while running multiple instances of smp2p test because of proper protection is missing while using global variable in Snapdragon Auto, Snapdragon Compute, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Mdm9150 Firmware +37
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Possible buffer overflow in DRM Trusted application due to lack of check function return values in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Mdm9206 Firmware +29
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Possible buffer overflow in OEM crypto function due to improper input validation in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU, SD 425, SD 430, SD 450, SD 625, SD 820, SD 820A, SD. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Msm8996au Firmware +13
NVD
EPSS 0% CVSS 7.8
HIGH This Week

While loading a service image, an untrusted pointer dereference can occur in Snapdragon Mobile in versions SD 835, SDA660, SDX24. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Sd 835 Firmware +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

When a malformed command is sent to the device programmer, an out-of-bounds access can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Mdm9206 Firmware +15
NVD
EPSS 0% CVSS 7.8
HIGH This Week

SMMU secure camera logic allows secure camera controllers to access HLOS memory during session in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Mdm9206 Firmware +19
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Failure condition is not handled properly and the correct error code is not returned. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Mdm9206 Firmware +28
NVD
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy