Snapdragon 855 860 Mobile Platform Firmware
Monthly
Memory corruption while processing GPU page table switch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.
Memory corruption while processing voice packet with arbitrary data received from ADSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Memory corruption in Audio when memory map command is executed consecutively in ADSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Transient DOS in WLAN Firmware while parsing a BTM request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Transient DOS in Data Modem during DTLS handshake. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Memory corruption while receiving a message in Bus Socket Transport Server. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Permanent DOS in Hypervisor while untrusted VM without PSCI support makes a PSCI call. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory corruption in Audio during playback with speaker protection. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory corruption in TZ Secure OS while requesting a memory allocation from TA region. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory corruption in HLOS while running playready use-case. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory corruption when IPv6 prefix timer object`s lifetime expires which are created while Netmgr daemon gets an IPv6 address. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.
Memory corruption when processing cmd parameters while parsing vdev. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Transient DOS in Bluetooth Host while rfc slot allocation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while loading an ELF segment in TEE Kernel. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption in MPP performance while accessing DSM watermark using external memory address. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory Corruption in SPS Application while exporting public key in sorter TA. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory Corruption in Audio while invoking IOCTLs calls from the user-space. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory Corruption in camera while installing a fd for a particular DMA buffer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory Corruption in Radio Interface Layer while sending an SMS or writing an SMS to SIM. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while processing audio effects. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Information disclosure in WLAN HAL while handling command through WMI interfaces. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Information disclosure in WLAN HAL when reception status handler is called. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Information disclosure in WLAN HAL while handling the WMI state info command. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Information disclosure in IOE Firmware while handling WMI command. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Cryptographic issue in HLOS during key management. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Information Disclosure in Qualcomm IPC while reading values from shared memory in VM. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Memory corruption in TZ Secure OS while loading an app ELF. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory Corruption in Core due to secure memory access by user while loading modem image. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory Corruption in Multi-mode Call Processor while processing bit mask API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption in WLAN while sending transmit command from HLOS to UTF handlers. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while processing GPU page table switch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.
Memory corruption while processing voice packet with arbitrary data received from ADSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Memory corruption in Audio when memory map command is executed consecutively in ADSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Transient DOS in WLAN Firmware while parsing a BTM request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Transient DOS in Data Modem during DTLS handshake. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Memory corruption while receiving a message in Bus Socket Transport Server. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Permanent DOS in Hypervisor while untrusted VM without PSCI support makes a PSCI call. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory corruption in Audio during playback with speaker protection. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory corruption in TZ Secure OS while requesting a memory allocation from TA region. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory corruption in HLOS while running playready use-case. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory corruption when IPv6 prefix timer object`s lifetime expires which are created while Netmgr daemon gets an IPv6 address. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.
Memory corruption when processing cmd parameters while parsing vdev. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Transient DOS in Bluetooth Host while rfc slot allocation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while loading an ELF segment in TEE Kernel. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption in MPP performance while accessing DSM watermark using external memory address. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory Corruption in SPS Application while exporting public key in sorter TA. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory Corruption in Audio while invoking IOCTLs calls from the user-space. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory Corruption in camera while installing a fd for a particular DMA buffer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory Corruption in Radio Interface Layer while sending an SMS or writing an SMS to SIM. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while processing audio effects. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Information disclosure in WLAN HAL while handling command through WMI interfaces. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Information disclosure in WLAN HAL when reception status handler is called. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Information disclosure in WLAN HAL while handling the WMI state info command. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Information disclosure in IOE Firmware while handling WMI command. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Cryptographic issue in HLOS during key management. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Information Disclosure in Qualcomm IPC while reading values from shared memory in VM. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Memory corruption in TZ Secure OS while loading an app ELF. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory Corruption in Core due to secure memory access by user while loading modem image. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory Corruption in Multi-mode Call Processor while processing bit mask API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption in WLAN while sending transmit command from HLOS to UTF handlers. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.