Skip to main content

Snapdragon Xr2 5g Platform Firmware

176 CVEs product

Monthly

CVE-2024-21461 HIGH This Week

Memory corruption while performing finish HMAC operation when context is freed by keymaster. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware Apq8017 Firmware Apq8037 Firmware +307
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-43511 HIGH This Week

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service 315 5g Iot Modem Firmware 9206 Lte Modem Firmware Apq8017 Firmware Apq8064au Firmware +346
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-33120 HIGH This Week

Memory corruption in Audio when memory map command is executed consecutively in ADSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Sg8275p Firmware Qcn9074 Firmware Sm7250p Firmware Qcm8550 Firmware Qcs8250 Firmware +225
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-33118 HIGH PATCH This Week

Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Buffer Overflow Ar8035 Firmware Csra6620 Firmware +128
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-33117 HIGH PATCH This Week

Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Buffer Overflow Ar8035 Firmware Csra6620 Firmware +134
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-33114 HIGH PATCH This Week

Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware +109
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2023-33110 HIGH This Week

The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Snapdragon 425 Mobile Platform Firmware Snapdragon 427 Mobile Platform Firmware Snapdragon 429 Mobile Platform Firmware +115
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-33109 HIGH This Week

Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8031 Firmware +301
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-33094 HIGH This Week

Memory corruption while running VK synchronization with KASAN enabled. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Buffer Overflow Ar8035 Firmware Csra6620 Firmware +118
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2023-33062 HIGH This Week

Transient DOS in WLAN Firmware while parsing a BTM request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware +280
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-33040 HIGH This Week

Transient DOS in Data Modem during DTLS handshake. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8035 Firmware Csra6620 Firmware +135
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-33038 MEDIUM This Month

Memory corruption while receiving a message in Bus Socket Transport Server. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8035 Firmware +136
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2023-33037 HIGH This Week

Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ar8035 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware Fastconnect 6800 Firmware +76
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2023-33036 HIGH This Week

Permanent DOS in Hypervisor while untrusted VM without PSCI support makes a PSCI call. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Aqt1000 Firmware Ar8035 Firmware Fastconnect 6200 Firmware +99
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2023-33033 HIGH This Week

Memory corruption in Audio during playback with speaker protection. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware 9206 Lte Modem Firmware +256
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2023-33030 CRITICAL Act Now

Memory corruption in HLOS while running playready use-case. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware 9206 Lte Modem Firmware 9207 Lte Modem Firmware +289
NVD
CVSS 3.1
9.3
EPSS
0.1%
CVE-2023-33107 HIGH KEV PATCH THREAT This Week

Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow 315 5g Iot Modem Firmware Apq8017 Firmware Apq8064au Firmware +233
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-33106 HIGH KEV PATCH THREAT This Week

Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Memory Corruption Buffer Overflow Ar8035 Firmware Csra6620 Firmware Csra6640 Firmware +144
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-33098 HIGH This Week

Transient DOS while parsing WPA IES, when it is passed with length more than expected size. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware +253
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-33089 HIGH This Week

Transient DOS when processing a NULL buffer while parsing WLAN vdev. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8035 Firmware +220
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-33088 HIGH This Week

Memory corruption when processing cmd parameters while parsing vdev. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Null Pointer Dereference 315 5g Iot Modem Firmware Aqt1000 Firmware +298
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-33081 HIGH This Week

Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Ar8035 Firmware Csr8811 Firmware Wcn3991 Firmware +144
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-33080 HIGH This Week

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9206 Lte Modem Firmware Apq8017 Firmware Apq8064au Firmware +361
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-33079 HIGH PATCH This Week

Memory corruption in Audio while running invalid audio recording from ADSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Memory Corruption Buffer Overflow Ar8035 Firmware Csra6620 Firmware Csra6640 Firmware +140
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-33063 HIGH KEV PATCH THREAT This Week

Memory corruption in DSP Services during a remote call from HLOS to DSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption 315 5g Iot Modem Firmware Apq8017 Firmware +278
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-33054 CRITICAL Act Now

Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Authentication Bypass 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8035 Firmware +164
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2023-33044 HIGH This Week

Transient DOS in Data modem while handling TLB control messages from the Network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 315 5g Iot Modem Firmware Ar8035 Firmware Wcn3991 Firmware Wcn3998 Firmware +85
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-33042 HIGH This Week

Transient DOS in Modem after RRC Setup message is received. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 315 5g Iot Modem Firmware Ar8035 Firmware Wcn3991 Firmware Wcn3998 Firmware +70
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-33024 HIGH This Week

Memory corruption while sending SMS from AP firmware. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Ar8035 Firmware Wcn3991 Firmware Wcn3998 Firmware +67
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-33022 HIGH This Week

Memory corruption in HLOS while invoking IOCTL calls from user-space. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8035 Firmware Csra6620 Firmware +207
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-33018 HIGH This Week

Memory corruption while using the UIM diag command to get the operators name. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware 9206 Lte Modem Firmware 9207 Lte Modem Firmware +258
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-33017 HIGH This Week

Memory corruption in Boot while running a ListVars test in UEFI Menu during boot. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware 9206 Lte Modem Firmware 9207 Lte Modem Firmware +272
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28588 HIGH PATCH This Week

Transient DOS in Bluetooth Host while rfc slot allocation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Apq8017 Firmware Apq8064au Firmware Aqt1000 Firmware +205
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-28587 HIGH This Week

Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware +180
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28586 MEDIUM This Month

Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure 315 5g Iot Modem Firmware 9205 Lte Modem Firmware Aqt1000 Firmware +304
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-28585 HIGH This Week

Memory corruption while loading an ELF segment in TEE Kernel. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware Aqt1000 Firmware Ar8031 Firmware +271
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-28551 HIGH This Week

Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware 9206 Lte Modem Firmware 9207 Lte Modem Firmware +238
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28550 HIGH This Week

Memory corruption in MPP performance while accessing DSM watermark using external memory address. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware 9206 Lte Modem Firmware 9207 Lte Modem Firmware +325
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28546 HIGH This Week

Memory Corruption in SPS Application while exporting public key in sorter TA. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware Apq8017 Firmware Apq8037 Firmware +270
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-22668 HIGH PATCH This Week

Memory Corruption in Audio while invoking IOCTLs calls from the user-space. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Aqt1000 Firmware Ar8035 Firmware +53
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-22383 HIGH PATCH This Week

Memory Corruption in camera while installing a fd for a particular DMA buffer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Aqt1000 Firmware C V2x 9150 Firmware +56
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21634 HIGH This Week

Memory Corruption in Radio Interface Layer while sending an SMS or writing an SMS to SIM. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Fastconnect 6200 Firmware Fastconnect 6800 Firmware Fastconnect 6900 Firmware +46
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-33074 HIGH PATCH This Week

Memory corruption in Audio when SSR event is triggered after music playback is stopped. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Wcn6750 Firmware Wcn685X 5 Firmware +57
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-33059 HIGH PATCH This Week

Memory corruption in Audio while processing the VOC packet data from ADSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Integer Overflow Buffer Overflow 315 5g Iot Modem Firmware 9206 Lte Modem Firmware Apq8017 Firmware +255
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-33055 HIGH PATCH This Week

Memory Corruption in Audio while invoking callback function in driver from ADSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Aqt1000 Firmware Ar8035 Firmware Csra6620 Firmware Csra6640 Firmware +147
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-33047 HIGH This Week

Transient DOS in WLAN Firmware while parsing no-inherit IES. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Ar9380 Firmware Csr8811 Firmware Wcn6750 Firmware +173
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-33045 CRITICAL Act Now

Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Csr8811 Firmware Qca6390 Firmware Wcn685X 5 Firmware +124
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-33031 HIGH PATCH This Week

Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Apq8017 Firmware Apq8064au Firmware Aqt1000 Firmware Ar8031 Firmware +160
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28570 HIGH This Week

Memory corruption while processing audio effects. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Ar8035 Firmware Fastconnect 6200 Firmware Fastconnect 6800 Firmware +79
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28556 HIGH This Week

Cryptographic issue in HLOS during key management. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass 315 5g Iot Modem Firmware 9205 Lte Modem Firmware Aqt1000 Firmware Ar8031 Firmware +216
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28554 MEDIUM PATCH This Month

Information Disclosure in Qualcomm IPC while reading values from shared memory in VM. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Qualcomm Information Disclosure Aqt1000 Firmware Ar9380 Firmware +144
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-28553 MEDIUM PATCH This Month

Information Disclosure in WLAN Host when processing WMI event command. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Ar8035 Firmware Ar9380 Firmware Csr8811 Firmware +139
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-28545 HIGH This Week

Memory corruption in TZ Secure OS while loading an app ELF. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware Aqt1000 Firmware Ar8031 Firmware +194
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-24852 HIGH This Week

Memory Corruption in Core due to secure memory access by user while loading modem image. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Authentication Bypass 315 5g Iot Modem Firmware 9205 Lte Modem Firmware Aqt1000 Firmware +262
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-22388 CRITICAL Act Now

Memory Corruption in Multi-mode Call Processor while processing bit mask API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware 9206 Lte Modem Firmware +220
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-33035 HIGH PATCH This Week

Memory corruption while invoking callback function of AFE from ADSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ar8035 Firmware Csra6620 Firmware Csra6640 Firmware Wcn3991 Firmware +139
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-33028 CRITICAL Act Now

Memory corruption in WLAN Firmware while doing a memory copy of pmk cache. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Ar8035 Firmware Ar9380 Firmware Csr8811 Firmware +172
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-33027 HIGH This Week

Transient DOS in WLAN Firmware while parsing rsn ies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qca9898 Firmware Qcn5164 Firmware Qca4024 Firmware Ipq6028 Firmware Qca8075 Firmware +323
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-33026 HIGH This Week

Transient DOS in WLAN Firmware while parsing a NAN management frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Ar9380 Firmware Csr8811 Firmware Wcn6750 Firmware +190
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-28571 MEDIUM PATCH This Month

Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Apq8064au Firmware Csrb31024 Firmware Qca6390 Firmware +82
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-28540 HIGH This Week

Cryptographic issue in Data Modem due to improper authentication during TLS handshake. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8035 Firmware Csra6620 Firmware +147
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-28539 HIGH PATCH This Week

Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ar8035 Firmware Ar9380 Firmware Csr8811 Firmware Csrb31024 Firmware +153
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-24853 HIGH This Week

Memory Corruption in HLOS while registering for key provisioning notify. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware Fastconnect 6800 Firmware +107
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-24850 HIGH This Week

Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apq8017 Firmware Apq8037 Firmware Aqt1000 Firmware Ar8035 Firmware +200
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-24849 HIGH This Week

Information Disclosure in data Modem while parsing an FMTP line in an SDP message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure 315 5g Iot Modem Firmware 9206 Lte Modem Firmware 9207 Lte Modem Firmware +233
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-24848 HIGH This Week

Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure 315 5g Iot Modem Firmware 9206 Lte Modem Firmware 9207 Lte Modem Firmware +239
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-24847 HIGH This Week

Transient DOS in Modem while allocating DSM items. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8031 Firmware +252
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-24843 HIGH This Week

Transient DOS in Modem while triggering a camping on an 5G cell. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 315 5g Iot Modem Firmware Ar8035 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware +61
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-22385 CRITICAL Act Now

Memory Corruption in Data Modem while making a MO call or MT VOLTE call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware 9206 Lte Modem Firmware 9207 Lte Modem Firmware +235
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-21673 HIGH This Week

Improper Access to the VM resource manager can lead to Memory Corruption. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Authentication Bypass Aqt1000 Firmware Ar8035 Firmware Fastconnect 6200 Firmware +158
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28558 HIGH This Week

Memory corruption in WLAN handler while processing PhyID in Tx status handler. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware +191
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28557 HIGH This Week

Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware +269
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28549 HIGH This Week

Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV payload. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8035 Firmware Ar9380 Firmware +216
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28548 HIGH PATCH This Week

Memory corruption in WLAN HAL while processing Tx/Rx commands from QDART. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Aqt1000 Firmware Ar8035 Firmware Ar9380 Firmware Csr8811 Firmware +175
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28538 HIGH This Week

Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Aqt1000 Firmware Csra6620 Firmware Csra6640 Firmware +127
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28555 HIGH This Week

Transient DOS in Audio while remapping channel buffer in media codec decoding. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Wcn3991 Firmware Wcn3998 Firmware Wcn6750 Firmware +67
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-28537 HIGH This Week

Memory corruption while allocating memory in COmxApeDec module in Audio. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow 315 5g Iot Modem Firmware Apq8017 Firmware Aqt1000 Firmware +180
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21670 HIGH PATCH This Week

Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Authentication Bypass 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8031 Firmware +179
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21669 HIGH PATCH This Week

Information Disclosure in WLAN HOST while sending DPP action frame to peer with an invalid source address. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Aqt1000 Firmware Wcn3991 Firmware Wcn3998 Firmware +58
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-21661 HIGH This Week

Transient DOS while parsing WLAN beacon or probe-response frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Ar9380 Firmware Csr8811 Firmware Wcn6750 Firmware +111
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-21659 HIGH This Week

Transient DOS in WLAN Firmware while processing frames with missing header fields. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8035 Firmware Ar9380 Firmware +266
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-21658 HIGH This Week

Transient DOS in WLAN Firmware while processing the received beacon or probe response frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Ar9380 Firmware Csr8811 Firmware Wcn6750 Firmware +147
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-21657 HIGH PATCH This Week

Memoru corruption in Audio when ADSP sends input during record use case. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Csra6620 Firmware Csra6640 Firmware Wcn3991 Firmware Wcn3998 Firmware +122
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21656 HIGH PATCH This Week

Memory corruption in WLAN HOST while receiving an WMI event from firmware. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Ar8035 Firmware Csra6620 Firmware Csra6640 Firmware Csrb31024 Firmware +124
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21666 HIGH PATCH This Week

Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Buffer Overflow Wcn3998 Firmware Qca6390 Firmware Wcn685X 5 Firmware Wcn685X 1 Firmware +161
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21665 HIGH PATCH This Week

Memory corruption in Graphics while importing a file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow 315 5g Iot Modem Firmware 9206 Lte Modem Firmware Apq8017 Firmware Apq8052 Firmware +216
NVD
CVSS 3.1
7.8
EPSS
0.2%
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption while performing finish HMAC operation when context is freed by keymaster. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware +309
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service 315 5g Iot Modem Firmware 9206 Lte Modem Firmware +348
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption in Audio when memory map command is executed consecutively in ADSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Sg8275p Firmware Qcn9074 Firmware Sm7250p Firmware +227
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Buffer Overflow +130
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Buffer Overflow +136
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Buffer Overflow +111
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Snapdragon 425 Mobile Platform Firmware +117
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference 315 5g Iot Modem Firmware +303
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Memory corruption while running VK synchronization with KASAN enabled. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Buffer Overflow +120
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS in WLAN Firmware while parsing a BTM request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware +282
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS in Data Modem during DTLS handshake. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware +137
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Memory corruption while receiving a message in Bus Socket Transport Server. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow 315 5g Iot Modem Firmware +138
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ar8035 Firmware Fastconnect 6200 Firmware +78
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Permanent DOS in Hypervisor while untrusted VM without PSCI support makes a PSCI call. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Aqt1000 Firmware +101
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Memory corruption in Audio during playback with speaker protection. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow 315 5g Iot Modem Firmware +258
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Memory corruption in HLOS while running playready use-case. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware +291
NVD
EPSS 1% CVSS 7.8
HIGH KEV PATCH THREAT This Week

Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow 315 5g Iot Modem Firmware +235
NVD
EPSS 1% CVSS 7.8
HIGH KEV PATCH THREAT This Week

Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Memory Corruption Buffer Overflow Ar8035 Firmware +146
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS while parsing WPA IES, when it is passed with length more than expected size. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware +255
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS when processing a NULL buffer while parsing WLAN vdev. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference 315 5g Iot Modem Firmware +222
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption when processing cmd parameters while parsing vdev. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Null Pointer Dereference +300
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Ar8035 Firmware +146
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9206 Lte Modem Firmware +363
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption in Audio while running invalid audio recording from ADSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Memory Corruption Buffer Overflow Ar8035 Firmware +142
NVD
EPSS 1% CVSS 7.8
HIGH KEV PATCH THREAT This Week

Memory corruption in DSP Services during a remote call from HLOS to DSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption +280
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Authentication Bypass 315 5g Iot Modem Firmware +166
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Transient DOS in Data modem while handling TLB control messages from the Network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 315 5g Iot Modem Firmware Ar8035 Firmware +87
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Transient DOS in Modem after RRC Setup message is received. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 315 5g Iot Modem Firmware Ar8035 Firmware +72
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption while sending SMS from AP firmware. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Ar8035 Firmware +69
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption in HLOS while invoking IOCTL calls from user-space. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware +209
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption while using the UIM diag command to get the operators name. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware +260
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption in Boot while running a ListVars test in UEFI Menu during boot. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware +274
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Transient DOS in Bluetooth Host while rfc slot allocation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Apq8017 Firmware +207
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware +182
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure 315 5g Iot Modem Firmware +306
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Memory corruption while loading an ELF segment in TEE Kernel. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware +273
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware +240
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption in MPP performance while accessing DSM watermark using external memory address. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware +327
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory Corruption in SPS Application while exporting public key in sorter TA. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware +272
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory Corruption in Audio while invoking IOCTLs calls from the user-space. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption +55
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory Corruption in camera while installing a fd for a particular DMA buffer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption +58
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory Corruption in Radio Interface Layer while sending an SMS or writing an SMS to SIM. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Fastconnect 6200 Firmware +48
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption in Audio when SSR event is triggered after music playback is stopped. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption +59
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption in Audio while processing the VOC packet data from ADSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Integer Overflow Buffer Overflow 315 5g Iot Modem Firmware +257
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory Corruption in Audio while invoking callback function in driver from ADSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Aqt1000 Firmware Ar8035 Firmware +149
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS in WLAN Firmware while parsing no-inherit IES. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Ar9380 Firmware +175
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Csr8811 Firmware +126
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Apq8017 Firmware Apq8064au Firmware +162
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption while processing audio effects. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Ar8035 Firmware +81
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Cryptographic issue in HLOS during key management. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass 315 5g Iot Modem Firmware 9205 Lte Modem Firmware +218
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Information Disclosure in Qualcomm IPC while reading values from shared memory in VM. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Qualcomm Information Disclosure +146
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Information Disclosure in WLAN Host when processing WMI event command. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Ar8035 Firmware +141
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption in TZ Secure OS while loading an app ELF. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware +196
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory Corruption in Core due to secure memory access by user while loading modem image. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Authentication Bypass 315 5g Iot Modem Firmware +264
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Memory Corruption in Multi-mode Call Processor while processing bit mask API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow 315 5g Iot Modem Firmware +222
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption while invoking callback function of AFE from ADSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ar8035 Firmware Csra6620 Firmware +141
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Memory corruption in WLAN Firmware while doing a memory copy of pmk cache. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Ar8035 Firmware +174
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS in WLAN Firmware while parsing rsn ies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qca9898 Firmware Qcn5164 Firmware Qca4024 Firmware +325
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS in WLAN Firmware while parsing a NAN management frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Ar9380 Firmware +192
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Apq8064au Firmware +84
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Cryptographic issue in Data Modem due to improper authentication during TLS handshake. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 315 5g Iot Modem Firmware Aqt1000 Firmware +149
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ar8035 Firmware Ar9380 Firmware +155
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory Corruption in HLOS while registering for key provisioning notify. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Fastconnect 6200 Firmware +109
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apq8017 Firmware Apq8037 Firmware +202
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Information Disclosure in data Modem while parsing an FMTP line in an SDP message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure 315 5g Iot Modem Firmware +235
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure 315 5g Iot Modem Firmware +241
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS in Modem while allocating DSM items. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference 315 5g Iot Modem Firmware +254
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS in Modem while triggering a camping on an 5G cell. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 315 5g Iot Modem Firmware Ar8035 Firmware +63
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Memory Corruption in Data Modem while making a MO call or MT VOLTE call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware +237
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper Access to the VM resource manager can lead to Memory Corruption. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Authentication Bypass Aqt1000 Firmware +160
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption in WLAN handler while processing PhyID in Tx status handler. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware +193
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware +271
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV payload. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware +218
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption in WLAN HAL while processing Tx/Rx commands from QDART. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Aqt1000 Firmware Ar8035 Firmware +177
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Aqt1000 Firmware +129
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS in Audio while remapping channel buffer in media codec decoding. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Wcn3991 Firmware +69
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption while allocating memory in COmxApeDec module in Audio. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow 315 5g Iot Modem Firmware +182
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Authentication Bypass 315 5g Iot Modem Firmware +181
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Information Disclosure in WLAN HOST while sending DPP action frame to peer with an invalid source address. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Aqt1000 Firmware +60
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS while parsing WLAN beacon or probe-response frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Ar9380 Firmware +113
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS in WLAN Firmware while processing frames with missing header fields. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware +268
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS in WLAN Firmware while processing the received beacon or probe response frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Ar9380 Firmware +149
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memoru corruption in Audio when ADSP sends input during record use case. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Csra6620 Firmware Csra6640 Firmware +124
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption in WLAN HOST while receiving an WMI event from firmware. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Ar8035 Firmware Csra6620 Firmware +126
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Buffer Overflow Wcn3998 Firmware Qca6390 Firmware +163
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption in Graphics while importing a file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow 315 5g Iot Modem Firmware 9206 Lte Modem Firmware +218
NVD
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy