Skip to main content

Sw5100p Firmware

331 CVEs product

Monthly

CVE-2024-45584 HIGH PATCH This Month

Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Ar8035 Firmware Fastconnect 6200 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware +118
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-38418 HIGH PATCH This Month

Memory corruption while parsing the memory map info in IOCTL calls. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow C V2x 9150 Firmware Csrb31024 Firmware Fastconnect 6800 Firmware Fastconnect 6900 Firmware +57
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-38417 MEDIUM PATCH This Month

Information disclosure while processing IO control commands. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Ar8035 Firmware C V2x 9150 Firmware Fastconnect 6900 Firmware +53
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-38414 MEDIUM PATCH This Month

Information disclosure while processing information on firmware image during core initialization. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Fastconnect 6900 Firmware Fastconnect 7800 Firmware Qam8295p Firmware +25
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-45553 HIGH PATCH This Month

Memory corruption can occur when process-specific maps are added to the global list. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Buffer Overflow Memory Corruption Use After Free Ar8035 Firmware Fastconnect 6200 Firmware +123
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33061 MEDIUM PATCH This Month

Information disclosure while processing IOCTL call made for releasing a trusted VM process release or opening a channel without initializing the process. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Qcs8550 Firmware Sw5100 Firmware Sw5100p Firmware +6
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2024-33056 HIGH This Week

Memory corruption when allocating and accessing an entry in an SMEM partition continuously. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware 9206 Lte Modem Firmware 9207 Lte Modem Firmware +319
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33040 HIGH PATCH This Week

Memory corruption while invoking redundant release command to release one buffer from user space as race condition can occur in kernel space between buffer release and buffer access. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Fastconnect 6800 Firmware Fastconnect 6900 Firmware +27
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2024-33039 MEDIUM PATCH This Month

Memory corruption when PAL client calls PAL service APIs by passing a random value as handle and the handle is not validated by the service. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Buffer Overflow Qam8255p Firmware Qam8650p Firmware Qam8775p Firmware Qamsrv1h Firmware +18
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-33037 MEDIUM PATCH This Month

Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesn`t validate the IPC message received from the firmware. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure C V2x 9150 Firmware Fastconnect 6800 Firmware Fastconnect 6900 Firmware +47
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-33036 MEDIUM PATCH This Month

Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Buffer Overflow Memory Corruption C V2x 9150 Firmware Fastconnect 6800 Firmware Fastconnect 6900 Firmware +48
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-38424 HIGH PATCH This Week

Memory corruption during GNSS HAL process initialization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Snapdragon W5 Gen 1 Wearable Platform Firmware Snapdragon 8 Gen 2 Mobile Platform Firmware +115
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-38423 HIGH PATCH This Week

Memory corruption while processing GPU page table switch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Wsa8835 Firmware Wsa8830 Firmware Wsa8815 Firmware Wsa8810 Firmware +199
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-38422 HIGH PATCH This Week

Memory corruption while processing voice packet with arbitrary data received from ADSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Wsa8845h Firmware Wsa8845 Firmware Wsa8840 Firmware Wsa8835 Firmware +259
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-38421 HIGH PATCH This Week

Memory corruption while processing GPU commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Wsa8845h Firmware Wsa8845 Firmware +74
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-38419 HIGH PATCH This Week

Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Wsa8845h Firmware Wsa8845 Firmware +144
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-38415 HIGH PATCH This Week

Memory corruption while handling session errors from firmware. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Wsa8845h Firmware Wsa8845 Firmware +170
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-38408 CRITICAL PATCH Act Now

Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Wsa8845h Firmware Wsa8845 Firmware Wsa8840 Firmware Wsa8835 Firmware +225
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-33032 MEDIUM PATCH This Month

Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Buffer Overflow Wsa8835 Firmware Wsa8832 Firmware Wsa8830 Firmware Wsa8815 Firmware +63
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-43047 HIGH KEV PATCH THREAT This Week

Memory corruption while maintaining memory maps of HLOS memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Fastconnect 6700 Firmware Fastconnect 6800 Firmware +60
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-33069 HIGH This Week

Transient DOS when transmission of management frame sent by host is not successful and error status is received in the host. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Wsa8835 Firmware Wsa8830 Firmware +42
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-33049 HIGH This Week

Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Snapdragon W5 Gen 1 Wearable Platform Firmware Wsa8835 Firmware Wsa8830 Firmware Wsa8810 Firmware +127
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-23376 MEDIUM This Month

Memory corruption while sending the persist buffer command packet from the user-space to the kernel space through the IOCTL call. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Buffer Overflow Memory Corruption Wsa8835 Firmware Wsa8830 Firmware +19
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-23375 MEDIUM This Month

Memory corruption during the network scan request. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Wsa8835 Firmware Wsa8830 Firmware Wcn3988 Firmware Wcn3980 Firmware +10
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-23374 MEDIUM This Month

Memory corruption is possible when an attempt is made from userspace or console to write some haptics effects pattern to the haptics debugfs file. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Wsa8835 Firmware Wsa8830 Firmware Wcn3988 Firmware +23
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-23370 MEDIUM This Month

Memory corruption when a process invokes IOCTL calls from user-space to create a HAB virtual channel and another process invokes IOCTL calls to destroy the same. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Buffer Overflow Memory Corruption Wsa8835 Firmware Wsa8830 Firmware +9
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-38402 HIGH PATCH This Week

Memory corruption while processing IOCTL call for getting group info. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Ar8035 Firmware Csra6620 Firmware +161
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-38401 HIGH PATCH This Week

Memory corruption while processing concurrent IOCTL calls. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Ar8035 Firmware C V2x 9150 Firmware +38
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33060 HIGH PATCH This Week

Memory corruption when two threads try to map and unmap a single node simultaneously. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption 315 5g Iot Firmware Aqt1000 Firmware +241
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-33051 HIGH This Week

Transient DOS while processing TIM IE from beacon frame as there is no check for IE length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Firmware 9206 Lte Firmware Apq8017 Firmware Aqt1000 Firmware +278
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-33050 HIGH PATCH This Week

Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Ar8035 Firmware Ar9380 Firmware Csr8811 Firmware Csra6620 Firmware +248
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-33048 HIGH PATCH This Week

Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Ar8035 Firmware Csr8811 Firmware Fastconnect 6700 Firmware Fastconnect 6800 Firmware +183
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-33045 HIGH PATCH This Week

Memory corruption when BTFM client sends new messages over Slimbus to ADSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Ar8035 Firmware Csra6620 Firmware Csra6640 Firmware Fastconnect 6200 Firmware +171
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33035 HIGH This Week

Memory corruption while calculating total metadata size when a very high reserved size is requested by gralloc clients. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Qam8255p Firmware Qam8620p Firmware Qam8650p Firmware +86
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-33016 MEDIUM This Month

memory corruption when an invalid firehose patch command is invoked. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qcn9000 Firmware Qcn9011 Firmware Qcn9012 Firmware Qcn9013 Firmware +327
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2024-33034 HIGH PATCH This Week

Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory buffers are performed at the same time. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Fastconnect 6200 Firmware Fastconnect 6700 Firmware +100
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33028 HIGH PATCH This Week

Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Ar8035 Firmware Csra6620 Firmware +134
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33025 HIGH PATCH This Week

Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Csr8811 Firmware Fastconnect 6800 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware +163
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-33024 HIGH PATCH This Week

Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Ar8035 Firmware Csr8811 Firmware Fastconnect 6700 Firmware +176
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-33023 HIGH PATCH This Week

Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Ar8035 Firmware Csra6620 Firmware +149
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33022 HIGH PATCH This Week

Memory corruption while allocating memory in HGSL driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Ar8035 Firmware Csra6620 Firmware Csra6640 Firmware +120
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33021 HIGH PATCH This Week

Memory corruption while processing IOCTL call to set metainfo. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Ar8035 Firmware Csra6620 Firmware Csra6640 Firmware Fastconnect 6200 Firmware +132
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33015 HIGH PATCH This Week

Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Ar8035 Firmware Csr8811 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware +188
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-33014 HIGH PATCH This Week

Transient DOS while parsing ESP IE from beacon/probe response frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow 315 5g Iot Modem Firmware Apq8064au Firmware Aqt1000 Firmware Ar8031 Firmware +315
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-33012 HIGH PATCH This Week

Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Wsa8845h Firmware Wsa8845 Firmware Wsa8840 Firmware Wsa8835 Firmware +243
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-33011 HIGH This Week

Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Wsa8845h Firmware Wsa8845 Firmware Wsa8840 Firmware Wsa8835 Firmware +243
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-33010 HIGH PATCH This Week

Transient DOS while parsing fragments of MBSSID IE from beacon frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Ar8035 Firmware Ar9380 Firmware +244
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-23384 HIGH PATCH This Week

Memory corruption when the mapped pages in VBO are still mapped after reclaiming by shrinker. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Wsa8845h Firmware Wsa8845 Firmware +100
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-23383 HIGH PATCH This Week

Memory corruption when kernel driver attempts to trigger hardware fences. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Wsa8845h Firmware Wsa8845 Firmware +69
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23382 HIGH This Week

Memory corruption while processing graphics kernel driver request to create DMA fence. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Buffer Overflow Memory Corruption Fastconnect 6200 Firmware Fastconnect 6700 Firmware +100
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23381 HIGH This Week

Memory corruption when memory mapped in a VBO is not unmapped by the GPU SMMU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Buffer Overflow Memory Corruption Wsa8845h Firmware Wsa8845 Firmware +70
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23357 MEDIUM This Month

Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Sg8275p Firmware Sm7250p Firmware Qcm8550 Firmware Qcs8250 Firmware Qcs6125 Firmware +233
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-23356 HIGH This Week

Memory corruption during session sign renewal request calls in HLOS. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Wsa8845h Firmware Wsa8845 Firmware Wsa8840 Firmware Wsa8835 Firmware +204
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23353 HIGH This Week

Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Wsa8845h Firmware Wsa8845 Firmware Wsa8840 Firmware Wsa8835 Firmware +243
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-21479 HIGH This Week

Transient DOS during music playback of ALAC content. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Wsa8835 Firmware Wsa8832 Firmware Wsa8830 Firmware Wsa8815 Firmware +90
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-21467 HIGH This Week

Information disclosure while handling beacon probe frame during scan entry generation in client side. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Wsa8835 Firmware Wsa8830 Firmware Wsa8815 Firmware +126
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-21459 HIGH This Week

Information disclosure while handling beacon or probe response frame in STA. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Snapdragon W5 Gen 1 Wearable Platform Firmware Snapdragon 870 5G Mobile Platform Sm8250 Ac Firmware Snapdragon 865 5G Mobile Platform Sm8250 Ab Firmware +172
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-23380 HIGH PATCH This Week

Memory corruption while handling user packets during VBO bind operation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Fastconnect 6200 Firmware Fastconnect 6700 Firmware +102
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-23373 HIGH PATCH This Week

Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption 315 5g Iot Modem Firmware Aqt1000 Firmware +218
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23372 HIGH PATCH This Week

Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected size. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Fastconnect 6200 Firmware Fastconnect 6700 Firmware Fastconnect 6900 Firmware +106
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23368 HIGH PATCH This Week

Memory corruption when allocating and accessing an entry in an SMEM partition. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Qca9898 Firmware Qcn5164 Firmware Qca4024 Firmware Ipq6028 Firmware Qca8075 Firmware +337
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-21466 HIGH PATCH This Week

Information disclosure while parsing sub-IE length during new IE generation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Information Disclosure Fastconnect 7800 Firmware Immersive Home 3210 Platform Firmware Immersive Home 326 Platform Firmware +61
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-21465 HIGH This Week

Memory corruption while processing key blob passed by the user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 9205 Lte Modem Firmware Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware +253
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-21462 MEDIUM This Month

Transient DOS while loading the TA ELF file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware Aqt1000 Firmware Ar8031 Firmware +305
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-21461 HIGH This Week

Memory corruption while performing finish HMAC operation when context is freed by keymaster. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware Apq8017 Firmware Apq8037 Firmware +307
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23354 HIGH PATCH This Week

Memory corruption when the IOCTL call is interrupted by a signal. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Fastconnect 6700 Firmware Fastconnect 6900 Firmware +72
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-23351 HIGH PATCH This Week

Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Buffer Overflow Fastconnect 6200 Firmware Fastconnect 6700 Firmware Fastconnect 6900 Firmware +88
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-21480 CRITICAL Act Now

Memory corruption while playing audio file having large-sized input buffer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware Fastconnect 6900 Firmware +108
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-21475 HIGH PATCH This Week

Memory corruption when the payload received from firmware is not as per the expected protocol size. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Memory Corruption 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8031 Firmware +226
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-21471 HIGH PATCH This Week

Memory corruption when IOMMU unmap of a GPU buffer fails in Linux. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Ar8035 Firmware C V2x 9150 Firmware +167
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-21468 HIGH PATCH This Week

Memory corruption when there is failed unmap operation in GPU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption 315 5g Iot Modem Firmware 9206 Lte Modem Firmware +223
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-21463 CRITICAL Act Now

Memory corruption while processing Codec2 during v13k decoder pitch synthesis. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware Fastconnect 6900 Firmware +101
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-43514 HIGH PATCH This Week

Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem UNMAP. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Buffer Overflow Ar8035 Firmware Fastconnect 6200 Firmware +79
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2023-43511 HIGH This Week

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service 315 5g Iot Modem Firmware 9206 Lte Modem Firmware Apq8017 Firmware Apq8064au Firmware +346
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-33120 HIGH This Week

Memory corruption in Audio when memory map command is executed consecutively in ADSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Sg8275p Firmware Qcn9074 Firmware Sm7250p Firmware Qcm8550 Firmware Qcs8250 Firmware +225
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-33118 HIGH PATCH This Week

Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Buffer Overflow Ar8035 Firmware Csra6620 Firmware +128
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-33117 HIGH PATCH This Week

Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Buffer Overflow Ar8035 Firmware Csra6620 Firmware +134
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-33114 HIGH PATCH This Week

Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware +109
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2023-33113 HIGH This Week

Memory corruption when resource manager sends the host kernel a reply message with multiple fragments. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Csra6620 Firmware Csra6640 Firmware Fastconnect 6200 Firmware +118
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2023-33112 HIGH This Week

Transient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA element. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Csra6620 Firmware Csra6640 Firmware Fastconnect 6200 Firmware +118
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-33110 HIGH This Week

The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Snapdragon 425 Mobile Platform Firmware Snapdragon 427 Mobile Platform Firmware Snapdragon 429 Mobile Platform Firmware +115
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-33109 HIGH This Week

Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8031 Firmware +301
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-33108 HIGH PATCH This Week

Memory corruption in Graphics Driver when destroying a context with KGSL_GPU_AUX_COMMAND_TIMELINE objects queued. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Buffer Overflow Qam8255p Firmware Qam8295p Firmware +24
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2023-33094 HIGH This Week

Memory corruption while running VK synchronization with KASAN enabled. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Buffer Overflow Ar8035 Firmware Csra6620 Firmware +118
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2023-33085 HIGH PATCH This Week

Memory corruption in wearables while processing data from AON. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ar8035 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware Fastconnect 6900 Firmware +98
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-33062 HIGH This Week

Transient DOS in WLAN Firmware while parsing a BTM request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware +280
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-33040 HIGH This Week

Transient DOS in Data Modem during DTLS handshake. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8035 Firmware Csra6620 Firmware +135
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-33038 MEDIUM This Month

Memory corruption while receiving a message in Bus Socket Transport Server. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8035 Firmware +136
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2023-33030 CRITICAL Act Now

Memory corruption in HLOS while running playready use-case. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware 9206 Lte Modem Firmware 9207 Lte Modem Firmware +289
NVD
CVSS 3.1
9.3
EPSS
0.1%
CVE-2023-28583 MEDIUM This Month

Memory corruption when IPv6 prefix timer object`s lifetime expires which are created while Netmgr daemon gets an IPv6 address. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Fastconnect 6200 Firmware Qca6420 Firmware Qca6430 Firmware +26
NVD
CVSS 3.1
6.7
EPSS
0.0%
EPSS 0% CVSS 7.8
HIGH PATCH This Month

Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Ar8035 Firmware Fastconnect 6200 Firmware +120
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

Memory corruption while parsing the memory map info in IOCTL calls. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow C V2x 9150 Firmware Csrb31024 Firmware +59
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Information disclosure while processing IO control commands. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Ar8035 Firmware +55
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Information disclosure while processing information on firmware image during core initialization. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Fastconnect 6900 Firmware +27
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

Memory corruption can occur when process-specific maps are added to the global list. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Buffer Overflow Memory Corruption Use After Free +125
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Information disclosure while processing IOCTL call made for releasing a trusted VM process release or opening a channel without initializing the process. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Qcs8550 Firmware +8
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption when allocating and accessing an entry in an SMEM partition continuously. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware +321
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Memory corruption while invoking redundant release command to release one buffer from user space as race condition can occur in kernel space between buffer release and buffer access. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption +29
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Memory corruption when PAL client calls PAL service APIs by passing a random value as handle and the handle is not validated by the service. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Buffer Overflow Qam8255p Firmware Qam8650p Firmware +20
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesn`t validate the IPC message received from the firmware. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure C V2x 9150 Firmware +49
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Buffer Overflow Memory Corruption C V2x 9150 Firmware +50
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption during GNSS HAL process initialization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption +117
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption while processing GPU page table switch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Wsa8835 Firmware Wsa8830 Firmware +201
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption while processing voice packet with arbitrary data received from ADSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Wsa8845h Firmware Wsa8845 Firmware +261
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption while processing GPU commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption +76
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption +146
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption while handling session errors from firmware. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption +172
NVD
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Wsa8845h Firmware Wsa8845 Firmware +227
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Buffer Overflow Wsa8835 Firmware Wsa8832 Firmware +65
NVD
EPSS 1% CVSS 7.8
HIGH KEV PATCH THREAT This Week

Memory corruption while maintaining memory maps of HLOS memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption +62
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS when transmission of management frame sent by host is not successful and error status is received in the host. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption +44
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Snapdragon W5 Gen 1 Wearable Platform Firmware Wsa8835 Firmware +129
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Memory corruption while sending the persist buffer command packet from the user-space to the kernel space through the IOCTL call. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Buffer Overflow Memory Corruption +21
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Memory corruption during the network scan request. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Wsa8835 Firmware Wsa8830 Firmware +12
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Memory corruption is possible when an attempt is made from userspace or console to write some haptics effects pattern to the haptics debugfs file. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Wsa8835 Firmware +25
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Memory corruption when a process invokes IOCTL calls from user-space to create a HAB virtual channel and another process invokes IOCTL calls to destroy the same. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Buffer Overflow Memory Corruption +11
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption while processing IOCTL call for getting group info. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption +163
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption while processing concurrent IOCTL calls. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption +40
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption when two threads try to map and unmap a single node simultaneously. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption +243
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS while processing TIM IE from beacon frame as there is no check for IE length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Firmware 9206 Lte Firmware +280
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Ar8035 Firmware Ar9380 Firmware +250
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Ar8035 Firmware Csr8811 Firmware +185
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption when BTFM client sends new messages over Slimbus to ADSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Ar8035 Firmware Csra6620 Firmware +173
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Memory corruption while calculating total metadata size when a very high reserved size is requested by gralloc clients. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Qam8255p Firmware +88
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

memory corruption when an invalid firehose patch command is invoked. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qcn9000 Firmware Qcn9011 Firmware +329
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory buffers are performed at the same time. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption +102
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption +136
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Csr8811 Firmware Fastconnect 6800 Firmware +165
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Ar8035 Firmware +178
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption +151
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption while allocating memory in HGSL driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Ar8035 Firmware +122
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption while processing IOCTL call to set metainfo. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Ar8035 Firmware Csra6620 Firmware +134
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Ar8035 Firmware Csr8811 Firmware +190
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Transient DOS while parsing ESP IE from beacon/probe response frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow 315 5g Iot Modem Firmware Apq8064au Firmware +317
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Wsa8845h Firmware Wsa8845 Firmware +245
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Wsa8845h Firmware Wsa8845 Firmware +245
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Transient DOS while parsing fragments of MBSSID IE from beacon frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption +246
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Memory corruption when the mapped pages in VBO are still mapped after reclaiming by shrinker. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption +102
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption when kernel driver attempts to trigger hardware fences. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption +71
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption while processing graphics kernel driver request to create DMA fence. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Buffer Overflow Memory Corruption +102
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption when memory mapped in a VBO is not unmapped by the GPU SMMU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Buffer Overflow Memory Corruption +72
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Sg8275p Firmware Sm7250p Firmware Qcm8550 Firmware +235
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption during session sign renewal request calls in HLOS. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Wsa8845h Firmware Wsa8845 Firmware +206
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Wsa8845h Firmware Wsa8845 Firmware +245
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS during music playback of ALAC content. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Wsa8835 Firmware Wsa8832 Firmware +92
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Information disclosure while handling beacon probe frame during scan entry generation in client side. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Wsa8835 Firmware +128
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Information disclosure while handling beacon or probe response frame in STA. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Snapdragon W5 Gen 1 Wearable Platform Firmware +174
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption while handling user packets during VBO bind operation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption +104
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption +220
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected size. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Fastconnect 6200 Firmware +108
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption when allocating and accessing an entry in an SMEM partition. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Qca9898 Firmware Qcn5164 Firmware Qca4024 Firmware +339
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Information disclosure while parsing sub-IE length during new IE generation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Information Disclosure Fastconnect 7800 Firmware +63
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption while processing key blob passed by the user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 9205 Lte Modem Firmware Aqt1000 Firmware +255
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Transient DOS while loading the TA ELF file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware +307
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption while performing finish HMAC operation when context is freed by keymaster. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware +309
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption when the IOCTL call is interrupted by a signal. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption +74
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Buffer Overflow Fastconnect 6200 Firmware +90
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Memory corruption while playing audio file having large-sized input buffer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Fastconnect 6200 Firmware +110
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption when the payload received from firmware is not as per the expected protocol size. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Memory Corruption 315 5g Iot Modem Firmware +228
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption when IOMMU unmap of a GPU buffer fails in Linux. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption +169
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption when there is failed unmap operation in GPU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption +225
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Memory corruption while processing Codec2 during v13k decoder pitch synthesis. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Fastconnect 6200 Firmware +103
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem UNMAP. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Buffer Overflow +81
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service 315 5g Iot Modem Firmware 9206 Lte Modem Firmware +348
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption in Audio when memory map command is executed consecutively in ADSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Sg8275p Firmware Qcn9074 Firmware Sm7250p Firmware +227
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Buffer Overflow +130
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Buffer Overflow +136
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Buffer Overflow +111
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Memory corruption when resource manager sends the host kernel a reply message with multiple fragments. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Csra6620 Firmware +120
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA element. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Csra6620 Firmware +120
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Snapdragon 425 Mobile Platform Firmware +117
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference 315 5g Iot Modem Firmware +303
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Memory corruption in Graphics Driver when destroying a context with KGSL_GPU_AUX_COMMAND_TIMELINE objects queued. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Buffer Overflow +26
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Memory corruption while running VK synchronization with KASAN enabled. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Buffer Overflow +120
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption in wearables while processing data from AON. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ar8035 Firmware Fastconnect 6200 Firmware +100
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS in WLAN Firmware while parsing a BTM request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware +282
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Transient DOS in Data Modem during DTLS handshake. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware +137
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Memory corruption while receiving a message in Bus Socket Transport Server. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow 315 5g Iot Modem Firmware +138
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Memory corruption in HLOS while running playready use-case. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware +291
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Memory corruption when IPv6 prefix timer object`s lifetime expires which are created while Netmgr daemon gets an IPv6 address. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Fastconnect 6200 Firmware +28
NVD
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy