CPE Details
Qualcomm WCN685x-5 Firmware
-
2023-04-18 16:21 +00:00
2023-04-19 11:14 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:o:qualcomm:wcn685x-5_firmware:-:*:*:*:*:*:*:*
Informations
Vendor
qualcommProduct
wcn685x-5_firmwareVersion
-Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| Memory corruption in Core while processing RX intent request. | 7.8 |
HIGH |
||
| Memory corruption in WLAN Host while processing RRM beacon on the AP. | 9.8 |
CRITICAL |
||
| Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO IE. | 9.8 |
CRITICAL |
||
| Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast. | 7.5 |
HIGH |
||
| Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame. | 7.5 |
HIGH |
||
| Memory corruption in Audio while running invalid audio recording from ADSP. | 7.8 |
HIGH |
||
| Memory corruption in DSP Services during a remote call from HLOS to DSP. | 7.8 |
HIGH |
||
| Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance data. | 9.1 |
CRITICAL |
||
| Memory corruption in Kernel while parsing metadata. | 8.4 |
HIGH |
||
| Transient DOS in Data modem while handling TLB control messages from the Network. | 7.5 |
HIGH |
||
| Transient DOS in Modem when a Beam switch request is made with a non-configured BWP. | 7.5 |
HIGH |
||
| Transient DOS in Modem after RRC Setup message is received. | 7.5 |
HIGH |
||
| Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids. | 7.5 |
HIGH |
||
| Memory corruption while sending SMS from AP firmware. | 7.8 |
HIGH |
||
| Memory corruption in HLOS while invoking IOCTL calls from user-space. | 8.4 |
HIGH |
||
| Memory corruption while using the UIM diag command to get the operators name. | 7.8 |
HIGH |
||
| Memory corruption in Boot while running a ListVars test in UEFI Menu during boot. | 7.8 |
HIGH |
||
| Memory corruption in Audio when SSR event is triggered after music playback is stopped. | 8.4 |
HIGH |
||
| Transient DOS in WLAN Firmware while parsing WLAN beacon or probe-response frame. | 7.5 |
HIGH |
||
| Memory corruption in Audio while processing the VOC packet data from ADSP. | 7.8 |
HIGH |
||
| Transient DOS in WLAN Firmware when firmware receives beacon including T2LM IE. | 7.5 |
HIGH |
||
| Memory Corruption in Audio while invoking callback function in driver from ADSP. | 7.8 |
HIGH |
||
| Transient DOS in WLAN Firmware while parsing t2lm buffers. | 7.5 |
HIGH |
||
| Transient DOS in WLAN Firmware while parsing no-inherit IES. | 7.5 |
HIGH |
||
| Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute. | 9.8 |
CRITICAL |
||
| Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer. | 7.8 |
HIGH |
||
| Memory corruption in core services when Diag handler receives a command to configure event listeners. | 9 |
CRITICAL |
||
| Memory corruption while invoking callback function of AFE from ADSP. | 7.8 |
HIGH |
||
| Memory corruption while parsing the ADSP response command. | 7.8 |
HIGH |
||
| Memory corruption in DSP Service during a remote call from HLOS to DSP. | 8.4 |
HIGH |
||
| Memory corruption in WLAN Firmware while doing a memory copy of pmk cache. | 9.8 |
CRITICAL |
||
| Transient DOS in WLAN Firmware while parsing rsn ies. | 7.5 |
HIGH |
||
| Transient DOS in WLAN Firmware while parsing a NAN management frame. | 7.5 |
HIGH |
||
| Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan. | 6.1 |
MEDIUM |
||
| Cryptographic issue in Data Modem due to improper authentication during TLS handshake. | 9.1 |
CRITICAL |
||
| Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload. | 7.8 |
HIGH |
||
| Memory corruption due to improper validation of array index in Audio. | 8.4 |
HIGH |
||
| Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of range. | 8.4 |
HIGH |
||
| Transient DOS in Audio while remapping channel buffer in media codec decoding. | 7.5 |
HIGH |
||
| Memory corruption while allocating memory in COmxApeDec module in Audio. | 8.4 |
HIGH |
||
| Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode. | 7.8 |
HIGH |
||
| Information Disclosure in WLAN HOST while sending DPP action frame to peer with an invalid source address. | 8.2 |
HIGH |
||
| Transient DOS while parsing WLAN beacon or probe-response frame. | 7.5 |
HIGH |
||
| Transient DOS in WLAN Firmware while parsing FT Information Elements. | 7.5 |
HIGH |
||
| Transient DOS in WLAN Firmware while processing frames with missing header fields. | 7.5 |
HIGH |
||
| Transient DOS in WLAN Firmware while processing the received beacon or probe response frame. | 7.5 |
HIGH |
||
| Memoru corruption in Audio when ADSP sends input during record use case. | 7.8 |
HIGH |
||
| Memory corruption in WLAN HOST while receiving an WMI event from firmware. | 7.8 |
HIGH |
||
| Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command. | 8.4 |
HIGH |
||
| Transient DOS due to reachable assertion in modem while processing sib with incorrect values from network. | 7.5 |
HIGH |
||
| Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from network. | 7.5 |
HIGH |
||
| Transient DOS due to untrusted Pointer Dereference in core while sending USB QMI request. | 6.2 |
MEDIUM |
||
| Memory corruption due to improper access control in kernel while processing a mapping request from root process. | 7.8 |
HIGH |
||
| Information disclosure in Kernel due to indirect branch misprediction. | 7.1 |
HIGH |
||
| Transient DOS due to improper authorization in Modem | 7.5 |
HIGH |
||
| Memory corruption due to double free in Core while mapping HLOS address to the list. | 8.4 |
HIGH |
||
| Memory Corruption due to double free in automotive when a bad HLOS address for one of the lists to be mapped is passed. | 8.4 |
HIGH |
||
| Transient DOS due to uncontrolled resource consumption in Linux kernel when malformed messages are sent from the Gunyah Resource Manager message queue. | 5.5 |
MEDIUM |
||
| Memory corruption in Linux while sending DRM request. | 7.8 |
HIGH |
||
| Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message. | 7.9 |
HIGH |
||
| Memory corruption due to use after free in Core when multiple DCI clients register and deregister. | 7.8 |
HIGH |
||
| Transient DOS due to reachable assertion in Modem because of invalid network configuration. | 7.5 |
HIGH |
||
| Memory corruption in Linux android due to double free while calling unregister provider after register call. | 7.8 |
HIGH |
||
| Memory corruption due to buffer copy without checking the size of input in Core while processing ioctl commands from diag client applications. | 7.8 |
HIGH |
||
| Memory corruption in core due to buffer copy without check9ing the size of input while processing ioctl queries. | 7.8 |
HIGH |
||
| information disclosure due to cryptographic issue in Core during RPMB read request. | 7.1 |
HIGH |
||
| Assertion occurs while processing Reconfiguration message due to improper validation | 7.5 |
HIGH |
||
| Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network. | 7.5 |
HIGH |
||
| Information disclosure due to buffer over-read in Trusted Execution Environment while QRKS report generation. | 7.3 |
HIGH |
||
| Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool. | 8.4 |
HIGH |
||
| Memory corruption in Graphics while importing a file. | 8.4 |
HIGH |
||
| Transient DOS due to reachable assertion in Modem while processing config related to cross carrier scheduling, which is not supported. | 7.5 |
HIGH |
||
| Transient DOS due to reachable assertion in Modem during OSI decode scheduling. | 7.5 |
HIGH |
||
| Transient DOS due to NULL pointer dereference in Modem while sending invalid messages in DCCH. | 7.5 |
HIGH |
||
| Transient DOS due to NULL pointer dereference in Modem while performing pullup for received TCP/UDP packet. | 7.5 |
HIGH |
||
| Memory corruption due to improper validation of array index in computer vision while testing EVA kernel without sending any frames. | 7.8 |
HIGH |
||
| Memory corruption in Automotive due to Improper Restriction of Operations within the Bounds of a Memory Buffer while exporting a shared key. | 7.8 |
HIGH |
||
| Memory Corruption in Multimedia Framework due to integer overflow when synx bind is called along with synx signal. | 8.4 |
HIGH |
||
| Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target. | 8.4 |
HIGH |
||
| Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming. | 8.2 |
HIGH |
||
| Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length. | 7.8 |
HIGH |
||
| Memory corruption due to use after free in Modem while modem initialization. | 7.8 |
HIGH |
||
| Memory corruption due to integer overflow to buffer overflow in Modem while parsing Traffic Channel Neighbor List Update message. | 7.8 |
HIGH |
||
| Information disclosure in Modem due to buffer over-read while receiving a IP header with malformed length. | 8.2 |
HIGH |
||
| Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card. | 6.8 |
MEDIUM |
||
| Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection information. | 9.3 |
CRITICAL |
||
| Information disclosure in Modem due to buffer over-read while getting length of Unfragmented headers in an IPv6 packet. | 8.2 |
HIGH |
||
| Transient DOS due to time-of-check time-of-use race condition in Modem while processing RRC Reconfiguration message. | 7.5 |
HIGH |
||
| Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment. | 9.3 |
CRITICAL |
||
| Memory corruption due to double free in core while initializing the encryption key. | 9.3 |
CRITICAL |
||
| Denial of service in modem due to missing null check while processing the ipv6 packet received during ECM call | 7.5 |
HIGH |
||
| Information disclosure in modem due to improper check of IP type while processing DNS server query | 8.2 |
HIGH |
||
| Information disclosure in modem data due to array out of bound access while handling the incoming DNS response packet | 8.2 |
HIGH |
2024©
tesweb SA
