CPE Details
Qualcomm SNAPDRAGON 855+/860 FIRMWARE -
-
2023-07-10
09h07 +00:00
09h07 +00:00
2023-09-02
00h30 +00:00
00h30 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:o:qualcomm:snapdragon_855\+\/860_firmware:-:*:*:*:*:*:*:*
Informations
Vendor
qualcommProduct
snapdragon_855\+\/860_firmwareVersion
-Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to it. | 7.8 |
High |
||
| Memory Corruption in WLAN HOST while fetching TX status information. | 7.8 |
High |
||
| Memory Corruption in Data Modem while processing DMA buffer release event about CFR data. | 7.8 |
High |
||
| Memory Corruption in Audio while allocating the ion buffer during the music playback. | 8.4 |
High |
||
| Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption. | 7.8 |
High |
||
| Memory corruption in Audio while processing sva_model_serializer using memory size passed by HIDL client. | 7.8 |
High |
||
| Memory corruption in Video while calling APIs with different instance ID than the one received in initialization. | 7.8 |
High |
||
| Memory corruption in Linux while calling system configuration APIs. | 7.8 |
High |
||
| Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony. | 7.8 |
High |
||
| Memory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage request. | 7.8 |
High |
||
| Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network. | 9.8 |
Critical |
||
| Memory Corruption in Modem due to double free while parsing the PKCS15 sim files. | 6.8 |
Medium |
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.