CPE Details
Qualcomm SM8475 Firmware
-
2022-06-16 12:19 +00:00
2022-06-17 12:28 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:o:qualcomm:sm8475_firmware:-:*:*:*:*:*:*:*
Informations
Vendor
qualcommProduct
sm8475_firmwareVersion
-Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame. | 7.5 |
HIGH |
||
| Memory corruption in DSP Services during a remote call from HLOS to DSP. | 7.8 |
HIGH |
||
| Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance data. | 9.1 |
CRITICAL |
||
| Transient DOS in Data modem while handling TLB control messages from the Network. | 7.5 |
HIGH |
||
| Transient DOS in Modem when a Beam switch request is made with a non-configured BWP. | 7.5 |
HIGH |
||
| Transient DOS in Modem after RRC Setup message is received. | 7.5 |
HIGH |
||
| Memory corruption while using the UIM diag command to get the operators name. | 7.8 |
HIGH |
||
| Memory corruption in Boot while running a ListVars test in UEFI Menu during boot. | 7.8 |
HIGH |
||
| Memory corruption in Audio when SSR event is triggered after music playback is stopped. | 8.4 |
HIGH |
||
| Transient DOS in WLAN Firmware while parsing no-inherit IES. | 7.5 |
HIGH |
||
| Memory corruption in DSP Service during a remote call from HLOS to DSP. | 8.4 |
HIGH |
||
| Memory corruption in WLAN Firmware while doing a memory copy of pmk cache. | 9.8 |
CRITICAL |
||
| Transient DOS in WLAN Firmware while parsing rsn ies. | 7.5 |
HIGH |
||
| Transient DOS in WLAN Firmware while parsing a NAN management frame. | 7.5 |
HIGH |
||
| Cryptographic issue in Data Modem due to improper authentication during TLS handshake. | 9.1 |
CRITICAL |
||
| Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of range. | 8.4 |
HIGH |
||
| Transient DOS in Audio while remapping channel buffer in media codec decoding. | 7.5 |
HIGH |
||
| Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode. | 7.8 |
HIGH |
||
| Transient DOS while parsing WLAN beacon or probe-response frame. | 7.5 |
HIGH |
||
| Transient DOS in WLAN Firmware while processing frames with missing header fields. | 7.5 |
HIGH |
||
| Transient DOS in WLAN Firmware while processing the received beacon or probe response frame. | 7.5 |
HIGH |
||
| Memory corruption in WLAN HOST while receiving an WMI event from firmware. | 7.8 |
HIGH |
||
| Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from network. | 7.5 |
HIGH |
||
| Transient DOS due to untrusted Pointer Dereference in core while sending USB QMI request. | 6.2 |
MEDIUM |
||
| Memory corruption due to improper access control in kernel while processing a mapping request from root process. | 7.8 |
HIGH |
||
| Transient DOS due to improper authorization in Modem | 7.5 |
HIGH |
||
| Memory corruption due to double free in Core while mapping HLOS address to the list. | 8.4 |
HIGH |
||
| Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message. | 7.9 |
HIGH |
||
| Memory corruption due to use after free in Core when multiple DCI clients register and deregister. | 7.8 |
HIGH |
||
| Transient DOS due to reachable assertion in Modem because of invalid network configuration. | 7.5 |
HIGH |
||
| information disclosure due to cryptographic issue in Core during RPMB read request. | 7.1 |
HIGH |
||
| Assertion occurs while processing Reconfiguration message due to improper validation | 7.5 |
HIGH |
||
| Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network. | 7.5 |
HIGH |
||
| Transient DOS due to reachable assertion in Modem while processing config related to cross carrier scheduling, which is not supported. | 7.5 |
HIGH |
||
| Transient DOS due to reachable assertion in Modem during OSI decode scheduling. | 7.5 |
HIGH |
||
| Transient DOS due to NULL pointer dereference in Modem while sending invalid messages in DCCH. | 7.5 |
HIGH |
||
| Memory Corruption in Multimedia Framework due to integer overflow when synx bind is called along with synx signal. | 8.4 |
HIGH |
||
| Memory corruption due to double free in core while initializing the encryption key. | 9.3 |
CRITICAL |
||
| Information disclosure in Bluetooth driver due to buffer over-read while reading l2cap length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 8.2 |
HIGH |
||
| Memory corruption in display due to time-of-check time-of-use race condition during map or unmap in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 8.4 |
HIGH |
||
| Memory corruption in graphics due to use-after-free while graphics profiling in Snapdragon Connectivity, Snapdragon Mobile | 8.4 |
HIGH |
||
| Memory corruption in video module due to buffer overflow while processing WAV file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 9.8 |
CRITICAL |
||
| Memory corruption in video due to buffer overflow while parsing ps video clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 9.8 |
CRITICAL |
||
| Denial of service in WLAN HOST due to buffer over read while unpacking frames in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.5 |
HIGH |
||
| Denial of service in video due to buffer over read while parsing MP4 clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.5 |
HIGH |
||
| Possible integer overflow and memory corruption due to improper validation of buffer size sent to write to console when computing the payload size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 8.4 |
HIGH |
||
| Information disclosure in video due to buffer over-read while processing avi file in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 6.8 |
MEDIUM |
||
| memory corruption in Kernel due to race condition while getting mapping reference in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.8 |
HIGH |
||
| Memory corruption or temporary denial of service due to improper handling of concurrent hypervisor operations to attach or detach IRQs from virtual interrupt sources in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.8 |
HIGH |
||
| Memory corruption in kernel due to use after free issue in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.8 |
HIGH |
||
| Improper authorization of a replayed LTE security mode command can lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 7.5 |
HIGH |
||
| Memory corruption in audio module due to integer overflow in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wearables | 8.4 |
HIGH |
||
| Memory corruption in audio while playing record due to improper list handling in two threads in Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wearables | 8.4 |
HIGH |
||
| Memory Corruption during wma file playback due to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 8.4 |
HIGH |
||
| Memory corruption occurs while processing command received from HLOS due to improper length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 8.4 |
HIGH |
||
| Memory corruption in video driver due to double free while parsing ASF clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 9.8 |
CRITICAL |
||
| Memory corruption due to buffer overflow while parsing MKV clips with invalid bitmap size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 9.8 |
CRITICAL |
||
| Memory corruption due to incorrect pointer arithmetic when attempting to change the endianness in video parser function in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 9.8 |
CRITICAL |
||
| Memory corruption due to buffer overflow occurs while processing invalid MKV clip which has invalid seek header in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 9.8 |
CRITICAL |
||
| Memory corruption in Bluetooth HOST due to stack-based buffer overflow when when extracting data using command length parameter in Snapdragon Connectivity, Snapdragon Mobile | 9.8 |
CRITICAL |
||
| Memory corruption in audio due to lack of check of invalid routing address into APR Routing table in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.8 |
HIGH |
||
| Potential memory leak in modem during the processing of NSA RRC Reconfiguration with invalid Radio Bearer Config in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile | 7.8 |
HIGH |
||
| An out-of-bounds read can occur while parsing a server certificate due to improper length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 9.1 |
CRITICAL |
||
| Memory corruption due to out of bound read while parsing a video file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 8.4 |
HIGH |
||
| Out of bounds writing is possible while verifying device IDs due to improper length check before copying the data in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile | 7.8 |
HIGH |
||
| Due to insufficient validation of ELF headers, an Incorrect Calculation of Buffer Size can occur in Boot leading to memory corruption in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 8.4 |
HIGH |
||
| Use after free in the synx driver issue while performing other functions during multiple invocation of synx release calls in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 6.7 |
MEDIUM |
||
| Possible address manipulation from APP-NS while APP-S is configuring an RG where it tries to merge the address ranges in Snapdragon Connectivity, Snapdragon Mobile | 6.8 |
MEDIUM |
||
| Improper checking of AP-S lock bit while verifying the secure resource group permissions can lead to non secure read and write access in Snapdragon Connectivity, Snapdragon Mobile | 6.8 |
MEDIUM |
||
| Memory corruption in audio due to use after free while managing buffers from internal cache in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile | 8.4 |
HIGH |
||
| memory corruption in video due to buffer overflow while parsing mkv clip with no codechecker in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 9.8 |
CRITICAL |
||
| Memory corruption in video due to double free while parsing 3gp clip with invalid meta data atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 9.8 |
CRITICAL |
||
| Memory corruption in video due to buffer overflow while reading the dts file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 8.4 |
HIGH |
||
| Memory corruption when extracting qcp audio file due to lack of check on data length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 8.4 |
HIGH |
||
| Denial of service due to memory corruption while extracting ape header from clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.5 |
HIGH |
||
| Memory corruption due to possible buffer overflow while parsing DSF header with corrupted channel count in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 8.4 |
HIGH |
||
| Improper handling between export and release functions on the same handle from client can lead to use after free in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 6.7 |
MEDIUM |
||
| Potential out of Bounds read in FIPS event processing due to improper validation of the length from the firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 5.5 |
MEDIUM |
||
| An out-of-bounds write can occur due to an incorrect input check in the camera driver in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 6.7 |
MEDIUM |
||
| Improper validation of tag id while RRC sending tag id to MAC can lead to TOCTOU race condition in Snapdragon Connectivity, Snapdragon Mobile | 7.5 |
HIGH |
||
| Possible buffer overflow due to lack of validation for the length of NAI string read from EFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile | 7.8 |
HIGH |
||
| Possible out of bound read due to improper validation of certificate chain in SSL or Internet key exchange in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 9.1 |
CRITICAL |
2024©
tesweb SA
