Qualcomm QCA6595 Firmware

CPE Details

Qualcomm QCA6595 Firmware
-
2021-02-23
14h01 +00:00
2021-03-09
22h00 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:o:qualcomm:qca6595_firmware:-:*:*:*:*:*:*:*

Informations

Vendor

qualcomm

Product

qca6595_firmware

Version

-

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-53032 2025-03-03 10h07 +00:00 Memory corruption may occur in keyboard virtual device due to guest VM interaction.
7.8
Haute
CVE-2024-53031 2025-03-03 10h07 +00:00 Memory corruption while reading a type value from a buffer controlled by the Guest Virtual Machine.
7.8
Haute
CVE-2024-53030 2025-03-03 10h07 +00:00 Memory corruption while processing input message passed from FE driver.
7.8
Haute
CVE-2024-53027 2025-03-03 10h07 +00:00 Transient DOS may occur while processing the country IE.
7.5
Haute
CVE-2024-53024 2025-03-03 10h07 +00:00 Memory corruption in display driver while detaching a device.
7.8
Haute
CVE-2024-53023 2025-03-03 10h07 +00:00 Memory corruption may occur while accessing a variable during extended back to back tests.
7.8
Haute
CVE-2024-53022 2025-03-03 10h07 +00:00 Memory corruption may occur during communication between primary and guest VM.
7.8
Haute
CVE-2024-53014 2025-03-03 10h07 +00:00 Memory corruption may occur while validating ports and channels in Audio driver.
7.8
Haute
CVE-2024-43051 2025-03-03 10h07 +00:00 Information disclosure while deriving keys for a session for any Widevine use case.
5.5
Moyen
CVE-2024-49839 2025-02-03 16h51 +00:00 Memory corruption during management frame processing due to mismatch in T2LM info element.
9.8
Critique
CVE-2024-49838 2025-02-03 16h51 +00:00 Information disclosure while parsing the OCI IE with invalid length.
8.2
Haute
CVE-2024-49837 2025-02-03 16h51 +00:00 Memory corruption while reading CPU state data during guest VM suspend.
7.8
Haute
CVE-2024-49834 2025-02-03 16h51 +00:00 Memory corruption while power-up or power-down sequence of the camera sensor.
7.8
Haute
CVE-2024-49833 2025-02-03 16h51 +00:00 Memory corruption can occur in the camera when an invalid CID is used.
7.8
Haute
CVE-2024-45584 2025-02-03 16h51 +00:00 Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace.
7.8
Haute
CVE-2024-45571 2025-02-03 16h51 +00:00 Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface.
7.8
Haute
CVE-2024-45569 2025-02-03 16h51 +00:00 Memory corruption while parsing the ML IE due to invalid frame content.
9.8
Critique
CVE-2024-38420 2025-02-03 16h51 +00:00 Memory corruption while configuring a Hypervisor based input virtual device.
8.8
Haute
CVE-2024-45559 2025-01-06 10h33 +00:00 Transient DOS can occur when GVM sends a specific message type to the Vdev-FastRPC backend.
5.5
Moyen
CVE-2024-45558 2025-01-06 10h33 +00:00 Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length.
7.5
Haute
CVE-2024-45555 2025-01-06 10h33 +00:00 Memory corruption can occur if an already verified IFS2 image is overwritten, bypassing boot verification. This allows unauthorized programs to be injected into security-sensitive images, enabling the booting of a tampered IFS2 system image.
8.4
Haute
CVE-2024-45553 2025-01-06 10h33 +00:00 Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise.
7.8
Haute
CVE-2024-43064 2025-01-06 10h33 +00:00 Uncontrolled resource consumption when a driver, an application or a SMMU client tries to access the global registers through SMMU.
7.5
Haute
CVE-2024-43063 2025-01-06 10h33 +00:00 information disclosure while invoking the mailbox read API.
6.1
Moyen
CVE-2024-23366 2025-01-06 10h33 +00:00 Information Disclosure while invoking the mailbox write API when message received from user is larger than mailbox size.
6.6
Moyen
CVE-2024-33063 2024-12-02 10h18 +00:00 Transient DOS while parsing the ML IE when a beacon with common info length of the ML IE greater than the ML IE inside which this element is present.
7.5
Haute
CVE-2024-33056 2024-12-02 10h18 +00:00 Memory corruption when allocating and accessing an entry in an SMEM partition continuously.
8.4
Haute
CVE-2024-33044 2024-12-02 10h18 +00:00 Memory corruption while Configuring the SMR/S2CR register in Bypass mode.
8.4
Haute
CVE-2024-38424 2024-11-04 10h05 +00:00 Memory corruption during GNSS HAL process initialization.
7.8
Haute
CVE-2024-38423 2024-11-04 10h05 +00:00 Memory corruption while processing GPU page table switch.
7.8
Haute
CVE-2024-38422 2024-11-04 10h04 +00:00 Memory corruption while processing voice packet with arbitrary data received from ADSP.
7.8
Haute
CVE-2024-38421 2024-11-04 10h04 +00:00 Memory corruption while processing GPU commands.
7.8
Haute
CVE-2024-38419 2024-11-04 10h04 +00:00 Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node.
7.8
Haute
CVE-2024-38415 2024-11-04 10h04 +00:00 Memory corruption while handling session errors from firmware.
7.8
Haute
CVE-2024-38408 2024-11-04 10h04 +00:00 Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.
9.1
Critique
CVE-2024-38405 2024-11-04 10h04 +00:00 Transient DOS while processing the CU information from RNR IE.
7.5
Haute
CVE-2024-38403 2024-11-04 10h04 +00:00 Transient DOS while parsing BTM ML IE when per STA profile is not included.
7.5
Haute
CVE-2024-33068 2024-11-04 10h04 +00:00 Transient DOS while parsing fragments of MBSSID IE from beacon frame.
7.5
Haute
CVE-2024-43047 2024-10-07 12h59 +00:00 Memory corruption while maintaining memory maps of HLOS memory.
7.8
Haute
CVE-2024-38399 2024-10-07 12h58 +00:00 Memory corruption while processing user packets to generate page faults.
8.4
Haute
CVE-2024-38397 2024-10-07 12h58 +00:00 Transient DOS while parsing probe response and assoc response frame.
7.5
Haute
CVE-2024-33073 2024-10-07 12h58 +00:00 Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.
8.2
Haute
CVE-2024-33069 2024-10-07 12h58 +00:00 Transient DOS when transmission of management frame sent by host is not successful and error status is received in the host.
7.5
Haute
CVE-2024-33049 2024-10-07 12h58 +00:00 Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame.
7.5
Haute
CVE-2024-23369 2024-10-07 12h58 +00:00 Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers.
7.8
Haute
CVE-2024-21455 2024-10-07 12h58 +00:00 Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver.
7.8
Haute
CVE-2024-38402 2024-09-02 10h22 +00:00 Memory corruption while processing IOCTL call for getting group info.
7.8
Haute
CVE-2024-33060 2024-09-02 10h22 +00:00 Memory corruption when two threads try to map and unmap a single node simultaneously.
8.4
Haute
CVE-2024-33057 2024-09-02 10h22 +00:00 Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.
7.5
Haute
CVE-2024-33052 2024-09-02 10h22 +00:00 Memory corruption when user provides data for FM HCI command control operations.
7.8
Haute
CVE-2024-33051 2024-09-02 10h22 +00:00 Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.
7.5
Haute
CVE-2024-33050 2024-09-02 10h22 +00:00 Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.
7.5
Haute
CVE-2024-33048 2024-09-02 10h22 +00:00 Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.
7.5
Haute
CVE-2024-33045 2024-09-02 10h22 +00:00 Memory corruption when BTFM client sends new messages over Slimbus to ADSP.
8.4
Haute
CVE-2024-33043 2024-09-02 10h22 +00:00 Transient DOS while handling PS event when Program Service name length offset value is set to 255.
5.5
Moyen
CVE-2024-33042 2024-09-02 10h22 +00:00 Memory corruption when Alternative Frequency offset value is set to 255.
7.8
Haute
CVE-2024-33034 2024-08-05 14h21 +00:00 Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory buffers are performed at the same time.
8.4
Haute
CVE-2024-33028 2024-08-05 14h21 +00:00 Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released.
8.4
Haute
CVE-2024-33027 2024-08-05 14h21 +00:00 Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table.
8.4
Haute
CVE-2024-33026 2024-08-05 14h21 +00:00 Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp.
7.5
Haute
CVE-2024-33025 2024-08-05 14h21 +00:00 Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.
7.5
Haute
CVE-2024-33024 2024-08-05 14h21 +00:00 Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length.
7.5
Haute
CVE-2024-33023 2024-08-05 14h21 +00:00 Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events.
8.4
Haute
CVE-2024-33022 2024-08-05 14h21 +00:00 Memory corruption while allocating memory in HGSL driver.
8.4
Haute
CVE-2024-33021 2024-08-05 14h21 +00:00 Memory corruption while processing IOCTL call to set metainfo.
8.4
Haute
CVE-2024-33020 2024-08-05 14h21 +00:00 Transient DOS while processing TID-to-link mapping IE elements.
7.5
Haute
CVE-2024-33019 2024-08-05 14h21 +00:00 Transient DOS while parsing the received TID-to-link mapping action frame.
7.5
Haute
CVE-2024-33018 2024-08-05 14h21 +00:00 Transient DOS while parsing the received TID-to-link mapping element of the TID-to-link mapping action frame.
7.5
Haute
CVE-2024-33015 2024-08-05 14h21 +00:00 Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report.
7.5
Haute
CVE-2024-33014 2024-08-05 14h21 +00:00 Transient DOS while parsing ESP IE from beacon/probe response frame.
7.5
Haute
CVE-2024-33013 2024-08-05 14h21 +00:00 Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length.
7.5
Haute
CVE-2024-33012 2024-08-05 14h21 +00:00 Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.
7.5
Haute
CVE-2024-33011 2024-08-05 14h21 +00:00 Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero.
7.5
Haute
CVE-2024-33010 2024-08-05 14h21 +00:00 Transient DOS while parsing fragments of MBSSID IE from beacon frame.
7.5
Haute
CVE-2024-23384 2024-08-05 14h21 +00:00 Memory corruption when the mapped pages in VBO are still mapped after reclaiming by shrinker.
8.4
Haute
CVE-2024-23383 2024-08-05 14h21 +00:00 Memory corruption when kernel driver attempts to trigger hardware fences.
8.4
Haute
CVE-2024-23382 2024-08-05 14h21 +00:00 Memory corruption while processing graphics kernel driver request to create DMA fence.
8.4
Haute
CVE-2024-23381 2024-08-05 14h21 +00:00 Memory corruption when memory mapped in a VBO is not unmapped by the GPU SMMU.
8.4
Haute
CVE-2024-23357 2024-08-05 14h21 +00:00 Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus.
6.2
Moyen
CVE-2024-23356 2024-08-05 14h21 +00:00 Memory corruption during session sign renewal request calls in HLOS.
7.8
Haute
CVE-2024-23355 2024-08-05 14h21 +00:00 Memory corruption when keymaster operation imports a shared key.
7.8
Haute
CVE-2024-21481 2024-08-05 14h21 +00:00 Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager.
8.4
Haute
CVE-2024-21467 2024-08-05 14h21 +00:00 Information disclosure while handling beacon probe frame during scan entry generation in client side.
7.5
Haute
CVE-2024-21459 2024-08-05 14h21 +00:00 Information disclosure while handling beacon or probe response frame in STA.
7.5
Haute
CVE-2024-23380 2024-07-01 14h17 +00:00 Memory corruption while handling user packets during VBO bind operation.
8.4
Haute
CVE-2024-23373 2024-07-01 14h17 +00:00 Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.
8.4
Haute
CVE-2024-23372 2024-07-01 14h17 +00:00 Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected size.
8.4
Haute
CVE-2024-23368 2024-07-01 14h17 +00:00 Memory corruption when allocating and accessing an entry in an SMEM partition.
7.8
Haute
CVE-2024-21469 2024-07-01 14h17 +00:00 Memory corruption when an invoke call and a TEE call are bound for the same trusted application.
7.8
Haute
CVE-2024-21466 2024-07-01 14h17 +00:00 Information disclosure while parsing sub-IE length during new IE generation.
7.5
Haute
CVE-2024-21465 2024-07-01 14h17 +00:00 Memory corruption while processing key blob passed by the user.
7.8
Haute
CVE-2024-21462 2024-07-01 14h17 +00:00 Transient DOS while loading the TA ELF file.
7.1
Haute
CVE-2024-21461 2024-07-01 14h17 +00:00 Memory corruption while performing finish HMAC operation when context is freed by keymaster.
8.4
Haute
CVE-2024-21458 2024-07-01 14h17 +00:00 Information disclosure while handling SA query action frame.
7.5
Haute
CVE-2024-21457 2024-07-01 14h17 +00:00 INformation disclosure while handling Multi-link IE in beacon frame.
7.5
Haute
CVE-2024-21456 2024-07-01 14h17 +00:00 Information Disclosure while parsing beacon frame in STA.
9.1
Critique
CVE-2024-23363 2024-06-03 10h05 +00:00 Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame.
7.5
Haute
CVE-2023-43556 2024-06-03 10h05 +00:00 Memory corruption in Hypervisor when platform information mentioned is not aligned.
9.3
Critique
CVE-2023-43545 2024-06-03 10h05 +00:00 Memory corruption when more scan frequency list or channels are sent from the user space.
7.8
Haute
CVE-2023-43542 2024-06-03 10h05 +00:00 Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.
7.8
Haute
CVE-2023-43538 2024-06-03 10h05 +00:00 Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization.
9.3
Critique
CVE-2023-43537 2024-06-03 10h05 +00:00 Information disclosure while handling T2LM Action Frame in WLAN Host.
7.5
Haute
CVE-2024-23354 2024-05-06 14h32 +00:00 Memory corruption when the IOCTL call is interrupted by a signal.
8.4
Haute
CVE-2024-23351 2024-05-06 14h32 +00:00 Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions.
8.4
Haute
CVE-2024-21480 2024-05-06 14h32 +00:00 Memory corruption while playing audio file having large-sized input buffer.
9.8
Critique
CVE-2024-21477 2024-05-06 14h32 +00:00 Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame.
7.5
Haute
CVE-2024-21475 2024-05-06 14h32 +00:00 Memory corruption when the payload received from firmware is not as per the expected protocol size.
7.8
Haute
CVE-2024-21474 2024-05-06 14h32 +00:00 Memory corruption when size of buffer from previous call is used without validation or re-initialization.
8.4
Haute
CVE-2024-21471 2024-05-06 14h32 +00:00 Memory corruption when IOMMU unmap of a GPU buffer fails in Linux.
8.4
Haute
CVE-2023-43531 2024-05-06 14h32 +00:00 Memory corruption while verifying the serialized header when the key pairs are generated.
8.4
Haute
CVE-2023-43530 2024-05-06 14h32 +00:00 Memory corruption in HLOS while checking for the storage type.
7.8
Haute
CVE-2023-33119 2024-05-06 14h32 +00:00 Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache.
8.4
Haute
CVE-2024-21472 2024-04-01 15h06 +00:00 Memory corruption in Kernel while handling GPU operations.
8.4
Haute
CVE-2024-21468 2024-04-01 15h06 +00:00 Memory corruption when there is failed unmap operation in GPU.
8.4
Haute
CVE-2024-21463 2024-04-01 15h06 +00:00 Memory corruption while processing Codec2 during v13k decoder pitch synthesis.
9.8
Critique
CVE-2023-33115 2024-04-01 15h05 +00:00 Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.
7.8
Haute
CVE-2023-33023 2024-04-01 15h05 +00:00 Memory corruption while processing finish_sign command to pass a rsp buffer.
8.4
Haute
CVE-2023-28547 2024-04-01 15h05 +00:00 Memory corruption in SPS Application while requesting for public key in sorter TA.
8.4
Haute
CVE-2023-43553 2024-03-04 10h48 +00:00 Memory corruption while parsing beacon/probe response frame when AP sends more supported links in MLIE.
9.8
Critique
CVE-2023-43552 2024-03-04 10h48 +00:00 Memory corruption while processing MBSSID beacon containing several subelement IE.
9.8
Critique
CVE-2023-43550 2024-03-04 10h48 +00:00 Memory corruption while processing a QMI request for allocating memory from a DHMS supported subsystem.
7.8
Haute
CVE-2023-43549 2024-03-04 10h48 +00:00 Memory corruption while processing TPC target power table in FTM TPC.
8.4
Haute
CVE-2023-43548 2024-03-04 10h48 +00:00 Memory corruption while parsing qcp clip with invalid chunk data size.
9.8
Critique
CVE-2023-43547 2024-03-04 10h48 +00:00 Memory corruption while invoking IOCTLs calls in Automotive Multimedia.
8.4
Haute
CVE-2023-43546 2024-03-04 10h48 +00:00 Memory corruption while invoking HGSL IOCTL context create.
8.4
Haute
CVE-2023-43539 2024-03-04 10h48 +00:00 Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol frame.
7.5
Haute
CVE-2023-33066 2024-03-04 10h48 +00:00 Memory corruption in Audio while processing RT proxy port register driver.
8.4
Haute
CVE-2023-28578 2024-03-04 10h48 +00:00 Memory corruption in Core Services while executing the command for removing a single event listener.
9.3
Critique
CVE-2023-43536 2024-02-06 05h47 +00:00 Transient DOS while parse fils IE with length equal to 1.
7.5
Haute
CVE-2023-43534 2024-02-06 05h47 +00:00 Memory corruption while validating the TID to Link Mapping action request frame, when a station connects to an access point.
9.8
Critique
CVE-2023-43533 2024-02-06 05h47 +00:00 Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame.
7.5
Haute
CVE-2023-43523 2024-02-06 05h47 +00:00 Transient DOS while processing 11AZ RTT management action frame received through OTA.
7.5
Haute
CVE-2023-43522 2024-02-06 05h47 +00:00 Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL.
7.5
Haute
CVE-2023-43520 2024-02-06 05h47 +00:00 Memory corruption when AP includes TID to link mapping IE in the beacons and STA is parsing the beacon TID to link mapping IE.
9.8
Critique
CVE-2023-43519 2024-02-06 05h47 +00:00 Memory corruption in video while parsing the Videoinfo, when the size of atom is greater than the videoinfo size.
9.8
Critique
CVE-2023-43518 2024-02-06 05h47 +00:00 Memory corruption in video while parsing invalid mp2 clip.
9.8
Critique
CVE-2023-43517 2024-02-06 05h47 +00:00 Memory corruption in Automotive Multimedia due to improper access control in HAB.
8.4
Haute
CVE-2023-43513 2024-02-06 05h47 +00:00 Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element.
7.8
Haute
CVE-2023-33076 2024-02-06 05h47 +00:00 Memory corruption in Core when updating rollback version for TA and OTA feature is enabled.
7.8
Haute
CVE-2023-33072 2024-02-06 05h47 +00:00 Memory corruption in Core while processing control functions.
9.3
Critique
CVE-2023-33046 2024-02-06 05h46 +00:00 Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation.
7.8
Haute
CVE-2023-43514 2024-01-02 05h38 +00:00 Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem UNMAP.
8.4
Haute
CVE-2023-43511 2024-01-02 05h38 +00:00 Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header.
7.5
Haute
CVE-2023-33120 2024-01-02 05h38 +00:00 Memory corruption in Audio when memory map command is executed consecutively in ADSP.
7.8
Haute
CVE-2023-33118 2024-01-02 05h38 +00:00 Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL.
7.8
Haute
CVE-2023-33117 2024-01-02 05h38 +00:00 Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command.
7.8
Haute
CVE-2023-33114 2024-01-02 05h38 +00:00 Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time.
8.4
Haute
CVE-2023-33113 2024-01-02 05h38 +00:00 Memory corruption when resource manager sends the host kernel a reply message with multiple fragments.
8.4
Haute
CVE-2023-33112 2024-01-02 05h38 +00:00 Transient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA element.
7.5
Haute
CVE-2023-33109 2024-01-02 05h38 +00:00 Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.
7.5
Haute
CVE-2023-33108 2024-01-02 05h38 +00:00 Memory corruption in Graphics Driver when destroying a context with KGSL_GPU_AUX_COMMAND_TIMELINE objects queued.
8.4
Haute
CVE-2023-33094 2024-01-02 05h38 +00:00 Memory corruption while running VK synchronization with KASAN enabled.
8.4
Haute
CVE-2023-33085 2024-01-02 05h38 +00:00 Memory corruption in wearables while processing data from AON.
7.8
Haute
CVE-2023-33062 2024-01-02 05h38 +00:00 Transient DOS in WLAN Firmware while parsing a BTM request.
7.5
Haute
CVE-2023-33037 2024-01-02 05h38 +00:00 Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data.
7.1
Haute
CVE-2023-33036 2024-01-02 05h38 +00:00 Permanent DOS in Hypervisor while untrusted VM without PSCI support makes a PSCI call.
7.1
Haute
CVE-2023-33033 2024-01-02 05h38 +00:00 Memory corruption in Audio during playback with speaker protection.
8.4
Haute
CVE-2023-33032 2024-01-02 05h38 +00:00 Memory corruption in TZ Secure OS while requesting a memory allocation from TA region.
9.3
Critique
CVE-2023-33030 2024-01-02 05h38 +00:00 Memory corruption in HLOS while running playready use-case.
9.3
Critique
CVE-2023-33014 2024-01-02 05h38 +00:00 Information disclosure in Core services while processing a Diag command.
7.6
Haute
CVE-2023-33107 2023-12-05 03h04 +00:00 Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.
8.4
Haute
CVE-2023-33106 2023-12-05 03h04 +00:00 Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.
8.4
Haute
CVE-2023-33098 2023-12-05 03h04 +00:00 Transient DOS while parsing WPA IES, when it is passed with length more than expected size.
7.5
Haute
CVE-2023-33097 2023-12-05 03h04 +00:00 Transient DOS in WLAN Firmware while processing a FTMR frame.
7.5
Haute
CVE-2023-33089 2023-12-05 03h04 +00:00 Transient DOS when processing a NULL buffer while parsing WLAN vdev.
7.5
Haute
CVE-2023-33088 2023-12-05 03h04 +00:00 Memory corruption when processing cmd parameters while parsing vdev.
8.4
Haute
CVE-2023-33087 2023-12-05 03h04 +00:00 Memory corruption in Core while processing RX intent request.
7.8
Haute
CVE-2023-33081 2023-12-05 03h04 +00:00 Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast.
7.5
Haute
CVE-2023-33080 2023-12-05 03h04 +00:00 Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.
7.5
Haute
CVE-2023-33079 2023-12-05 03h04 +00:00 Memory corruption in Audio while running invalid audio recording from ADSP.
7.8
Haute
CVE-2023-33070 2023-12-05 03h04 +00:00 Transient DOS in Automotive OS due to improper authentication to the secure IO calls.
7.1
Haute
CVE-2023-33063 2023-12-05 03h04 +00:00 Memory corruption in DSP Services during a remote call from HLOS to DSP.
7.8
Haute
CVE-2023-33054 2023-12-05 03h04 +00:00 Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance data.
9.1
Critique
CVE-2023-33053 2023-12-05 03h04 +00:00 Memory corruption in Kernel while parsing metadata.
8.4
Haute
CVE-2023-33041 2023-12-05 03h04 +00:00 Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids.
7.5
Haute
CVE-2023-33022 2023-12-05 03h04 +00:00 Memory corruption in HLOS while invoking IOCTL calls from user-space.
8.4
Haute
CVE-2023-33017 2023-12-05 03h03 +00:00 Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.
7.8
Haute
CVE-2023-28588 2023-12-05 03h03 +00:00 Transient DOS in Bluetooth Host while rfc slot allocation.
7.5
Haute
CVE-2023-28587 2023-12-05 03h03 +00:00 Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level.
7.8
Haute
CVE-2023-28586 2023-12-05 03h03 +00:00 Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.
6.5
Moyen
CVE-2023-28585 2023-12-05 03h03 +00:00 Memory corruption while loading an ELF segment in TEE Kernel.
8.8
Haute
CVE-2023-28550 2023-12-05 03h03 +00:00 Memory corruption in MPP performance while accessing DSM watermark using external memory address.
7.8
Haute
CVE-2023-28546 2023-12-05 03h03 +00:00 Memory Corruption in SPS Application while exporting public key in sorter TA.
7.8
Haute
CVE-2023-33074 2023-11-07 05h26 +00:00 Memory corruption in Audio when SSR event is triggered after music playback is stopped.
8.4
Haute
CVE-2023-33061 2023-11-07 05h26 +00:00 Transient DOS in WLAN Firmware while parsing WLAN beacon or probe-response frame.
7.5
Haute
CVE-2023-33059 2023-11-07 05h26 +00:00 Memory corruption in Audio while processing the VOC packet data from ADSP.
7.8
Haute
CVE-2023-33056 2023-11-07 05h26 +00:00 Transient DOS in WLAN Firmware when firmware receives beacon including T2LM IE.
7.5
Haute
CVE-2023-33055 2023-11-07 05h26 +00:00 Memory Corruption in Audio while invoking callback function in driver from ADSP.
7.8
Haute
CVE-2023-33048 2023-11-07 05h26 +00:00 Transient DOS in WLAN Firmware while parsing t2lm buffers.
7.5
Haute
CVE-2023-33047 2023-11-07 05h26 +00:00 Transient DOS in WLAN Firmware while parsing no-inherit IES.
7.5
Haute
CVE-2023-33045 2023-11-07 05h26 +00:00 Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute.
9.8
Critique
CVE-2023-33031 2023-11-07 05h26 +00:00 Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer.
7.8
Haute
CVE-2023-28574 2023-11-07 05h26 +00:00 Memory corruption in core services when Diag handler receives a command to configure event listeners.
9
Critique
CVE-2023-28572 2023-11-07 05h26 +00:00 Memory corruption in WLAN HOST while processing the WLAN scan descriptor list.
8.8
Haute
CVE-2023-28570 2023-11-07 05h26 +00:00 Memory corruption while processing audio effects.
7.8
Haute
CVE-2023-28569 2023-11-07 05h26 +00:00 Information disclosure in WLAN HAL while handling command through WMI interfaces.
6.1
Moyen
CVE-2023-28566 2023-11-07 05h26 +00:00 Information disclosure in WLAN HAL while handling the WMI state info command.
6.1
Moyen
CVE-2023-28563 2023-11-07 05h26 +00:00 Information disclosure in IOE Firmware while handling WMI command.
6.1
Moyen
CVE-2023-28556 2023-11-07 05h26 +00:00 Cryptographic issue in HLOS during key management.
7.8
Haute
CVE-2023-28554 2023-11-07 05h26 +00:00 Information Disclosure in Qualcomm IPC while reading values from shared memory in VM.
6.1
Moyen
CVE-2023-28553 2023-11-07 05h26 +00:00 Information Disclosure in WLAN Host when processing WMI event command.
6.1
Moyen
CVE-2023-28545 2023-11-07 05h26 +00:00 Memory corruption in TZ Secure OS while loading an app ELF.
8.2
Haute
CVE-2023-24852 2023-11-07 05h26 +00:00 Memory Corruption in Core due to secure memory access by user while loading modem image.
8.4
Haute
CVE-2023-33035 2023-10-03 05h00 +00:00 Memory corruption while invoking callback function of AFE from ADSP.
7.8
Haute
CVE-2023-33034 2023-10-03 05h00 +00:00 Memory corruption while parsing the ADSP response command.
7.8
Haute
CVE-2023-33029 2023-10-03 05h00 +00:00 Memory corruption in DSP Service during a remote call from HLOS to DSP.
8.4
Haute
CVE-2023-33028 2023-10-03 05h00 +00:00 Memory corruption in WLAN Firmware while doing a memory copy of pmk cache.
9.8
Critique
CVE-2023-33027 2023-10-03 05h00 +00:00 Transient DOS in WLAN Firmware while parsing rsn ies.
7.5
Haute
CVE-2023-33026 2023-10-03 05h00 +00:00 Transient DOS in WLAN Firmware while parsing a NAN management frame.
7.5
Haute
CVE-2023-28571 2023-10-03 05h00 +00:00 Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan.
6.1
Moyen
CVE-2023-28539 2023-10-03 05h00 +00:00 Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command.
7.8
Haute
CVE-2023-24853 2023-10-03 05h00 +00:00 Memory Corruption in HLOS while registering for key provisioning notify.
8.4
Haute
CVE-2023-24850 2023-10-03 05h00 +00:00 Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application.
7.8
Haute
CVE-2023-22382 2023-10-03 05h00 +00:00 Weak configuration in Automotive while VM is processing a listener request from TEE.
8.2
Haute
CVE-2023-21673 2023-10-03 05h00 +00:00 Improper Access to the VM resource manager can lead to Memory Corruption.
8.7
Haute
CVE-2023-33021 2023-09-05 06h24 +00:00 Memory corruption in Graphics while processing user packets for command submission.
8.4
Haute
CVE-2023-33020 2023-09-05 06h24 +00:00 Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE.
7.5
Haute
CVE-2023-33019 2023-09-05 06h24 +00:00 Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE.
7.5
Haute
CVE-2023-33015 2023-09-05 06h24 +00:00 Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon frame.
7.5
Haute
CVE-2023-28584 2023-09-05 06h24 +00:00 Transient DOS in WLAN Host when a mobile station receives invalid channel in CSA IE while doing channel switch announcement (CSA).
7.5
Haute
CVE-2023-28573 2023-09-05 06h24 +00:00 Memory corruption in WLAN HAL while parsing WMI command parameters.
7.8
Haute
CVE-2023-28567 2023-09-05 06h24 +00:00 Memory corruption in WLAN HAL while handling command through WMI interfaces.
7.8
Haute
CVE-2023-28565 2023-09-05 06h24 +00:00 Memory corruption in WLAN HAL while handling command streams through WMI interfaces.
7.8
Haute
CVE-2023-28564 2023-09-05 06h24 +00:00 Memory corruption in WLAN HAL while passing command parameters through WMI interfaces.
7.8
Haute
CVE-2023-28560 2023-09-05 06h24 +00:00 Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.
7.8
Haute
CVE-2023-28559 2023-09-05 06h24 +00:00 Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload.
7.8
Haute
CVE-2023-28558 2023-09-05 06h24 +00:00 Memory corruption in WLAN handler while processing PhyID in Tx status handler.
7.8
Haute
CVE-2023-28557 2023-09-05 06h24 +00:00 Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload.
7.8
Haute
CVE-2023-28549 2023-09-05 06h24 +00:00 Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV payload.
7.8
Haute
CVE-2023-28548 2023-09-05 06h24 +00:00 Memory corruption in WLAN HAL while processing Tx/Rx commands from QDART.
7.8
Haute
CVE-2023-28544 2023-09-05 06h24 +00:00 Memory corruption in WLAN while sending transmit command from HLOS to UTF handlers.
7.8
Haute
CVE-2023-28538 2023-09-05 06h24 +00:00 Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region.
8.4
Haute
CVE-2023-21664 2023-09-05 06h24 +00:00 Memory Corruption in Core Platform while printing the response buffer in log.
7.8
Haute
CVE-2023-21662 2023-09-05 06h24 +00:00 Memory corruption in Core Platform while printing the response buffer in log.
7.8
Haute
CVE-2022-33275 2023-09-05 06h23 +00:00 Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of range.
8.4
Haute
CVE-2023-28537 2023-08-08 09h15 +00:00 Memory corruption while allocating memory in COmxApeDec module in Audio.
8.4
Haute
CVE-2023-22666 2023-08-08 09h15 +00:00 Memory Corruption in Audio while playing amrwbplus clips with modified content.
8.4
Haute
CVE-2023-21652 2023-08-08 09h14 +00:00 Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use.
7.7
Haute
CVE-2023-21651 2023-08-08 09h14 +00:00 Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.
9.3
Critique
CVE-2023-21649 2023-08-08 09h14 +00:00 Memory corruption in WLAN while running doDriverCmd for an unspecific command.
7.8
Haute
CVE-2023-21643 2023-08-08 09h14 +00:00 Memory corruption due to untrusted pointer dereference in automotive during system call.
9.1
Critique
CVE-2023-21626 2023-08-08 09h14 +00:00 Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key.
7.1
Haute
CVE-2022-40510 2023-08-08 09h14 +00:00 Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.
9.8
Critique
CVE-2023-28542 2023-07-04 04h46 +00:00 Memory Corruption in WLAN HOST while fetching TX status information.
7.8
Haute
CVE-2023-28541 2023-07-04 04h46 +00:00 Memory Corruption in Data Modem while processing DMA buffer release event about CFR data.
7.8
Haute
CVE-2023-24854 2023-07-04 04h46 +00:00 Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware response message.
7.8
Haute
CVE-2023-24851 2023-07-04 04h46 +00:00 Memory Corruption in WLAN HOST while parsing QMI response message from firmware.
7.8
Haute
CVE-2023-22667 2023-07-04 04h46 +00:00 Memory Corruption in Audio while allocating the ion buffer during the music playback.
8.4
Haute
CVE-2023-22387 2023-07-04 04h46 +00:00 Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption.
7.8
Haute
CVE-2023-22386 2023-07-04 04h46 +00:00 Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory.
7.8
Haute
CVE-2023-21672 2023-07-04 04h46 +00:00 Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording sessions.
8.4
Haute
CVE-2023-21633 2023-07-04 04h46 +00:00 Memory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage request.
7.8
Haute
CVE-2023-21670 2023-06-06 07h39 +00:00 Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode.
7.8
Haute
CVE-2023-21659 2023-06-06 07h39 +00:00 Transient DOS in WLAN Firmware while processing frames with missing header fields.
7.5
Haute
CVE-2023-21658 2023-06-06 07h39 +00:00 Transient DOS in WLAN Firmware while processing the received beacon or probe response frame.
7.5
Haute
CVE-2023-21657 2023-06-06 07h39 +00:00 Memoru corruption in Audio when ADSP sends input during record use case.
7.8
Haute
CVE-2023-21656 2023-06-06 07h39 +00:00 Memory corruption in WLAN HOST while receiving an WMI event from firmware.
7.8
Haute
CVE-2023-21632 2023-06-06 07h39 +00:00 Memory corruption in Automotive GPU while querying a gsl memory node.
8.4
Haute
CVE-2023-21628 2023-06-06 07h39 +00:00 Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.
8.4
Haute
CVE-2022-40533 2023-06-06 07h39 +00:00 Transient DOS due to untrusted Pointer Dereference in core while sending USB QMI request.
6.2
Moyen
CVE-2022-40529 2023-06-06 07h39 +00:00 Memory corruption due to improper access control in kernel while processing a mapping request from root process.
7.8
Haute
CVE-2022-40523 2023-06-06 07h38 +00:00 Information disclosure in Kernel due to indirect branch misprediction.
7.1
Haute
CVE-2022-40507 2023-06-06 07h38 +00:00 Memory corruption due to double free in Core while mapping HLOS address to the list.
8.4
Haute
CVE-2022-33307 2023-06-06 07h38 +00:00 Memory Corruption due to double free in automotive when a bad HLOS address for one of the lists to be mapped is passed.
8.4
Haute
CVE-2022-33240 2023-06-06 07h38 +00:00 Memory corruption in Audio due to incorrect type cast during audio use-cases.
7.8
Haute
CVE-2022-33230 2023-06-06 07h38 +00:00 Memory corruption in FM Host due to buffer copy without checking the size of input in FM Host
7.8
Haute
CVE-2022-22076 2023-06-06 07h38 +00:00 information disclosure due to cryptographic issue in Core during RPMB read request.
7.1
Haute
CVE-2022-33273 2023-05-02 07h30 +00:00 Information disclosure due to buffer over-read in Trusted Execution Environment while QRKS report generation.
7.3
Haute
CVE-2023-21666 2023-05-02 05h08 +00:00 Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.
8.4
Haute
CVE-2023-21665 2023-05-02 05h08 +00:00 Memory corruption in Graphics while importing a file.
8.4
Haute
CVE-2022-40532 2023-04-04 04h46 +00:00 Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.
8.4
Haute
CVE-2022-40503 2023-04-04 04h46 +00:00 Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.
8.2
Haute
CVE-2022-33301 2023-04-04 04h46 +00:00 Memory corruption due to incorrect type conversion or cast in audio while using audio playback/capture when crafted address is sent from AGM IPC to AGM.
7.8
Haute
CVE-2022-33288 2023-04-04 04h46 +00:00 Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection information.
9.3
Critique
CVE-2022-33282 2023-04-04 04h46 +00:00 Memory corruption in Automotive Multimedia due to integer overflow to buffer overflow during IOCTL calls in video playback.
8.4
Haute
CVE-2022-33269 2023-04-04 04h46 +00:00 Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment.
9.3
Critique
CVE-2022-33231 2023-04-04 04h46 +00:00 Memory corruption due to double free in core while initializing the encryption key.
9.3
Critique
CVE-2022-40531 2023-03-07 04h43 +00:00 Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.
8.4
Haute
CVE-2022-40530 2023-03-07 04h43 +00:00 Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.
8.4
Haute
CVE-2022-33278 2023-03-07 04h43 +00:00 Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer capacity.
7.8
Haute
CVE-2022-33257 2023-03-07 04h43 +00:00 Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone.
9.3
Critique
CVE-2022-33242 2023-03-07 04h43 +00:00 Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.
7.8
Haute
CVE-2022-25655 2023-03-07 04h43 +00:00 Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload.
8.4
Haute
CVE-2022-40514 2023-02-09 06h58 +00:00 Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame.
9.8
Critique
CVE-2022-40512 2023-02-09 06h58 +00:00 Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.
7.5
Haute
CVE-2022-40502 2023-02-09 06h58 +00:00 Transient DOS due to improper input validation in WLAN Host.
7.5
Haute
CVE-2022-34146 2023-02-09 06h58 +00:00 Transient DOS due to improper input validation in WLAN Host while parsing frame during defragmentation.
7.5
Haute
CVE-2022-34145 2023-02-09 06h58 +00:00 Transient DOS due to buffer over-read in WLAN Host while parsing frame information.
7.5
Haute
CVE-2022-33306 2023-02-09 06h58 +00:00 Transient DOS due to buffer over-read in WLAN while processing an incoming management frame with incorrectly filled IEs.
7.5
Haute
CVE-2022-33277 2023-02-09 06h58 +00:00 Memory corruption in modem due to buffer copy without checking size of input while receiving WMI command.
8.4
Haute
CVE-2022-33271 2023-02-09 06h58 +00:00 Information disclosure due to buffer over-read in WLAN while parsing NMF frame.
8.2
Haute
CVE-2022-33232 2023-02-09 06h58 +00:00 Memory corruption due to buffer copy without checking size of input while running memory sharing tests with large scattered memory.
9.3
Critique
CVE-2022-33216 2023-02-09 06h58 +00:00 Transient Denial-of-service in Automotive due to improper input validation while parsing ELF file.
6
Moyen
CVE-2022-40520 2023-01-06 05h02 +00:00 Memory corruption due to stack-based buffer overflow in Core
8.4
Haute
CVE-2022-40519 2023-01-06 05h02 +00:00 Information disclosure due to buffer overread in Core
6.8
Moyen
CVE-2022-40518 2023-01-06 05h02 +00:00 Information disclosure due to buffer overread in Core
6.8
Moyen
CVE-2022-40517 2023-01-06 05h02 +00:00 Memory corruption in core due to stack-based buffer overflow
8.4
Haute
CVE-2022-40516 2023-01-06 05h02 +00:00 Memory corruption in Core due to stack-based buffer overflow.
8.4
Haute
CVE-2022-33299 2023-01-06 05h02 +00:00 Transient DOS due to null pointer dereference in Bluetooth HOST while receiving an attribute protocol PDU with zero length data.
7.5
Haute
CVE-2022-33290 2023-01-06 05h02 +00:00 Transient DOS in Bluetooth HOST due to null pointer dereference when a mismatched argument is passed.
7.5
Haute
CVE-2022-33286 2023-01-06 05h02 +00:00 Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames.
7.5
Haute
CVE-2022-33285 2023-01-06 05h02 +00:00 Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames.
7.5
Haute
CVE-2022-33284 2023-01-06 05h02 +00:00 Information disclosure due to buffer over-read in WLAN while parsing BTM action frame.
8.2
Haute
CVE-2022-33283 2023-01-06 05h02 +00:00 Information disclosure due to buffer over-read in WLAN while WLAN frame parsing due to missing frame length check.
8.2
Haute
CVE-2022-33276 2023-01-06 05h02 +00:00 Memory corruption due to buffer copy without checking size of input in modem while receiving WMI_REQUEST_STATS_CMDID command.
8.4
Haute
CVE-2022-33255 2023-01-06 05h02 +00:00 Information disclosure due to buffer over-read in Bluetooth HOST while processing GetFolderItems and GetItemAttribute Cmds from peer device.
8.2
Haute
CVE-2022-33253 2023-01-06 05h02 +00:00 Transient DOS due to buffer over-read in WLAN while parsing corrupted NAN frames.
7.5
Haute
CVE-2022-33252 2023-01-06 05h02 +00:00 Information disclosure due to buffer over-read in WLAN while handling IBSS beacons frame.
8.2
Haute
CVE-2022-33219 2023-01-06 05h02 +00:00 Memory corruption in Automotive due to integer overflow to buffer overflow while registering a new listener with shared buffer.
9.3
Critique
CVE-2022-33218 2023-01-06 05h02 +00:00 Memory corruption in Automotive due to improper input validation.
8.2
Haute
CVE-2022-25746 2023-01-06 05h02 +00:00 Memory corruption in kernel due to missing checks when updating the access rights of a memextent mapping.
8.1
Haute
CVE-2022-25677 2022-12-12 23h00 +00:00 Memory corruption in diag due to use after free while processing dci packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
7.8
Haute
CVE-2022-25681 2022-12-12 23h00 +00:00 Possible memory corruption in kernel while performing memory access due to hypervisor not correctly invalidated the processor translation caches in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
8.4
Haute
CVE-2022-33235 2022-12-12 23h00 +00:00 Information disclosure due to buffer over-read in WLAN firmware while parsing security context info attributes. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
8.2
Haute
CVE-2022-33238 2022-12-12 23h00 +00:00 Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2022-25710 2022-11-14 23h00 +00:00 Denial of service due to null pointer dereference when GATT is disconnected in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
7.5
Haute
CVE-2022-25724 2022-11-14 23h00 +00:00 Memory corruption in graphics due to buffer overflow while validating the user address in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
8.4
Haute
CVE-2022-25741 2022-11-14 23h00 +00:00 Denial of service in WLAN due to potential null pointer dereference while accessing the memory location in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
7.5
Haute
CVE-2022-25743 2022-11-14 23h00 +00:00 Memory corruption in graphics due to use-after-free while importing graphics buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
8.4
Haute
CVE-2022-33234 2022-11-14 23h00 +00:00 Memory corruption in video due to configuration weakness. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
9.8
Critique
CVE-2022-33237 2022-11-14 23h00 +00:00 Transient DOS due to buffer over-read in WLAN firmware while processing PPE threshold. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2022-33239 2022-11-14 23h00 +00:00 Transient DOS due to loop with unreachable exit condition in WLAN firmware while parsing IPV6 extension header. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2022-25687 2022-10-18 22h00 +00:00 memory corruption in video due to buffer overflow while parsing asf clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
9.8
Critique
CVE-2022-25718 2022-10-18 22h00 +00:00 Cryptographic issue in WLAN due to improper check on return value while authentication handshake in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
9.8
Critique
CVE-2022-25720 2022-10-18 22h00 +00:00 Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
9.8
Critique
CVE-2022-25736 2022-10-18 22h00 +00:00 Denial of service in WLAN due to out-of-bound read happens while processing VHT action frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2022-25748 2022-10-18 22h00 +00:00 Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
9.8
Critique
CVE-2022-25749 2022-10-18 22h00 +00:00 Transient Denial-of-Service in WLAN due to buffer over-read while parsing MDNS frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2022-25660 2022-10-11 22h00 +00:00 Memory corruption due to double free issue in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
7.8
Haute
CVE-2022-25661 2022-10-11 22h00 +00:00 Memory corruption due to untrusted pointer dereference in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
8.4
Haute
CVE-2022-25665 2022-10-11 22h00 +00:00 Information disclosure due to buffer over read in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile
7.1
Haute
CVE-2022-25690 2022-09-16 03h25 +00:00 Information disclosure in WLAN due to improper validation of array index while parsing crafted ANQP action frames in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
7.5
Haute
CVE-2022-22105 2022-09-16 03h25 +00:00 Memory corruption in bluetooth due to integer overflow while processing HFP-UNIT profile in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music
9.8
Critique
CVE-2022-22066 2022-09-16 03h25 +00:00 Memory corruption occurs while processing command received from HLOS due to improper length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
8.4
Haute
CVE-2022-22070 2022-09-02 09h31 +00:00 Memory corruption in audio due to lack of check of invalid routing address into APR Routing table in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
7.8
Haute
CVE-2022-22062 2022-09-02 09h31 +00:00 An out-of-bounds read can occur while parsing a server certificate due to improper length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
9.1
Critique
CVE-2021-35135 2022-09-02 09h31 +00:00 A null pointer dereference may potentially occur during RSA key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
6.2
Moyen
CVE-2021-35097 2022-09-02 09h30 +00:00 Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
7.3
Haute
CVE-2021-35071 2022-06-14 08h11 +00:00 Possible buffer over read due to lack of size validation while copying data from DBR buffer to RX buffer and can lead to Denial of Service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
5.5
Moyen
CVE-2021-30327 2022-06-14 08h10 +00:00 Buffer overflow in sahara protocol while processing commands leads to overwrite of secure configuration data in Snapdragon Mobile, Snapdragon Compute, Snapdragon Auto, Snapdragon IOT, Snapdragon Connectivity, Snapdragon Voice & Music
7.5
Haute
CVE-2022-22065 2022-06-14 07h51 +00:00 Out of bound read in WLAN HOST due to improper length check can lead to DOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
7.5
Haute
CVE-2022-22064 2022-06-14 07h51 +00:00 Possible buffer over read due to lack of size validation while unpacking frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
7.5
Haute
CVE-2022-25651 2022-06-14 07h41 +00:00 Memory corruption in bluetooth host due to integer overflow while processing BT HFP-UNIT profile in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
9.8
Critique
CVE-2021-35119 2022-06-14 07h40 +00:00 Potential out of Bounds read in FIPS event processing due to improper validation of the length from the firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
5.5
Moyen
CVE-2021-35117 2022-04-01 02h40 +00:00 An Out of Bounds read may potentially occur while processing an IBSS beacon, in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
9.1
Critique
CVE-2021-35106 2022-04-01 02h40 +00:00 Possible out of bound read due to improper length calculation of WMI message. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
7.8
Haute
CVE-2021-35103 2022-04-01 02h40 +00:00 Possible out of bound write due to improper validation of number of timer values received from firmware while syncing timers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
7.8
Haute
CVE-2021-35088 2022-04-01 02h40 +00:00 Possible out of bound read due to improper validation of IE length during SSID IE parse when channel is DFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
9.1
Critique
CVE-2021-35069 2022-02-11 09h40 +00:00 Improper validation of data length received from DMA buffer can lead to memory corruption. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.8
Haute
CVE-2021-30266 2021-11-12 05h16 +00:00 Possible use after free due to improper memory validation when initializing new interface via Interface add command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
6.7
Moyen
CVE-2021-30265 2021-11-12 05h15 +00:00 Possible memory corruption due to improper validation of memory address while processing user-space IOCTL for clearing Filter and Route statistics in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
6.7
Moyen
CVE-2021-30264 2021-11-12 05h15 +00:00 Possible use after free due improper validation of reference from call back to internal store table in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
6.7
Moyen
CVE-2021-30259 2021-11-12 05h15 +00:00 Possible out of bound access due to improper validation of function table entries in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
7.8
Haute
CVE-2021-1975 2021-11-12 05h15 +00:00 Possible heap overflow due to improper length check of domain while parsing the DNS response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
9.8
Critique
CVE-2021-1924 2021-11-12 05h15 +00:00 Information disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
9
Critique
CVE-2021-1921 2021-11-12 05h15 +00:00 Possible memory corruption due to Improper handling of hypervisor unmap operations for concurrent memory operations in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
7.8
Haute
CVE-2021-1903 2021-11-12 05h15 +00:00 Possible denial of service scenario can occur due to lack of length check on Channel Switch Announcement IE in beacon or probe response frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
5.3
Moyen
CVE-2021-30316 2021-10-20 04h31 +00:00 Possible out of bound memory access due to improper boundary check while creating HSYNC fence in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
8.4
Haute
CVE-2021-30315 2021-10-20 04h31 +00:00 Improper handling of sensor HAL structure in absence of sensor can lead to use after free in Snapdragon Auto
8.4
Haute
CVE-2021-30312 2021-10-20 04h31 +00:00 Improper authentication of sub-frames of a multicast AMSDU frame can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2021-30310 2021-10-20 04h31 +00:00 Possible buffer overflow due to Improper validation of received CF-ACK and CF-Poll data frames in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music
7.5
Haute
CVE-2021-1980 2021-10-20 04h31 +00:00 Possible buffer over read due to lack of length check while parsing beacon IE response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
9.1
Critique
CVE-2021-1977 2021-10-20 04h31 +00:00 Possible buffer over read due to improper validation of frame length while processing AEAD decryption during ASSOC response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music
9.1
Critique
CVE-2021-1967 2021-10-20 04h31 +00:00 Possible stack buffer overflow due to lack of check on the maximum number of post NAN discovery attributes while processing a NAN Match event in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
5.3
Moyen
CVE-2021-1966 2021-10-20 04h31 +00:00 Possible buffer overflow due to lack of length check of source and destination buffer before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
6.7
Moyen
CVE-2021-1959 2021-10-20 04h31 +00:00 Possible memory corruption due to lack of bound check of input index in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
7.8
Haute
CVE-2021-1949 2021-10-20 04h31 +00:00 Possible integer overflow due to improper check of batch count value while sanitizer is enabled in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables
8.4
Haute
CVE-2021-1936 2021-10-20 04h31 +00:00 Null pointer dereference can occur due to lack of null check for user provided input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables
7.5
Haute
CVE-2021-1932 2021-10-20 04h31 +00:00 Improper access control in trusted application environment can cause unauthorized access to CDSP or ADSP VM memory with either privilege in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
8.4
Haute
CVE-2021-1917 2021-10-20 04h31 +00:00 Null pointer dereference can occur due to memory allocation failure in DIAG in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Wearables
8.4
Haute
CVE-2021-1913 2021-10-20 04h31 +00:00 Possible integer overflow due to improper length check while updating grace period and count record in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
8.4
Haute
CVE-2020-11303 2021-10-20 04h31 +00:00 Accepting AMSDU frames with mismatched destination and source address can lead to information disclosure in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
8.6
Haute
CVE-2021-1968 2021-10-19 22h00 +00:00 Improper validation of kernel buffer address while copying information back to user buffer can lead to kernel memory information exposure to user space in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
6.2
Moyen
CVE-2021-1969 2021-10-19 22h00 +00:00 Improper validation of kernel buffer address while copying information back to user buffer can lead to kernel memory information exposure to user space in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
6.2
Moyen
CVE-2021-30260 2021-09-17 05h05 +00:00 Possible Integer overflow to buffer overflow issue can occur due to improper validation of input parameters when extscan hostlist configuration command is received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
8.4
Haute
CVE-2021-1976 2021-09-17 05h05 +00:00 A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
9.8
Critique
CVE-2021-30295 2021-09-09 05h36 +00:00 Possible heap overflow due to improper validation of local variable while storing current task information locally in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
8.4
Haute
CVE-2021-1974 2021-09-09 05h36 +00:00 Possible buffer over read due to lack of alignment between map or unmap length of IPA SMMU and WLAN SMMU in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2021-1971 2021-09-09 05h36 +00:00 Possible assertion due to lack of physical layer state validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2021-1963 2021-09-09 05h36 +00:00 Possible use-after-free due to lack of validation for the rule count in filter table in IPA driver in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
6.7
Moyen
CVE-2021-1962 2021-09-09 05h36 +00:00 Buffer Overflow while processing IOCTL for getting peripheral endpoint information there is no proper validation for input maximum endpoint pair and its size in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
6.7
Moyen
CVE-2021-1961 2021-09-09 05h36 +00:00 Possible buffer overflow due to lack of offset length check while updating the buffer value in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
6.7
Moyen
CVE-2021-1960 2021-09-09 05h35 +00:00 Improper handling of ASB-C broadcast packets with crafted opcode in LMP can lead to uncontrolled resource consumption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
6.5
Moyen
CVE-2021-1958 2021-09-09 05h35 +00:00 A race condition in fastrpc kernel driver for dynamic process creation can lead to use after free scenario in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wearables
6.7
Moyen
CVE-2021-1956 2021-09-09 05h35 +00:00 Improper handling of ASB-U packet with L2CAP channel ID by slave host can lead to interference with piconet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
6.5
Moyen
CVE-2021-1948 2021-09-09 05h35 +00:00 Possible out of bound read due to lack of length check of data while parsing the beacon or probe response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2021-1941 2021-09-09 05h35 +00:00 Possible buffer over read issue due to improper length check on WPA IE string sent by peer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2021-1935 2021-09-09 05h35 +00:00 Possible null pointer dereference due to lack of validation check for passed pointer during key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
7.1
Haute
CVE-2021-1934 2021-09-09 05h35 +00:00 Possible memory corruption due to improper check when application loader object is explicitly destructed while application is unloading in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT
8.4
Haute
CVE-2021-1909 2021-09-09 05h35 +00:00 Buffer overflow occurs in trusted applications due to lack of length check of parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
7.8
Haute
CVE-2021-1972 2021-09-08 09h25 +00:00 Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
9.8
Critique
CVE-2021-1929 2021-09-08 09h25 +00:00 Lack of strict validation of bootmode can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
6.2
Moyen
CVE-2021-1923 2021-09-08 09h25 +00:00 Incorrect pointer argument passed to trusted application TA could result in un-intended memory operations in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT
7.8
Haute
CVE-2021-1904 2021-09-08 09h25 +00:00 Child process can leak information from parent process due to numeric pids are getting compared and these pid can be reused in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
6.2
Moyen
CVE-2020-11301 2021-09-08 09h25 +00:00 Improper authentication of un-encrypted plaintext Wi-Fi frames in an encrypted network can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
9.1
Critique
CVE-2021-1970 2021-07-13 03h31 +00:00 Possible out of bound read due to lack of length check of FT sub-elements in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
7.5
Haute
CVE-2021-1964 2021-07-13 03h31 +00:00 Possible buffer over read due to improper validation of IE size while parsing beacon from peer device in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2021-1955 2021-07-13 03h31 +00:00 Denial of service in SAP case due to improper handling of connections when association is rejected in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
7.5
Haute
CVE-2021-1953 2021-07-13 03h31 +00:00 Improper handling of received malformed FTMR request frame can lead to reachable assertion while responding with FTM1 frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2021-1945 2021-07-13 03h30 +00:00 Possible out of bound read due to lack of length check of Bandwidth-NSS IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2021-1943 2021-07-13 03h30 +00:00 Possible buffer out of bound read can occur due to improper validation of TBTT count and length while parsing the beacon response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2021-1938 2021-07-13 03h30 +00:00 Possible assertion due to improper verification while creating and deleting the peer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2021-1907 2021-07-13 03h30 +00:00 Possible buffer overflow due to lack of length check in BA request in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
7.5
Haute
CVE-2021-1890 2021-07-13 03h30 +00:00 Improper length check of public exponent in RSA import key function could cause memory corruption. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
8.4
Haute
CVE-2021-1889 2021-07-13 03h30 +00:00 Possible buffer overflow due to lack of length check in Trusted Application in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
8.4
Haute
CVE-2021-1888 2021-07-13 03h30 +00:00 Memory corruption in key parsing and import function due to double freeing the same heap allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
8.4
Haute
CVE-2021-1886 2021-07-13 03h30 +00:00 Incorrect handling of pointers in trusted application key import mechanism could cause memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
8.4
Haute
CVE-2020-11307 2021-07-13 03h30 +00:00 Buffer overflow in modem due to improper array index check before copying into it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables
9.8
Critique
CVE-2021-1900 2021-06-09 04h20 +00:00 Possible use after free in Display due to race condition while creating an external display in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
8.4
Haute
CVE-2021-1937 2021-06-09 04h20 +00:00 Reachable assertion is possible while processing peer association WLAN message from host and nonstandard incoming packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2020-11306 2021-06-09 04h20 +00:00 Possible integer overflow in RPMB counter due to lack of length check on user provided data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
7.8
Haute
CVE-2020-11298 2021-06-09 04h20 +00:00 While waiting for a response to a callback or listener request, non-secure clients can change permissions to shared memory buffers used by HLOS Invoke Call to secure kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.8
Haute
CVE-2020-11304 2021-06-09 04h20 +00:00 Possible out of bound read in DRM due to improper buffer length check. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.8
Haute
CVE-2020-11267 2021-06-09 04h20 +00:00 Stack out-of-bounds write occurs while setting up a cipher device if the provided IV length exceeds the max limit value in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
8.4
Haute
CVE-2020-11250 2021-06-09 03h00 +00:00 Use after free due to race condition when reopening the device driver repeatedly in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
7
Haute
CVE-2020-11241 2021-06-09 03h00 +00:00 Out of bound read will happen if EAPOL Key length is less than expected while processing NAN shared key descriptor attribute in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2020-11238 2021-06-09 03h00 +00:00 Possible Buffer over-read in ARP/NS parsing due to lack of check of packet length received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2020-11235 2021-06-09 03h00 +00:00 Buffer overflow might occur while parsing unified command due to lack of check of input data received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.8
Haute
CVE-2020-11182 2021-06-09 03h00 +00:00 Possible heap overflow while parsing NAL header due to lack of check of length of data received from user in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
9.8
Critique
CVE-2020-11178 2021-06-09 03h00 +00:00 Trusted APPS to overwrite the CPZ memory of another use-case as TZ only checks the physical address not overlapping with its memory and its RoT memory in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.8
Haute
CVE-2020-11134 2021-06-09 03h00 +00:00 Possible stack out of bound write might happen due to time bitmap length and bit duration fields of the attributes like NAN ranging setup attribute inside a NAN management frame are not Properly validated in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
9.8
Critique
CVE-2020-11159 2021-06-09 03h00 +00:00 Buffer over-read can happen while processing WPA,RSN IE of beacon and response frames if IE length is less than length of frame pointer being accessed in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
9.1
Critique
CVE-2020-11126 2021-06-09 03h00 +00:00 Possible out of bound read while WLAN frame parsing due to lack of check for body and header length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
9.1
Critique
CVE-2021-1915 2021-05-07 07h10 +00:00 Buffer overflow can occur due to improper validation of NDP application information length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.8
Haute
CVE-2021-1925 2021-05-07 07h10 +00:00 Possible denial of service scenario due to improper handling of group management action frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2021-1895 2021-05-07 07h10 +00:00 Possible integer overflow due to improper length check while flashing an image in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music
7.8
Haute
CVE-2020-11295 2021-05-07 07h10 +00:00 Use after free in camera If the threadmanager is being cleaned up while the worker thread is processing objects in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
7.8
Haute
CVE-2021-1891 2021-05-07 07h10 +00:00 A possible use-after-free occurrence in audio driver can happen when pointers are not properly handled in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
8.4
Haute
CVE-2020-11294 2021-05-07 07h10 +00:00 Out of bound write in logger due to prefix size is not validated while prepended to logging string in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
7.8
Haute
CVE-2020-11289 2021-05-07 07h10 +00:00 Out of bound write can occur in TZ command handler due to lack of validation of command ID in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
7.8
Haute
CVE-2020-11293 2021-05-07 07h10 +00:00 Out of bound read can happen in Widevine TA while copying data to buffer from user data due to lack of check of buffer length received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
6
Moyen
CVE-2020-11288 2021-05-07 07h10 +00:00 Out of bound write can occur in playready while processing command due to lack of input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
7.8
Haute
CVE-2020-11284 2021-05-07 07h10 +00:00 Locked memory can be unlocked and modified by non secure boot loader through improper system call sequence making the memory region untrusted source of input for secure boot loader in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
8.4
Haute
CVE-2020-11285 2021-05-07 07h10 +00:00 Buffer over-read while unpacking the RTCP packet we may read extra byte if wrong length is provided in RTCP packets in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
9.1
Critique
CVE-2020-11279 2021-05-07 07h10 +00:00 Memory corruption while processing crafted SDES packets due to improper length check in sdes packets recieved in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
9.8
Critique
CVE-2020-11255 2021-04-07 05h55 +00:00 Denial of service while processing RTCP packets containing multiple SDES reports due to memory for last SDES packet is freed and rest of the memory is leaked in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables
7.5
Haute
CVE-2020-11252 2021-04-07 05h55 +00:00 Trustzone initialization code will disable xPU`s when memory dumps are enabled and lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.2
Haute
CVE-2020-11247 2021-04-07 05h55 +00:00 Out of bound memory read while unpacking data due to lack of offset length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
9.1
Critique
CVE-2020-11251 2021-04-07 05h55 +00:00 Out-of-bounds read vulnerability while accessing DTMF payload due to lack of check of buffer length before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
9.1
Critique
CVE-2020-11246 2021-04-07 05h55 +00:00 A double free condition can occur when the device moves to suspend mode during secure playback in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
8.4
Haute
CVE-2020-11245 2021-04-07 05h55 +00:00 Unintended reads and writes by NS EL2 in access control driver due to lack of check of input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
8.4
Haute
CVE-2020-11242 2021-04-07 05h55 +00:00 User could gain access to secure memory due to incorrect argument into address range validation api used in SDI to capture requested contents in Snapdragon Industrial IOT, Snapdragon Mobile
8.4
Haute
CVE-2020-11234 2021-04-07 05h55 +00:00 When sending a socket event message to a user application, invalid information will be passed if socket is freed by other thread resulting in a Use After Free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
8.4
Haute
CVE-2020-11191 2021-04-07 05h55 +00:00 Out of bound read occurs while processing crafted SDP due to lack of check of null string in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
9.1
Critique
CVE-2020-11309 2021-03-17 05h01 +00:00 Use after free in GPU driver while mapping the user memory to GPU memory due to improper check of referenced memory in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
7.8
Haute
CVE-2020-11308 2021-03-17 05h01 +00:00 Buffer overflow occurs when trying to convert ASCII string to Unicode string if the actual size is more than required in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
6.8
Moyen
CVE-2020-11299 2021-03-17 05h01 +00:00 Buffer overflow can occur in video while playing the non-standard clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
9.8
Critique
CVE-2020-11290 2021-03-17 05h01 +00:00 Use after free condition in msm ioctl events due to race between the ioctl register and deregister events in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
7
Haute
CVE-2020-11228 2021-03-17 05h00 +00:00 Part of RPM region was not protected from xblSec itself due to improper policy and leads to unprivileged access in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
7.8
Haute
CVE-2020-11227 2021-03-17 05h00 +00:00 Out of bound write while parsing RTT/TTY packet parsing due to lack of check of buffer size before copying into buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
9.8
Critique
CVE-2020-11226 2021-03-17 05h00 +00:00 Out of bound memory read in Data modem while unpacking data due to lack of offset length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
7.5
Haute
CVE-2020-11220 2021-03-17 05h00 +00:00 While processing storage SCM commands there is a time of check or time of use window where a pointer used could be invalid at a specific time while executing the storage SCM call in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
6.4
Moyen
CVE-2020-11221 2021-03-17 05h00 +00:00 Usage of syscall by non-secure entity can allow extraction of secure QTEE diagnostic information in clear text form due to insufficient checks in the syscall handler and leads to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
5.5
Moyen
CVE-2020-11192 2021-03-17 05h00 +00:00 Out of bound write while parsing SDP string due to missing check on null termination in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
9.8
Critique
CVE-2020-11199 2021-03-17 05h00 +00:00 HLOS to access EL3 stack canary by just mapping imem region due to Improper access control and can lead to information exposure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
5.5
Moyen
CVE-2020-11190 2021-03-17 05h00 +00:00 Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
9.1
Critique
CVE-2020-11189 2021-03-17 05h00 +00:00 Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
9.1
Critique
CVE-2020-11188 2021-03-17 05h00 +00:00 Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
9.1
Critique
CVE-2020-11171 2021-03-17 05h00 +00:00 Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
9.1
Critique
CVE-2020-11166 2021-03-17 05h00 +00:00 Potential out of bound read exception when UE receives unusually large number of padding octets in the beginning of ROHC header in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
9.1
Critique
CVE-2020-3664 2021-02-22 05h26 +00:00 Out of bound read access in hypervisor due to an invalid read access attempt by passing invalid addresses in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
6
Moyen
CVE-2020-11297 2021-02-22 05h26 +00:00 Denial of service in WLAN module due to improper check of subtypes in logic where excessive frames are dropped in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
7.5
Haute
CVE-2020-11296 2021-02-22 05h26 +00:00 Arithmetic overflow can happen while processing NOA IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2020-11280 2021-02-22 05h26 +00:00 Denial of service while processing fine timing measurement request (FTMR) frame with reserved bits set in the FTM parameter IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2020-11281 2021-02-22 05h26 +00:00 Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers can lead to information disclosure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2020-11278 2021-02-22 05h26 +00:00 Possible denial of service while handling host WMI command due to improper validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2020-11276 2021-02-22 05h26 +00:00 Possible buffer over read while processing P2P IE and NOA attribute of beacon and probe response frames due to improper validation of P2P IE and NOA attribute lengths in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
9.1
Critique
CVE-2020-11275 2021-02-22 05h26 +00:00 Possible buffer over-read while parsing quiet IE in Rx beacon frame due to improper check of IE length in received beacon in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
9.1
Critique
CVE-2020-11271 2021-02-22 05h25 +00:00 Possible out of bounds while accessing global control elements due to race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
7.8
Haute
CVE-2020-11272 2021-02-22 05h25 +00:00 Before enqueuing a frame to the PE queue for further processing, an entry in a hash table can be deleted and using a stale version later can lead to use after free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
9.8
Critique
CVE-2020-11270 2021-02-22 05h25 +00:00 Possible denial of service due to RTT responder consistently rejects all FTMR by transmitting FTM1 with failure status in the FTM parameter IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2020-11269 2021-02-22 05h25 +00:00 Possible memory corruption while processing EAPOL frames due to lack of validation of key length before using it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
8.8
Haute
CVE-2020-11203 2021-02-22 05h25 +00:00 Stack overflow may occur if GSM/WCDMA broadcast config size received from user is larger than variable length array in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
7.1
Haute
CVE-2020-11204 2021-02-22 05h25 +00:00 Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for parameters that are read from shared MSG RAM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
7.8
Haute
CVE-2020-11195 2021-02-22 05h25 +00:00 Out of bound write and read in TA while processing command from NS side due to improper length check on command and response buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
7.8
Haute
CVE-2020-11198 2021-02-22 05h25 +00:00 Key material used for TZ diag buffer encryption and other data related to log buffer is not wiped securely due to improper usage of memset in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
6.7
Moyen
CVE-2020-11177 2021-02-22 05h25 +00:00 User can overwrite Security Code NV item without knowing current SPC due to improper validation of SPC code setting and device lock in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
8.8
Haute
CVE-2020-11170 2021-02-22 05h25 +00:00 Out of bound memory access while playing music playbacks with crafted vorbis content due to improper checks in header extraction in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
9.8
Critique
CVE-2020-11119 2021-01-21 08h41 +00:00 Buffer over-read can happen when the buffer length received from response handlers is more than the size of the payload in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.5
Haute