CPE Details
Qualcomm SNAPDRAGON X75 5G MODEM-RF
-
2024-10-09
12h56 +00:00
12h56 +00:00
2024-10-09
12h56 +00:00
12h56 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:h:qualcomm:snapdragon_x75_5g_modem-rf:-:*:*:*:*:*:*:*
Informations
Vendor
qualcommProduct
snapdragon_x75_5g_modem-rfVersion
-Related CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| Memory corruption during management frame processing due to mismatch in T2LM info element. | 9.8 |
Critique |
||
| Information disclosure while parsing the OCI IE with invalid length. | 8.2 |
Haute |
||
| Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace. | 7.8 |
Haute |
||
| Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface. | 7.8 |
Haute |
||
| Memory corruption while parsing the ML IE due to invalid frame content. | 9.8 |
Critique |
||
| Memory corruption while configuring a Hypervisor based input virtual device. | 8.8 |
Haute |
||
| Information disclosure while processing IO control commands. | 6.1 |
Moyen |
||
| Information disclosure during audio playback. | 6.1 |
Moyen |
||
| Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length. | 7.5 |
Haute |
||
| Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise. | 7.8 |
Haute |
||
| Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver. | 6.1 |
Moyen |
||
| Memory corruption while processing IOCTL call for getting group info. | 7.8 |
Haute |
||
| Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame. | 7.5 |
Haute |
||
| Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command. | 9.1 |
Critique |
||
| Memory corruption when more scan frequency list or channels are sent from the user space. | 7.8 |
Haute |
||
| Memory corruption when IPC callback handle is used after it has been released during register callback by another thread. | 7.8 |
Haute |
||
| Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked. | 7.8 |
Haute |
||
| Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization. | 9.3 |
Critique |
||
| Information disclosure while handling T2LM Action Frame in WLAN Host. | 7.5 |
Haute |
||
| Memory corruption while playing audio file having large-sized input buffer. | 9.8 |
Critique |
||
| Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame. | 7.5 |
Haute |
||
| Memory corruption when the payload received from firmware is not as per the expected protocol size. | 7.8 |
Haute |
||
| Memory corruption while verifying the serialized header when the key pairs are generated. | 8.4 |
Haute |
||
| Memory corruption in HLOS while checking for the storage type. | 7.8 |
Haute |
||
| Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received. | 7.5 |
Haute |
||
| Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size. | 6.1 |
Moyen |
||
| Memory corruption while querying module parameters from Listen Sound model client in kernel from user space. | 7.8 |
Haute |
||
| Memory corruption while copying the sound model data from user to kernel buffer during sound model register. | 7.8 |
Haute |
||
| Memory corruption when the bandpass filter order received from AHAL is not within the expected range. | 7.8 |
Haute |
||
| Memory corruption when multiple listeners are being registered with the same file descriptor. | 7.8 |
Haute |
||
| Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache. | 8.4 |
Haute |
||
| Memory corruption while redirecting log file to any file location with any file name. | 9.8 |
Critique |
||
| Memory corruption while processing Codec2 during v13k decoder pitch synthesis. | 9.8 |
Critique |
||
| Memory corruption while processing buffer initialization, when trusted report for certain report types are generated. | 7.8 |
Haute |
||
| Information disclosure when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibration command. | 5.5 |
Moyen |
||
| Transient DOS while processing DL NAS TRANSPORT message with payload length 0. | 7.5 |
Haute |
||
| Transient DOS while processing DL NAS Transport message when message ID is not defined in the 3GPP specification. | 7.5 |
Haute |
||
| Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR. | 7.5 |
Haute |
||
| Memory corruption while processing finish_sign command to pass a rsp buffer. | 8.4 |
Haute |
||
| Memory corruption in SPS Application while requesting for public key in sorter TA. | 8.4 |
Haute |
||
| Memory corruption while parsing beacon/probe response frame when AP sends more supported links in MLIE. | 9.8 |
Critique |
||
| Memory corruption while processing MBSSID beacon containing several subelement IE. | 9.8 |
Critique |
||
| Memory corruption while processing a QMI request for allocating memory from a DHMS supported subsystem. | 7.8 |
Haute |
||
| Memory corruption while processing TPC target power table in FTM TPC. | 8.4 |
Haute |
||
| Memory corruption while invoking IOCTLs calls in Automotive Multimedia. | 8.4 |
Haute |
||
| Memory corruption while invoking HGSL IOCTL context create. | 8.4 |
Haute |
||
| Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol frame. | 7.5 |
Haute |
||
| Transient DOS in WLAN Host and Firmware when large number of open authentication frames are sent with an invalid transaction sequence number. | 7.5 |
Haute |
||
| Transient DOS while processing PDU Release command with a parameter PDU ID out of range. | 7.5 |
Haute |
||
| Transient DOS while processing CAG info IE received from NW. | 7.5 |
Haute |
||
| Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16. | 7.5 |
Haute |
||
| Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in NR. | 7.5 |
Haute |
||
| Transient DOS while processing channel information for speaker protection v2 module in ADSP. | 5.5 |
Moyen |
||
| Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different identifiers. | 7.5 |
Haute |
||
| Transient DOS while processing IE fragments from server during DTLS handshake. | 7.5 |
Haute |
||
| Memory corruption in Audio while processing RT proxy port register driver. | 8.4 |
Haute |
||
| Memory corruption in Data Modem while verifying hello-verify message during the DTLS handshake. | 9.8 |
Critique |
