Qualcomm QCN9074

CPE Details

Qualcomm QCN9074
-
2021-02-23
14h30 +00:00
2021-04-14
11h50 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:h:qualcomm:qcn9074:-:*:*:*:*:*:*:*

Informations

Vendor

qualcomm

Product

qcn9074

Version

-

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-53014 2025-03-03 10h07 +00:00 Memory corruption may occur while validating ports and channels in Audio driver.
7.8
Haute
CVE-2024-43051 2025-03-03 10h07 +00:00 Information disclosure while deriving keys for a session for any Widevine use case.
5.5
Moyen
CVE-2024-49839 2025-02-03 16h51 +00:00 Memory corruption during management frame processing due to mismatch in T2LM info element.
9.8
Critique
CVE-2024-45571 2025-02-03 16h51 +00:00 Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface.
7.8
Haute
CVE-2024-45569 2025-02-03 16h51 +00:00 Memory corruption while parsing the ML IE due to invalid frame content.
9.8
Critique
CVE-2024-38418 2025-02-03 16h51 +00:00 Memory corruption while parsing the memory map info in IOCTL calls.
7.8
Haute
CVE-2024-38417 2025-02-03 16h51 +00:00 Information disclosure while processing IO control commands.
6.1
Moyen
CVE-2024-38416 2025-02-03 16h51 +00:00 Information disclosure during audio playback.
6.1
Moyen
CVE-2024-45558 2025-01-06 10h33 +00:00 Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length.
7.5
Haute
CVE-2024-33067 2025-01-06 10h33 +00:00 Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver.
6.1
Moyen
CVE-2024-33063 2024-12-02 10h18 +00:00 Transient DOS while parsing the ML IE when a beacon with common info length of the ML IE greater than the ML IE inside which this element is present.
7.5
Haute
CVE-2024-33053 2024-12-02 10h18 +00:00 Memory corruption when multiple threads try to unregister the CVP buffer at the same time.
6.7
Moyen
CVE-2024-33037 2024-12-02 10h18 +00:00 Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesn`t validate the IPC message received from the firmware.
6.1
Moyen
CVE-2024-33036 2024-12-02 10h18 +00:00 Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access.
6.7
Moyen
CVE-2024-38423 2024-11-04 10h05 +00:00 Memory corruption while processing GPU page table switch.
7.8
Haute
CVE-2024-38422 2024-11-04 10h04 +00:00 Memory corruption while processing voice packet with arbitrary data received from ADSP.
7.8
Haute
CVE-2024-38408 2024-11-04 10h04 +00:00 Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.
9.1
Critique
CVE-2024-33068 2024-11-04 10h04 +00:00 Transient DOS while parsing fragments of MBSSID IE from beacon frame.
7.5
Haute
CVE-2024-33032 2024-11-04 10h04 +00:00 Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it.
6.7
Moyen
CVE-2024-38397 2024-10-07 12h58 +00:00 Transient DOS while parsing probe response and assoc response frame.
7.5
Haute
CVE-2024-33073 2024-10-07 12h58 +00:00 Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.
8.2
Haute
CVE-2024-33066 2024-10-07 12h58 +00:00 Memory corruption while redirecting log file to any file location with any file name.
9.8
Critique
CVE-2024-33049 2024-10-07 12h58 +00:00 Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame.
7.5
Haute
CVE-2024-33060 2024-09-02 10h22 +00:00 Memory corruption when two threads try to map and unmap a single node simultaneously.
8.4
Haute
CVE-2024-33057 2024-09-02 10h22 +00:00 Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.
7.5
Haute
CVE-2024-33051 2024-09-02 10h22 +00:00 Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.
7.5
Haute
CVE-2024-33050 2024-09-02 10h22 +00:00 Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.
7.5
Haute
CVE-2024-33048 2024-09-02 10h22 +00:00 Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.
7.5
Haute
CVE-2024-33027 2024-08-05 14h21 +00:00 Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table.
8.4
Haute
CVE-2024-33026 2024-08-05 14h21 +00:00 Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp.
7.5
Haute
CVE-2024-33025 2024-08-05 14h21 +00:00 Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.
7.5
Haute
CVE-2024-33024 2024-08-05 14h21 +00:00 Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length.
7.5
Haute
CVE-2024-33019 2024-08-05 14h21 +00:00 Transient DOS while parsing the received TID-to-link mapping action frame.
7.5
Haute
CVE-2024-33018 2024-08-05 14h21 +00:00 Transient DOS while parsing the received TID-to-link mapping element of the TID-to-link mapping action frame.
7.5
Haute
CVE-2024-33015 2024-08-05 14h21 +00:00 Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report.
7.5
Haute
CVE-2024-33014 2024-08-05 14h21 +00:00 Transient DOS while parsing ESP IE from beacon/probe response frame.
7.5
Haute
CVE-2024-33013 2024-08-05 14h21 +00:00 Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length.
7.5
Haute
CVE-2024-33012 2024-08-05 14h21 +00:00 Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.
7.5
Haute
CVE-2024-33011 2024-08-05 14h21 +00:00 Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero.
7.5
Haute
CVE-2024-33010 2024-08-05 14h21 +00:00 Transient DOS while parsing fragments of MBSSID IE from beacon frame.
7.5
Haute
CVE-2024-23356 2024-08-05 14h21 +00:00 Memory corruption during session sign renewal request calls in HLOS.
7.8
Haute
CVE-2024-21479 2024-08-05 14h21 +00:00 Transient DOS during music playback of ALAC content.
7.5
Haute
CVE-2024-21467 2024-08-05 14h21 +00:00 Information disclosure while handling beacon probe frame during scan entry generation in client side.
7.5
Haute
CVE-2024-21459 2024-08-05 14h21 +00:00 Information disclosure while handling beacon or probe response frame in STA.
7.5
Haute
CVE-2024-23368 2024-07-01 14h17 +00:00 Memory corruption when allocating and accessing an entry in an SMEM partition.
7.8
Haute
CVE-2024-21482 2024-07-01 14h17 +00:00 Memory corruption during the secure boot process, when the `bootm` command is used, it bypasses the authentication of the kernel/rootfs image.
7.8
Haute
CVE-2024-21466 2024-07-01 14h17 +00:00 Information disclosure while parsing sub-IE length during new IE generation.
7.5
Haute
CVE-2024-21462 2024-07-01 14h17 +00:00 Transient DOS while loading the TA ELF file.
7.1
Haute
CVE-2024-21461 2024-07-01 14h17 +00:00 Memory corruption while performing finish HMAC operation when context is freed by keymaster.
8.4
Haute
CVE-2024-21458 2024-07-01 14h17 +00:00 Information disclosure while handling SA query action frame.
7.5
Haute
CVE-2024-21457 2024-07-01 14h17 +00:00 INformation disclosure while handling Multi-link IE in beacon frame.
7.5
Haute
CVE-2024-23363 2024-06-03 10h05 +00:00 Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame.
7.5
Haute
CVE-2023-43555 2024-06-03 10h05 +00:00 Information disclosure in Video while parsing mp2 clip with invalid section length.
8.2
Haute
CVE-2023-43537 2024-06-03 10h05 +00:00 Information disclosure while handling T2LM Action Frame in WLAN Host.
7.5
Haute
CVE-2024-21477 2024-05-06 14h32 +00:00 Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame.
7.5
Haute
CVE-2024-21475 2024-05-06 14h32 +00:00 Memory corruption when the payload received from firmware is not as per the expected protocol size.
7.8
Haute
CVE-2023-43528 2024-05-06 14h32 +00:00 Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size.
6.1
Moyen
CVE-2023-43527 2024-05-06 14h32 +00:00 Information disclosure while parsing dts header atom in Video.
6.8
Moyen
CVE-2023-43521 2024-05-06 14h32 +00:00 Memory corruption when multiple listeners are being registered with the same file descriptor.
7.8
Haute
CVE-2024-21473 2024-04-01 15h06 +00:00 Memory corruption while redirecting log file to any file location with any file name.
9.8
Critique
CVE-2024-21468 2024-04-01 15h06 +00:00 Memory corruption when there is failed unmap operation in GPU.
8.4
Haute
CVE-2023-33111 2024-04-01 15h05 +00:00 Information disclosure when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibration command.
5.5
Moyen
CVE-2023-33023 2024-04-01 15h05 +00:00 Memory corruption while processing finish_sign command to pass a rsp buffer.
8.4
Haute
CVE-2023-28547 2024-04-01 15h05 +00:00 Memory corruption in SPS Application while requesting for public key in sorter TA.
8.4
Haute
CVE-2023-43553 2024-03-04 10h48 +00:00 Memory corruption while parsing beacon/probe response frame when AP sends more supported links in MLIE.
9.8
Critique
CVE-2023-43552 2024-03-04 10h48 +00:00 Memory corruption while processing MBSSID beacon containing several subelement IE.
9.8
Critique
CVE-2023-43549 2024-03-04 10h48 +00:00 Memory corruption while processing TPC target power table in FTM TPC.
8.4
Haute
CVE-2023-43539 2024-03-04 10h48 +00:00 Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol frame.
7.5
Haute
CVE-2023-33105 2024-03-04 10h48 +00:00 Transient DOS in WLAN Host and Firmware when large number of open authentication frames are sent with an invalid transaction sequence number.
7.5
Haute
CVE-2023-33066 2024-03-04 10h48 +00:00 Memory corruption in Audio while processing RT proxy port register driver.
8.4
Haute
CVE-2023-28578 2024-03-04 10h48 +00:00 Memory corruption in Core Services while executing the command for removing a single event listener.
9.3
Critique
CVE-2023-43536 2024-02-06 05h47 +00:00 Transient DOS while parse fils IE with length equal to 1.
7.5
Haute
CVE-2023-43523 2024-02-06 05h47 +00:00 Transient DOS while processing 11AZ RTT management action frame received through OTA.
7.5
Haute
CVE-2023-43522 2024-02-06 05h47 +00:00 Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL.
7.5
Haute
CVE-2023-43513 2024-02-06 05h47 +00:00 Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element.
7.8
Haute
CVE-2023-33077 2024-02-06 05h47 +00:00 Memory corruption in HLOS while converting from authorization token to HIDL vector.
7.8
Haute
CVE-2023-33072 2024-02-06 05h47 +00:00 Memory corruption in Core while processing control functions.
9.3
Critique
CVE-2023-33069 2024-02-06 05h47 +00:00 Memory corruption in Audio while processing the calibration data returned from ACDB loader.
7.8
Haute
CVE-2023-33068 2024-02-06 05h47 +00:00 Memory corruption in Audio while processing IIR config data from AFE calibration block.
7.8
Haute
CVE-2023-33067 2024-02-06 05h47 +00:00 Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points.
7.8
Haute
CVE-2023-33065 2024-02-06 05h47 +00:00 Information disclosure in Audio while accessing AVCS services from ADSP payload.
7.1
Haute
CVE-2023-33064 2024-02-06 05h47 +00:00 Transient DOS in Audio when invoking callback function of ASM driver.
5.5
Moyen
CVE-2023-43511 2024-01-02 05h38 +00:00 Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header.
7.5
Haute
CVE-2023-33120 2024-01-02 05h38 +00:00 Memory corruption in Audio when memory map command is executed consecutively in ADSP.
7.8
Haute
CVE-2023-33116 2024-01-02 05h38 +00:00 Transient DOS while parsing ieee80211_parse_mscs_ie in WIN WLAN driver.
7.5
Haute
CVE-2023-33109 2024-01-02 05h38 +00:00 Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.
7.5
Haute
CVE-2023-33062 2024-01-02 05h38 +00:00 Transient DOS in WLAN Firmware while parsing a BTM request.
7.5
Haute
CVE-2023-33033 2024-01-02 05h38 +00:00 Memory corruption in Audio during playback with speaker protection.
8.4
Haute
CVE-2023-33032 2024-01-02 05h38 +00:00 Memory corruption in TZ Secure OS while requesting a memory allocation from TA region.
9.3
Critique
CVE-2023-33030 2024-01-02 05h38 +00:00 Memory corruption in HLOS while running playready use-case.
9.3
Critique
CVE-2023-33107 2023-12-05 03h04 +00:00 Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.
8.4
Haute
CVE-2023-33098 2023-12-05 03h04 +00:00 Transient DOS while parsing WPA IES, when it is passed with length more than expected size.
7.5
Haute
CVE-2023-33097 2023-12-05 03h04 +00:00 Transient DOS in WLAN Firmware while processing a FTMR frame.
7.5
Haute
CVE-2023-33089 2023-12-05 03h04 +00:00 Transient DOS when processing a NULL buffer while parsing WLAN vdev.
7.5
Haute
CVE-2023-33088 2023-12-05 03h04 +00:00 Memory corruption when processing cmd parameters while parsing vdev.
8.4
Haute
CVE-2023-33083 2023-12-05 03h04 +00:00 Memory corruption in WLAN Host while processing RRM beacon on the AP.
9.8
Critique
CVE-2023-33082 2023-12-05 03h04 +00:00 Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO IE.
9.8
Critique
CVE-2023-33081 2023-12-05 03h04 +00:00 Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast.
7.5
Haute
CVE-2023-33080 2023-12-05 03h04 +00:00 Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.
7.5
Haute
CVE-2023-33070 2023-12-05 03h04 +00:00 Transient DOS in Automotive OS due to improper authentication to the secure IO calls.
7.1
Haute
CVE-2023-33063 2023-12-05 03h04 +00:00 Memory corruption in DSP Services during a remote call from HLOS to DSP.
7.8
Haute
CVE-2023-33053 2023-12-05 03h04 +00:00 Memory corruption in Kernel while parsing metadata.
8.4
Haute
CVE-2023-33041 2023-12-05 03h04 +00:00 Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids.
7.5
Haute
CVE-2023-33017 2023-12-05 03h03 +00:00 Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.
7.8
Haute
CVE-2023-28588 2023-12-05 03h03 +00:00 Transient DOS in Bluetooth Host while rfc slot allocation.
7.5
Haute
CVE-2023-28587 2023-12-05 03h03 +00:00 Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level.
7.8
Haute
CVE-2023-28586 2023-12-05 03h03 +00:00 Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.
6.5
Moyen
CVE-2023-28585 2023-12-05 03h03 +00:00 Memory corruption while loading an ELF segment in TEE Kernel.
8.8
Haute
CVE-2023-28550 2023-12-05 03h03 +00:00 Memory corruption in MPP performance while accessing DSM watermark using external memory address.
7.8
Haute
CVE-2023-28546 2023-12-05 03h03 +00:00 Memory Corruption in SPS Application while exporting public key in sorter TA.
7.8
Haute
CVE-2023-22383 2023-12-05 03h03 +00:00 Memory Corruption in camera while installing a fd for a particular DMA buffer.
7.8
Haute
CVE-2023-33061 2023-11-07 05h26 +00:00 Transient DOS in WLAN Firmware while parsing WLAN beacon or probe-response frame.
7.5
Haute
CVE-2023-33059 2023-11-07 05h26 +00:00 Memory corruption in Audio while processing the VOC packet data from ADSP.
7.8
Haute
CVE-2023-33056 2023-11-07 05h26 +00:00 Transient DOS in WLAN Firmware when firmware receives beacon including T2LM IE.
7.5
Haute
CVE-2023-33048 2023-11-07 05h26 +00:00 Transient DOS in WLAN Firmware while parsing t2lm buffers.
7.5
Haute
CVE-2023-33047 2023-11-07 05h26 +00:00 Transient DOS in WLAN Firmware while parsing no-inherit IES.
7.5
Haute
CVE-2023-33045 2023-11-07 05h26 +00:00 Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute.
9.8
Critique
CVE-2023-33031 2023-11-07 05h26 +00:00 Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer.
7.8
Haute
CVE-2023-28570 2023-11-07 05h26 +00:00 Memory corruption while processing audio effects.
7.8
Haute
CVE-2023-28569 2023-11-07 05h26 +00:00 Information disclosure in WLAN HAL while handling command through WMI interfaces.
6.1
Moyen
CVE-2023-28563 2023-11-07 05h26 +00:00 Information disclosure in IOE Firmware while handling WMI command.
6.1
Moyen
CVE-2023-28556 2023-11-07 05h26 +00:00 Cryptographic issue in HLOS during key management.
7.8
Haute
CVE-2023-28554 2023-11-07 05h26 +00:00 Information Disclosure in Qualcomm IPC while reading values from shared memory in VM.
6.1
Moyen
CVE-2023-28553 2023-11-07 05h26 +00:00 Information Disclosure in WLAN Host when processing WMI event command.
6.1
Moyen
CVE-2023-24852 2023-11-07 05h26 +00:00 Memory Corruption in Core due to secure memory access by user while loading modem image.
8.4
Haute
CVE-2023-33028 2023-10-03 05h00 +00:00 Memory corruption in WLAN Firmware while doing a memory copy of pmk cache.
9.8
Critique
CVE-2023-33027 2023-10-03 05h00 +00:00 Transient DOS in WLAN Firmware while parsing rsn ies.
7.5
Haute
CVE-2023-33026 2023-10-03 05h00 +00:00 Transient DOS in WLAN Firmware while parsing a NAN management frame.
7.5
Haute
CVE-2023-28571 2023-10-03 05h00 +00:00 Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan.
6.1
Moyen
CVE-2023-28539 2023-10-03 05h00 +00:00 Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command.
7.8
Haute
CVE-2023-24847 2023-10-03 05h00 +00:00 Transient DOS in Modem while allocating DSM items.
7.5
Haute
CVE-2023-33016 2023-09-05 06h24 +00:00 Transient DOS in WLAN firmware while parsing MLO (multi-link operation).
7.5
Haute
CVE-2023-33015 2023-09-05 06h24 +00:00 Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon frame.
7.5
Haute
CVE-2023-28573 2023-09-05 06h24 +00:00 Memory corruption in WLAN HAL while parsing WMI command parameters.
7.8
Haute
CVE-2023-28567 2023-09-05 06h24 +00:00 Memory corruption in WLAN HAL while handling command through WMI interfaces.
7.8
Haute
CVE-2023-28565 2023-09-05 06h24 +00:00 Memory corruption in WLAN HAL while handling command streams through WMI interfaces.
7.8
Haute
CVE-2023-28564 2023-09-05 06h24 +00:00 Memory corruption in WLAN HAL while passing command parameters through WMI interfaces.
7.8
Haute
CVE-2023-28560 2023-09-05 06h24 +00:00 Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.
7.8
Haute
CVE-2023-28559 2023-09-05 06h24 +00:00 Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload.
7.8
Haute
CVE-2023-28558 2023-09-05 06h24 +00:00 Memory corruption in WLAN handler while processing PhyID in Tx status handler.
7.8
Haute
CVE-2023-28557 2023-09-05 06h24 +00:00 Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload.
7.8
Haute
CVE-2023-28549 2023-09-05 06h24 +00:00 Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV payload.
7.8
Haute
CVE-2023-28548 2023-09-05 06h24 +00:00 Memory corruption in WLAN HAL while processing Tx/Rx commands from QDART.
7.8
Haute
CVE-2023-28544 2023-09-05 06h24 +00:00 Memory corruption in WLAN while sending transmit command from HLOS to UTF handlers.
7.8
Haute
CVE-2023-21667 2023-09-05 06h24 +00:00 Transient DOS in Bluetooth HOST while passing descriptor to validate the blacklisted BT keyboard.
6.5
Moyen
CVE-2023-21664 2023-09-05 06h24 +00:00 Memory Corruption in Core Platform while printing the response buffer in log.
7.8
Haute
CVE-2023-21662 2023-09-05 06h24 +00:00 Memory corruption in Core Platform while printing the response buffer in log.
7.8
Haute
CVE-2023-21654 2023-09-05 06h23 +00:00 Memory corruption in Audio during playback session with audio effects enabled.
7.8
Haute
CVE-2022-33275 2023-09-05 06h23 +00:00 Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of range.
8.4
Haute
CVE-2023-28577 2023-08-08 09h15 +00:00 In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel address.
7.8
Haute
CVE-2023-28576 2023-08-08 09h15 +00:00 The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to out-of-bounds read/write issues.
7
Haute
CVE-2023-28575 2023-08-08 09h15 +00:00 The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to it.
7.8
Haute
CVE-2023-28537 2023-08-08 09h15 +00:00 Memory corruption while allocating memory in COmxApeDec module in Audio.
8.4
Haute
CVE-2023-22666 2023-08-08 09h15 +00:00 Memory Corruption in Audio while playing amrwbplus clips with modified content.
8.4
Haute
CVE-2023-21649 2023-08-08 09h14 +00:00 Memory corruption in WLAN while running doDriverCmd for an unspecific command.
7.8
Haute
CVE-2023-21647 2023-08-08 09h14 +00:00 Information disclosure in Bluetooth when an GATT packet is received due to improper input validation.
6.5
Moyen
CVE-2022-40510 2023-08-08 09h14 +00:00 Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.
9.8
Critique
CVE-2023-28542 2023-07-04 04h46 +00:00 Memory Corruption in WLAN HOST while fetching TX status information.
7.8
Haute
CVE-2023-28541 2023-07-04 04h46 +00:00 Memory Corruption in Data Modem while processing DMA buffer release event about CFR data.
7.8
Haute
CVE-2023-24851 2023-07-04 04h46 +00:00 Memory Corruption in WLAN HOST while parsing QMI response message from firmware.
7.8
Haute
CVE-2023-22667 2023-07-04 04h46 +00:00 Memory Corruption in Audio while allocating the ion buffer during the music playback.
8.4
Haute
CVE-2023-22387 2023-07-04 04h46 +00:00 Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption.
7.8
Haute
CVE-2023-22386 2023-07-04 04h46 +00:00 Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory.
7.8
Haute
CVE-2023-21670 2023-06-06 07h39 +00:00 Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode.
7.8
Haute
CVE-2023-21669 2023-06-06 07h39 +00:00 Information Disclosure in WLAN HOST while sending DPP action frame to peer with an invalid source address.
8.2
Haute
CVE-2023-21661 2023-06-06 07h39 +00:00 Transient DOS while parsing WLAN beacon or probe-response frame.
7.5
Haute
CVE-2023-21660 2023-06-06 07h39 +00:00 Transient DOS in WLAN Firmware while parsing FT Information Elements.
7.5
Haute
CVE-2023-21659 2023-06-06 07h39 +00:00 Transient DOS in WLAN Firmware while processing frames with missing header fields.
7.5
Haute
CVE-2023-21658 2023-06-06 07h39 +00:00 Transient DOS in WLAN Firmware while processing the received beacon or probe response frame.
7.5
Haute
CVE-2023-21628 2023-06-06 07h39 +00:00 Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.
8.4
Haute
CVE-2022-40529 2023-06-06 07h39 +00:00 Memory corruption due to improper access control in kernel while processing a mapping request from root process.
7.8
Haute
CVE-2022-40525 2023-06-06 07h38 +00:00 Information disclosure in Linux Networking Firmware due to unauthorized information leak during side channel analysis.
7.1
Haute
CVE-2022-40522 2023-06-06 07h38 +00:00 Memory corruption in Linux Networking due to double free while handling a hyp-assign.
8.4
Haute
CVE-2022-40507 2023-06-06 07h38 +00:00 Memory corruption due to double free in Core while mapping HLOS address to the list.
8.4
Haute
CVE-2022-22076 2023-06-06 07h38 +00:00 information disclosure due to cryptographic issue in Core during RPMB read request.
7.1
Haute
CVE-2023-21666 2023-05-02 05h08 +00:00 Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.
8.4
Haute
CVE-2023-21665 2023-05-02 05h08 +00:00 Memory corruption in Graphics while importing a file.
8.4
Haute
CVE-2022-40532 2023-04-04 04h46 +00:00 Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.
8.4
Haute
CVE-2022-40503 2023-04-04 04h46 +00:00 Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.
8.2
Haute
CVE-2022-33231 2023-04-04 04h46 +00:00 Memory corruption due to double free in core while initializing the encryption key.
9.3
Critique
CVE-2022-40537 2023-03-07 04h43 +00:00 Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response.
9.8
Critique
CVE-2022-40535 2023-03-07 04h43 +00:00 Transient DOS due to buffer over-read in WLAN while sending a packet to device.
7.5
Haute
CVE-2022-40531 2023-03-07 04h43 +00:00 Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.
8.4
Haute
CVE-2022-40530 2023-03-07 04h43 +00:00 Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.
8.4
Haute
CVE-2022-40527 2023-03-07 04h43 +00:00 Transient DOS due to reachable assertion in WLAN while processing PEER ID populated by TQM.
7.5
Haute
CVE-2022-40515 2023-03-07 04h43 +00:00 Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms.
9.8
Critique
CVE-2022-33309 2023-03-07 04h43 +00:00 Transient DOS due to buffer over-read in WLAN Firmware while parsing secure FTMR frame with size lesser than 39 Bytes.
7.5
Haute
CVE-2022-33245 2023-03-07 04h43 +00:00 Memory corruption in WLAN due to use after free
7.8
Haute
CVE-2022-33242 2023-03-07 04h43 +00:00 Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.
7.8
Haute
CVE-2022-25655 2023-03-07 04h43 +00:00 Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload.
8.4
Haute
CVE-2022-22075 2023-03-07 04h43 +00:00 Information Disclosure in Graphics during GPU context switch.
6.2
Moyen
CVE-2022-40514 2023-02-09 06h58 +00:00 Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame.
9.8
Critique
CVE-2022-40513 2023-02-09 06h58 +00:00 Transient DOS due to uncontrolled resource consumption in WLAN firmware when peer is freed in non qos state.
7.5
Haute
CVE-2022-40512 2023-02-09 06h58 +00:00 Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.
7.5
Haute
CVE-2022-40502 2023-02-09 06h58 +00:00 Transient DOS due to improper input validation in WLAN Host.
7.5
Haute
CVE-2022-34146 2023-02-09 06h58 +00:00 Transient DOS due to improper input validation in WLAN Host while parsing frame during defragmentation.
7.5
Haute
CVE-2022-34145 2023-02-09 06h58 +00:00 Transient DOS due to buffer over-read in WLAN Host while parsing frame information.
7.5
Haute
CVE-2022-33306 2023-02-09 06h58 +00:00 Transient DOS due to buffer over-read in WLAN while processing an incoming management frame with incorrectly filled IEs.
7.5
Haute
CVE-2022-33280 2023-02-09 06h58 +00:00 Memory corruption due to access of uninitialized pointer in Bluetooth HOST while processing the AVRCP packet.
8.8
Haute
CVE-2022-33279 2023-02-09 06h58 +00:00 Memory corruption due to stack based buffer overflow in WLAN having invalid WNM frame length.
9.8
Critique
CVE-2022-33277 2023-02-09 06h58 +00:00 Memory corruption in modem due to buffer copy without checking size of input while receiving WMI command.
8.4
Haute
CVE-2022-33271 2023-02-09 06h58 +00:00 Information disclosure due to buffer over-read in WLAN while parsing NMF frame.
8.2
Haute
CVE-2022-33246 2023-02-09 06h58 +00:00 Memory corruption in Audio due to use of out-of-range pointer offset while Initiating a voice call session from user space with invalid session id.
7.8
Haute
CVE-2022-33243 2023-02-09 06h58 +00:00 Memory corruption due to improper access control in Qualcomm IPC.
8.4
Haute
CVE-2022-40519 2023-01-06 05h02 +00:00 Information disclosure due to buffer overread in Core
6.8
Moyen
CVE-2022-40518 2023-01-06 05h02 +00:00 Information disclosure due to buffer overread in Core
6.8
Moyen
CVE-2022-40517 2023-01-06 05h02 +00:00 Memory corruption in core due to stack-based buffer overflow
8.4
Haute
CVE-2022-40516 2023-01-06 05h02 +00:00 Memory corruption in Core due to stack-based buffer overflow.
8.4
Haute
CVE-2022-33299 2023-01-06 05h02 +00:00 Transient DOS due to null pointer dereference in Bluetooth HOST while receiving an attribute protocol PDU with zero length data.
7.5
Haute
CVE-2022-33290 2023-01-06 05h02 +00:00 Transient DOS in Bluetooth HOST due to null pointer dereference when a mismatched argument is passed.
7.5
Haute
CVE-2022-33286 2023-01-06 05h02 +00:00 Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames.
7.5
Haute
CVE-2022-33285 2023-01-06 05h02 +00:00 Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames.
7.5
Haute
CVE-2022-33284 2023-01-06 05h02 +00:00 Information disclosure due to buffer over-read in WLAN while parsing BTM action frame.
8.2
Haute
CVE-2022-33283 2023-01-06 05h02 +00:00 Information disclosure due to buffer over-read in WLAN while WLAN frame parsing due to missing frame length check.
8.2
Haute
CVE-2022-33276 2023-01-06 05h02 +00:00 Memory corruption due to buffer copy without checking size of input in modem while receiving WMI_REQUEST_STATS_CMDID command.
8.4
Haute
CVE-2022-33266 2023-01-06 05h02 +00:00 Memory corruption in Audio due to integer overflow to buffer overflow while music playback of clips like amr,evrc,qcelp with modified content.
7.8
Haute
CVE-2022-33255 2023-01-06 05h02 +00:00 Information disclosure due to buffer over-read in Bluetooth HOST while processing GetFolderItems and GetItemAttribute Cmds from peer device.
8.2
Haute
CVE-2022-33253 2023-01-06 05h02 +00:00 Transient DOS due to buffer over-read in WLAN while parsing corrupted NAN frames.
7.5
Haute
CVE-2022-33252 2023-01-06 05h02 +00:00 Information disclosure due to buffer over-read in WLAN while handling IBSS beacons frame.
8.2
Haute
CVE-2022-25722 2023-01-06 05h02 +00:00 Information exposure in DSP services due to improper handling of freeing memory
6
Moyen
CVE-2022-25721 2023-01-06 05h02 +00:00 Memory corruption in video driver due to type confusion error during video playback
7.8
Haute
CVE-2022-25717 2023-01-06 04h56 +00:00 Memory corruption in display due to double free while allocating frame buffer memory
7.8
Haute
CVE-2022-25715 2023-01-06 04h42 +00:00 Memory corruption in display driver due to incorrect type casting while accessing the fence structure fields
7.8
Haute
CVE-2022-22088 2023-01-06 04h42 +00:00 Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote
9.8
Critique
CVE-2022-25677 2022-12-12 23h00 +00:00 Memory corruption in diag due to use after free while processing dci packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
7.8
Haute
CVE-2022-25711 2022-12-12 23h00 +00:00 Memory corruption in camera due to improper validation of array index in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
7.8
Haute
CVE-2022-33235 2022-12-12 23h00 +00:00 Information disclosure due to buffer over-read in WLAN firmware while parsing security context info attributes. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
8.2
Haute
CVE-2022-33238 2022-12-12 23h00 +00:00 Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2022-33268 2022-12-12 23h00 +00:00 Information disclosure due to buffer over-read in Bluetooth HOST while pairing and connecting A2DP. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
8.2
Haute
CVE-2022-25667 2022-11-14 23h00 +00:00 Information disclosure in kernel due to improper handling of ICMP requests in Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2022-33236 2022-11-14 23h00 +00:00 Transient DOS due to buffer over-read in WLAN firmware while parsing cipher suite info attributes. in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2022-33237 2022-11-14 23h00 +00:00 Transient DOS due to buffer over-read in WLAN firmware while processing PPE threshold. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2022-33239 2022-11-14 23h00 +00:00 Transient DOS due to loop with unreachable exit condition in WLAN firmware while parsing IPV6 extension header. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2022-25666 2022-10-18 22h00 +00:00 Memory corruption due to use after free in service while trying to access maps by different threads in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
6.7
Moyen
CVE-2022-25719 2022-10-18 22h00 +00:00 Information disclosure in WLAN due to improper length check while processing authentication handshake in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
9.1
Critique
CVE-2022-25736 2022-10-18 22h00 +00:00 Denial of service in WLAN due to out-of-bound read happens while processing VHT action frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2022-25748 2022-10-18 22h00 +00:00 Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
9.8
Critique
CVE-2022-25749 2022-10-18 22h00 +00:00 Transient Denial-of-Service in WLAN due to buffer over-read while parsing MDNS frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2022-25652 2022-09-16 03h25 +00:00 Cryptographic issues in BSP due to improper hash verification in Snapdragon Wired Infrastructure and Networking
9
Critique
CVE-2021-35129 2022-06-14 08h11 +00:00 Memory corruption in BT controller due to improper length check while processing vendor specific commands in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
7.8
Haute
CVE-2021-35104 2022-06-14 08h11 +00:00 Possible buffer overflow due to improper parsing of headers while playing the FLAC audio clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
9.8
Critique
CVE-2021-35071 2022-06-14 08h11 +00:00 Possible buffer over read due to lack of size validation while copying data from DBR buffer to RX buffer and can lead to Denial of Service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
5.5
Moyen
CVE-2021-30349 2022-06-14 08h11 +00:00 Improper access control sequence for AC database after memory allocation can lead to possible memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
8.2
Haute
CVE-2021-30281 2022-06-14 08h10 +00:00 Possible unauthorized access to secure space due to improper check of data allowed while flashing the no access control device configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
8.4
Haute
CVE-2021-35103 2022-04-01 02h40 +00:00 Possible out of bound write due to improper validation of number of timer values received from firmware while syncing timers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
7.8
Haute
CVE-2021-35088 2022-04-01 02h40 +00:00 Possible out of bound read due to improper validation of IE length during SSID IE parse when channel is DFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
9.1
Critique
CVE-2021-1950 2022-04-01 02h40 +00:00 Improper cleaning of secure memory between authenticated users can lead to face authentication bypass in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
7.8
Haute
CVE-2021-35069 2022-02-11 09h40 +00:00 Improper validation of data length received from DMA buffer can lead to memory corruption. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.8
Haute
CVE-2021-30325 2022-02-11 09h40 +00:00 Possible out of bound access of DCI resources due to lack of validation process and resource allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
6.7
Moyen
CVE-2021-30324 2022-02-11 09h40 +00:00 Possible out of bound write due to lack of boundary check for the maximum size of buffer when sending a DCI packet to remote process in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
6.7
Moyen
CVE-2021-30313 2022-01-13 10h40 +00:00 Use after free condition can occur in wired connectivity due to a race condition while creating and deleting folders in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
6.7
Moyen
CVE-2021-30351 2022-01-03 06h26 +00:00 An out of bound memory access can occur due to improper validation of number of frames being passed during music playback in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
9.8
Critique
CVE-2021-30337 2022-01-03 06h26 +00:00 Possible use after free when process shell memory is freed using IOCTL call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
8.4
Haute
CVE-2021-30335 2022-01-03 06h26 +00:00 Possible assertion in QOS request due to improper validation when multiple add or update request are received simultaneously in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
8.4
Haute
CVE-2021-30303 2022-01-03 06h26 +00:00 Possible buffer overflow due to lack of buffer length check when segmented WMI command is received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.8
Haute
CVE-2021-30298 2022-01-03 06h26 +00:00 Possible out of bound access due to improper validation of item size and DIAG memory pools data while switching between USB and PCIE interface in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
7.8
Haute
CVE-2021-30282 2022-01-03 06h25 +00:00 Possible out of bound write in RAM partition table due to improper validation on number of partitions provided in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
8.4
Haute
CVE-2021-30278 2022-01-03 06h25 +00:00 Improper input validation in TrustZone memory transfer interface can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.1
Haute
CVE-2021-30275 2022-01-03 06h25 +00:00 Possible integer overflow in page alignment interface due to lack of address and size validation before alignment in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
9.3
Critique
CVE-2021-30274 2022-01-03 06h25 +00:00 Possible integer overflow in access control initialization interface due to lack and size and address validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
8.4
Haute
CVE-2021-30272 2022-01-03 06h25 +00:00 Possible null pointer dereference in thread cache operation handler due to lack of validation of user provided input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
7.8
Haute
CVE-2021-30271 2022-01-03 06h25 +00:00 Possible null pointer dereference in trap handler due to lack of thread ID validation before dereferencing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
7.8
Haute
CVE-2021-30266 2021-11-12 05h16 +00:00 Possible use after free due to improper memory validation when initializing new interface via Interface add command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
6.7
Moyen
CVE-2021-30264 2021-11-12 05h15 +00:00 Possible use after free due improper validation of reference from call back to internal store table in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
6.7
Moyen
CVE-2021-1924 2021-11-12 05h15 +00:00 Information disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
9
Critique
CVE-2021-1903 2021-11-12 05h15 +00:00 Possible denial of service scenario can occur due to lack of length check on Channel Switch Announcement IE in beacon or probe response frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
5.3
Moyen
CVE-2021-30312 2021-10-20 04h31 +00:00 Improper authentication of sub-frames of a multicast AMSDU frame can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2021-30302 2021-10-20 04h31 +00:00 Improper authentication of EAP WAPI EAPOL frames from unauthenticated user can lead to information disclosure in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2021-30288 2021-10-20 04h31 +00:00 Possible stack overflow due to improper length check of TLV while copying the TLV to a local stack variable in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
8.4
Haute
CVE-2021-1980 2021-10-20 04h31 +00:00 Possible buffer over read due to lack of length check while parsing beacon IE response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
9.1
Critique
CVE-2021-30260 2021-09-17 05h05 +00:00 Possible Integer overflow to buffer overflow issue can occur due to improper validation of input parameters when extscan hostlist configuration command is received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
8.4
Haute
CVE-2021-1976 2021-09-17 05h05 +00:00 A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
9.8
Critique
CVE-2021-1974 2021-09-09 05h36 +00:00 Possible buffer over read due to lack of alignment between map or unmap length of IPA SMMU and WLAN SMMU in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2021-1971 2021-09-09 05h36 +00:00 Possible assertion due to lack of physical layer state validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2021-1960 2021-09-09 05h35 +00:00 Improper handling of ASB-C broadcast packets with crafted opcode in LMP can lead to uncontrolled resource consumption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
6.5
Moyen
CVE-2021-1948 2021-09-09 05h35 +00:00 Possible out of bound read due to lack of length check of data while parsing the beacon or probe response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2021-1941 2021-09-09 05h35 +00:00 Possible buffer over read issue due to improper length check on WPA IE string sent by peer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2021-1909 2021-09-09 05h35 +00:00 Buffer overflow occurs in trusted applications due to lack of length check of parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
7.8
Haute
CVE-2021-1972 2021-09-08 09h25 +00:00 Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
9.8
Critique
CVE-2021-1928 2021-09-08 09h25 +00:00 Buffer over read could occur due to incorrect check of buffer size while flashing emmc devices in Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
6.1
Moyen
CVE-2020-11301 2021-09-08 09h25 +00:00 Improper authentication of un-encrypted plaintext Wi-Fi frames in an encrypted network can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
9.1
Critique
CVE-2021-1965 2021-07-13 03h31 +00:00 Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
9.8
Critique
CVE-2021-1964 2021-07-13 03h31 +00:00 Possible buffer over read due to improper validation of IE size while parsing beacon from peer device in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2021-1954 2021-07-13 03h31 +00:00 Possible buffer over read due to improper validation of data pointer while parsing FILS indication IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2021-1953 2021-07-13 03h31 +00:00 Improper handling of received malformed FTMR request frame can lead to reachable assertion while responding with FTM1 frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2021-1945 2021-07-13 03h30 +00:00 Possible out of bound read due to lack of length check of Bandwidth-NSS IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2021-1943 2021-07-13 03h30 +00:00 Possible buffer out of bound read can occur due to improper validation of TBTT count and length while parsing the beacon response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2021-1938 2021-07-13 03h30 +00:00 Possible assertion due to improper verification while creating and deleting the peer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2021-1937 2021-06-09 04h20 +00:00 Reachable assertion is possible while processing peer association WLAN message from host and nonstandard incoming packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2020-11267 2021-06-09 04h20 +00:00 Stack out-of-bounds write occurs while setting up a cipher device if the provided IV length exceeds the max limit value in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
8.4
Haute
CVE-2020-11250 2021-06-09 03h00 +00:00 Use after free due to race condition when reopening the device driver repeatedly in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
7
Haute
CVE-2020-11241 2021-06-09 03h00 +00:00 Out of bound read will happen if EAPOL Key length is less than expected while processing NAN shared key descriptor attribute in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2020-11238 2021-06-09 03h00 +00:00 Possible Buffer over-read in ARP/NS parsing due to lack of check of packet length received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2020-11235 2021-06-09 03h00 +00:00 Buffer overflow might occur while parsing unified command due to lack of check of input data received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.8
Haute
CVE-2020-11134 2021-06-09 03h00 +00:00 Possible stack out of bound write might happen due to time bitmap length and bit duration fields of the attributes like NAN ranging setup attribute inside a NAN management frame are not Properly validated in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
9.8
Critique
CVE-2020-11159 2021-06-09 03h00 +00:00 Buffer over-read can happen while processing WPA,RSN IE of beacon and response frames if IE length is less than length of frame pointer being accessed in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
9.1
Critique
CVE-2020-11126 2021-06-09 03h00 +00:00 Possible out of bound read while WLAN frame parsing due to lack of check for body and header length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
9.1
Critique
CVE-2021-1927 2021-05-07 07h10 +00:00 Possible use after free due to lack of null check while memory is being freed in FastRPC driver in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
8.4
Haute
CVE-2021-1915 2021-05-07 07h10 +00:00 Buffer overflow can occur due to improper validation of NDP application information length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.8
Haute
CVE-2021-1925 2021-05-07 07h10 +00:00 Possible denial of service scenario due to improper handling of group management action frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2020-11289 2021-05-07 07h10 +00:00 Out of bound write can occur in TZ command handler due to lack of validation of command ID in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
7.8
Haute
CVE-2020-11252 2021-04-07 05h55 +00:00 Trustzone initialization code will disable xPU`s when memory dumps are enabled and lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.2
Haute
CVE-2020-11191 2021-04-07 05h55 +00:00 Out of bound read occurs while processing crafted SDP due to lack of check of null string in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
9.1
Critique
CVE-2020-3664 2021-02-22 05h26 +00:00 Out of bound read access in hypervisor due to an invalid read access attempt by passing invalid addresses in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
6
Moyen
CVE-2020-11287 2021-02-22 05h26 +00:00 Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers can lead to information disclosure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2020-11296 2021-02-22 05h26 +00:00 Arithmetic overflow can happen while processing NOA IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2020-11280 2021-02-22 05h26 +00:00 Denial of service while processing fine timing measurement request (FTMR) frame with reserved bits set in the FTM parameter IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2020-11281 2021-02-22 05h26 +00:00 Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers can lead to information disclosure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2020-11278 2021-02-22 05h26 +00:00 Possible denial of service while handling host WMI command due to improper validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2020-11276 2021-02-22 05h26 +00:00 Possible buffer over read while processing P2P IE and NOA attribute of beacon and probe response frames due to improper validation of P2P IE and NOA attribute lengths in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
9.1
Critique
CVE-2020-11275 2021-02-22 05h26 +00:00 Possible buffer over-read while parsing quiet IE in Rx beacon frame due to improper check of IE length in received beacon in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
9.1
Critique
CVE-2020-11270 2021-02-22 05h25 +00:00 Possible denial of service due to RTT responder consistently rejects all FTMR by transmitting FTM1 with failure status in the FTM parameter IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2020-11269 2021-02-22 05h25 +00:00 Possible memory corruption while processing EAPOL frames due to lack of validation of key length before using it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
8.8
Haute
CVE-2020-11204 2021-02-22 05h25 +00:00 Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for parameters that are read from shared MSG RAM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
7.8
Haute
CVE-2020-11198 2021-02-22 05h25 +00:00 Key material used for TZ diag buffer encryption and other data related to log buffer is not wiped securely due to improper usage of memset in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
6.7
Moyen
CVE-2020-11225 2021-01-21 08h41 +00:00 Out of bound access in WLAN driver due to lack of validation of array length before copying into array in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
9.8
Critique
CVE-2020-11214 2021-01-21 08h41 +00:00 Buffer over-read while processing NDL attribute if attribute length is larger than expected and then FW is treating it as more number of immutable schedules in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.5
Haute
CVE-2020-11215 2021-01-21 08h41 +00:00 An out of bounds read can happen when processing VSA attribute due to improper minimum required length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
9.1
Critique
CVE-2020-11213 2021-01-21 08h41 +00:00 Out of bound reads might occur in while processing Service descriptor due to improper validation of length of fields in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
9.8
Critique
CVE-2020-11212 2021-01-21 08h41 +00:00 Out of bounds reads while parsing NAN beacons attributes and OUIs due to improper length of field check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
9.8
Critique
CVE-2020-11185 2021-01-21 08h41 +00:00 Out of bound issue in WLAN driver while processing vdev responses from firmware due to lack of validation of data received from firmware in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
7.8
Haute
CVE-2020-11119 2021-01-21 08h41 +00:00 Buffer over-read can happen when the buffer length received from response handlers is more than the size of the payload in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
7.5
Haute