Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-18124

Summary
Assigner-qualcomm
Assigner Org ID-2cfc7d3e-20d3-47ac-8db7-1b7285aff15f
Published At-26 Oct, 2018 | 13:00
Updated At-05 Aug, 2024 | 21:13
Rejected At-
Credits

During secure boot, addition is performed on uint8 ptrs which led to overflow issue in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:qualcomm
Assigner Org ID:2cfc7d3e-20d3-47ac-8db7-1b7285aff15f
Published At:26 Oct, 2018 | 13:00
Updated At:05 Aug, 2024 | 21:13
Rejected At:
▼CVE Numbering Authority (CNA)

During secure boot, addition is performed on uint8 ptrs which led to overflow issue in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20

Affected Products
Vendor
Qualcomm Technologies, Inc.Qualcomm, Inc.
Product
Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
Versions
Affected
  • FSM9055, IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20
Problem Types
TypeCWE IDDescription
textN/AUse of Out-of-range Pointer Offset in Core
Type: text
CWE ID: N/A
Description: Use of Out-of-range Pointer Offset in Core
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.qualcomm.com/company/product-security/bulletins
x_refsource_CONFIRM
Hyperlink: https://www.qualcomm.com/company/product-security/bulletins
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.qualcomm.com/company/product-security/bulletins
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.qualcomm.com/company/product-security/bulletins
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@qualcomm.com
Published At:26 Oct, 2018 | 13:29
Updated At:20 Dec, 2018 | 15:24

During secure boot, addition is performed on uint8 ptrs which led to overflow issue in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.07.2HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.2
Base severity: HIGH
Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Qualcomm Technologies, Inc.
qualcomm
>>fsm9055_firmware>>-
cpe:2.3:o:qualcomm:fsm9055_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>fsm9055>>-
cpe:2.3:h:qualcomm:fsm9055:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>ipq4019_firmware>>-
cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>ipq4019>>-
cpe:2.3:h:qualcomm:ipq4019:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9206_firmware>>-
cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9206>>-
cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9607_firmware>>-
cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9607>>-
cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9625_firmware>>-
cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9625>>-
cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9635m_firmware>>-
cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9635m>>-
cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9640_firmware>>-
cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9640>>-
cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9645_firmware>>-
cpe:2.3:o:qualcomm:mdm9645_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9645>>-
cpe:2.3:h:qualcomm:mdm9645:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9650_firmware>>-
cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9650>>-
cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9655_firmware>>-
cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9655>>-
cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>msm8909w_firmware>>-
cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>msm8909w>>-
cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>msm8996au_firmware>>-
cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>msm8996au>>-
cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_210_firmware>>-
cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_210>>-
cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_212_firmware>>-
cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_212>>-
cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_205_firmware>>-
cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_205>>-
cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_410_firmware>>-
cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_410>>-
cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_412_firmware>>-
cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_412>>-
cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_425_firmware>>-
cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_425>>-
cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_430_firmware>>-
cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_430>>-
cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_450_firmware>>-
cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_450>>-
cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_615_firmware>>-
cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_615>>-
cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_616_firmware>>-
cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_616>>-
cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_415_firmware>>-
cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_415>>-
cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_617_firmware>>-
cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_617>>-
cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_625_firmware>>-
cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_625>>-
cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.qualcomm.com/company/product-security/bulletinsproduct-security@qualcomm.com
Vendor Advisory
Hyperlink: https://www.qualcomm.com/company/product-security/bulletins
Source: product-security@qualcomm.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1488Records found
CVE-2019-14088
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.91%
||
7 Day CHG~0.00%
Published-07 Feb, 2020 | 05:00
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible use after free issue while CRM is accessing the link pointer from device private data due to lack of resource protection in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, MDM9206, MDM9207C, MDM9607, QCS605, SDM429W, SDX24, SM8150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9206mdm9207csm8150_firmwaresdx24_firmwaresdm429wsdx24mdm9206_firmwareqcs605mdm9607_firmwaremdm9607sdm429w_firmwaresm8150sxr1130_firmwareapq8009_firmwaresxr1130apq8009qcs605_firmwaremdm9207c_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-416
Use After Free
CVE-2019-14116
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.32%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 10:46
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Privilege escalation by using an altered debug policy image can occur as the XPU protecting the debug policy regions are disabled during the crash dump boot flow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ6018

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-ipq6018_firmwareipq6018Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-862
Missing Authorization
CVE-2019-14117
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.69%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Whenever the page list is updated via privileged user, the previous list elements are freed but are not deleted from the list which results in a use after free causing an unhandled page fault exception in rmnet driver' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Bitra, MDM9607, QCS405, Saipan, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sm8150_firmwaresxr2130_firmwareqcs405_firmwarebitrasm8250_firmwaremdm9607_firmwaresc8180x_firmwaresdx55qcs405sm7150_firmwaresaipan_firmwaresm6150_firmwaresm6150sm8250mdm9607bitra_firmwaresm8150sdx55_firmwaresm7150saipansxr2130sc8180xSnapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-416
Use After Free
CVE-2019-14054
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.19%
||
7 Day CHG~0.00%
Published-02 Jun, 2020 | 15:05
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper permissions in XBL_SEC region enable user to update XBL_SEC code and data and divert the RAM dump path to normal cold boot path in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, MSM8998, QCS404, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM8150, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm850_firmwarekamorta_firmwaresdm636_firmwaresdm845msm8998_firmwaresdm660sdm630qcs404_firmwaresdm710sdm710_firmwaresdm670sxr2130qcs605_firmwaresdm670_firmwareqcs404sm8150_firmwaresxr2130_firmwaresdm636sda845_firmwaresdm630_firmwaresda660_firmwareqcs605msm8998sm8150sdm850sda660kamortasxr1130_firmwaresxr1130sdm660_firmwaresda845sdm845_firmwareSnapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
CVE-2021-35072
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.15% / 35.56%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 09:50
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer overflow due to improper validation of array index while processing external DIAG command in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaremdm9150_firmwarewsa8830mdm9640_firmwareqcs2290_firmwaremdm9628_firmwaremdm9650qcs4290wcn3950_firmwaremdm9250qcs2290apq8009_firmwaremsm8917wcd9370sd632wcn3990_firmwaremsm8108qca9377wcn3998sdw2500_firmwaremsm8108_firmwarewcn3950sm4125mdm9628wcd9326_firmwaremdm9206_firmwarewcn3615_firmwarewcn3660bsd450_firmwaresd662sd460_firmwareapq8037qca6320_firmwareqca6584qca6574au_firmwarewcn3680b_firmwarewcd9375_firmwaresdx12_firmwarewcn3615wcn3998_firmwaremsm8909wapq8009w_firmwarewcn3610_firmwareapq8053_firmwareqca6564au_firmwaresd680_firmwareqca6310msm8208qca9367_firmwaresd429qca9367sd662_firmwaremdm9607_firmwaresd821wcn3988_firmwaresd429_firmwarewcd9340apq8017_firmwarewsa8810_firmwarequalcomm215_firmwaresw5100sd680wcd9326wcd9335msm8937msm8209_firmwareqca6174a_firmwaremdm9250_firmwareqcs4290_firmwarewcd9341wcn3660_firmwarewcn3910_firmwarewcd9375msm8953_firmwarewsa8830_firmwaremsm8917_firmwaresd210wcn3620_firmwaresd820wcn3988wsa8815_firmwarewsa8835_firmwarewcn3620apq8017msm8208_firmwareqca6564asd450wcn3610msm8608qcm2290_firmwaremdm9640wcn3990sdm429wmsm8996au_firmwaresw5100pwcd9330qca6564aumsm8940_firmwaremsm8909w_firmwareqca6574msm8996ausd632_firmwaresdm429w_firmwarewsa8835qualcomm215qca6574amdm9206qca9379_firmwareqca6174aqca6310_firmwarewcd9335_firmwarewcn3980sd439_firmwareqca6574_firmwarewcd9340_firmwaresm4125_firmwarewsa8815wcn3910qca6320qca6584_firmwaremsm8937_firmwaremdm9650_firmwarewcn3660b_firmwarewcn3680qca6574a_firmwaresd835msm8209wcn3980_firmwareapq8009sd460wcd9330_firmwaremsm8920msm8953sd821_firmwareqcm4290wcn3680_firmwaremsm8920_firmwareqca6574aumdm9607qca6564a_firmwareapq8009wwcd9341_firmwareqcm4290_firmwarewsa8810sw5100p_firmwaresd210_firmwaremdm9150wcn3680bsd835_firmwareapq8096ausd820_firmwaremsm8608_firmwarewcd9370_firmwaresdw2500msm8940apq8053apq8096au_firmwareapq8037_firmwaresd439sdx12sw5100_firmwarewcn3660qca9379qcm2290Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2019-13995
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.51%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Lack of integer overflow check for addition of fragment size and remaining size that are read from shared memory can lead to memory corruption and potential information leakage' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwaremdm9640_firmwareqcs610sdm450_firmwaresdm632qcs404_firmwaremdm9650mdm9645apq8009_firmwaremsm8917sdm670qcs605_firmwaresda845_firmwaresa415mbitraapq8098qcn7605mdm9206_firmwarebitra_firmwaremsm8905_firmwaresda660sdx55_firmwareqca8081_firmwaresxr1130apq8053_firmwaresda845sa6155p_firmwaresdm450sdm636_firmwareapq8098_firmwaremsm8998_firmwaresdm630mdm9607_firmwaresm8250_firmwaremdm9655_firmwaresa415m_firmwareqcs405qm215sc7180_firmwareapq8017_firmwaresdm710_firmwaresa6155pqca8081msm8937msm8905sm8150_firmwaremsm8909sxr2130_firmwaremdm9655rennellsc7180msm8953_firmwaresaipan_firmwaresm6150_firmwaremsm8917_firmwaremsm8998sm8150sdx20_firmwaresdm850kamortaapq8017msm8996saipanmdm9640kamorta_firmwareqcm2150_firmwaresdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdx24sdm439sdm429msm8940_firmwaresm7150_firmwaresm6150msm8996ausdm429w_firmwaresm7150sxr2130sc8180xmdm9206sdm670_firmwareqcs404sdx24_firmwareipq8074sdm636ipq6018_firmwaremdm9205qcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaresxr1130_firmwareapq8009msm8909_firmwarenicobarsdm850_firmwaremsm8920msm8953sdx20qcm2150msm8920_firmwaresdm660sc8180x_firmwareipq8074_firmwaresdm710mdm9607mdm9645_firmwareqcn7605_firmwareqcs610_firmwaremdm9150msm8996_firmwareipq6018apq8096ausdm439_firmwareqcs405_firmwaresdm630_firmwaremdm9205_firmwaresda660_firmwarerennell_firmwareqm215_firmwaresdx55msm8940apq8053apq8096au_firmwaresm8250nicobar_firmwaresdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-35089
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.10% / 27.87%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 04:40
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer overflow due to lack of input IB amount validation while processing the user command in Snapdragon Auto

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca6574ausa8155psa8155p_firmwareqca6696_firmwareqca6574au_firmwareqca6696Snapdragon Auto
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-14047
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.80%
||
7 Day CHG~0.00%
Published-22 Jun, 2020 | 07:10
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

While IPA driver processes route add rule IOCTL, there is no input validation of the rule ID prior to adding the rule to the IPA HW commit list in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, APQ8096AU, MDM9607, MSM8909W, MSM8996, MSM8996AU, QCN7605, QCS605, SC8180X, SDA845, SDX20, SDX24, SDX55, SM8150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sm8150_firmwaresdx24_firmwareapq8096aumsm8996au_firmwareqcs605_firmwaresda845_firmwaresdx20qcn7605sdx24mdm9607_firmwareqcs605sc8180x_firmwaresdx55apq8053apq8096au_firmwaremsm8909w_firmwaremdm9607msm8996ausm8150sdx20_firmwareapq8053_firmwaresxr1130_firmwaresdx55_firmwareqcn7605_firmwaremsm8996sxr1130sda845msm8909wsc8180xmsm8996_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-20
Improper Input Validation
CVE-2019-14060
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.80%
||
7 Day CHG~0.00%
Published-07 Feb, 2020 | 05:00
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uninitialized stack data gets used If memory is not allocated for blob or if the allocated blob is less than the struct size required due to lack of check of return value for read or write blob in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwaresdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632sdx24sdm439mdm9650sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996ausdm429w_firmwaresm7150apq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwaresc8180xipq4019_firmwaremdm9206sdm670_firmwaresdx24_firmwareipq8074sdm636sda845_firmwareapq8098ipq6018_firmwaremdm9206_firmwareqcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwareipq8064sdx55_firmwaresxr1130_firmwaresxr1130msm8909wapq8009apq8053_firmwareipq8064_firmwaresda845nicobarsa6155p_firmwaremsm8920msm8953sdm450sdm636_firmwareapq8098_firmwaresdx20msm8998_firmwaresdm660msm8920_firmwaresdm630mdm9607_firmwaresm8250_firmwaresc8180x_firmwareqcs405ipq8074_firmwaresdm710qm215mdm9607apq8017_firmwaresdm710_firmwaresa6155pmdm9150msm8937mdm9207c_firmwareipq6018mdm9207csm8150_firmwaresxr2130_firmwaresdm439_firmwareqcs405_firmwarerennellsdm630_firmwarerennell_firmwareqm215_firmwareipq4019sdx55msm8953_firmwaremsm8940saipan_firmwaresm6150_firmwareapq8053msm8917_firmwaresm8250msm8998sm8150sdx20_firmwareapq8017saipannicobar_firmwaresdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2019-14028
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.80%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 08:56
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overwrite during memcpy due to lack of check on SSID length validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996AU, MSM8998, Nicobar, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9886, QCN7605, QCS404, QCS405, QCS605, Rennell, SA6155P, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwareapq8096_firmwaremdm9640_firmwareqca4531_firmwaremsm8996au_firmwaresdm845apq8096sdx24qcs404_firmwaremdm9650sm7150_firmwaresm6150qca6574msm8996ausm7150apq8009_firmwaresdm670sxr2130qcs605_firmwaresc8180xmdm9206qca6564qca9379_firmwareqca6174asdm670_firmwareqcs404sdx24_firmwareqca6584au_firmwareipq8074sdm636sda845_firmwareqca9377qca4531apq8098qcn7605ipq6018_firmwaremdm9206_firmwareqca6574_firmwareqca9886qcs605qca6584_firmwaremdm9650_firmwareqca6584qca6574au_firmwaresda660sxr1130_firmwareapq8064_firmwareqca8081_firmwaresxr1130apq8009apq8053_firmwaresda845nicobarsdm850_firmwareqca6584ausa6155p_firmwaresdm636_firmwareapq8064sdm845_firmwareapq8098_firmwaresdx20msm8998_firmwaresdm660sdm630mdm9607_firmwaresm8250_firmwaresc8180x_firmwareqcs405ipq8074_firmwareqca6574ausdm710mdm9607apq8017_firmwaresdm710_firmwareqcn7605_firmwaresa6155pqca8081mdm9207c_firmwareipq6018mdm9207cqca6174a_firmwareqca9886_firmwareqca6564_firmwaresm8150_firmwaresxr2130_firmwareapq8096auqcs405_firmwarerennellsdm630_firmwaresda660_firmwarerennell_firmwareapq8053sm6150_firmwareapq8096au_firmwaresm8250msm8998sm8150sdx20_firmwaresdm850apq8017nicobar_firmwareqca9379sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-35077
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.10% / 27.67%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 10:40
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible use after free scenario in compute offloads to DSP while multiple calls spawn a dynamic process in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwarewcn3991_firmwarewsa8830sa6150p_firmwaresa8145p_firmwareqcs2290_firmwareqca8337sdx65qcs4290wcn3950_firmwaresa8150p_firmwaresd765g_firmwareqcs2290qca6595au_firmwareqca6390_firmwaresd690_5gwcd9370qrb5165n_firmwareqca9377wcn3998wcd9385_firmwarewcn3950sd_8_gen1_5g_firmwaresm6375_firmwaresd662sd460_firmwaresm7315_firmwareqca6574au_firmwareqca6595auqca8081_firmwaresdx12_firmwarewcd9375_firmwaresm7250p_firmwarewcn3998_firmwareqrb5165nsd778gsa6155p_firmwaresm6225qcs6490qrb5165_firmwareqrb5165m_firmwaresd662_firmwarewcn3988_firmwaresa6145p_firmwaresd778g_firmwaresa8195pwsa8810_firmwaresd765gsd765_firmwarewcn6851wcd9335sa6155pqca8081qca6174a_firmwareqcs4290_firmwarewcd9385qca6696_firmwareqcs6490_firmwaresd750gsd870_firmwareqca6390ar8035sd750g_firmwarewcd9375sa8150pwcn3910_firmwarewsa8830_firmwaresd865_5g_firmwareqcm6490sd888_5g_firmwarewcn3988wcn6850_firmwarewsa8815_firmwarewsa8835_firmwaresa8195p_firmwaresm8475wcn6750_firmwareqcm2290_firmwaresm6375wcn3991qca8337_firmwarewcd9380_firmwaresd780gsd865_5gsdx55m_firmwarewcn6856_firmwaresd888wsa8835qca6574wcd9380sd888_5gqca6574asd690_5g_firmwarewcn6855_firmwareqca6174asm7325pwcd9335_firmwarewcn6750qca6574_firmwarewsa8815sm7325p_firmwarewcn6850wcn3910sd765qca6574a_firmwaresd768g_firmwareqrb5165msm7315sd460qca6391sdx55mwcn6740_firmwaresdx65_firmwareqcm4290qcm6490_firmwareqrb5165sd480_firmwarewcn6851_firmwaresm6225_firmwareqca6574ausa8155p_firmwareqcm4290_firmwaresd480sd870wcn6855wsa8810wcn6856sa6145psd768gsa8145pwcn6740qca6696qca6391_firmwaresd780g_firmwarewcd9370_firmwaresa6150psd888_firmwaresa8155psm7250psdx12ar8035_firmwareqcm2290Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-416
Use After Free
CVE-2019-14089
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.19%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Keymaster attestation key and device IDs provisioning which is a one time process is incorrectly allowed to be re-provisioned after a user data erase or a factory reset' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Kamorta, Nicobar, QCS404, QCS610, Rennell, SA515M, SA6155P, SC7180, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-kamorta_firmwaresa6155p_firmwareqcs404sm8150_firmwaresxr2130_firmwareqcs610sa515m_firmwarerennellsc7180rennell_firmwaresa515mqcs404_firmwaresm8250_firmwaresc8180x_firmwaresdx55sm7150_firmwaresm6150_firmwaresm8250sm6150sc7180_firmwaresm8150kamortasm7150sdx55_firmwarenicobar_firmwaresa6155pqcs610_firmwaresxr2130sc8180xnicobarSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2019-14068
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.80%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 08:56
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound access in msm routing due to lack of check of size before accessing in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, APQ8096AU, MDM9607, MSM8905, MSM8909W, Nicobar, QCS405, QCS605, Rennell, Saipan, SDM429W, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm429wsdm845sdx20sdx24mdm9607_firmwaresm8250_firmwareqcs405sm7150_firmwaresm6150msm8909w_firmwaremdm9607sdm429w_firmwareapq8009sm7150apq8009_firmwaresxr2130qcs605_firmwaremsm8905sm8150_firmwaresdx24_firmwaresxr2130_firmwareapq8096auqcs405_firmwarerennellrennell_firmwareqcs605apq8053apq8096au_firmwaresaipan_firmwaresm6150_firmwaresm8250sm8150sdx20_firmwaremsm8905_firmwaresxr1130_firmwarenicobar_firmwaremsm8909wsaipansxr1130apq8053_firmwarenicobarsdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-14027
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.51%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 08:56
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow due to lack of upper bound check on channel length which is used for a loop. in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in APQ8098, IPQ6018, IPQ8074, MSM8998, Nicobar, QCA8081, QCN7605, QCS404, QCS605, Rennell, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm850_firmwaresdm636_firmwareapq8098_firmwaresdm845msm8998_firmwaresdm660sdm630qcs404_firmwaresc8180x_firmwaresm7150_firmwareipq8074_firmwaresdm710sm6150sdm710_firmwaresm7150qcn7605_firmwaresdm670qca8081sxr2130qcs605_firmwaresc8180xipq6018sdm670_firmwareqcs404sm8150_firmwaresxr2130_firmwareipq8074sdm636sda845_firmwarerennellsdm630_firmwareapq8098qcn7605sda660_firmwarerennell_firmwareipq6018_firmwareqcs605sm6150_firmwaremsm8998sm8150sdm850sda660sxr1130_firmwareqca8081_firmwarenicobar_firmwaresxr1130sdm660_firmwaresda845nicobarsdm845_firmwareSnapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-13992
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.80%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Out of bound memory access if stack push and pop operation are performed without doing a bound check on stack top' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Bitra, IPQ6018, IPQ8074, MDM9205, Nicobar, QCA8081, QCN7605, QCS404, QCS405, QCS605, QCS610, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm850_firmwaresa6155p_firmwareqcs610sdm845sdx20sdx24qcs404_firmwaresm8250_firmwaresc8180x_firmwaresa415m_firmwareqcs405sm7150_firmwareipq8074_firmwaresdm710sc7180_firmwaresm6150sdm710_firmwaresm7150qcn7605_firmwaresa6155psdm670qca8081qcs610_firmwareqcs605_firmwaresc8180xsxr2130ipq6018sdm670_firmwareqcs404sdx24_firmwaresm8150_firmwareipq8074sxr2130_firmwareqcs405_firmwarerennellsa415msc7180bitrasda845_firmwaremdm9205_firmwareqcn7605rennell_firmwareipq6018_firmwaremdm9205qcs605sdx55saipan_firmwaresm6150_firmwaresm8250bitra_firmwaresm8150sdx20_firmwaresdm850sxr1130_firmwaresdx55_firmwareqca8081_firmwarenicobar_firmwaresaipansxr1130sda845nicobarsdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-13999
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.51%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Lack of check for integer overflow for round up and addition operations result into memory corruption and potential information leakage' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwaremdm9640_firmwareqcs610sdm450_firmwaresdm632qcs404_firmwaremdm9650mdm9645apq8009_firmwaremsm8917sdm670qcs605_firmwaresda845_firmwaresa415mapq8098qcn7605mdm9206_firmwaremsm8905_firmwaresda660sdx55_firmwareqca8081_firmwaresxr1130apq8053_firmwaresda845sa6155p_firmwaresdm450sdm636_firmwaresa515m_firmwareapq8098_firmwaremsm8998_firmwaresdm630mdm9607_firmwaresm8250_firmwaremdm9655_firmwaresa415m_firmwareqcs405qm215sc7180_firmwareapq8017_firmwaresdm710_firmwaresa6155pqca8081msm8937msm8905sm8150_firmwaremsm8909sxr2130_firmwaremdm9655rennellsc7180msm8953_firmwaresm6150_firmwaremsm8917_firmwaremsm8998sm8150sdx20_firmwaresdm850kamortaapq8017msm8996mdm9640kamorta_firmwareqcm2150_firmwaresdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdx24sdm439sdm429msm8940_firmwaresm7150_firmwaresm6150msm8996ausdm429w_firmwaresm7150sxr2130sc8180xmdm9206sdm670_firmwareqcs404sdx24_firmwareipq8074sdm636ipq6018_firmwaremdm9205sa515mqcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaresxr1130_firmwareapq8009msm8909_firmwarenicobarsdm850_firmwaremsm8920msm8953sdx20qcm2150msm8920_firmwaresdm660sc8180x_firmwareipq8074_firmwaresdm710mdm9607mdm9645_firmwareqcn7605_firmwareqcs610_firmwaremdm9150msm8996_firmwareipq6018apq8096ausdm439_firmwareqcs405_firmwaresdm630_firmwaremdm9205_firmwaresda660_firmwarerennell_firmwareqm215_firmwaresdx55msm8940apq8053apq8096au_firmwaresm8250nicobar_firmwaresdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-14024
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.80%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 06:30
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible stack-use-after-scope issue in NFC usecase for card emulation in Snapdragon Auto, Snapdragon Industrial IOT, Snapdragon Mobile in MSM8917, MSM8953, Nicobar, QM215, Rennell, SDM429, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-msm8953sdm450sdm632_firmwaresdm845sdm450_firmwaresdm632sdm439sm8250_firmwaresdm429sm7150_firmwaresdm710qm215sm6150sdm710_firmwaresm7150msm8917sdm670sxr2130sdm670_firmwaresm8150_firmwaresxr2130_firmwaresdm439_firmwarerennellrennell_firmwareqm215_firmwaremsm8953_firmwaresm6150_firmwaresm8250msm8917_firmwaresdm429_firmwaresm8150nicobar_firmwarenicobarsdm845_firmwareSnapdragon Auto, Snapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-416
Use After Free
CVE-2019-14046
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.80%
||
7 Day CHG~0.00%
Published-07 Feb, 2020 | 05:00
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound access while allocating memory for an array in camera due to improper validation of elements parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS605, SDM439, SDX24

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdx24_firmwaresdm439_firmwaresdx24sdm439qcs605qcs605_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2021-35130
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.04% / 12.33%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 10:11
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption in graphics support layer due to use after free condition in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwarewcn3991_firmwaresm6375wsa8830wcn3991sa6150p_firmwareqca8337_firmwaresa8145p_firmwareqcs610wcd9380_firmwaresw5100psd780gqca8337wcn6856_firmwaresd888sdx65wsa8835wcn3950_firmwarewcd9380sa8150p_firmwaresd888_5gqca6595au_firmwareqcs410wcd9370wcn6855_firmwareqca6174asm7325pwcd9335_firmwareqca9377wcn3980wcn3998wcn6750wcd9385_firmwareqam8295pwcn3950sm6375_firmwarewsa8815sm7325p_firmwarewcn6850qam8295p_firmwaresm7315_firmwareqca6574au_firmwareqca6595auqca8081_firmwaresdx12_firmwarewcd9375_firmwarewcn3998_firmwarewcn3980_firmwaresm7315qca6391sa8295pwcn6740_firmwaresd778gsa6155p_firmwaresdx65_firmwareqcs6490qcm6490_firmwaresa4155p_firmwaresd480_firmwarewcn6851_firmwarewcn3988_firmwareqca6574ausa6145p_firmwaresa8155p_firmwaresd778g_firmwaresa8195pwsa8810_firmwarewcd9341_firmwaresw5100sd480wsa8810wcn6855wcn6851wcd9335sa6155psw5100p_firmwareqca8081qcs610_firmwarewcn6856sa6145pqca6174a_firmwarewcd9385wcd9341qca6696_firmwareqcs6490_firmwaresa8145pwcn6740qca6696qca6391_firmwaresa4150p_firmwarear8035wcd9375sd780g_firmwarewcn6750_firmwaresa8150pwcd9370_firmwaresa6150psd888_firmwaresa8155pwsa8830_firmwareqcm6490sd888_5g_firmwarewcn3988wcn6850_firmwarewsa8815_firmwarewsa8835_firmwaresa8195p_firmwaresw5100_firmwaresdx12qcs410_firmwaresa8295p_firmwaresa4155psa4150par8035_firmwareSnapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-416
Use After Free
CVE-2021-35091
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.09% / 27.24%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 10:11
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible out of bounds read due to improper typecasting while handling page fault for global memory in Snapdragon Connectivity, Snapdragon Mobile

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn6855_firmwarewsa8830_firmwarewcd9380_firmwarewsa8830wsa8835wcn6856wsa8835_firmwarewcd9380wcn6855sm8475wcn6856_firmwaresd_8_gen1_5g_firmwareSnapdragon Connectivity, Snapdragon Mobile
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2021-35126
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.11% / 30.17%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 10:11
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption in DSP service due to improper validation of input parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn6740_firmwaresd_8cx_gen3_firmwaresd778gwcd9380_firmwarewsa8830sd780gqcs6490qcm6490_firmwarewcn6851_firmwarewcn6856_firmwaresd888wsa8835sd778g_firmwarewcd9380sd888_5gwcn6855wcn6851wcd9370wcn6856wcn6855_firmwaresm7325pwcd9385qca6696_firmwareqcs6490_firmwarewcn6750wcn6740qca6696sd_8cx_gen3qca6391_firmwareqam8295pwcd9385_firmwarewcd9375sd780g_firmwarewcd9370_firmwaresd_8_gen1_5g_firmwarewcn6750_firmwaresd888_firmwaresm7325p_firmwarewcn6850wsa8830_firmwareqam8295p_firmwareqcm6490sd888_5g_firmwaresm7315_firmwarewcn6850_firmwarewsa8835_firmwarewcd9375_firmwaresm8475sm7315sa8295p_firmwareqca6391sa8295pSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2021-35103
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.53%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 04:40
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible out of bound write due to improper validation of number of timer values received from firmware while syncing timers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa6150p_firmwareipq4028_firmwareqca8337ar9380ipq8173_firmwarewcd9360_firmwaresdx65qcn5124qca4024_firmwarewcn3950_firmwareipq8078aipq5028_firmwaresa8150p_firmwareqca6595au_firmwaresa6155qcs6125_firmwaresa415mwcn3998qca6554a_firmwarewcn3950ipq8076aqcn6024_firmwaresd_8_gen1_5g_firmwaresm6375_firmwaresd460_firmwaresm7315_firmwareqca6574au_firmwareqcn5164_firmwarewcd9375_firmwareqca8081_firmwaresa6155_firmwarewcn3998_firmwarewcd9360ipq8070_firmwareipq8065ipq8078a_firmwareqrb5165_firmwareipq5028qca7500ipq4029_firmwareqcs6125qrb5165m_firmwaresa4155p_firmwaresa8155_firmwareipq6010sd662_firmwareipq8068qcn6132sd765gsw5100qca6436wcn6851sa6155pqca9888_firmwareqcn6122ipq8068_firmwareqca6696_firmwaresd870_firmwareqcn5154_firmwaresa8150pwsa8830_firmwareqca9992_firmwaresd865_5g_firmwarewcn3988sa8195p_firmwaresm8475qca9898qcn5022_firmwarewcn6750_firmwareipq4028ipq5018_firmwaresm6375qca9985_firmwarewcn3991ipq4018_firmwareqca8337_firmwarewcd9380_firmwareipq8072aqca7500_firmwareqca9980_firmwaresw5100pipq8076a_firmwareipq8078qca6564ausdx55m_firmwareipq8173wcn6856_firmwareqcn5164qca6574csr8811_firmwarewcd9380qcn5054_firmwareipq4019_firmwareqcn5024qca8072_firmwareqca9985qcn9012_firmwareqcn5052_firmwarewcn3980ipq6018_firmwarewsa8815wcn6850pmp8074_firmwareqcn6112qca6426_firmwareqca9984ipq6028ipq8064qcn9024pmp8074wcn3980_firmwaresdx55mipq8064_firmwarewcn6740_firmwareipq8078_firmwareqcn5054qrb5165wcn6851_firmwareipq8070qca9994qca9980qcn9024_firmwareipq8174_firmwareqca9880sd480sd870wcn6855sw5100p_firmwareipq6018sa6145pqca9886_firmwareqca6595_firmwaresa8145pqca6391_firmwaresa4150p_firmwareqca4024sd780g_firmwarewcd9370_firmwaresdx55sd888_firmwareqcn5021_firmwaresa8155psa4155par8035_firmwareqcn5024_firmwarewcn3991_firmwarewsa8830qcn9070sa8145p_firmwarecsrb31024qcn9072qca9880_firmwareqca9992sd765g_firmwareqca6390_firmwarewcd9370qcn5152_firmwareqca6426qca6584au_firmwareqrb5165n_firmwareqcn9000_firmwareqca9984_firmwareipq5018wcd9385_firmwaresdxr2_5g_firmwareipq8074asd662qcn5124_firmwareqcn6100_firmwareqcn6102_firmwareqcn9011_firmwaresa8155qcn5122_firmwaresdx55_firmwareqca6595auqcn6023_firmwaresm7250p_firmwareqca6436_firmwareqrb5165nipq5010qca6564au_firmwareqca6584ausa6155p_firmwaresd778gsm6225sa515m_firmwareipq8174qca9990sdxr2_5gqcs6490qcn5052qcn6112_firmwaresa415m_firmwarewcn3988_firmwareqcn9074sa6145p_firmwaresd778g_firmwaresa8195pwsa8810_firmwaresd765_firmwareqca8081ipq8071aqcn6023ipq8071a_firmwarewcd9385qcs6490_firmwarear8035csr8811qca6390qca9898_firmwareipq4019wcd9375qcn9100_firmwareipq5010_firmwareipq8074a_firmwareqcm6490sd888_5g_firmwarewcn6850_firmwarewsa8815_firmwarewsa8835_firmwaresa4150pqcm6125_firmwareqca8072qcn9000sd780gqca6554asd865_5gqca6595ar9380_firmwareqcn9012sd888qcn6122_firmwareipq8065_firmwarewsa8835sd888_5gqcn5154qca8075_firmwareipq4018qca6574awcn6855_firmwareqca9889sm7325pqcn6132_firmwareqca9888qca9994_firmwarewcn6750ipq8070a_firmwareipq8076_firmwaresa515mqca6574_firmwareqca9886sm7325p_firmwareipq8076sd765qca6574a_firmwareqcn5021qcn5152sd768g_firmwareqrb5165msm7315sd460qca6391qcn6102qcn9100sdx65_firmwarecsrb31024_firmwareqcm6490_firmwareqcn9070_firmwaresd480_firmwareipq6028_firmwareipq8072a_firmwareqcn9011sm6225_firmwareqca6574auqca9889_firmwaresa8155p_firmwareqcn5122qcm6125wsa8810wcn6856qcn5022ipq6010_firmwaresd768gwcn6740qca6696sa6150pqca8075qcn9022_firmwareqcn6024qcn9022qca9990_firmwareipq8070aqcn6100qcn9072_firmwaresm7250psw5100_firmwareqcn9074_firmwareipq4029Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-35110
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-8.1||HIGH
EPSS-0.10% / 27.87%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 04:40
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer overflow to improper validation of hash segment of file while allocating memory in Snapdragon Connectivity, Snapdragon Mobile

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn6855_firmwarewsa8830_firmwarewcd9380_firmwarewsa8830wsa8835wcn6856wsa8835_firmwarewcd9380wcn6855sm8475wcn6856_firmwaresd_8_gen1_5g_firmwareSnapdragon Connectivity, Snapdragon Mobile
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2021-35069
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.51%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 10:40
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation of data length received from DMA buffer can lead to memory corruption. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fsm10055sa6150p_firmwaresm6250p_firmwareqcs610ipq4028_firmwareqcn5550qca8337ar9380ipq8173_firmwarewcd9360_firmwaresdx65qcn5124qca4024_firmwarewcn3950_firmwareipq8078aipq5028_firmwaresa8150p_firmwareqcs2290qca6595au_firmwaresa6155qcn5064csra6620_firmwaresd_675_firmwarecsra6640_firmwareqcs6125_firmwaresa415mwcn3998qca6554a_firmwarewcn3950qcn6024_firmwaresd720gipq8076asd_8_gen1_5g_firmwaresm6375_firmwaresd460_firmwaresm7315_firmwareqca6428qca6574au_firmwareqcn5164_firmwareipq8071wcd9375_firmwareqca8081_firmwarewcn3998_firmwaresa6155_firmwarewcd9360qca6438_firmwareipq8070_firmwareipq8065ipq8078a_firmwarewcn3999qrb5165_firmwareipq5028qca7500ipq8072_firmwareipq4029_firmwareqcs6125qrb5165m_firmwaresa8155_firmwareipq6010sd662_firmwareipq8068qcs405qcn6132sd765gfsm10056_firmwareqca6436wcn6851sa6155pqca9888_firmwareqcn6122wcd9341ipq8068_firmwareqca6696_firmwaresd870_firmwaresd750gqcn5154_firmwarewcn3910_firmwaresa8150pwsa8830_firmwareqca9992_firmwaresd660sd865_5g_firmwaresd855_firmwarewcn3988qca6438sd660_firmwaresa8195p_firmwaresm8475qcn5022_firmwarewcn6750_firmwareqca9898ipq4028qca6428_firmwareipq5018_firmwaresm6375qca9985_firmwarewcn3991ipq4018_firmwareqca8337_firmwarewcd9380_firmwareipq8072aqca7500_firmwareqca9980_firmwaremsm8996au_firmwareipq8076a_firmwareipq8078qca6564ausdx55m_firmwareipq8173wcn6856_firmwareqcn5164qca6574csr8811_firmwarewcd9380qcn5054_firmwareqcs410qcn5024sd690_5g_firmwareipq4019_firmwareqca8072_firmwareqca9985qcn9012_firmwarewcd9335_firmwareqcn5052_firmwarewcn3980ipq6018_firmwarewsa8815wcn6850pmp8074_firmwareqcn6112wcn3910qca6426_firmwareqca9984ipq6028ipq8064qcn9024pmp8074wcn3980_firmwaresd730qcn5550_firmwaresdx55mipq8064_firmwarewcn6740_firmwareqcn5064_firmwaresd678_firmwarear8031_firmwareipq8078_firmwareqcn5054qrb5165wcn6851_firmwareipq8070qca9994qca9980qcn9024_firmwareipq8174_firmwareqca6564a_firmwareqca9880qcm4290_firmwaresd480sd870wcn6855qcs610_firmwaresa6145pipq6018qca9886_firmwaresdxr1ar8031apq8096auqca6595_firmwareqcs405_firmwaresa8145pqca6391_firmwareqca4024wcd9370_firmwaresd780g_firmwaresdx55sd888_firmwareqcn5021_firmwaresd675csra6640sa8155par8035_firmwareqcm2290qcn5024_firmwarewcn3991_firmwarewsa8830sd678qcn9070sa8145p_firmwareqcs2290_firmwarefsm10056csrb31024csra6620fsm10055_firmwareqcn9072qca9880_firmwareqca9992qcs4290sd765g_firmwareqca6390_firmwaresd690_5gipq6000sd730_firmwarewcd9370sd675_firmwareipq8072qcn5152_firmwareqca6564qca6426qca6584au_firmwarewcn3990_firmwareqrb5165n_firmwareqcn9000_firmwareqca9984_firmwareipq5018wcd9385_firmwaresdxr2_5g_firmwarewcd9326_firmwareipq8074asd662qcn5124_firmwareqcn6102_firmwareqcn9011_firmwareqcn6100_firmwaresa8155qcn5122_firmwaresdx55_firmwareqca6595auqcn6023_firmwarewcn3999_firmwaresm7250p_firmwareqca6436_firmwareqrb5165nipq5010qca6564au_firmwareqca6584ausd778gsa6155p_firmwaresm6225ipq8174sa515m_firmwareqca9990qcs6490sdxr2_5gqcn5052qcn6112_firmwaresa415m_firmwarewcn3988_firmwareqcn9074sa6145p_firmwaresm6250sd778g_firmwaresa8195pwsa8810_firmwaresd765_firmwarewcd9326wcd9335qca8081qcn6023ipq8071aipq8071a_firmwareqcs4290_firmwarewcd9385qcs6490_firmwareqca6390qca9898_firmwaresd750g_firmwareaqt1000wcd9375ar8035sm6250_firmwarecsr8811ipq4019qcn9100_firmwareipq5010_firmwareipq8074a_firmwaresd888_5g_firmwarewsa8815_firmwareqcm6490wcn6850_firmwarewsa8835_firmwareqcx315qca6564aqcm6125_firmwareqca8072qcm2290_firmwarewcn3990qcn9000sd_675sd780gqca6554asd865_5gqca6595ar9380_firmwareqcn9012sd888qcn6122_firmwareipq8065_firmwareqcx315_firmwarewsa8835msm8996ausd665_firmwaresd888_5gsm6250pqcn5154qca8075_firmwareipq4018qca6574awcn6855_firmwareqca9889sm7325pqcn6132_firmwareqca9888ipq8074qca9994_firmwarewcn6750ipq8070a_firmwareipq8076_firmwaresa515mqca6574_firmwareqca9886sd855sm7325p_firmwaresd665ipq8076qca6175asd765qca6574a_firmwareqcn5021qcn5152sd768g_firmwareqrb5165msm7315sd460qca6391sdxr1_firmwareaqt1000_firmwareqcn6102qcn9100sdx65_firmwareqcm4290csrb31024_firmwareqcm6490_firmwareqcn9070_firmwaresd480_firmwareipq6028_firmwareipq8072a_firmwareqcn9011sm6225_firmwareipq8074_firmwareqca6574auqca9889_firmwaresa8155p_firmwareqcn5122wcd9341_firmwareqcm6125wsa8810wcn6856qcn5022qca6564_firmwaresd768gipq6010_firmwarewcn6740qca6696sa6150pqca8075qcn9022_firmwareapq8096au_firmwareqcn6024qcn9022qca9990_firmwareipq8070aqcn6100qcn9072_firmwaresm7250pipq6000_firmwaresd720g_firmwareipq8071_firmwareqcn9074_firmwareqcs410_firmwareipq4029qca6175a_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-10606
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.80%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 06:30
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bound access will occur in USB driver due to lack of check to validate the frame size passed by user in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, QCS605, SDX24

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-msm8920sdx24_firmwaremsm8937sdx24msm8920_firmwareqcs605mdm9607_firmwaremsm8940msm8940_firmwaremsm8909w_firmwaremdm9607msm8917_firmwaremsm8937_firmwaremsm8917msm8909wqcs605_firmwareSnapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-35106
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.09% / 27.24%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 04:40
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible out of bound read due to improper length calculation of WMI message. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fsm10055wcn3991_firmwarewsa8830sd678sa6150p_firmwaresa8145p_firmwareqcs610qcs2290_firmwarefsm10056qca8337csrb31024wcd9360_firmwaresdx65csra6620fsm10055_firmwareqcs4290wcn3950_firmwaresa8150p_firmwaresd765g_firmwareqcs2290qca6595au_firmwareqca6390_firmwaresa6155sd690_5gsd730_firmwarewcd9370csra6620_firmwaresd_675_firmwaresd675_firmwarecsra6640_firmwareqcs6125_firmwareqca6426qca6584au_firmwarewcn3990_firmwareqrb5165n_firmwaresa415mwcn3998qca6554a_firmwarewcd9385_firmwaresdxr2_5g_firmwarewcn3950wcd9326_firmwaresd720gsd_8_gen1_5g_firmwaresm6375_firmwaresd662sd460_firmwaresa8155sm7315_firmwareqca6574au_firmwaresdx55_firmwareqca6595auqca8081_firmwaresa6155_firmwarewcd9375_firmwaresm7250p_firmwarewcn3998_firmwarewcn3999_firmwarewcd9360qca6436_firmwareqrb5165nqca6564au_firmwareqca6584ausa6155p_firmwaresd778gsm6225wcn3999sa515m_firmwareqcs6490qrb5165m_firmwareqrb5165_firmwaresdxr2_5gsa4155p_firmwareqcs6125sa8155_firmwaresd662_firmwaresa415m_firmwareqcs405wcn3988_firmwaresa6145p_firmwaresm6250sd778g_firmwaresa8195pwsa8810_firmwaresd765gsw5100sd765_firmwarefsm10056_firmwareqca6436wcd9326wcd9335sa6155pwcn6851qca8081qcs4290_firmwarewcd9385wcd9341qca6696_firmwareqcs6490_firmwaresd750gsd870_firmwarear8035qca6390sd750g_firmwareaqt1000sa8150pwcd9375sm6250_firmwarewcn3910_firmwarewsa8830_firmwaresd855_firmwaresd660sd865_5g_firmwareqcm6490sd888_5g_firmwarewcn3988sd660_firmwarewcn6850_firmwarewsa8815_firmwaresa8195p_firmwarewsa8835_firmwaresm8475qca6564awcn6750_firmwaresa4150pqcm6125_firmwareqcm2290_firmwaresm6375wcn3991qca8337_firmwarewcd9380_firmwarewcn3990sd_675sw5100psd780gqca6554asd865_5gqca6595qca6564ausdx55m_firmwarewcn6856_firmwaresd888wsa8835qca6574wcd9380sd888_5gqca6574asd690_5g_firmwarewcn6855_firmwaresm7325pwcd9335_firmwarewcn3980wcn6750sa515mqca6574_firmwaresd855wsa8815sm7325p_firmwarewcn6850wcn3910qca6175asd765qca6426_firmwareqca6574a_firmwaresd768g_firmwareqrb5165mwcn3980_firmwaresm7315sd460qca6391sd730sdx55msdxr1_firmwareaqt1000_firmwarewcn6740_firmwaresdx65_firmwaresd678_firmwarear8031_firmwarecsrb31024_firmwareqcm4290qcm6490_firmwareqrb5165sd480_firmwarewcn6851_firmwaresm6225_firmwareqca6574ausa8155p_firmwareqca6564a_firmwarewcd9341_firmwareqcm6125qcm4290_firmwaresd480sd870wcn6855wsa8810sw5100p_firmwareqcs610_firmwarewcn6856sa6145psdxr1sd768gar8031qca6595_firmwareqcs405_firmwaresa8145pwcn6740qca6696qca6391_firmwaresa4150p_firmwaresd780g_firmwarewcd9370_firmwaresa6150psd888_firmwaresdx55sa8155pcsra6640sd675sm7250psd720g_firmwaresw5100_firmwaresa4155pqca6175a_firmwarear8035_firmwareqcm2290Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-10558
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.80%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 06:30
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

While transferring data from APPS to DSP, Out of bound in FastRPC HLOS Driver due to the data buffer which can be controlled by DSP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM6150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9640_firmwaresdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632sdx24sdm439mdm9650sdm429msm8940_firmwaresm6150msm8909w_firmwaremsm8996ausdm429w_firmwareapq8009_firmwaremsm8917sxr2130qcs605_firmwaremdm9206sdx24_firmwaresdm636sda845_firmwareapq8098qcn7605mdm9206_firmwareqcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaresda660sdx55_firmwaresxr1130_firmwaresxr1130msm8909wapq8009apq8053_firmwaresda845nicobarmsm8920msm8953sdm450sdm636_firmwaresdm845_firmwareapq8098_firmwaresdx20msm8998_firmwaresdm660msm8920_firmwaresdm630mdm9607_firmwaresm8250_firmwareqm215mdm9607apq8017_firmwareqcn7605_firmwaremsm8937mdm9207c_firmwaremdm9207csm8150_firmwaresxr2130_firmwareapq8096ausdm439_firmwaresdm630_firmwaresda660_firmwareqm215_firmwaresdx55msm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaresm8250msm8998sm8150sdx20_firmwareapq8017nicobar_firmwaresdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CVE-2019-10604
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.80%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 08:56
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possibility of heap-buffer-overflow during last iteration of loop while populating image version information in diag command response packet, in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MDM9607, MDM9640, MSM8909W, MSM8917, MSM8953, Nicobar, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDM429, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa6155p_firmwaremdm9640_firmwaremsm8953sdm450sdm845_firmwaresdm632_firmwareapq8098_firmwaresdm845sdm450_firmwaresdm632sdm439mdm9607_firmwaresm8250_firmwaresdm429sm7150_firmwaresdm710msm8909w_firmwaremdm9607qm215sm6150sdm710_firmwaresm7150msm8917sa6155psdm670sxr2130qcs605_firmwaresdm670_firmwaresm8150_firmwaresxr2130_firmwareapq8096ausdm439_firmwarerennellapq8098sda660_firmwarerennell_firmwareqm215_firmwareqcs605msm8953_firmwareapq8053apq8096au_firmwaresaipan_firmwaresm6150_firmwaremsm8917_firmwaresdm429_firmwaresm8250sm8150sda660sxr1130_firmwarenicobar_firmwaremsm8909wsaipansxr1130apq8053_firmwarenicobarmdm9640Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-10596
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.80%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Improper access control can lead signed process to guess pid of other processes and access their address space' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Bitra, Nicobar, QCS605, QCS610, Rennell, SA6155P, Saipan, SC7180, SC8180X, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm850_firmwaresa6155p_firmwareqcs610sdm845sm8250_firmwaresc8180x_firmwaresm7150_firmwaresdm710sc7180_firmwaresm6150sdm710_firmwaresm7150sa6155psdm670qcs610_firmwaresxr2130sc8180xqcs605_firmwaresdm670_firmwaresm8150_firmwaresxr2130_firmwarerennellsc7180bitrarennell_firmwareqcs605saipan_firmwaresm6150_firmwaresm8250bitra_firmwaresm8150sdm850sxr1130_firmwarenicobar_firmwaresaipansxr1130nicobarsdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
CVE-2019-10600
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.09% / 27.24%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 05:25
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use of local variable as argument to netlink CB callback goes out of it scope when callback triggered lead to invalid stack memory in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCA8081, QCS405, QCS605, QM215, SA6155P, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwaresdm632_firmwaremsm8996au_firmwaresdm845sdm450_firmwaresdm632sdx24sdm439mdm9650sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996ausm7150apq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwareipq4019_firmwaremdm9206sdm670_firmwaresdx24_firmwareipq8074sdm636sda845_firmwareapq8098mdm9206_firmwaremsm8939qcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwareqca6574au_firmwaresdx55_firmwareipq8064sxr1130_firmwareqca8081_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwareipq8064_firmwaresda845nicobarsa6155p_firmwaremsm8920msm8953sdm450sdm636_firmwareapq8098_firmwaresdx20msm8998_firmwaresdm660msm8920_firmwaresdm630mdm9607_firmwaresm8250_firmwareqcs405ipq8074_firmwareqca6574ausdm710qm215mdm9607apq8017_firmwaresdm710_firmwaremsm8939_firmwaresa6155pqca8081mdm9150msm8937mdm9207c_firmwaremdm9207csm8150_firmwaremsm8909sxr2130_firmwareapq8096ausdm439_firmwareqcs405_firmwaresdm630_firmwareqm215_firmwareipq4019sdx55msm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaresm8250msm8998sm8150sdx20_firmwareapq8017nicobar_firmwaresdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-10537
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.80%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 05:25
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation of event buffer extracted from FW response can lead to integer overflow, which will allow to pass the length check and eventually will lead to buffer overwrite when event data is copied to context buffer in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, Nicobar, QCA6574AU, QCN7605, QCS405, QCS605, SDM660, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sm8150_firmwaresxr2130_firmwaresdm660_firmwareqcs405_firmwaresdm845qcn7605sdm660mdm9607_firmwaresm8250_firmwareqcs605sdx55qcs405sm7150_firmwareqca6574ausm6150_firmwaresm6150sm8250mdm9607sm8150qca6574au_firmwaresdx55_firmwaresm7150sxr1130_firmwareqcn7605_firmwarenicobar_firmwaresxr1130sxr2130qcs605_firmwarenicobarsdm845_firmwareSnapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-10607
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.09% / 27.24%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 05:25
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds memcpy can occur by providing the embedded NULL character string and length greater than the actual string length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8996, MSM8996AU, QCA4531, QCA8081, QCA9531, QCA9558, QCA9886, QCA9980, QCN7605, QCS605, SDA660, SDX20, SDX24, SDX55, SM8150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca4531_firmwaremdm9640_firmwareqca9980_firmwaremsm8996au_firmwaresdx24mdm9650msm8940_firmwareqca9558_firmwareqca9558msm8909w_firmwaremsm8996auapq8009_firmwaremsm8917qcs605_firmwareipq4019_firmwaremdm9206sdx24_firmwareipq8074qca4531apq8098qcn7605mdm9615mdm9206_firmwaremsm8939qcs605qca9886msm8937_firmwaremdm9650_firmwaremsm8905_firmwaresda660sdx55_firmwareipq8064sxr1130_firmwareapq8064_firmwareqca8081_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwareipq8064_firmwaremsm8920apq8064apq8098_firmwaresdx20msm8920_firmwaremdm9607_firmwareqca9531ipq8074_firmwaremdm9607qca9980apq8017_firmwaremsm8939_firmwareqcn7605_firmwareqca8081msm8937mdm9207c_firmwaremsm8996_firmwaremsm8905mdm9207cqca9886_firmwaresm8150_firmwaremsm8909apq8096ausda660_firmwareipq4019sdx55msm8940apq8053apq8096au_firmwaremsm8917_firmwaremdm9615_firmwaresm8150sdx20_firmwareqca9531_firmwareapq8017msm8996mdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-10615
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.51%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-04 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Possibility of integer overflow in keymaster 4 while allocating memory due to multiplication of large numcerts value and size of keymaster bob which can lead to memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwarekamorta_firmwareqcm2150_firmwareqcs610sdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632sdx24sdm439qcs404_firmwaremdm9650sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996ausdm429w_firmwaresm7150apq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwaresc8180xmdm9206sdm670_firmwareqcs404sdx24_firmwaresdm636sda845_firmwaresa415mapq8098mdm9205mdm9206_firmwaresa515mqcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaremsm8905_firmwaresda660sdx55_firmwaresxr1130_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwaresda845nicobarsdm850_firmwaresa6155p_firmwaremsm8920msm8953sdm450sdm636_firmwaresa515m_firmwareapq8098_firmwaremsm8998_firmwareqcm2150msm8920_firmwaresdm630mdm9607_firmwaresm8250_firmwaresdm660sc8180x_firmwaresa415m_firmwareqcs405sdm710qm215sc7180_firmwaremdm9607apq8017_firmwaresdm710_firmwaresa6155pqcs610_firmwaremdm9150msm8937msm8996_firmwaremsm8905sm8150_firmwaremsm8909sxr2130_firmwareapq8096ausdm439_firmwareqcs405_firmwarerennellsc7180sdm630_firmwaremdm9205_firmwaresda660_firmwarerennell_firmwareqm215_firmwaresdx55msm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaresm8250msm8998sm8150sdm850kamortaapq8017msm8996nicobar_firmwaresdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-10562
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.29%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Improper authentication and signature verification of debug polices in secure boot loader will allow unverified debug policies to be loaded into secure memory and leads to memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ6018, Kamorta, MSM8998, Nicobar, QCS404, QCS605, QCS610, Rennell, SA415M, SA6155P, SC7180, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm850_firmwarekamorta_firmwaresa6155p_firmwareqcs610sdm636_firmwaresdm845msm8998_firmwaresdm660sdx24sdm630qcs404_firmwaresm8250_firmwaresa415m_firmwaresm7150_firmwaresdm710sc7180_firmwaresm6150sdm710_firmwaresm7150sa6155psdm670qcs610_firmwaresxr2130qcs605_firmwareipq6018sdm670_firmwareqcs404sdx24_firmwaresm8150_firmwaresxr2130_firmwaresdm636sda845_firmwarerennellsa415msc7180sdm630_firmwaresda660_firmwarerennell_firmwareipq6018_firmwareqcs605sdx55sm6150_firmwaresm8250msm8998sm8150sdm850sda660kamortasdx55_firmwaresxr1130_firmwarenicobar_firmwaresxr1130sdm660_firmwaresda845nicobarsdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-10605
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.09% / 27.24%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 05:25
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overwrite can occur in IEEE80211 header filling function due to lack of range check of array index received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, IPQ8074, MDM9607, MDM9650, MSM8909, MSM8939, QCN7605, SDA660, SDM630, SDM636, SDM660, SDX20, SDX24

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-msm8909sdx24_firmwaresdm636_firmwareipq8074sdm636sdm630_firmwaresda660_firmwaresdx20qcn7605sdm660sdx24sdm630mdm9607_firmwaremsm8939mdm9650apq8053ipq8074_firmwaremdm9607mdm9650_firmwaresdx20_firmwaresda660msm8939_firmwareapq8009_firmwareqcn7605_firmwareapq8009msm8909_firmwareapq8053_firmwaresdm660_firmwareSnapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-10598
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.09% / 27.24%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 05:25
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound access can occur while processing peer info in IBSS connection mode due to lack of upper bounds check to ensure that for loop further will not cause an overflow in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053, APQ8096AU, MDM9607, MSM8996AU, QCA6574AU, QCN7605, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm636_firmwaremsm8996au_firmwaresdm845sdx20sdm660sdx24sdm630mdm9607_firmwaresm7150_firmwareqca6574ausm6150mdm9607msm8996ausm7150qcn7605_firmwareqcs605_firmwaresm8150_firmwaresdx24_firmwareapq8096ausdm636sda845_firmwaresdm630_firmwaresda660_firmwareqcn7605qcs605sdx55apq8053apq8096au_firmwaresm6150_firmwaresm8150sdx20_firmwareqca6574au_firmwaresda660sdx55_firmwaresxr1130_firmwaresxr1130apq8053_firmwaresdm660_firmwaresda845sdm845_firmwareSnapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-10601
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.09% / 27.24%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 05:25
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound access can occur while processing firmware event due to lack of validation of WMI message received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MSM8996AU, Nicobar, QCA6574AU, QCN7605, QCS405, SDM630, SDM636, SDM660, SDM845, SM6150, SM7150, SM8150

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm636_firmwaremsm8996au_firmwaresdm845sdm660sdm630qcs405sm7150_firmwareipq8074_firmwareqca6574ausm6150msm8996ausm7150qcn7605_firmwareipq4019_firmwaresm8150_firmwareipq8074apq8096ausdm636qcs405_firmwaresdm660_firmwaresdm630_firmwareqcn7605ipq4019apq8096au_firmwaresm6150_firmwaresm8150ipq8064qca6574au_firmwarenicobar_firmwareipq8064_firmwarenicobarsdm845_firmwareSnapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2019-10582
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.69%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 06:30
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free issue due to using of invalidated iterator to delete an object in sensors HAL in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8096AU, MSM8909W, Nicobar, QCS605, SA6155P, SDA845, SDM429W, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa6155p_firmwaresdm429wsdm845mdm9607_firmwaresm8250_firmwaresdm710msm8909w_firmwaremdm9607sm6150sdm429w_firmwaresdm710_firmwaresa6155psdm670sxr2130qcs605_firmwaresdm670_firmwaresm8150_firmwaresxr2130_firmwareapq8096ausda845_firmwareqcs605apq8096au_firmwaresm6150_firmwaresm8250sm8150sxr1130_firmwarenicobar_firmwaremsm8909wsxr1130sda845nicobarsdm845_firmwareSnapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-416
Use After Free
CVE-2019-10628
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.09% / 27.24%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-04 Aug, 2024 | 22:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Memory can be potentially corrupted if random index is allowed to manipulate TLB entries in Kernel from user library' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8098, Bitra, MDM9205, MDM9650, MSM8998, Nicobar, QCA6390, QCN7605, QCS404, QCS405, QCS605, QCS610, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcs610sdm845sdx24qcs404_firmwaremdm9650sm7150_firmwaresm6150sm7150qca6390_firmwaresdm670sxr2130qcs605_firmwaresc8180xsdm670_firmwareqcs404sdx24_firmwaresdm636sda845_firmwaresa415mbitraapq8098qcn7605mdm9205qcs605bitra_firmwaremdm9650_firmwaresda660sdx55_firmwaresxr1130_firmwaresxr1130sda845nicobarsdm850_firmwaresa6155p_firmwaresdm636_firmwareapq8098_firmwaresdx20msm8998_firmwaresdm660sdm630sm8250_firmwaresc8180x_firmwaresa415m_firmwareqcs405sdm710sc7180_firmwaresdm710_firmwareqcn7605_firmwaresa6155pqcs610_firmwaresm8150_firmwaresxr2130_firmwareqcs405_firmwarerennellsc7180sdm630_firmwaremdm9205_firmwaresda660_firmwarerennell_firmwareqca6390sdx55saipan_firmwaresm6150_firmwaresm8250msm8998sm8150sdx20_firmwaresdm850nicobar_firmwaresaipansdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2019-10629
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.09% / 27.24%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-04 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'User Process can potentially corrupt kernel virtual page by passing a crafted page in API' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Bitra, IPQ6018, IPQ8074, MDM9205, Nicobar, QCA8081, QCN7605, QCS404, QCS405, QCS605, QCS610, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm850_firmwaresa6155p_firmwareqcs610sdm845sdx20sdx24qcs404_firmwaresm8250_firmwaresc8180x_firmwaresa415m_firmwareqcs405sm7150_firmwareipq8074_firmwaresdm710sc7180_firmwaresm6150sdm710_firmwaresm7150qcn7605_firmwaresa6155psdm670qca8081qcs610_firmwareqcs605_firmwaresc8180xsxr2130ipq6018sdm670_firmwareqcs404sdx24_firmwaresm8150_firmwareipq8074sxr2130_firmwareqcs405_firmwarerennellsa415msc7180bitrasda845_firmwaremdm9205_firmwareqcn7605rennell_firmwareipq6018_firmwaremdm9205qcs605sdx55saipan_firmwaresm6150_firmwaresm8250bitra_firmwaresm8150sdx20_firmwaresdm850sxr1130_firmwaresdx55_firmwareqca8081_firmwarenicobar_firmwaresaipansxr1130sda845nicobarsdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2019-10602
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.69%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 06:30
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Potential use-after-free heap error during Validate/Present calls on display HW composer in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCS605, SDA660, SDM845, SDX20, SM8150

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-msm8920msm8953msm8996au_firmwareapq8098_firmwaresdm845sdx20msm8920_firmwaremdm9607_firmwaremdm9650msm8940_firmwaremsm8909w_firmwaremdm9607msm8996aumsm8917msm8937mdm9207c_firmwareqcs605_firmwaremdm9206mdm9207csm8150_firmwareapq8096auapq8098sda660_firmwaremdm9206_firmwareqcs605msm8940apq8053apq8096au_firmwaremsm8953_firmwaremsm8917_firmwaremsm8937_firmwaremdm9650_firmwaresm8150sdx20_firmwaresda660msm8909wapq8053_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-416
Use After Free
CVE-2019-10583
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.69%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 06:30
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free issue occurs when camera access sensors data through direct report mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8096AU, MDM9607, MSM8909W, Nicobar, QCS605, SA6155P, SDA845, SDM429W, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa6155p_firmwaresdm429wsdm845mdm9607_firmwaresm8250_firmwaresdm710msm8909w_firmwaremdm9607sm6150sdm429w_firmwaresdm710_firmwaresa6155psdm670sxr2130qcs605_firmwaresdm670_firmwaresm8150_firmwaresxr2130_firmwareapq8096ausda845_firmwareqcs605apq8096au_firmwaresm6150_firmwaresm8250sm8150sxr1130_firmwarenicobar_firmwaremsm8909wsxr1130sda845nicobarsdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-416
Use After Free
CVE-2019-10492
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.52%
||
7 Day CHG~0.00%
Published-30 Sep, 2019 | 15:40
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Boot image not getting verified by AVB in Snapdragon Auto, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 820, SD 820A, SDM439

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_427_firmwaresd_632sd_820aqualcomm_215sd_439sd_425sd_429sd_430_firmwaremdm9607_firmwaresd_435sdm439sd_625msm8909w_firmwaremdm9607sd_210sd_820_firmwaresd_820sd_450_firmwaresd_439_firmwaresd_820a_firmwarequalcomm_215_firmwaresd_429_firmwaresd_425_firmwaresd_212_firmwaresd_625_firmwaresd_450sdm439_firmwaresd_427sd_430sd_435_firmwaresd_632_firmwaresd_205sd_210_firmwaremsm8909wsd_205_firmwaresd_212Snapdragon Auto, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2019-10499
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.61%
||
7 Day CHG~0.00%
Published-30 Sep, 2019 | 15:40
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation of read and write index of tx and rx fifo`s before using for data copy from fifo can lead to out-of-bound access. in Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, QCS405, SD 665, SD 675, SD 730, SD 855

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_730sd_855sd_665sd_730_firmwareipq8074sd_675qcs405_firmwareipq4019_firmwareipq4019qcs405ipq8074_firmwareipq8064sd_665_firmwareipq8064_firmwaresd_675_firmwaresd_855_firmwareSnapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2019-10595
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.09% / 27.24%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 05:25
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer overwrite in message handler due to lack of validation of tid value calculated from packets received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, APQ8064, APQ8096AU, IPQ4019, IPQ8064, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909, MSM8909W, MSM8939, MSM8996AU, QCA4531, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCA9558, QCA9880, QCA9886, QCA9980, SDA660, SDM630, SDM636, SDM660, SDX20, SDX24

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwareqca4531_firmwaremdm9640_firmwaresdm636_firmwareapq8064qca9980_firmwaremsm8996au_firmwaresdx20sdm660sdx24sdm630mdm9607_firmwaremdm9650qca9558qca9558_firmwareqca6574aumdm9607msm8996auqca9880_firmwareqca9980qca9880msm8939_firmwareapq8009_firmwareipq4019_firmwaremdm9207c_firmwaremdm9206mdm9207cqca6174a_firmwareqca6174aqca9379_firmwareqca9886_firmwaremsm8909sdx24_firmwareapq8096ausdm636sdm660_firmwareqca9377qca4531sdm630_firmwaresda660_firmwaremdm9615mdm9206_firmwaremsm8939ipq4019qca9886apq8053apq8096au_firmwaremdm9615_firmwaremdm9650_firmwaresdx20_firmwareipq8064qca6574au_firmwaresda660apq8064_firmwareapq8009qca9379msm8909_firmwareapq8053_firmwareipq8064_firmwaremdm9640Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CVE-2021-30349
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-8.2||HIGH
EPSS-0.11% / 29.43%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 10:11
Updated-03 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control sequence for AC database after memory allocation can lead to possible memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fsm10055qca9377_firmwaresd_8cx_gen3_firmwaresa6150p_firmwareqcs610qca8337wcd9360_firmwareqca4024_firmwarewcn3950_firmwaresa8150p_firmwareqcs2290qca6595au_firmwaresa6155csra6620_firmwareqcs605_firmwarecsra6640_firmwareqcs6125_firmwaresa415mwcn3998sd_8cx_gen2_firmwareqcn6024_firmwarewcn3950sm6375_firmwarewcn3660bsd460_firmwareqca6574au_firmwarewcd9375_firmwarewcn3998_firmwareqca8081_firmwaresa6155_firmwareqca6420wcd9360sd680_firmwarewcn3999sd_8cx_gen2qrb5165_firmwareqrb5165m_firmwaresa4155p_firmwareqcs6125sa8155_firmwareipq6010qca4004_firmwaresd662_firmwareqcs405qca6430wcd9306_firmwaresd765gsw5100fsm10056_firmwareqca6436sd680wcn6851sa6155pqcs603_firmwareqca6696_firmwaresd750gsd870_firmwarewcn3910_firmwaresxr2150p_firmwaresa8150pqca4004wsa8830_firmwaresd855_firmwaresd865_5g_firmwarewcn3988sa8195p_firmwareqcn5121qcn5022_firmwarewcn6750_firmwarewcn3610sm6375wcn3991qca8337_firmwaresda429w_firmwarewcd9380_firmwaresdm429wsw5100pqca6564ausdx55m_firmwarewcn6856_firmwareqca6574csr8811_firmwarewcd9380qcs410sd690_5g_firmwaresdx24_firmwareqca8072_firmwareqca6430_firmwareqcn5052_firmwareqcn9012_firmwareipq6018_firmwareqcs605wcn6850wcn3910qca6426_firmwarewcn3660b_firmwareqca9984ipq6028qcn9024sdx55mar8031_firmwareqrb5165wcn6851_firmwareqcs603qca6564a_firmwareqcn9024_firmwaresdx57mqcm4290_firmwaresd480sd870qcn5121_firmwarewcn6855sw5100p_firmwareqcs610_firmwareqsm8250ipq6018sa6145psdxr1ar8031qcs405_firmwaresa8145pmdm9205_firmwareqca6391_firmwaresa4150p_firmwareqca4024wcd9370_firmwaresdx55qcn5021_firmwaresa8155pcsra6640sa4155psxr2150par8035_firmwareqcm2290qsm8250_firmwarewcn3991_firmwaremdm9150_firmwarewsa8830qcn9070sa8145p_firmwareqcs2290_firmwarefsm10056csrb31024csra6620fsm10055_firmwareqcn9072qcs4290sd765g_firmwareqca6420_firmwareqca6390_firmwareipq6000sd690_5gwcd9370qcn5152_firmwareqca6564qca6426qrb5165n_firmwareqcn9000_firmwareqca9984_firmwareqca9377wcd9385_firmwaresdxr2_5g_firmwaresd662qcn9011_firmwaresa8155wcn3680b_firmwareqcn5122_firmwaresdx55_firmwareqca6595auqcn6023_firmwarewcn3999_firmwaresm7250p_firmwarewcn3610_firmwareqca6436_firmwareqrb5165nqca6564au_firmwaresd778gsa6155p_firmwarewcd9306sa515m_firmwareqcs6490sd429sdxr2_5gqcn5052sa415m_firmwarewcn3988_firmwareqcn9074sa6145p_firmwaresd429_firmwaresd778g_firmwaresa8195psd765_firmwareqca8081qcn6023qca6174a_firmwareqcs4290_firmwarewcd9385qcs6490_firmwaresd_8cx_gen3ar8035csr8811qca6390aqt1000sd750g_firmwarewcd9375sda429wwcn3620_firmwareqcm6490sd888_5g_firmwarewcn6850_firmwarewcn3620wsa8835_firmwareqcx315qca6564asa4150pqcm6125_firmwareqca8072qcm2290_firmwareqcn9000sd865_5gsdx24qcn9012wsa8835qcx315_firmwaresdm429w_firmwaresd665_firmwaresd888_5gqca8075_firmwareqca6574aipq6005_firmwarewcn6855_firmwareqca6174asm7325pwcn6750mdm9205sa515mqca6574_firmwaresd855sm7325p_firmwaresd665sdx57m_firmwaresd765qca6574a_firmwareqcn5021qcn5152sd768g_firmwareqrb5165msd460qca6391sdxr1_firmwareipq6005aqt1000_firmwareqcm4290csrb31024_firmwareqcm6490_firmwareqcn9070_firmwaresd480_firmwareipq6028_firmwareqcn9011qca6574ausa8155p_firmwareqcn5122qcm6125mdm9150wcn6856qcn5022wcn3680bqca6564_firmwareipq6010_firmwaresd768gqca6696sa6150pqca8075qcn9022_firmwareqcn6024qcn9022qcn9072_firmwaresm7250pipq6000_firmwaresw5100_firmwareqcn9074_firmwareqcs410_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CVE-2021-30335
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.03% / 7.80%
||
7 Day CHG~0.00%
Published-03 Jan, 2022 | 07:26
Updated-03 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible assertion in QOS request due to improper validation when multiple add or update request are received simultaneously in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwarefsm10055sa6150p_firmwaresm6250p_firmwareqcs610ipq4028_firmwareqcn5550qca8337ar9380ipq8173_firmwarewcd9360_firmwareqcn5124qca4024_firmwarewcn3950_firmwareipq8078aipq5028_firmwaresa8150p_firmwareqcs2290qca6595au_firmwaresa6155qcn5064csra6620_firmwareqcs605_firmwaresd_675_firmwarecsra6640_firmwaresa415mwcn3998wcn3950qcn6024_firmwaresd720gipq8076aqsw8573_firmwarewcn3660bqca6428qca6574au_firmwareqcn5164_firmwareipq8071wcd9375_firmwareqca8081_firmwarewcn3998_firmwaresa6155_firmwaremsm8909wapq8009w_firmwarewcd9360qca6438_firmwareipq8070_firmwareipq8065ipq8078a_firmwarewcn3999qrb5165_firmwareipq5028qca7500ipq8072_firmwareipq4029_firmwaresa8155_firmwareipq6010ipq8068qcs405wcd9340qcn6132qualcomm215_firmwarefsm10056_firmwaresa6155pqcs603_firmwareqca9888_firmwareqcn6122wcd9341ipq8068_firmwareqca6696_firmwaresd870_firmwaresd750gqcn5154_firmwarewcn3910_firmwaresa8150pwsa8830_firmwareqca9992_firmwaresd865_5g_firmwaresd855_firmwarewcn3988qca6438sa8195p_firmwareqcn5121qcn5022_firmwareqca9898ipq4028wcn3610qca6428_firmwareipq5018_firmwareqca9985_firmwarewcn3991ipq4018_firmwareqca8337_firmwaresda429w_firmwarewcd9380_firmwareipq8072aqca7500_firmwareqca9980_firmwaresdm429wipq8076a_firmwareipq8078qca6564auipq8173qcn5164qet4101_firmwareqca6574csr8811_firmwarewcd9380qualcomm215qcn5054_firmwareqcs410qcn5024sd690_5g_firmwareipq4019_firmwaresdx24_firmwareqca8072_firmwareqca9985qcn9012_firmwarewcd9335_firmwareqcn5052_firmwarewcn3980ipq6018_firmwareqsw8573qcs605wcd9340_firmwarewsa8815pmp8074_firmwarewcn3910wcn3660b_firmwareqca9984ipq6028ipq8064qcn9024pmp8074wcn3980_firmwaresd730qcn5550_firmwareipq8064_firmwareqcn5064_firmwaresd678_firmwarear8031_firmwareipq8078_firmwareqcn5054qrb5165qcs603ipq8070qca9994qca9980qcn9024_firmwareipq8174_firmwareapq8009wqca6564a_firmwareqca9880qcm4290_firmwaresd870qcn5121_firmwaresd210_firmwareqcs610_firmwareqsm8250sa6145pipq6018qca9886_firmwaresdxr1ar8031qcs405_firmwaresa8145pqca6391_firmwareqca4024wcd9370_firmwaresdx55qcn5021_firmwaresa8155pcsra6640sd675qet4101ar8035_firmwareqcm2290qsm8250_firmwareqcn5024_firmwarewcn3991_firmwaremdm9150_firmwarewsa8830sd678qcn9070sa8145p_firmwareqcs2290_firmwarefsm10056csrb31024csra6620fsm10055_firmwareqcn9072qca9880_firmwareqca9992qcs4290qca6390_firmwaresd690_5gipq6000sd730_firmwarewcd9370sd675_firmwareipq8072qcn5152_firmwareqca6564wcn3990_firmwareqrb5165n_firmwareqcn9000_firmwareqca9984_firmwareqca9377ipq5018wcd9385_firmwarewcd9326_firmwarewcn3615_firmwareipq8074aqcn5124_firmwaresa8155wcn3680b_firmwareqcn5122_firmwaresdx55_firmwarewcn3615qcn6023_firmwareqca6595auwcn3999_firmwarewcn3610_firmwareqrb5165nipq5010qca6564au_firmwaresa6155p_firmwareipq8174sd429sa515m_firmwareqca9990qcn5052sa415m_firmwarewcn3988_firmwareqcn9074sd205sd429_firmwaresa6145p_firmwaresm6250sa8195pwsa8810_firmwarewcd9326wcd9335qca8081qcn6023ipq8071aqca6174a_firmwareipq8071a_firmwareqcs4290_firmwarewcd9385qca6390qca9898_firmwaresd750g_firmwareaqt1000wcd9375ar8035sm6250_firmwarecsr8811ipq4019qcn9100_firmwaresda429wsd210wcn3620_firmwareipq5010_firmwareipq8074a_firmwarewsa8815_firmwarewsa8835_firmwarewcn3620qcx315qca6564aqca8072qcm2290_firmwarewcn3990qcn9000sd_675sd865_5gar9380_firmwaresdx24qcn9012msm8909w_firmwareipq8065_firmwareqcx315_firmwareqcn6122_firmwarewsa8835sd665_firmwaresdm429w_firmwaresm6250pqcn5154qca8075_firmwareipq4018qca6574aipq6005_firmwareqca9889qca6174aqcn6132_firmwareqca9888ipq8074qca9994_firmwareipq8070a_firmwareipq8076_firmwaresa515mqca6574_firmwareqca9886sd855sd665ipq8076qca6574a_firmwareqcn5021qcn5152qca6391sdxr1_firmwareipq6005aqt1000_firmwareqcn9100qcm4290csrb31024_firmwareqcn9070_firmwareipq6028_firmwareipq8072a_firmwareipq8074_firmwareqca6574auqca9889_firmwaresa8155p_firmwareqcn5122sd205_firmwarewcd9341_firmwarewsa8810mdm9150qcn5022wcn3680bqca6564_firmwareipq6010_firmwareqca6696sd845_firmwaresa6150pqca8075qcn9022_firmwareqcn6024qcn9022sd845qca9990_firmwareipq8070aqcn9072_firmwareipq6000_firmwaresd720g_firmwareipq8071_firmwareqcn9074_firmwareqcs410_firmwareipq4029Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-617
Reachable Assertion
CVE-2021-30337
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.04% / 9.69%
||
7 Day CHG~0.00%
Published-03 Jan, 2022 | 07:26
Updated-22 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible use after free when process shell memory is freed using IOCTL call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-ipq8072a_firmwaresa515m_firmwaresd662_firmwareqsw8573_firmwarewcn3998_firmwareqcn9074sd720g_firmwaresdm429w_firmwarecsr8811qrb5165n_firmwareqca9367_firmwaresd865_5g_firmwarear9380qcn5122_firmwaresa8155_firmwareqca9985wcd9326_firmwareipq4028wcn6850_firmwareqca9889_firmwareqca6574ipq8076_firmwareqcm6490_firmwarewcn3980sdx55sdx12sd845_firmwaresm6250sm6250_firmwareipq8065qca9880_firmwarepmp8074wcn3910mdm9640pmp8074_firmwaresa8195pipq8068_firmwareqca9888_firmwarewcd9330_firmwareqca6696qca4024_firmwareapq8017_firmwaresda429wwcn3910_firmwareqca6390sm8450pqet4101qca8072_firmwaresd678_firmwarecsra6640_firmwareqcs4290ipq8174qca6436_firmwaresdx55m_firmwaresd855_firmwarewcd9326wcn3991_firmwarewcd9335qcn5021qcn9100qcn5064wcn3615_firmwareqcs610sd865_5gsa8150pqca7500wcn3680b_firmwareipq8078awcn3990mdm9650wcn3988qca6174asm6250pcsra6640qsw8573ipq8173sm7250p_firmwaresd675qca9990sm8450sm8450p_firmwareqcs2290_firmwareipq6018_firmwareipq8071_firmwaremdm9628_firmwaresdw2500qca6574aqcs410_firmwareapq8009wqcn5052_firmwaremdm9640_firmwareipq4018qca6564_firmwareqca8072sa6155_firmwaremsm8996auqca9990_firmwareqcs410sd210_firmwareqca9992sd768g_firmwarewcd9360_firmwarewcn3999_firmwarewcd9341_firmwareqcn9074_firmwaresd_675wcn6750_firmwaresd690_5g_firmwarewcn3999qca6428sd205_firmwaresa8150p_firmwareqcn5054_firmwareqca9980msm8996au_firmwarewcn6856qcn9024_firmwareqca6426_firmwareipq8070awcn3610mdm9628sd870apq8009w_firmwareqca6436qcs4290_firmwareqca6595au_firmwareqca6584_firmwareqca6391_firmwarewsa8835qca6390_firmwarewcd9340wcd9375_firmwareipq8070_firmwareqca6564a_firmwarear8035wcd9380_firmwarewcd9385qcn5122sd750g_firmwaremdm9150_firmwarewcn3660bsa8145psdx20qcs6490qca6574auqca8337_firmwareapq8096auwsa8830_firmwarewcn3615qcn5164_firmwareqcn6023sa6145p_firmwaremdm9607_firmwareipq5018qcn9070qcn5022_firmwarequalcomm215csra6620_firmwareqca6574a_firmwareipq8078a_firmwareqrb5165sd765wcn6851_firmwaresd665sd460_firmwaresd429sd870_firmwareqca6564au_firmwarewcn6850wsa8815_firmwarewsa8815qet4101_firmwareipq8070apq8009wcn3998qca7500_firmwareqcs6490_firmwareqcs605sd765_firmwaremsm8909w_firmwaresd768gqca8075_firmwareqcm6490ipq8076asdx55_firmwarewcn6855_firmwaremdm9607qca9985_firmwaresa8155p_firmwareipq5018_firmwaresdx55mqcn9022_firmwareqca9888qca9994wcn6855sdx20_firmwareapq8017sd765gsd460qca9377_firmwareipq8074a_firmwareqcs603qcs603_firmwareipq8074ipq4028_firmwaresd660_firmwareqcn6024ar9380_firmwareqca6574_firmwareqca8075qcn9000wcn3950ipq8070a_firmwarewcd9340_firmwarewsa8810qcm2290_firmwarewcn3980_firmwareqcm2290wcd9330sdxr1_firmwareqca6564auwcn3620ipq8074aqcx315_firmwareqcn6132ipq8071a_firmwareqcn5024qcm4290_firmwarewcn3620_firmwareaqt1000_firmwareapq8096au_firmwareqca9880qcn9012_firmwareqcn5550_firmwaresa415mqca6438_firmwareipq8076wcn3660b_firmwareqca6564aipq8074_firmwareqca9886sdx12_firmwarefsm10056wcn6856_firmwaremdm9206wcd9341mdm9250sa8155ipq4019wcd9370qcn6122qca9980_firmwaresd429_firmwaresd678ar8035_firmwaresd675_firmwareipq5010_firmwareqcn5152_firmwareqca9898_firmwareqcs405_firmwaremdm9650_firmwaresa6150p_firmwareqcn5052ipq5028sdx24ipq8072aipq6000_firmwareipq8076a_firmwareipq6010_firmwaresa8195p_firmwareqcn9024wcd9335_firmwareqca6426ipq8071sd720gqcn5064_firmwareqcs2290sd765g_firmwarewcd9380qcn9070_firmwareqca8337qcs610_firmwareqca6564qcn6132_firmwareqca6428_firmwaresdxr2_5g_firmwaresm7250pqcn5154_firmwareipq8072_firmwarewsa8830qca9984sa415m_firmwareqca6584ausd730fsm10055wcd9370_firmwareipq6028qcn5024_firmwarecsra6620sm6250p_firmwareqcn5124qca6696_firmwarefsm10056_firmwareqca6438wsa8835_firmwareqcn5550sdm429wwcd9385_firmwarewcn3990_firmwaresd665_firmwaresd845qcm4290ipq8068qcn9072qcn9072_firmwaresdxr1sa6155sd750gmdm9250_firmwaresd855qca9367ipq8078_firmwaresda429w_firmwaresa8145p_firmwaresa6145pqca6584qca9886_firmwarequalcomm215_firmwareqrb5165nqca9984_firmwarewcd9375sa6150pqca9889sa6155p_firmwaremdm9206_firmwaresm8450_firmwareipq8174_firmwarewcn3991qcn6024_firmwareqcn5164qcn5154sd205qca9994_firmwareipq4029mdm9150wcn3988_firmwareqca9992_firmwarear8031_firmwarecsrb31024qsm8250_firmwareqca9377qrb5165_firmwaresa8155pipq8078qcn9012ipq8064_firmwaresm6225qca6174a_firmwareqcn6122_firmwareipq6010ipq4019_firmwareipq8071aipq4018_firmwareipq6018qca8081_firmwarewcd9360qcn9000_firmwareipq5010csrb31024_firmwareqcn5124_firmwaresd730_firmwarewcn3950_firmwareqca6584au_firmwareipq4029_firmwareqcn5054ipq6028_firmwareipq5028_firmwarewcn6750qcn5152qcx315sd662apq8009_firmwaremsm8909wipq8064wsa8810_firmwareqca6574au_firmwaresdxr2_5gwcn3680bar8031sdw2500_firmwarecsr8811_firmwaresm6225_firmwareipq8065_firmwareqca9898qcn6023_firmwareipq8173_firmwareqcn5021_firmwarefsm10055_firmwareqca8081qca6391ipq8072ipq6000qca4024sa6155pqcn9022qca6595ausa515mqcs605_firmwarewcn3610_firmwareqcn5022aqt1000qcs405sdx24_firmwaresd690_5gwcn6851qsm8250sd210sd660qcn9100_firmwaresd_675_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-416
Use After Free
CVE-2021-30274
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.03% / 7.80%
||
7 Day CHG~0.00%
Published-03 Jan, 2022 | 07:25
Updated-03 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible integer overflow in access control initialization interface due to lack and size and address validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fsm10055qca9377_firmwaremdm9150_firmwarewcn3991_firmwaresd678qcn9070sa6150p_firmwaresa8145p_firmwareqcs610sm6250p_firmwarewsa8830qcs2290_firmwarefsm10056qca8337sd7c_firmwarecsrb31024csra6620fsm10055_firmwareqcn9072qcs4290wcn3950_firmwaresa8150p_firmwaresd765g_firmwareqcs2290qca6595au_firmwareqca6390_firmwaresa6155ipq6000sd690_5gsd730_firmwarecsra6620_firmwarewcd9370sd_675_firmwaresd675_firmwarecsra6640_firmwareqcn5152_firmwareqca6564qca6426wcn3990_firmwareqrb5165n_firmwareqcn9000_firmwareqca9984_firmwareqca9377sa415msd_8cx_firmwarewcd9385_firmwaresdxr2_5g_firmwarewcn3950qcn6024_firmwaresd720gsm6375_firmwaresd662sd460_firmwaresa8155qca6574au_firmwareqcn5122_firmwaresdx55_firmwareqca6595auqca8081_firmwareqcn6023_firmwaresa6155_firmwaresm7250p_firmwarewcd9375_firmwarewcn3999_firmwareqca6436_firmwareqrb5165nqca6564au_firmwaresd778gsa6155p_firmwarewcd9306sm6225wcn3999sa515m_firmwareqcs6490qrb5165_firmwaresdxr2_5gqcn5052sa8155_firmwareipq6010qca4004_firmwaresd662_firmwaresa415m_firmwareqcs405wcn3988_firmwareqcn9074sa6145p_firmwaresm6250sd778g_firmwarewcd9306_firmwarewcd9340sa8195psd765gsd765_firmwarefsm10056_firmwareqca6436wcn6851wcd9335sa6155pqca8081qcn6023qca6174a_firmwareqcs4290_firmwarewcd9385qca6696_firmwareqcs6490_firmwaresd750gsd870_firmwarear8035csr8811qca6390sd_8cxsa8150psd750g_firmwaresm6250_firmwarewcd9375wcn3910_firmwareqca4004wsa8830_firmwaresd660sd865_5g_firmwareqcm6490sd888_5g_firmwarewcn3988sd660_firmwarewcn6850_firmwarewsa8835_firmwaresa8195p_firmwareqcn5121qcx315qcn5022_firmwareqca6564awcn6750_firmwareqca8072qcm2290_firmwaresm6375wcn3991qca8337_firmwarewcd9380_firmwarewcn3990qcn9000sd_675sd865_5gqca6564ausdx24sdx55m_firmwarewcn6856_firmwarewsa8835qca6574qcx315_firmwaresd665_firmwarecsr8811_firmwarewcd9380sd888_5gsm6250pqcs410qca8075_firmwareqca6574asd690_5g_firmwareipq6005_firmwarewcn6855_firmwareqca6174asm7325psdx24_firmwareqca8072_firmwarewcd9335_firmwareqcn5052_firmwarewcn3980wcn6750ipq6018_firmwaremdm9205sa515mqca6574_firmwarewcd9340_firmwaresm7325p_firmwaresd665sd7cwcn3910wcn6850sdx57m_firmwaresd765qca6426_firmwareqca6574a_firmwareqca9984ipq6028qcn5021qcn5152qcn9024sd768g_firmwarewcn3980_firmwaresd460qca6391sd730sdx55mipq6005sd678_firmwarear8031_firmwarecsrb31024_firmwareqcm4290qcm6490_firmwareqcn9070_firmwareqrb5165sd480_firmwarewcn6851_firmwareipq6028_firmwaresm6225_firmwareqca6574ausa8155p_firmwareqcn5122qca6564a_firmwareqcn9024_firmwaresdx57mqcm4290_firmwaresd480sd870qcn5121_firmwarewcn6855qcs610_firmwaremdm9150wcn6856qsm8250ipq6018qcn5022sa6145pqca6564_firmwareipq6010_firmwarear8031sd768gqcs405_firmwaresa8145pqca6696mdm9205_firmwareqca6391_firmwarewcd9370_firmwaresa6150psdx55qca8075qcn5021_firmwareqcn9022_firmwarecsra6640qcn6024qcn9022sa8155psd675qcn9072_firmwaresm7250pipq6000_firmwaresd720g_firmwareqcn9074_firmwareqcs410_firmwarear8035_firmwareqcm2290qsm8250_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-30257
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.09% / 27.24%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 06:31
Updated-03 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible out of bound read or write in VR service due to lack of validation of DSP selection values in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3991_firmwarewsa8830sd678sm7250qcs2290_firmwaresm7250_firmwaresd_636qcs4290wcn3950_firmwaresd765g_firmwareqca6420_firmwareqcs2290qca6390_firmwaremsm8917sd690_5gsd730_firmwarewcd9370qcs605_firmwaresd_675_firmwaresd675_firmwareqcs6125_firmwareqca6426sd632wcn3998wcd9385_firmwaresdxr2_5g_firmwarewcn3950sm4125sd720gwcn3615_firmwarewcn3660bsd662sd460_firmwarewcn3680b_firmwaresdx55_firmwarewcd9375_firmwarewcn3615wcn3998_firmwareqca6420qca6436_firmwareapq8053_firmwaresd778gqcs6490sd429sdxr2_5gqcs6125sd662_firmwaresdm630wcn3988_firmwareqca6430sd429_firmwaresm6250sd778g_firmwareapq8017_firmwarequalcomm215_firmwaresd765gsd765_firmwareqca6436wcn6851qcs4290_firmwarewcd9385qcs6490_firmwaresd750gsd870_firmwareqca6390wcd9375sd750g_firmwareaqt1000wcn3910_firmwaresm6250_firmwaremsm8953_firmwarewsa8830_firmwaremsm8917_firmwaresd855_firmwaresd865_5g_firmwareqcm6490sd888_5g_firmwarewcn3988wcn6850_firmwarewsa8835_firmwareapq8017wcn6750_firmwareqcm6125_firmwareqcm2290_firmwarewcn3991wcd9380_firmwaresd_675sd780gsd865_5gsdx55m_firmwarewcn6856_firmwaresd888wsa8835sd632_firmwaresd665_firmwarewcd9380sd888_5gqualcomm215sd690_5g_firmwaresdx50m_firmwarewcn6855_firmwaresm7325qca6430_firmwarewcn6750sd439_firmwareqcs605sd855sm4125_firmwarewcn6850sd665wcn3910sd765qca6426_firmwarewcn3660b_firmwarewcn3680sd768g_firmwaresd730sd460qca6391sdx55msdxr1_firmwareaqt1000_firmwarewcn6740_firmwaremsm8953sd678_firmwareqcm4290qcm6490_firmwaresdx50mwcn3680_firmwaresd480_firmwarewcn6851_firmwaresd_636_firmwareqcm6125qcm4290_firmwaresd480sd870wcn6855wcn6856wcn3680bsdxr1sd768gwcn6740sdm630_firmwareqca6391_firmwaresd780g_firmwarewcd9370_firmwaresdx55sd888_firmwareapq8053sd675sd439sd720g_firmwareqcm2290sm7325_firmwareSnapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 29
  • 30
  • Next
Details not found