Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-18169

Summary
Assigner-qualcomm
Assigner Org ID-2cfc7d3e-20d3-47ac-8db7-1b7285aff15f
Published At-15 Jun, 2018 | 20:00
Updated At-16 Sep, 2024 | 23:31
Rejected At-
Credits

User process can perform the kernel DOS in ashmem when doing cache maintenance operation in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:qualcomm
Assigner Org ID:2cfc7d3e-20d3-47ac-8db7-1b7285aff15f
Published At:15 Jun, 2018 | 20:00
Updated At:16 Sep, 2024 | 23:31
Rejected At:
▼CVE Numbering Authority (CNA)

User process can perform the kernel DOS in ashmem when doing cache maintenance operation in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.

Affected Products
Vendor
Qualcomm Technologies, Inc.Qualcomm, Inc.
Product
Android for MSM, Firefox OS for MSM, QRD Android
Versions
Affected
  • All Android releases from CAF using the Linux kernel
Problem Types
TypeCWE IDDescription
textN/AReachable Assertion in Kernel
Type: text
CWE ID: N/A
Description: Reachable Assertion in Kernel
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.codeaurora.org/security-bulletin/2018/06/04/june-2018-code-aurora-security-bulletin
x_refsource_MISC
Hyperlink: https://www.codeaurora.org/security-bulletin/2018/06/04/june-2018-code-aurora-security-bulletin
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.codeaurora.org/security-bulletin/2018/06/04/june-2018-code-aurora-security-bulletin
x_refsource_MISC
x_transferred
Hyperlink: https://www.codeaurora.org/security-bulletin/2018/06/04/june-2018-code-aurora-security-bulletin
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@qualcomm.com
Published At:15 Jun, 2018 | 20:29
Updated At:03 Oct, 2019 | 00:03

User process can perform the kernel DOS in ashmem when doing cache maintenance operation in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.05.5MEDIUM
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary2.04.9MEDIUM
AV:L/AC:L/Au:N/C:N/I:N/A:C
Type: Primary
Version: 3.0
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 4.9
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CPE Matches

Google LLC
google
>>android>>-
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-617Primarynvd@nist.gov
CWE ID: CWE-617
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://www.codeaurora.org/security-bulletin/2018/06/04/june-2018-code-aurora-security-bulletinproduct-security@qualcomm.com
Patch
Third Party Advisory
Hyperlink: https://www.codeaurora.org/security-bulletin/2018/06/04/june-2018-code-aurora-security-bulletin
Source: product-security@qualcomm.com
Resource:
Patch
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

201Records found

CVE-2020-0404
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.23% / 13.97%
||
7 Day CHG-0.00%
Published-17 Sep, 2020 | 15:20
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel

Action-Not Available
Vendor-n/aGoogle LLCOracle Corporation
Product-communications_cloud_native_core_binding_support_functionandroidcommunications_cloud_native_core_policycommunications_cloud_native_core_network_exposure_functionAndroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-0247
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 3.68%
||
7 Day CHG~0.00%
Published-11 Aug, 2020 | 19:28
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Threshold::getHistogram of ImageProcessHelper.java, there is a possible crash loop due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1Android ID: A-156087409

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-0318
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 3.63%
||
7 Day CHG~0.00%
Published-18 Sep, 2020 | 14:51
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the System UI, there is a possible system crash due to an uncaught exception. This could lead to local permanent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-33646131

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2019-9376
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 3.28%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Account of Account.java, there is a possible boot loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Android; Versions: Android-9, Android-8.0, Android-8.1; Android ID: A-129287265.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-834
Excessive Iteration
CVE-2020-0004
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 4.42%
||
7 Day CHG~0.00%
Published-08 Jan, 2020 | 18:31
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In generateCrop of WallpaperManagerService.java, there is a possible sysui crash due to image exceeding maximum texture size. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-120847476

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2019-2330
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 7.43%
||
7 Day CHG~0.00%
Published-25 Jul, 2019 | 16:33
Updated-04 Aug, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

improper input validation in allocation request for secure allocations can lead to page fault. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9150_firmwaresd_632mdm9640_firmwaresd_820asd_675msm8996au_firmwaresd_439sd_670_firmwaresd_429sdx24sdm439mdm9650sd_636msm8909w_firmwaremsm8996ausd_450_firmwaresd_845_firmwaresd_820a_firmwareqcs605_firmwareipq4019_firmwaresd_675_firmwaresd_425_firmwaresd_665sdx24_firmwaresd_625_firmwareipq8074sd_450sd_845qcs605mdm9640sd_632_firmwaresd_835_firmwaremdm9650_firmwaresd_835ipq8064sda660msm8909wsd_665_firmwareipq8064_firmwaresd_427_firmwaresd_712sd_855sd_730_firmwarequalcomm_215sdx20sd_425sdm660sd_430_firmwaresd_710_firmwaresd_435sdm630qcs405sd_625ipq8074_firmwaresd_636_firmwaresd_439_firmwarequalcomm_215_firmwaremdm9150sd_429_firmwaresd_730sd_850_firmwaresdm439_firmwareqcs405_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaresd_427ipq4019sd_430sd_670sd_435_firmwaresd_710sdx20_firmwaresdm660_firmwaresd_855_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-20
Improper Input Validation
CVE-2019-2336
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 6.63%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 14:38
Updated-04 Aug, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Subsequent use of the CBO listener may result in further memory corruption due to use after free issue. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in MDM9205, QCS404, SDX55, SM6150, SM7150, SM8150, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sm7150_firmwaresxr2130sm6150_firmwaresm6150qcs404sm8150_firmwaresm8150sxr2130_firmwaresdx55_firmwaresm7150mdm9205_firmwaremdm9205qcs404_firmwaresdx55Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2236
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 8.80%
||
7 Day CHG~0.00%
Published-25 Jul, 2019 | 16:33
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null pointer dereference during secure application termination using specific application ids. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCA8081, QCS605, Qualcomm 215, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_632sd_820asd_675msm8996au_firmwaresd_439sd_670_firmwaresd_429sdm439mdm9650sd_636snapdragon_high_med_2016_firmwaremsm8996ausd_820sd_650sd_450_firmwaresd_410sd_820a_firmwareqcs605_firmwaresd_675_firmwaremdm9206sd_652sd_425_firmwaresd_625_firmwareipq8074sd_450sd_8cx_firmwaremdm9206_firmwareqcs605sd_632_firmwaresd_835_firmwaremdm9650_firmwaresd_835sda660sxr1130_firmwaresd_652_firmwareqca8081_firmwaresxr1130sd_650_firmwaresd_427_firmwaresd_712sd_730_firmwaresd_412qualcomm_215sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435mdm9655_firmwaresd_710_firmwaresdm630sd_625ipq8074_firmwaresd_820_firmwaremdm9607sd_636_firmwaresd_439_firmwarequalcomm_215_firmwareqca8081sd_429_firmwaresd_730snapdragon_high_med_2016mdm9655sdm439_firmwaresd_412_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaresd_8cxsd_427sd_430sd_670sd_435_firmwaresd_710sd_410_firmwaresdm660_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-2239
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 7.15%
||
7 Day CHG~0.00%
Published-25 Jul, 2019 | 16:33
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sanity checks are missing in layout which can lead to SUI Corruption or can lead to Denial of Service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in MDM9150, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8996AU, QCS404, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, Snapdragon_High_Med_2016, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9150_firmwaresd_632mdm9635m_firmwaremdm9640_firmwaresd_820asd_675msm8996au_firmwaresd_439sd_670_firmwaresd_429sdx24sdm439qcs404_firmwaremdm9650sd_636sd_615_firmwaresnapdragon_high_med_2016_firmwaremsm8996ausd_820sd_650sd_450_firmwaresd_845_firmwaresd_410sd_820a_firmwareqcs605_firmwaresd_675_firmwaremdm9206sd_652sd_425_firmwareqcs404sdx24_firmwaresd_625_firmwaresd_450mdm9635msd_8cx_firmwaresd_845mdm9206_firmwareqcs605sd_632_firmwaresd_835_firmwaremdm9650_firmwaresd_835sda660sxr1130_firmwaresd_210_firmwaresd_415_firmwaresd_652_firmwaresxr1130sd_616_firmwaresd_205_firmwaresd_415sd_212sd_650_firmwaresd_427_firmwaresd_712sd_730_firmwaresd_412qualcomm_215sdx20sd_616sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435mdm9655_firmwaresd_615sd_710_firmwaresdm630sd_625sd_820_firmwaresd_210mdm9607sd_636_firmwaresd_439_firmwarequalcomm_215_firmwaremdm9150sd_429_firmwaresd_730snapdragon_high_med_2016sd_212_firmwaresd_850_firmwaremdm9655sdm439_firmwaresd_412_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaresd_8cxsd_430sd_427sd_670sd_435_firmwaresdx20_firmwaresd_710sd_410_firmwaresd_205sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2019-2137
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 5.08%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 19:54
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the endCall() function of TelecomManager.java, there is a possible Denial of Service due to a missing permission check. This could lead to local denial of access to Emergency Services with User execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-132438333.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2019-1998
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 7.28%
||
7 Day CHG~0.00%
Published-28 Feb, 2019 | 17:00
Updated-17 Sep, 2024 | 00:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In event_handler of keymaster_app.c, there is possible resource exhaustion due to a table being lost on reboot. This could lead to local denial of service that is not fixed by a factory reset, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116055338.

Action-Not Available
Vendor-AndroidGoogle LLC
Product-androidAndroid
CVE-2022-20143
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 0.98%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 13:02
Updated-03 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220735360

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2021-37644
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 4.76%
||
7 Day CHG~0.00%
Published-12 Aug, 2021 | 20:35
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`std::abort` raised from `TensorListReserve` in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions providing a negative element to `num_elements` list argument of `tf.raw_ops.TensorListReserve` causes the runtime to abort the process due to reallocating a `std::vector` to have a negative number of elements. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/list_kernels.cc#L312) calls `std::vector.resize()` with the new size controlled by input given by the user, without checking that this input is valid. We have patched the issue in GitHub commit 8a6e874437670045e6c7dc6154c7412b4a2135e2. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-41899
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.44% / 35.34%
||
7 Day CHG~0.00%
Published-18 Nov, 2022 | 00:00
Updated-22 Apr, 2025 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail via inputs in `SdcaOptimizer` in Tensorflow

TensorFlow is an open source platform for machine learning. Inputs `dense_features` or `example_state_data` not of rank 2 will trigger a `CHECK` fail in `SdcaOptimizer`. We have patched the issue in GitHub commit 80ff197d03db2a70c6a111f97dcdacad1b0babfa. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-617
Reachable Assertion
CVE-2022-41893
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.44% / 35.27%
||
7 Day CHG~0.00%
Published-18 Nov, 2022 | 00:00
Updated-22 Apr, 2025 | 16:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK_EQ` fail in `tf.raw_ops.TensorListResize` in Tensorflow

TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListResize` is given a nonscalar value for input `size`, it results `CHECK` fail which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 888e34b49009a4e734c27ab0c43b0b5102682c56. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-40508
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.38% / 30.25%
||
7 Day CHG~0.00%
Published-02 May, 2023 | 05:08
Updated-03 Aug, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reachable assertion in Modem

Transient DOS due to reachable assertion in Modem while processing config related to cross carrier scheduling, which is not supported.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wsa8830315_5g_iot_modem_firmwareqca8337wcn785x-5qca6431_firmwarewcd9360_firmwaresm7250-ac_firmwareqca6595au_firmwareqca6390_firmwaresnapdragon_x70_modem-rf_systemwcd9370qca6426wcn685x-1sm7350-ab_firmwaresm8450sm4375wcn3998sm8250-abwcd9385_firmwareqcn6024_firmwaresm6375_firmwaresm7315_firmwaresnapdragon_x55_5g_modem-rf_systemqca6574au_firmwaresdx55_firmwareqca6595auwcn3998_firmwareqca8081_firmwarewcd9375_firmwaresm7250p_firmwarewcd9360qca6436_firmwaresm4350-acsnapdragon_auto_5g_modem-rf_firmwaresnapdragon_x65_5g_modem-rf_system_firmwaresnapdragon_x70_modem-rf_system_firmwareqca6698aqsm8250_firmwaresm7250-ab_firmwaresm8250-acwcn3988_firmware315_5g_iot_modemqca6421sm7250-aawsa8810_firmwaresm4375_firmwaresm8450_firmwareqca6436qca8081qca6698aq_firmwarewcn685x-1_firmwarewcd9385sm8150_firmwaresxr2130_firmwarewcd9341qca6431qca6696_firmwareqca6390ar8035sm4350_firmwareaqt1000wcd9375sm8250-ac_firmwarewsa8830_firmwaresd855_firmwaresd865_5g_firmwaresm7225_firmwaresnapdragon_7c\+_gen_3_compute_firmwaresm8150wcn3988wsa8815_firmwarewsa8835_firmwaresm7350-absm8475wcn6750_firmwarewcn785x-1sm6375qca8337_firmwarewcd9380_firmwaresd865_5gsm8150-acsd888wsa8835snapdragon_7c\+_gen_3_computesnapdragon_auto_5g_modem-rfwcd9380sxr2130qca6574awcn685x-5_firmwarewcn6750sm7225sm7250-absd855wsa8815sdx57m_firmwaresnapdragon_xr2_5g_platform_firmwareqca6426_firmwareqca6574a_firmwareqcn9024wcn785x-5_firmwaresm7315sm8250-ab_firmwareqca6391snapdragon_x55_5g_modem-rf_system_firmwaresnapdragon_x50_5g_modem-rf_system_firmwareqca6421_firmwaresm6350aqt1000_firmwaresm8475_firmwarewcn6740_firmwaresnapdragon_xr2_5g_platformsnapdragon_x65_5g_modem-rf_systemwcn685x-5sm6350_firmwarewcn785x-1_firmwareqca6574auqcn9024_firmwaresdx57mwcd9341_firmwarewsa8810sm7250-aa_firmwaresm7250-acsm8150-ac_firmwarewcn6740qca6696qca6391_firmwaresm4350wcd9370_firmwaresm4350-ac_firmwaresdx55sd888_firmwaresnapdragon_x50_5g_modem-rf_systemsm8250qcn6024sm7250par8035_firmwareSnapdragonaqt1000_firmwarewcn6740_firmwaresnapdragon_auto_5g_modem-rf_firmwareqca8337_firmwaresnapdragon_x65_5g_modem-rf_system_firmwarewcd9380_firmwaresnapdragon_690_5g_mobile_platform_firmwaresnapdragon_x70_modem-rf_system_firmware315_5g_iot_modem_firmwarewsa8835_firmwareqca6431_firmwarefastconnect_6900_firmwaresnapdragon_x50_5g_modem-rf_system_firmwarewcd9360_firmwarewcn3988_firmwarefastconnect_6700_firmwareqcn9024_firmwarewsa8810_firmwarewcd9341_firmwarefastconnect_7800_firmwareqca6595au_firmwaresnapdragon_4_gen_1_mobile_platform_firmwaresnapdragon_8_gen_1_mobile_platform_firmwareqca6698aq_firmwaresnapdragon_480_5g_mobile_platform_firmwaresxr2130_firmwareqca6696_firmwareqca6391_firmwarewcd9385_firmwareqcn6024_firmwaresnapdragon_855_mobile_platform_firmwarewcd9370_firmwaresd888_firmwarewsa8830_firmwaresdx57m_firmwaresd855_firmwaresd865_5g_firmwaresnapdragon_xr2_5g_platform_firmwareqca6426_firmwarewsa8815_firmwaresm7315_firmwareqca6574a_firmwarefastconnect_6200_firmwareqca6574au_firmwaresdx55_firmwaresnapdragon_695_5g_mobile_platform_firmwaresnapdragon_780g_5g_mobile_platform_firmwaresnapdragon_865_5g_mobile_platform_firmwareqca8081_firmwarefastconnect_6800_firmwaresnapdragon_x55_5g_modem-rf_system_firmwaresm7250p_firmwarewcd9375_firmwareqca6436_firmwarear8035_firmwaresnapdragon_750g_5g_mobile_platform_firmwareqca6421_firmware
CWE ID-CWE-617
Reachable Assertion
CVE-2022-40538
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.38% / 30.25%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 07:39
Updated-03 Aug, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reachable assertion in Modem

Transient DOS due to reachable assertion in modem while processing sib with incorrect values from network.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn685x-5_firmwareqca8337_firmwaresnapdragon_x65_5g_modem-rf_system_firmwarewcd9380_firmwarewcn685x-1_firmwarewcn685x-1snapdragon_x70_modem-rf_system_firmwaresnapdragon_x65_5g_modem-rf_systemqca8337qcs8550wcn785x-5wcn685x-5qcn6024_firmwareqcs8550_firmwarear8035wcn785x-1_firmwareqcn6024qcn9024_firmwarewcd9380qcn9024qca8081_firmwaresnapdragon_x70_modem-rf_systemwcn785x-5_firmwareqca8081ar8035_firmwarewcn785x-1Snapdragonqca8337_firmwaresnapdragon_x65_5g_modem-rf_system_firmwarewcd9380_firmwareqcn9024_firmwaresnapdragon_x70_modem-rf_system_firmwarefastconnect_7800_firmwareqca8081_firmwareqcn6024_firmwarefastconnect_6900_firmwareqcs8550_firmwarear8035_firmware
CWE ID-CWE-617
Reachable Assertion
CVE-2022-40527
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.41% / 32.57%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 04:43
Updated-03 Aug, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reachable Assertion in WLAN Embedded SW

Transient DOS due to reachable assertion in WLAN while processing PEER ID populated by TQM.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcn5024_firmwarewsa8830qcn9070sxr2230p_firmwareqca8337ipq8173_firmwaresdx65qcn5124qca4024_firmwareqca8082qcn9072qca8386ipq8078aipq5028_firmwareqca6390_firmwareipq6000wcd9370ssg2115pqcn5152_firmwareqca6426qcn9000_firmwareipq5018wcd9385_firmwareipq8076aqca8386_firmwareqcn6024_firmwaresd_8_gen1_5g_firmwareqca8084_firmwareipq8074aqcn5124_firmwareqcn6100_firmwareqcn6102_firmwareqca8082_firmwaresm7315_firmwarewcn7850qcn5164_firmwareqcn5122_firmwarewcd9375_firmwareqca8081_firmwareqcn6023_firmwareqca6436_firmwareqcn9002ipq5010sd778gipq8070_firmwareipq8078a_firmwareqcn9274ipq8174qcn9001qcs6490ipq5028wcn7851qcn5052ipq6010qcn6112_firmwareqcn9074qca8085sd778g_firmwaresdx65mqcn6132wsa8810_firmwareqca6436wcn6851qca8081wcn7851_firmwareipq8071aqcn6023sdx65m_firmwareipq8071a_firmwarewcd9385qca8085_firmwareqca9888_firmwareqcn6122qcs6490_firmwaresd870_firmwareipq9008_firmwareqcn5154_firmwarear8035csr8811qca6390wcd9375qcn9100_firmwarewsa8830_firmwaresd865_5g_firmwareipq5010_firmwareipq8074a_firmwareqcm6490sd888_5g_firmwarewcn6850_firmwarewcn7850_firmwarewsa8815_firmwarewsa8835_firmwaresm8475qcn5022_firmwarewcn6750_firmwareqca8072ipq5018_firmwareqca8337_firmwarewcd9380_firmwaressg2125pqcn9000ipq8072aipq8076a_firmwaresd865_5gipq8078qca8084qcn9001_firmwareipq8173wcn6856_firmwareipq9008qcn9012qcn5164qcn6122_firmwarewsa8835sxr1230p_firmwarecsr8811_firmwarewcd9380sd888_5gqcn5054_firmwareqcn5154qca8075_firmwaressg2125p_firmwareqcn5024wcn6855_firmwareqca9889sm7325pqcn6132_firmwareqcn9003_firmwaresxr1230pqca9888qca8072_firmwareqcn9012_firmwareqcn5052_firmwareqcn9274_firmwareqcn9003ipq8070a_firmwarewcn6750ipq6018_firmwareipq8076_firmwarewsa8815sm7325p_firmwarewcn6850pmp8074_firmwareqcn6112ipq8076sxr2230pqca6426_firmwareqcn5021ipq6028qcn5152qcn9024pmp8074ipq9574_firmwaresm7315qca6391wcn6740_firmwareqcn6102qcn9100sdx65_firmwareqcm6490_firmwareipq8078_firmwarewsa8832_firmwareqcn5054qcn9070_firmwarewcn6851_firmwareipq8070ipq6028_firmwareipq8072a_firmwareqca9889_firmwareipq9574qcn5122qcn9024_firmwareipq8174_firmwarewsa8810sd870wsa8832wcn6855wcn6856ipq6018qcn5022ipq6010_firmwarewcn6740qca6391_firmwareqca4024wcd9370_firmwareqca8075qcn5021_firmwareqcn9022_firmwareqcn6024qcn9022ipq8070aqcn9002_firmwareqcn6100qcn9072_firmwareipq6000_firmwaressg2115p_firmwareqcn9074_firmwarear8035_firmwareSnapdragonqcn5024_firmwareipq5018_firmwareqca8337_firmwarewcd9380_firmwaresxr2230p_firmwareipq8076a_firmwareipq8173_firmwareqcn9001_firmwarewcn6856_firmwareqca4024_firmwareqcn6122_firmwaresxr1230p_firmwarecsr8811_firmwareipq5028_firmwareqca6390_firmwareqcn5054_firmwareqca8075_firmwaressg2125p_firmwarewcn6855_firmwareqcn5152_firmwareqcn6132_firmwareqcn9003_firmwareqca8072_firmwareqcn9000_firmwareqcn9012_firmwareqcn5052_firmwareqcn9274_firmwareipq8070a_firmwarewcd9385_firmwareqcn6024_firmwareqca8386_firmwareipq8076_firmwareipq6018_firmwaresd_8_gen1_5g_firmwareqca8084_firmwaresm7325p_firmwarepmp8074_firmwareqcn5124_firmwareqcn6100_firmwareqcn6102_firmwareqca6426_firmwaresm7315_firmwareqca8082_firmwareqcn5164_firmwareqcn5122_firmwarewcd9375_firmwareqca8081_firmwareqcn6023_firmwareipq9574_firmwareqca6436_firmwarewcn6740_firmwareipq8070_firmwaresdx65_firmwareipq8078a_firmwareqcm6490_firmwareipq8078_firmwarewsa8832_firmwareqcn9070_firmwarewcn6851_firmwareipq6028_firmwareipq8072a_firmwareqcn6112_firmwareqca9889_firmwaresd778g_firmwareqcn9024_firmwareipq8174_firmwarewsa8810_firmwarewcn7851_firmwaresdx65m_firmwareipq8071a_firmwareqca8085_firmwareqca9888_firmwareipq6010_firmwareqcs6490_firmwaresd870_firmwareipq9008_firmwareqca6391_firmwareqcn5154_firmwarewcd9370_firmwareqcn9100_firmwareqcn9022_firmwareqcn5021_firmwarewsa8830_firmwaresd865_5g_firmwareqcn9002_firmwareipq5010_firmwareipq8074a_firmwaresd888_5g_firmwarewcn6850_firmwarewcn7850_firmwarewsa8815_firmwarewsa8835_firmwareqcn9072_firmwareipq6000_firmwaressg2115p_firmwareqcn9074_firmwareqcn5022_firmwarewcn6750_firmwarear8035_firmware
CWE ID-CWE-617
Reachable Assertion
CVE-2022-40504
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.38% / 30.25%
||
7 Day CHG~0.00%
Published-02 May, 2023 | 07:30
Updated-03 Aug, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reachable assertion in Modem

Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwarefsm10055sm7325-ae_firmwaresa6150p_firmwaresm6250p_firmwareqcs610315_5g_iot_modem_firmwareqca8337qca6431_firmwarewcd9360_firmwarewcn3950_firmwaresc8180x\+sdx55sa8150p_firmwaresm4450_firmwareqcs2290qca6595au_firmwaresa6155snapdragon_x70_modem-rf_systemqca6335sdm712sdm670sm8350sd_455_firmwarecsra6620_firmwareqcs605_firmwaresd_675_firmwarecsra6640_firmwareqcs6125_firmwareapq5053-aa_firmwarewcn685x-1qcs400_firmwaresm7350-ab_firmwaresm4375wcn3998sc8180xp-adwcd9371_firmwarewcn3950qcn6024_firmwaresm6375_firmwarewcn3660bsm7150-acsd460_firmwaresm7315_firmwaresm7325-aeqca6574au_firmwaresm4250-aasnapdragon_636_mobile_platformwcd9375_firmwarewcn3998_firmwareqca8081_firmwaresa6155_firmwaresm6225-adqca6420wcd9360snapdragon_auto_5g_modem-rf_firmware8909sdm450sm6225-ad_firmwareqca6698aqqcs6125sa8155_firmwaresd662_firmwaresm7250-ab_firmwareqca6430snapdragon_630_mobile_platform8905_firmwarewcd9340snapdragon_8cx_compute_platformsd626_firmwaresw5100qca64368953_firmwaresa6155pqcs603_firmwareqca6698aq_firmwarewcn685x-1_firmwarewcn3660_firmwaresm8150_firmwarewcd9341qca6431qca6696_firmwarewcd9371wcn3910_firmwaresm4350_firmwaresa8150psm8250-ac_firmwarewsa8830_firmwaresd855_firmwaresd660sd865_5g_firmwaresm7225_firmwaresdm8508940snapdragon_7c\+_gen_3_compute_firmwaresd660_firmwarewcn3988sm4250-aa_firmwaresa8195p_firmwaresm8475wcn6750_firmwaresm6125_firmwarewcn3610sm6375sm6115_firmwareqca8337_firmwarewcd9380_firmwaresw5100psnapdragon_8cx_gen_2_5g_compute_platformsnapdragon_w5\+_gen_1_wearable_platformqca6564ausdm429sd670_firmwareapq8053-acsnapdragon_7c\+_gen_3_computewcd93808920_firmwareqcs410apq8053-ac_firmwaresm7150-aa_firmwaresc8180xp-ad_firmwaresd626qca6430_firmwarewcd9335_firmwarewcn3980qca6335_firmwaresm7225qcm4325_firmwareqcs605wcd9340_firmwarewsa8815sm6150-ac_firmwarewcn3910sdm429_firmwaresnapdragon_630_mobile_platform_firmwareqca6426_firmwaresm4450wcn3660b_firmwarewcn3680sc8180x-adqcn9024wcn3980_firmwaresd730snapdragon_x50_5g_modem-rf_system_firmwaresc7180-ac_firmwaresm7150-aaqca6421_firmwaresm6350sm8475_firmwarewcn6740_firmwaresm7125snapdragon_8cx_compute_platform_firmwareqcs4490_firmwaresnapdragon_xr2_5g_platformsnapdragon_x65_5g_modem-rf_systemwcn3680_firmwaresm7150-ab_firmwaresm8350_firmwareqcs603sdm660sm6350_firmwarewcn785x-1_firmwaresdm710sd670qcn9024_firmwaresdx57mqcm4290_firmwaresnapdragon_x24_lte_modemwsa8832sw5100p_firmwareqcs610_firmwaresa6145pqcs4490sdm439_firmwaresa8145pqca6391_firmwarewcd9370_firmwareqm215_firmwaresm4350-ac_firmwaresdx55sd888_firmwaresm8250csra6640sa8155psd675snapdragon_x20_lte_modemwcn3660ar8035_firmwareqcm2290snapdragon_632_mobile_platformsdm845_firmwarewsa8830sa8145p_firmwaresm6125sdm712_firmwaresnapdragon_x24_lte_modem_firmwareqcs2290_firmwaresdm450_firmwarewcn785x-5csrb31024csra6620fsm10055_firmwaresm7250-ac_firmwareqcs4290snapdragon_x20_lte_modem_firmwareqca6420_firmwaresc7180-acqca6390_firmwaresnapdragon_auto_4g_modem_firmwaresd730_firmwarewcd93708920sd675_firmwaresm6115qca6426wcn3990_firmwaresm8450qca9377sm8250-abwcd9385_firmwarewcd9326_firmwarewcn3615_firmwaresd662sm7325-afsa8155snapdragon_x55_5g_modem-rf_systemwcn3680b_firmwaresdx55_firmwaresda\/sdm845_firmware8917_firmwarewcn3615qca6595ausm7325-af_firmwaresm7250p_firmware8953wcn3610_firmwareqca6436_firmwaresm4350-acsnapdragon_w5\+_gen_1_wearable_platform_firmwareqca6564au_firmwaresa6155p_firmwareqca6310snapdragon_x65_5g_modem-rf_system_firmwareapq8053-aa_firmwaresm6225snapdragon_x70_modem-rf_system_firmwareqcs6490sm8250_firmwaresm8250-acwcn3988_firmware315_5g_iot_modemsa6145p_firmwareqm215qca6421sm7250-aasm6250sa8195psxr1120sdm710_firmwareapq8017_firmwarewsa8810_firmwaresm4375_firmwaresm8450_firmwaresc7180-adwcd9326wcd9335sg4150pqca8081qcm44908917apq8053-aaqca6174a_firmwareqcs4290_firmwarewcd9385sxr2130_firmwareqcs6490_firmwaresm7150-abqca6390wcd9375ar8035aqt1000sda\/sdm8458909_firmwaresc8180x\+sdx55_firmwaresm6250_firmwaresm6150_firmwaresm8150wsa8815_firmwareqcm6490wsa8835_firmwaresnapdragon_636_mobile_platform_firmwaresm7350-abapq8017sxr1120_firmwaresg4150p_firmwarewcn785x-1qcm6125_firmwareqcm4325qcm2290_firmwareapq5053-aawcn3990sd_675sdm845sd865_5g8953prosm8350-ac_firmwaresdm439sm8150-acsd888sm6150wsa8835sc7180-ad_firmwaresnapdragon_auto_5g_modem-rfsm6250psxr2130qca6574awcn685x-5_firmwareqca6174asm7325psdm670_firmwareqca6310_firmwaresm7325wcn6750sm7150-ac_firmwaresm7250-absd855sm7325p_firmwaresdx57m_firmwaresnapdragon_xr2_5g_platform_firmwareqca6574a_firmware8940_firmware8953pro_firmwarewcn785x-5_firmwaresm7315snapdragon_x55_5g_modem-rf_system_firmwaresd460qca6391sm8250-ab_firmwareaqt1000_firmwaresdm850_firmwareqcm4490_firmwaresnapdragon_auto_4g_modemsnapdragon_632_mobile_platform_firmwareqcm4290csrb31024_firmwareqcm6490_firmwarewsa8832_firmwaresnapdragon_xr1_platformwcn685x-5sd_455sm6225_firmwareqca6574ausa8155p_firmwarewcd9341_firmwareqcm6125wsa8810sm7250-aa_firmware8905sm7250-acsm8150-ac_firmwarewcn3680bsm8350-acwcn6740qca6696sm4350sm6150-acsm7125_firmwaresnapdragon_x50_5g_modem-rf_systemsa6150pqcn6024sc8180x-ad_firmwaresm7250psw5100_firmwareqcs410_firmwaresnapdragon_8cx_gen_2_5g_compute_platform_firmwareqcs400sdm660_firmwaresnapdragon_xr1_platform_firmwaresm7325_firmwareSnapdragon
CWE ID-CWE-617
Reachable Assertion
CVE-2022-36019
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.40% / 31.62%
||
7 Day CHG+0.02%
Published-16 Sep, 2022 | 22:05
Updated-23 Apr, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail in `FakeQuantWithMinMaxVarsPerChannel` in TensorFlow

TensorFlow is an open source platform for machine learning. If `FakeQuantWithMinMaxVarsPerChannel` is given `min` or `max` tensors of a rank other than one, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-35994
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.40% / 31.62%
||
7 Day CHG+0.02%
Published-16 Sep, 2022 | 22:20
Updated-23 Apr, 2025 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail in `CollectiveGather` in TensorFlow

TensorFlow is an open source platform for machine learning. When `CollectiveGather` receives an scalar input `input`, it gives a `CHECK` fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c1f491817dec39a26be3c574e86a88c30f3c4770. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-35984
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.40% / 31.63%
||
7 Day CHG+0.02%
Published-16 Sep, 2022 | 21:40
Updated-23 Apr, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail in `ParameterizedTruncatedNormal` in TensorFlow

TensorFlow is an open source platform for machine learning. `ParameterizedTruncatedNormal` assumes `shape` is of type `int32`. A valid `shape` of type `int64` results in a mismatched type `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 72180be03447a10810edca700cbc9af690dfeb51. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-36003
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.40% / 31.63%
||
7 Day CHG+0.02%
Published-16 Sep, 2022 | 22:10
Updated-23 Apr, 2025 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail in `RandomPoissonV2` in TensorFlow

TensorFlow is an open source platform for machine learning. When `RandomPoissonV2` receives large input shape and rates, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-35981
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.40% / 31.63%
||
7 Day CHG+0.02%
Published-16 Sep, 2022 | 21:15
Updated-23 Apr, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail in `FractionalMaxPoolGrad` in TensorFlow

TensorFlow is an open source platform for machine learning. `FractionalMaxPoolGrad` validates its inputs with `CHECK` failures instead of with returning errors. If it gets incorrectly sized inputs, the `CHECK` failure can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 8741e57d163a079db05a7107a7609af70931def4. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-35992
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.40% / 31.63%
||
7 Day CHG+0.02%
Published-16 Sep, 2022 | 22:20
Updated-23 Apr, 2025 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail in `TensorListFromTensor` in TensorFlow

TensorFlow is an open source platform for machine learning. When `TensorListFromTensor` receives an `element_shape` of a rank greater than one, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 3db59a042a38f4338aa207922fa2f476e000a6ee. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-35935
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.44% / 35.39%
||
7 Day CHG+0.02%
Published-16 Sep, 2022 | 19:35
Updated-23 Apr, 2025 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` failure in `SobolSample` via missing validation in TensorFlow

TensorFlow is an open source platform for machine learning. The implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by assuming `input(0)`, `input(1)`, and `input(2)` to be scalar. This issue has been patched in GitHub commit c65c67f88ad770662e8f191269a907bf2b94b1bf. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-35988
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.40% / 32.44%
||
7 Day CHG+0.02%
Published-16 Sep, 2022 | 21:35
Updated-23 Apr, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail in `tf.linalg.matrix_rank` in TensorFlow

TensorFlow is an open source platform for machine learning. When `tf.linalg.matrix_rank` receives an empty input `a`, the GPU kernel gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-35941
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.56% / 42.61%
||
7 Day CHG+0.03%
Published-16 Sep, 2022 | 19:45
Updated-23 Apr, 2025 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` failure in `AvgPoolOp` in Tensorflow

TensorFlow is an open source platform for machine learning. The `AvgPoolOp` function takes an argument `ksize` that must be positive but is not checked. A negative `ksize` can trigger a `CHECK` failure and crash the program. We have patched the issue in GitHub commit 3a6ac52664c6c095aa2b114e742b0aa17fdce78f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds to this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-35968
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.40% / 31.63%
||
7 Day CHG+0.02%
Published-16 Sep, 2022 | 20:40
Updated-23 Apr, 2025 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail in `AvgPoolGrad` in TensorFlow

TensorFlow is an open source platform for machine learning. The implementation of `AvgPoolGrad` does not fully validate the input `orig_input_shape`. This results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 3a6ac52664c6c095aa2b114e742b0aa17fdce78f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-36016
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.55% / 41.80%
||
7 Day CHG+0.02%
Published-16 Sep, 2022 | 22:10
Updated-23 Apr, 2025 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK`-fail in `tensorflow::full_type::SubstituteFromAttrs` in TensorFlow

TensorFlow is an open source platform for machine learning. When `tensorflow::full_type::SubstituteFromAttrs` receives a `FullTypeDef& t` that is not exactly three args, it triggers a `CHECK`-fail instead of returning a status. We have patched the issue in GitHub commit 6104f0d4091c260ce9352f9155f7e9b725eab012. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-36004
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.40% / 32.44%
||
7 Day CHG+0.02%
Published-16 Sep, 2022 | 22:10
Updated-23 Apr, 2025 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail in `tf.random.gamma` in TensorFlow

TensorFlow is an open source platform for machine learning. When `tf.random.gamma` receives large input shape and rates, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-35998
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.40% / 32.44%
||
7 Day CHG+0.02%
Published-16 Sep, 2022 | 22:15
Updated-23 Apr, 2025 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail in `EmptyTensorList` in TensorFlow

TensorFlow is an open source platform for machine learning. If `EmptyTensorList` receives an input `element_shape` with more than one dimension, it gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c8ba76d48567aed347508e0552a257641931024d. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-36001
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.40% / 31.63%
||
7 Day CHG+0.02%
Published-16 Sep, 2022 | 22:10
Updated-23 Apr, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail in `DrawBoundingBoxes` in TensorFlow

TensorFlow is an open source platform for machine learning. When `DrawBoundingBoxes` receives an input `boxes` that is not of dtype `float`, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit da0d65cdc1270038e72157ba35bf74b85d9bda11. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-35971
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.38% / 30.29%
||
7 Day CHG+0.02%
Published-16 Sep, 2022 | 20:50
Updated-23 Apr, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail in `FakeQuantWithMinMaxVars` in TensorFlow

TensorFlow is an open source platform for machine learning. If `FakeQuantWithMinMaxVars` is given `min` or `max` tensors of a nonzero rank, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-35990
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.38% / 30.29%
||
7 Day CHG+0.02%
Published-16 Sep, 2022 | 22:00
Updated-23 Apr, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail in `FakeQuantWithMinMaxVarsPerChannelGradient` in TensorFlow

TensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_min_max_vars_per_channel_gradient` receives input `min` or `max` of rank other than 1, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit f3cf67ac5705f4f04721d15e485e192bb319feed. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-35999
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.40% / 31.62%
||
7 Day CHG+0.02%
Published-16 Sep, 2022 | 22:15
Updated-23 Apr, 2025 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail in `Conv2DBackpropInput` in TensorFlow

TensorFlow is an open source platform for machine learning. When `Conv2DBackpropInput` receives empty `out_backprop` inputs (e.g. `[3, 1, 0, 1]`), the current CPU/GPU kernels `CHECK` fail (one with dnnl, the other with cudnn). This can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 27a65a43cf763897fecfa5cdb5cc653fc5dd0346. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-35995
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.40% / 31.62%
||
7 Day CHG+0.02%
Published-16 Sep, 2022 | 22:15
Updated-23 Apr, 2025 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail in `AudioSummaryV2` in TensorFlow

TensorFlow is an open source platform for machine learning. When `AudioSummaryV2` receives an input `sample_rate` with more than one element, it gives a `CHECK` fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bf6b45244992e2ee543c258e519489659c99fb7f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-35993
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.40% / 31.62%
||
7 Day CHG+0.02%
Published-16 Sep, 2022 | 22:20
Updated-23 Apr, 2025 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail in `SetSize` in TensorFlow

TensorFlow is an open source platform for machine learning. When `SetSize` receives an input `set_shape` that is not a 1D tensor, it gives a `CHECK` fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit cf70b79d2662c0d3c6af74583641e345fc939467. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-35952
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.56% / 42.40%
||
7 Day CHG+0.02%
Published-16 Sep, 2022 | 19:50
Updated-23 Apr, 2025 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` failures in `UnbatchGradOp` in TensorFlow

TensorFlow is an open source platform for machine learning. The `UnbatchGradOp` function takes an argument `id` that is assumed to be a scalar. A nonscalar `id` can trigger a `CHECK` failure and crash the program. It also requires its argument `batch_index` to contain three times the number of elements as indicated in its `batch_index.dim_size(0)`. An incorrect `batch_index` can trigger a `CHECK` failure and crash the program. We have patched the issue in GitHub commit 5f945fc6409a3c1e90d6970c9292f805f6e6ddf2. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-36018
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.38% / 30.29%
||
7 Day CHG+0.02%
Published-16 Sep, 2022 | 22:05
Updated-23 Apr, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail in `RaggedTensorToVariant` in TensorFlow

TensorFlow is an open source platform for machine learning. If `RaggedTensorToVariant` is given a `rt_nested_splits` list that contains tensors of ranks other than one, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 88f93dfe691563baa4ae1e80ccde2d5c7a143821. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-35991
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.44% / 35.39%
||
7 Day CHG+0.02%
Published-16 Sep, 2022 | 22:20
Updated-23 Apr, 2025 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail in `TensorListScatter` and `TensorListScatterV2` in TensorFlow

TensorFlow is an open source platform for machine learning. When `TensorListScatter` and `TensorListScatterV2` receive an `element_shape` of a rank greater than one, they give a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit bb03fdf4aae944ab2e4b35c7daa051068a8b7f61. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-35963
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.40% / 31.63%
||
7 Day CHG+0.02%
Published-16 Sep, 2022 | 20:10
Updated-23 Apr, 2025 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` failures in `FractionalAvgPoolGrad` in TensorFlow

TensorFlow is an open source platform for machine learning. The implementation of `FractionalAvgPoolGrad` does not fully validate the input `orig_input_tensor_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 03a659d7be9a1154fdf5eeac221e5950fec07dad. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-36002
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.40% / 31.63%
||
7 Day CHG+0.02%
Published-16 Sep, 2022 | 22:10
Updated-23 Apr, 2025 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail in `Unbatch` in TensorFlow

TensorFlow is an open source platform for machine learning. When `Unbatch` receives a nonscalar input `id`, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 4419d10d576adefa36b0e0a9425d2569f7c0189f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-36012
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.55% / 41.80%
||
7 Day CHG+0.02%
Published-16 Sep, 2022 | 22:55
Updated-23 Apr, 2025 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Assertion fail on MLIR empty edge names in TensorFlow

TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it crashes. We have patched the issue in GitHub commit ad069af92392efee1418c48ff561fd3070a03d7b. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-36026
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.40% / 31.63%
||
7 Day CHG+0.02%
Published-16 Sep, 2022 | 22:05
Updated-23 Apr, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail in `QuantizeAndDequantizeV3` in TensorFlow

TensorFlow is an open source platform for machine learning. If `QuantizeAndDequantizeV3` is given a nonscalar `num_bits` input tensor, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit f3f9cb38ecfe5a8a703f2c4a8fead434ef291713. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-35934
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.40% / 31.63%
||
7 Day CHG+0.02%
Published-16 Sep, 2022 | 19:30
Updated-23 Apr, 2025 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` failure in tf.reshape in Tensorflow

TensorFlow is an open source platform for machine learning. The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by overflowing the number of elements in a tensor. This issue has been patched in GitHub commit 61f0f9b94df8c0411f0ad0ecc2fec2d3f3c33555. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-33251
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.38% / 30.25%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 07:38
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reachable assertion in Modem

Transient DOS due to reachable assertion in Modem because of invalid network configuration.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3991_firmwarewsa8830sm7325-ae_firmware315_5g_iot_modem_firmwareqca8337wcn785x-5qca6431_firmwarewcd9360_firmwaresm7250-ac_firmwareqca6595au_firmwareqca6390_firmwaresnapdragon_x70_modem-rf_systemsm8350wcd9370qca6426wcn685x-1sm7350-ab_firmwaresm8450sm4375wcn3998sm8250-abwcd9385_firmwareqcn6024_firmwaresm6375_firmwaresm7325-afsm7325-aesnapdragon_x55_5g_modem-rf_systemqca6574au_firmwaresdx55_firmwareqca6595auwcn3998_firmwareqca8081_firmwaresm7325-af_firmwaresm7250p_firmwarewcd9375_firmwarewcd9360qca6436_firmwaresm4350-acsnapdragon_auto_5g_modem-rf_firmwaresnapdragon_x65_5g_modem-rf_system_firmwaresnapdragon_x70_modem-rf_system_firmwareqcs6490qca6698aqqcs8550_firmwaresm8250_firmwaresm7250-ab_firmwaresm8250-acwcn3988_firmware315_5g_iot_modemqca6421sm7250-aawsa8810_firmwaresm4375_firmwaresm8450_firmwareqca6436qca8081qca6698aq_firmwarewcn685x-1_firmwarewcd9385sm8150_firmwaresxr2130_firmwarewcd9341qca6431qca6696_firmwareqcs6490_firmwareqca6390ar8035sm4350_firmwarewcd9375sm8250-ac_firmwarewsa8830_firmwaresd855_firmwaresd865_5g_firmwaresm7225_firmwaresnapdragon_7c\+_gen_3_compute_firmwareqcm6490sm8150wcn3988wsa8815_firmwarewsa8835_firmwaresm7350-absm8475wcn6750_firmwarewcn785x-1sm6375wcn3991qca8337_firmwarewcd9380_firmwaresd865_5gsm8350-ac_firmwaresm8150-acwsa8835snapdragon_7c\+_gen_3_computesnapdragon_auto_5g_modem-rfwcd9380sxr2130qca6574awcn685x-5_firmwaresm7325psm7325wcn6750sm7225sm7250-absd855wsa8815sm7325p_firmwaresdx57m_firmwaresnapdragon_xr2_5g_platform_firmwareqca6426_firmwareqca6574a_firmwareqcn9024wcn785x-5_firmwaresnapdragon_x55_5g_modem-rf_system_firmwaresm8250-ab_firmwareqca6391qca6421_firmwaresm6350sm8475_firmwarewcn6740_firmwaresnapdragon_xr2_5g_platformsnapdragon_x65_5g_modem-rf_systemqcm6490_firmwaresm8350_firmwarewcn685x-5sm6350_firmwarewcn785x-1_firmwareqca6574auqcn9024_firmwaresdx57mwcd9341_firmwarewsa8810sm7250-aa_firmwaresm7250-acsm8150-ac_firmwaresm8350-acwcn6740qca6696qca6391_firmwareqcs8550sm4350wcd9370_firmwaresm4350-ac_firmwaresdx55sm8250qcn6024sm7250par8035_firmwaresm7325_firmwareSnapdragon
CWE ID-CWE-617
Reachable Assertion
CVE-2022-33244
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.41% / 32.57%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 04:43
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reachable assertion in Modem

Transient DOS due to reachable assertion in modem during MIB reception and SIB timeout

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3991_firmwarewcn3991wsa8830qca8337_firmwarewcd9380_firmwaresd780gqca8337wcn6856_firmwaresnapdragon_4_gen_1_firmwaresdx65wsa8835wcd9380sd888_5gwcd9370wcn6855_firmwaresm7325pwcn6750wcn3998wcd9385_firmwareqcn6024_firmwaresa515msd_8_gen1_5g_firmwarewsa8815sm7325p_firmwarewcn6850sdx57m_firmwarewcn7850sd695qcn9024wcd9375_firmwareqca8081_firmwarewcn3998_firmwareqca6391wcn6740_firmwaresd778gsdx65_firmwaresa515m_firmwareqcs6490wcn7851qcm6490_firmwaresd480_firmwarewcn6851_firmwarewcn3988_firmwaresd778g_firmwareqcn9024_firmwarewsa8810_firmwaresdx57msd480wsa8810wcn6855wcn6851qca8081wcn7851_firmwarewcn6856wcd9385sd695_firmwareqcs6490_firmwarewcn6740sdx70m_firmwareqca6391_firmwarear8035wcd9375sd780g_firmwarewcd9370_firmwarewsa8830_firmwareqcn6024sdx70msnapdragon_4_gen_1qcm6490sd888_5g_firmwarewsa8835_firmwarewcn3988wcn6850_firmwarewcn7850_firmwarewsa8815_firmwaresm8475wcn6750_firmwarear8035_firmwareSnapdragonwcn6740_firmwarewcn3991_firmwareqca8337_firmwarewcd9380_firmwaresdx65_firmwaresa515m_firmwareqcm6490_firmwaresd480_firmwarewcn6851_firmwarewcn6856_firmwaresnapdragon_4_gen_1_firmwarewcn3988_firmwaresd778g_firmwareqcn9024_firmwarewsa8810_firmwarewcn7851_firmwarewcn6855_firmwaresd695_firmwareqcs6490_firmwaresdx70m_firmwareqca6391_firmwarewcd9385_firmwareqcn6024_firmwaresd780g_firmwarewcd9370_firmwaresd_8_gen1_5g_firmwaresm7325p_firmwarewsa8830_firmwaresdx57m_firmwarewsa8815_firmwaresd888_5g_firmwarewcn6850_firmwarewcn7850_firmwarewsa8835_firmwarewcd9375_firmwareqca8081_firmwarewcn3998_firmwarewcn6750_firmwarear8035_firmware
CWE ID-CWE-617
Reachable Assertion
CVE-2022-33254
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.41% / 32.57%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 04:43
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reachable assertion in Modem

Transient DOS due to reachable assertion in Modem while processing SIB1 Message.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3991_firmwarewsa8830qca8337qca6431_firmwaresnapdragon_4_gen_1_firmwaresdx65sd765g_firmwareqca6595au_firmwareqca6390_firmwaresd690_5gwcd9370qca6426wcn3998wcd9385_firmwaresdxr2_5g_firmwareqcn6024_firmwaresd_8_gen1_5g_firmwarewcn7850qca6574au_firmwaresdx55_firmwareqca6595auqca8081_firmwarewcd9375_firmwarewcn3998_firmwaresm7250p_firmwareqca6436_firmwaresd778gsa515m_firmwareqcs6490wcn7851sdxr2_5gwcn3988_firmwareqca6421sd778g_firmwarewsa8810_firmwaresd765gsd765_firmwareqca6436wcn6851qca8081wcn7851_firmwarewcd9385wcd9341qca6431qca6696_firmwareqcs6490_firmwaresd750gsd870_firmwaresdx70m_firmwareqca6390ar8035sd750g_firmwareaqt1000wcd9375wsa8830_firmwaresd855_firmwaresd865_5g_firmwaresnapdragon_4_gen_1qcm6490sd888_5g_firmwarewcn3988wcn6850_firmwarewcn7850_firmwarewsa8815_firmwarewsa8835_firmwareqcx315sm8475wcn6750_firmwarewcn3991qca8337_firmwarewcd9380_firmwaresd780gsd865_5gsdx55m_firmwarewcn6856_firmwarewsa8835qcx315_firmwarewcd9380sd888_5gqca6574asd690_5g_firmwaresdx50m_firmwarewcn6855_firmwaresm7325pwcn6750sa515msd855wsa8815sm7325p_firmwarewcn6850sdx57m_firmwaresd765qca6426_firmwareqca6574a_firmwaresd695sd768g_firmwareqcn9024qca6391sdx55mqca6421_firmwareaqt1000_firmwarewcn6740_firmwaresdx65_firmwareqcm6490_firmwaresdx50msd480_firmwarewcn6851_firmwareqca6574auqcn9024_firmwaresdx57mwcd9341_firmwaresd480sd870wsa8810wcn6855wcn6856sd695_firmwaresd768gwcn6740qca6696qca6391_firmwaresd780g_firmwarewcd9370_firmwaresdx55qcn6024sdx70msm7250par8035_firmwareSnapdragonwcn3991_firmwareqca8337_firmwarewcd9380_firmwareqca6431_firmwaresdx55m_firmwarewcn6856_firmwaresnapdragon_4_gen_1_firmwareqcx315_firmwaresd765g_firmwareqca6595au_firmwareqca6390_firmwaresd690_5g_firmwaresdx50m_firmwarewcn6855_firmwarewcd9385_firmwaresdxr2_5g_firmwareqcn6024_firmwaresd_8_gen1_5g_firmwaresm7325p_firmwaresdx57m_firmwareqca6426_firmwareqca6574a_firmwareqca6574au_firmwaresd768g_firmwaresdx55_firmwarewcd9375_firmwareqca8081_firmwarewcn3998_firmwaresm7250p_firmwareqca6436_firmwareqca6421_firmwareaqt1000_firmwarewcn6740_firmwaresdx65_firmwaresa515m_firmwareqcm6490_firmwaresd480_firmwarewcn6851_firmwarewcn3988_firmwaresd778g_firmwareqcn9024_firmwarewsa8810_firmwarewcd9341_firmwaresd765_firmwarewcn7851_firmwaresd695_firmwareqca6696_firmwareqcs6490_firmwaresd870_firmwaresdx70m_firmwareqca6391_firmwaresd750g_firmwaresd780g_firmwarewcd9370_firmwarewsa8830_firmwaresd855_firmwaresd865_5g_firmwarewsa8815_firmwaresd888_5g_firmwarewsa8835_firmwarewcn6850_firmwarewcn7850_firmwarewcn6750_firmwarear8035_firmware
CWE ID-CWE-617
Reachable Assertion
CVE-2022-33250
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.41% / 32.57%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 04:43
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reachable assertion in Modem

Transient DOS due to reachable assertion in modem when network repeatedly sent invalid message container for NR to LTE handover.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3991_firmwarewsa8830qca8337qca6431_firmwaresnapdragon_4_gen_1_firmwarewcd9360_firmwaresdx65sd765g_firmwareqca6595au_firmwareqca6390_firmwaresd690_5gwcd9370qca6426wcn3998wcd9385_firmwaresdxr2_5g_firmwareqcn6024_firmwaresd_8_gen1_5g_firmwaresm7315_firmwarewcn7850qca6574au_firmwaresdx55_firmwareqca6595auqca8081_firmwarewcd9375_firmwarewcn3998_firmwaresm7250p_firmwarewcd9360qca6436_firmwaresd778gsa515m_firmwareqcs6490wcn7851sdxr2_5gwcn3988_firmwareqca6421sd778g_firmwarewsa8810_firmwaresd765gsd765_firmwareqca6436wcn6851qca8081wcn7851_firmwarewcd9385wcd9341qca6431qca6696_firmwareqcs6490_firmwaresd750gsd870_firmwaresdx70m_firmwareqca6390ar8035sd750g_firmwarewcd9375wsa8830_firmwaresd855_firmwaresd865_5g_firmwaresnapdragon_4_gen_1qcm6490sd888_5g_firmwarewcn3988wcn6850_firmwarewcn7850_firmwarewsa8815_firmwarewsa8835_firmwareqcx315sm8475wcn6750_firmwarewcn3991qca8337_firmwarewcd9380_firmwaresd780gsd865_5gsdx55m_firmwarewcn6856_firmwaresd888wsa8835qcx315_firmwarewcd9380sd888_5gqca6574asd690_5g_firmwarewcn6855_firmwaresm7325pwcn6750sa515msd855wsa8815sm7325p_firmwarewcn6850sdx57m_firmwaresd765qca6426_firmwareqca6574a_firmwaresd695sd768g_firmwareqcn9024sm7315qca6391sdx55mqca6421_firmwarewcn6740_firmwaresdx65_firmwareqcm6490_firmwaresd480_firmwarewcn6851_firmwareqca6574auqcn9024_firmwaresdx57mwcd9341_firmwaresd480sd870wsa8810wcn6855wcn6856sd695_firmwaresd768gwcn6740qca6696qca6391_firmwaresd780g_firmwarewcd9370_firmwaresdx55sd888_firmwareqcn6024sdx70msm7250par8035_firmwareSnapdragonwcn3991_firmwareqca8337_firmwarewcd9380_firmwareqca6431_firmwaresdx55m_firmwarewcn6856_firmwaresnapdragon_4_gen_1_firmwarewcd9360_firmwareqcx315_firmwaresd765g_firmwareqca6595au_firmwareqca6390_firmwaresd690_5g_firmwarewcn6855_firmwarewcd9385_firmwaresdxr2_5g_firmwareqcn6024_firmwaresd_8_gen1_5g_firmwaresm7325p_firmwaresdx57m_firmwareqca6426_firmwaresm7315_firmwareqca6574a_firmwareqca6574au_firmwaresd768g_firmwaresdx55_firmwarewcd9375_firmwareqca8081_firmwarewcn3998_firmwaresm7250p_firmwareqca6436_firmwareqca6421_firmwarewcn6740_firmwaresdx65_firmwaresa515m_firmwareqcm6490_firmwaresd480_firmwarewcn6851_firmwarewcn3988_firmwaresd778g_firmwareqcn9024_firmwarewsa8810_firmwarewcd9341_firmwaresd765_firmwarewcn7851_firmwaresd695_firmwareqca6696_firmwareqcs6490_firmwaresd870_firmwaresdx70m_firmwareqca6391_firmwaresd750g_firmwaresd780g_firmwarewcd9370_firmwaresd888_firmwarewsa8830_firmwaresd855_firmwaresd865_5g_firmwarewsa8815_firmwaresd888_5g_firmwarewsa8835_firmwarewcn6850_firmwarewcn7850_firmwarewcn6750_firmwarear8035_firmware
CWE ID-CWE-617
Reachable Assertion
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found