ByteOS

Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear

Product

Versions

Affected

IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016

Problem Types

Type	CWE ID	Description
text	N/A	Buffer Copy Without Checking Size of Input in Crypto

Type: text

CWE ID: N/A

Description: Buffer Copy Without Checking Size of Input in Crypto

References

Hyperlink	Resource
https://www.qualcomm.com/company/product-security/bulletins	x_refsource_CONFIRM
http://www.securityfocus.com/bid/106128	vdb-entry x_refsource_BID

Hyperlink: https://www.qualcomm.com/company/product-security/bulletins

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.securityfocus.com/bid/106128

Resource:

vdb-entry

x_refsource_BID

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://www.qualcomm.com/company/product-security/bulletins	x_refsource_CONFIRM x_transferred
http://www.securityfocus.com/bid/106128	vdb-entry x_refsource_BID x_transferred

Hyperlink: https://www.qualcomm.com/company/product-security/bulletins

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://www.securityfocus.com/bid/106128

Resource:

vdb-entry

x_refsource_BID

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:product-security@qualcomm.com

Published At:03 Jan, 2019 | 15:29

Updated At:03 Oct, 2019 | 00:03

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	7.8	HIGH	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C

Type: Primary

Version: 3.0

Base score: 7.8

Base severity: HIGH

Vector:

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 7.2

Base severity: HIGH

Vector:

AV:L/AC:L/Au:N/C:C/I:C/A:C

CPE Matches

cpe:2.3:o:qualcomm:ipq8074_firmware:-:*:*:*:*:*:*:*

>>ipq8074_firmware>>-

cpe:2.3:h:qualcomm:ipq8074:-:*:*:*:*:*:*:*

>>ipq8074>>-

cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*

>>mdm9206_firmware>>-

cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*

>>mdm9206>>-

cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*

>>mdm9607_firmware>>-

cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*

>>mdm9607>>-

cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*

>>mdm9635m_firmware>>-

cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*

>>mdm9635m>>-

cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*

>>mdm9640_firmware>>-

cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*

>>mdm9640>>-

cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*

>>mdm9650_firmware>>-

cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*

>>mdm9650>>-

cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*

>>mdm9655_firmware>>-

cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:*

>>mdm9655>>-

cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*

>>msm8909w_firmware>>-

cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*

>>msm8909w>>-

cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*

>>msm8996au_firmware>>-

cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*

>>msm8996au>>-

cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*

>>sd_210_firmware>>-

cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*

>>sd_210>>-

cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*

>>sd_212_firmware>>-

cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*

>>sd_212>>-

cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*

>>sd_205_firmware>>-

cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*

>>sd_205>>-

cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*

>>sd_410_firmware>>-

cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*

>>sd_410>>-

cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*

>>sd_412_firmware>>-

cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*

>>sd_412>>-

cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*

>>sd_425_firmware>>-

cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*

>>sd_425>>-

cpe:2.3:o:qualcomm:sd_427_firmware:-:*:*:*:*:*:*:*

>>sd_427_firmware>>-

cpe:2.3:h:qualcomm:sd_427:-:*:*:*:*:*:*:*

>>sd_427>>-

cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*

>>sd_430_firmware>>-

cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*

>>sd_430>>-

cpe:2.3:o:qualcomm:sd_435_firmware:-:*:*:*:*:*:*:*

>>sd_435_firmware>>-

cpe:2.3:h:qualcomm:sd_435:-:*:*:*:*:*:*:*

>>sd_435>>-

cpe:2.3:o:qualcomm:sd_439_firmware:-:*:*:*:*:*:*:*

>>sd_439_firmware>>-

cpe:2.3:h:qualcomm:sd_439:-:*:*:*:*:*:*:*

>>sd_439>>-

cpe:2.3:o:qualcomm:sd_429_firmware:-:*:*:*:*:*:*:*

>>sd_429_firmware>>-

cpe:2.3:h:qualcomm:sd_429:-:*:*:*:*:*:*:*

>>sd_429>>-

cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*

>>sd_450_firmware>>-

cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*

>>sd_450>>-

cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*

>>sd_615_firmware>>-

cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*

>>sd_615>>-

cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*

>>sd_616_firmware>>-

cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*

>>sd_616>>-

cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*

>>sd_415_firmware>>-

cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*

>>sd_415>>-

cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*

>>sd_625_firmware>>-

cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*

>>sd_625>>-

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.securityfocus.com/bid/106128	product-security@qualcomm.com	Third Party Advisory VDB Entry
https://www.qualcomm.com/company/product-security/bulletins	product-security@qualcomm.com	Vendor Advisory

Hyperlink: http://www.securityfocus.com/bid/106128

Source: product-security@qualcomm.com

Resource:

Third Party Advisory

VDB Entry

Hyperlink: https://www.qualcomm.com/company/product-security/bulletins

Source: product-security@qualcomm.com

Resource:

Vendor Advisory

Similar CVEs

577Records found

CVE-2017-9702

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.02% / 2.41%

7 Day CHG~0.00%

Published-16 Nov, 2017 | 22:00

Updated-20 Apr, 2025 | 01:37

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a user-space pointer is directly accessed in a camera driver.

Vendor-Google LLC Qualcomm Technologies, Inc.

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CVE-2017-9723

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.02% / 2.41%

7 Day CHG~0.00%

Published-30 Mar, 2018 | 21:00

Updated-16 Sep, 2024 | 17:34

The touchscreen driver synaptics_dsx in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-06-05, the size of a stack-allocated buffer can be set to a value which exceeds the size of the stack.

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2017-9710

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.02% / 2.74%

7 Day CHG~0.00%

Published-05 Dec, 2017 | 17:00

Updated-20 Apr, 2025 | 01:37

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, IOCTL interface to send QMI NOTIFY REQ messages can be called from multiple contexts which can result in buffer overflow of msg cache.

Vendor-Google LLC Qualcomm Technologies, Inc.

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2017-9690

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.05% / 14.90%

7 Day CHG~0.00%

Published-16 Nov, 2017 | 22:00

Updated-20 Apr, 2025 | 01:37

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a qbt1000 ioctl handler, an incorrect buffer size check has an integer overflow vulnerability potentially leading to a buffer overflow.

Vendor-Google LLC Qualcomm Technologies, Inc.

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-190

Integer Overflow or Wraparound

CVE-2022-22068

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-8.4||HIGH

EPSS-0.04% / 9.63%

7 Day CHG~0.00%

Published-14 Jun, 2022 | 09:51

Updated-03 Aug, 2024 | 03:00

kernel event may contain unexpected content which is not generated by NPU software in asynchronous execution mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Product-qca9377_firmware wcn3991_firmware mdm9150_firmware wsa8830 sd678 sm6250p_firmware wcn3998_firmware qcs610 qcs2290_firmware qca8337 wcd9360_firmware sdx65 csra6620 qcs4290 wcn3950_firmware sd765g_firmware qca6420_firmware qca6595au_firmware qcs2290 qca6390_firmware sa6155 sd690_5g sd730_firmware wcd9370 csra6620_firmware sd_675_firmware sd675_firmware csra6640_firmware qca6564 qca6426 wcn3990_firmware qrb5165n_firmware qca9377 sa415m wcn3998 wcd9371_firmware wcd9385_firmware sdxr2_5g_firmware wcn3950 sm4125 sd720g wcd9326_firmware wcn3615_firmware wcn3660b sd662 sd460_firmware sa8155 sm7315_firmware wcn7850 qca6574au_firmware sdx55_firmware wcn3680b_firmware qca6595au qca8081_firmware sa6155_firmware sdx12_firmware sm7250p_firmware wcd9375_firmware wcn3615 qca6420 qca6436_firmware apq8053_firmware qrb5165n wcd9360 qca6564au_firmware sd680_firmware sa6155p_firmware sd778g wcn3999 sa515m_firmware wcn7851 qrb5165_firmware qrb5165m_firmware sdxr2_5g sa8155_firmware sd662_firmware sa415m_firmware qcs405 qca6430 wcn3988_firmware sa6145p_firmware sm6250 sd778g_firmware sa8195p wsa8810_firmware qualcomm215_firmware sd765g sw5100 sd765_firmware qca6436 sd680 wcd9326 sa6155p wcd9335 wcn6851 qca8081 wcn7851_firmware qca6174a_firmware qcs4290_firmware wcd9385 wcd9341 qca6696_firmware wcd9371 sd750g sd870_firmware ar8035 qca6390 sd750g_firmware aqt1000 wcd9375 wcn3910_firmware sm6250_firmware msm8953_firmware wsa8830_firmware sd855_firmware sd660 sd865_5g_firmware wcn3988 sd888_5g_firmware wcn6850_firmware sd660_firmware wcn7850_firmware wsa8815_firmware sa8195p_firmware wsa8835_firmware qca6564a wcn6750_firmware qcm2290_firmware wcn3991 qca8337_firmware wcd9380_firmware wcn3990 sd_675 sw5100p sd780g sd865_5g qca6564au sdx55m_firmware wcn6856_firmware sd888 wsa8835 qca6574 sd665_firmware wcd9380 sd888_5g sm6250p wcn3999_firmware qualcomm215 qcs410 qca6574a sd690_5g_firmware sdx50m_firmware wcn6855_firmware qca6174a sm7325p qca6430_firmware wcd9335_firmware wcn3980 sd439_firmware wcn6750 sa515m qca6574_firmware sd855 sm4125_firmware sm7325p_firmware sd665 wcn3910 wcn6850 wsa8815 sd765 qca6426_firmware wcn3660b_firmware qca6574a_firmware sd695 sd768g_firmware qrb5165m wcn3980_firmware sm7315 sd460 qca6391 sd730 sdx55m aqt1000_firmware wcn6740_firmware msm8953 sdx65_firmware sd678_firmware ar8031_firmware qcm4290 sdx50m qrb5165 sd480_firmware wcn6851_firmware qca6574au sa8155p_firmware qca6564a_firmware wcd9341_firmware qcm4290_firmware sd480 sd870 wcn6855 wsa8810 sw5100p_firmware qcs610_firmware mdm9150 wcn6856 sa6145p wcn3680b qca6564_firmware sd695_firmware sd768g ar8031 qcs405_firmware wcn6740 qca6696 qca6391_firmware sd780g_firmware wcd9370_firmware sdx55 sd888_firmware apq8053 sa8155p csra6640 sd675 sd439 sm7250p sd720g_firmware sdx12 sw5100_firmware qcs410_firmware ar8035_firmware qcm2290 Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CWE ID-CWE-416

Use After Free

CVE-2022-22072

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.03% / 8.46%

7 Day CHG~0.00%

Published-14 Jun, 2022 | 09:51

Updated-03 Aug, 2024 | 03:00

Buffer overflow can occur due to improper validation of NDP application information length in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

Product-qca9377_firmware mdm9150_firmware wcn3990 wcd9330 qca6564au sdx24 mdm9628_firmware mdm9650 csra6620 sd670_firmware qca6574 mdm9250 apq8009_firmware qca6335 csra6620_firmware qcs605_firmware qca6574a mdm9206 csra6640_firmware qca9379_firmware qca6174a sdx24_firmware wcn3990_firmware qca6310_firmware wcd9335_firmware qca9377 wcn3980 wcn3998 qca6335_firmware wcd9326_firmware mdm9628 wcn3615_firmware mdm9206_firmware sa515m qca6574_firmware qcs605 wcn3660b wcd9340_firmware wsa8815 sd710_firmware qca6320 msm8937_firmware mdm9650_firmware qca6175a qca4020 wcn3660b_firmware qca6320_firmware qca6574a_firmware qca6574au_firmware wcn3680b_firmware sd835 wcn3615 sdx12_firmware wcn3998_firmware wcn3999_firmware wcn3980_firmware apq8009 wcn3610_firmware sdxr1_firmware apq8053_firmware wcd9330_firmware qca6564au_firmware qca6310 qca9367_firmware pm8937 mdm9626 wcn3999 sa515m_firmware ar8031_firmware qca9367 sdx20 qcs603 mdm9607_firmware qcs405 mdm9626_firmware qca6574au sd710 mdm9607 sd670 wcd9340 qca6564a_firmware apq8017_firmware wsa8810_firmware wcd9341_firmware wsa8810 qca4020_firmware wcd9326 wcd9335 qcs603_firmware mdm9150 msm8937 wcn3680b sd835_firmware qca6174a_firmware mdm9250_firmware wcd9341 sdxr1 pm8937_firmware apq8096au ar8031 qcs405_firmware sd820_firmware sd845_firmware apq8053 apq8096au_firmware csra6640 sd845 sd820 sdx20_firmware wsa8815_firmware sdx12 apq8017 qca6564a qca9379 qca6175a_firmware wcn3610 Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

CWE ID-CWE-1284

Improper Validation of Specified Quantity in Input

CVE-2022-22084

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-8.4||HIGH

EPSS-0.12% / 31.52%

7 Day CHG~0.00%

Published-14 Jun, 2022 | 09:40

Updated-03 Aug, 2024 | 03:00

Memory corruption when extracting qcp audio file due to lack of check on data length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Product-qca9377_firmware sm6250p_firmware qcs610 sdx65 wcn3950_firmware qcs2290 qca6595au_firmware sa6155 qca6335 msm8917 csra6620_firmware qcs605_firmware sd_675_firmware csra6640_firmware sd632 wcn3998 wcd9371_firmware wcn3950 sm4125 mdm9628 sd720g mdm9206_firmware sd_8_gen1_5g_firmware wcn3660b sd450_firmware sd710_firmware sd460_firmware qca4020 sm7315_firmware wcn7850 qca6574au_firmware wcd9375_firmware wcn3998_firmware sa6155_firmware msm8909w apq8009w_firmware qca6420 apq8053_firmware sm7450_firmware sd680_firmware qca9367_firmware wcn3999 sa8155_firmware sd662_firmware qcs405 qca6430 wcd9340 qualcomm215_firmware sd765g sw5100 qca4020_firmware qca6436 sd680 sa6155p wcn6851 qcs603_firmware wcn7851_firmware msm8937 mdm9250_firmware wcn3660_firmware wcd9341 pm8937_firmware qca6696_firmware wcd9371 sd750g sd870_firmware wcn3910_firmware wsa8830_firmware sd855_firmware sd660 sd865_5g_firmware wcn3988 sd660_firmware wcn7850_firmware sa8195p_firmware sm8475 wcn6750_firmware sd450 wcn3610 wcn3991 wcd9380_firmware sdm429w msm8996au_firmware sw5100p wcd9330 qca6564au sdx55m_firmware wcn6856_firmware sd670_firmware qca6574 sd632_firmware wcd9380 qualcomm215 qcs410 sd690_5g_firmware sdx50m_firmware qca9379_firmware qca6430_firmware wcd9335_firmware wcn3980 sd439_firmware qca6335_firmware qcs605 wcd9340_firmware wsa8815 wcn6850 wcn3910 qca6320 msm8937_firmware mdm9650_firmware qca6426_firmware wcn3660b_firmware wcn3680 sd835 wcn3980_firmware sd730 wcd9330_firmware sdx55m sm8475_firmware wcn6740_firmware msm8953 sd678_firmware ar8031_firmware wcn3680_firmware wcn6851_firmware qcs603 sd_636_firmware sd670 qca6564a_firmware apq8009w qcm4290_firmware sd480 sd870 wcn6855 wsa8832 sw5100p_firmware qcs610_firmware sa6145p sdxr1 apq8096au ar8031 qcs405_firmware sdm630_firmware sd820_firmware qca6391_firmware sd780g_firmware wcd9370_firmware sdx55 sd888_firmware apq8053 sa8155p csra6640 sd675 sd439 wcn3660 sm8475p_firmware qca9379 qcm2290 wcn3991_firmware wsa8830 sd678 qcs2290_firmware mdm9628_firmware mdm9650 sd_636 csra6620 qcs4290 mdm9250 sd765g_firmware qca6420_firmware qca6390_firmware apq8009_firmware sd690_5g sd730_firmware wcd9370 sd675_firmware qca6564 qca6426 wcn3990_firmware qca9377 sdw2500_firmware wcd9385_firmware sdxr2_5g_firmware wcd9326_firmware wcn3615_firmware sd662 sa8155 qca6320_firmware wcn3680b_firmware sdx55_firmware qca6595au wcn3615 wcn3999_firmware sm7250p_firmware wcn3610_firmware qca6436_firmware qca6564au_firmware sd778g sa6155p_firmware qca6310 pm8937 wcn7851 qcs6490 sd429 sdxr2_5g qca9367 sdm630 mdm9607_firmware wcn3988_firmware sa6145p_firmware sd429_firmware sm6250 sd778g_firmware sa8195p apq8017_firmware wsa8810_firmware sd765_firmware wcd9326 wcd9335 qca6174a_firmware qcs4290_firmware wcd9385 qcs6490_firmware qca6390 wcd9375 sd750g_firmware aqt1000 sm6250_firmware msm8953_firmware msm8917_firmware wcn3620_firmware sd820 qcm6490 sd888_5g_firmware wsa8835_firmware sdx20_firmware wcn3620 wcn6850_firmware wsa8815_firmware sm7450 apq8017 qca6564a qcm2290_firmware wcn3990 sd_675 sd780g sd865_5g sd888 msm8909w_firmware wsa8835 msm8996au sdm429w_firmware sd888_5g sm6250p qca6574a mdm9206 wcn6855_firmware qca6174a sm7325p qca6310_firmware wcn6750 qca6574_firmware sd855 sm4125_firmware sm7325p_firmware sd765 qca6574a_firmware sd768g_firmware sm7315 apq8009 qca6391 sd460 sdxr1_firmware aqt1000_firmware sdx65_firmware mdm9626 qcm4290 qcm6490_firmware sdx50m wsa8832_firmware sdx20 sd480_firmware mdm9626_firmware qca6574au sa8155p_firmware sd710 mdm9607 wcd9341_firmware wsa8810 wcn6856 wcn3680b sd835_firmware qca6564_firmware sd768g wcn6740 qca6696 sd845_firmware sdw2500 apq8096au_firmware sd845 sm7250p sd720g_firmware sw5100_firmware qcs410_firmware sm8475p Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CWE ID-CWE-787

Out-of-bounds Write

CVE-2020-3616

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.03% / 8.46%

7 Day CHG~0.00%

Published-02 Jun, 2020 | 15:05

Updated-04 Aug, 2024 | 07:37

Buffer overflow in display function due to memory copy without checking length of size using strcpy function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8909W, MSM8917, MSM8953, MSM8996AU, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SM6150, SM7150, SM8150

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2022-22071

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-8.4||HIGH

EPSS-0.81% / 73.28%

7 Day CHG~0.00%

Published-14 Jun, 2022 | 09:51

Updated-30 Jul, 2025 | 01:37

Known KEV||Action Due Date - 2023-12-26||Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

Product-ar8031 qcm2290_firmware sd778g sd855_firmware wcn6851 wcn6850_firmware sd855 wcn3988_firmware sa6155p qcs2290 wcn3999_firmware qca6436 qcs4290_firmware csra6620 sd765_firmware wcn3980_firmware sd690_5g wcd9335 qrb5165 qca6595au sm7250p sd780g csra6620_firmware msm8953 qca6574au_firmware sd750g sdx55_firmware qca6696 wcd9380 apq8053 qcs405 sm4125_firmware ar8031_firmware wsa8830_firmware wsa8815 qcm4290 wsa8810 wcn3615_firmware sd662 qca6391 qca6391_firmware qca6436_firmware wcn6750 wcn6856_firmware wcn7850 qca8081_firmware qcm4290_firmware sdx55m qrb5165m_firmware sm7250p_firmware sd662_firmware qca6390_firmware qrb5165_firmware wcn3910 qca6426_firmware wcn3910_firmware sd439_firmware qca6574au wcn3999 qca6696_firmware mdm9150_firmware sdxr2_5g_firmware qcs410_firmware sdxr2_5g qca6595au_firmware sd750g_firmware qca6426 wcn3991_firmware sd765g sm4125 wcn3950_firmware wcn6855 sd865_5g sa8195p_firmware qcs6490_firmware qcs410 sdx55m_firmware wcd9326 sa8195p sd439 sd765 csra6640 qca6574 qrb5165n_firmware wcn3998 wsa8830 wcn3980 wsa8835_firmware qca6174a wsa8835 sd865_5g_firmware wcn6740_firmware wcn3680b_firmware wcn7851_firmware wcd9370_firmware wcn3988 sd460 wcn6850 sd765g_firmware sd680 wcn3660b wcn6855_firmware qca6574a_firmware wcd9341_firmware wcd9375_firmware sa6155p_firmware sd768g wcn3950 wcn7851 sdx65 sd870 wcn3998_firmware ar8035_firmware qcs6490 sd870_firmware sd888_5g qca8337_firmware qcm2290 qcs2290_firmware qca9377 qca6390 sd480_firmware sdx12 wcd9380_firmware qcs610 qca6574a csra6640_firmware wcd9335_firmware wcd9375 qca8337 sd690_5g_firmware sm7325p_firmware sdx12_firmware qcm6490 wcn3615 sd768g_firmware qcm6490_firmware qualcomm215 qca8081 sd695 wsa8810_firmware msm8953_firmware mdm9150 qca9377_firmware qcs405_firmware sd680_firmware sdx55 qrb5165n apq8053_firmware wcn3991 wcn3680b qrb5165m sa8155p wcn6851_firmware wcn6856 sd460_firmware wcd9370 sd480 qcs610_firmware wcn6740 qualcomm215_firmware ar8035 sm7325p wcd9341 wcn6750_firmware wcn3660b_firmware wcd9326_firmware qca6574_firmware sa8155p_firmware wcd9385_firmware sd780g_firmware sd695_firmware sd778g_firmware wcd9385 sd888_5g_firmware sdx65_firmware qcs4290 qca6174a_firmware wcn7850_firmware wsa8815_firmware Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music Multiple Chipsets

CWE ID-CWE-416

Use After Free

CVE-2022-22082

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-8.4||HIGH

EPSS-0.12% / 32.25%

7 Day CHG~0.00%

Published-14 Jun, 2022 | 09:40

Updated-03 Aug, 2024 | 03:00

Memory corruption due to possible buffer overflow while parsing DSF header with corrupted channel count in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2022-22103

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 10.46%

7 Day CHG~0.00%

Published-14 Jun, 2022 | 09:41

Updated-03 Aug, 2024 | 03:00

Memory corruption in multimedia driver due to double free while processing data from user in Snapdragon Auto

Product-sa8540p sa9000p sa8540p_firmware sa9000p_firmware Snapdragon Auto

CWE ID-CWE-415

Double Free

CVE-2022-22090

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-8.4||HIGH

EPSS-0.04% / 12.29%

7 Day CHG~0.00%

Published-14 Jun, 2022 | 09:40

Updated-03 Aug, 2024 | 03:00

Memory corruption in audio due to use after free while managing buffers from internal cache in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

CWE ID-CWE-416

Use After Free

CVE-2020-3623

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.03% / 7.75%

7 Day CHG~0.00%

Published-02 Jun, 2020 | 15:05

Updated-04 Aug, 2024 | 07:37

kernel failure due to load failures while running v1 path directly via kernel in Snapdragon Mobile in SM8250, SXR2130

Product-sm8250 sxr2130 sm8250_firmware sxr2130_firmware Snapdragon Mobile

CWE ID-CWE-20

Improper Input Validation

CVE-2020-3613

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.10% / 28.55%

7 Day CHG~0.00%

Published-22 Jun, 2020 | 07:10

Updated-04 Aug, 2024 | 07:37

Double free issue in kernel memory mapping due to lack of memory protection mechanism in Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice & Music in SM8150

Product-sm8150 sm8150_firmware Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice & Music

CWE ID-CWE-415

Double Free

CVE-2020-3656

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.03% / 7.75%

7 Day CHG~0.00%

Published-09 Sep, 2020 | 06:25

Updated-04 Aug, 2024 | 07:44

Out of bound access can happen in MHI command process due to lack of check of command channel id value received from MHI devices in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, Kamorta, MDM9607, MSM8917, MSM8953, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2020-3690

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.03% / 7.75%

7 Day CHG~0.00%

Published-02 Nov, 2020 | 06:21

Updated-04 Aug, 2024 | 07:44

u'Due to an incorrect SMMU configuration, the modem crypto engine can potentially compromise the hypervisor' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Agatti, Bitra, Kamorta, Nicobar, QCA6390, QCS404, QCS605, QCS610, Rennell, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC7180, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

CVE-2020-3666

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.09% / 27.26%

7 Day CHG~0.00%

Published-08 Sep, 2020 | 09:31

Updated-04 Aug, 2024 | 07:44

u'Out of bounds memory access during memory copy while processing Host command' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996AU, MSM8998, QCA6174A, QCA6574, QCA6574AU, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, QCN5500, QCN5502, QCS404, QCS405, QCS605, SA6155P, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SXR1130

Product-qca9377_firmware qcn5500 mdm9640_firmware qca9980_firmware msm8996au_firmware sdm845 sdx24 qca9563_firmware qcs404_firmware mdm9650 qca9558 qca9558_firmware qca6574 msm8996au qca9880_firmware apq8009_firmware sdm670 qcs605_firmware ipq4019_firmware mdm9206 qca9379_firmware qca6174a sdm670_firmware qcs404 sdx24_firmware qca6584au_firmware ipq8074 sdm636 sda845_firmware qca9377 apq8098 ipq6018_firmware mdm9206_firmware qca9563 qca6574_firmware qca9886 qcn5502_firmware qcs605 mdm9650_firmware qca6574au_firmware ipq8064 sxr1130_firmware qca8081_firmware sxr1130 apq8009 apq8053_firmware ipq8064_firmware sda845 sdm850_firmware qca6584au sa6155p_firmware sdm636_firmware sdm845_firmware apq8098_firmware sdx20 msm8998_firmware sdm660 sdm630 mdm9607_firmware qcn5502 qcs405 qca9531 ipq8074_firmware qca6574au sdm710 mdm9607 qca9980 apq8017_firmware sdm710_firmware qca9880 sa6155p qcn5500_firmware qca8081 mdm9207c_firmware ipq6018 mdm9207c qca6174a_firmware qca9886_firmware apq8096au qcs405_firmware sdm630_firmware ipq4019 apq8053 apq8096au_firmware msm8998 sdx20_firmware sdm850 qca9531_firmware apq8017 qca9379 sdm660_firmware mdm9640 Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

CWE ID-CWE-787

Out-of-bounds Write

CVE-2020-3625

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.03% / 7.75%

7 Day CHG~0.00%

Published-02 Jun, 2020 | 15:05

Updated-04 Aug, 2024 | 07:37

When making query to DSP capabilities, Stack out of bounds occurs due to wrong buffer length configured for DSP attributes in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in SM8250, SXR2130

Product-sm8250 sxr2130 sm8250_firmware sxr2130_firmware Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2020-3618

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.03% / 7.75%

7 Day CHG~0.00%

Published-02 Jun, 2020 | 15:05

Updated-04 Aug, 2024 | 07:37

NULL exception due to accessing bad pointer while posting events on RT FIFO in Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, QCA8081, SC8180X, SXR2130

Product-ipq6018 ipq8074_firmware sxr2130_firmware ipq8074 qca8081_firmware ipq6018_firmware qca8081 sxr2130 sc8180x sc8180x_firmware Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

CWE ID-CWE-416

Use After Free

CVE-2020-3640

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.03% / 7.75%

7 Day CHG~0.00%

Published-08 Sep, 2020 | 09:31

Updated-04 Aug, 2024 | 07:37

u'Resizing the usage table header before passing all the checks leads to the function exiting with a usage table in invalid state when a HLOS adversary calls the function with wrong input' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Bitra, Kamorta, QCS404, QCS610, Rennell, Saipan, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130

CWE ID-CWE-131

Incorrect Calculation of Buffer Size

CVE-2020-3632

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.03% / 7.75%

7 Day CHG~0.00%

Published-12 Nov, 2020 | 10:00

Updated-04 Aug, 2024 | 07:37

u'Incorrect validation of ring context fetched from host memory can lead to memory overflow' in Snapdragon Compute, Snapdragon Mobile in QSM8350, SC7180, SDX55, SDX55M, SM6150, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P

CWE ID-CWE-129

Improper Validation of Array Index

CVE-2017-18294

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.05% / 16.17%

7 Day CHG~0.00%

Published-23 Oct, 2018 | 13:00

Updated-05 Aug, 2024 | 21:20

While reading file class type from ELF header, a buffer overread may happen if the ELF file size is less than the size of ELF64 header size in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20.

CWE ID-CWE-125

Out-of-bounds Read

CVE-2017-18158

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 11.01%

7 Day CHG~0.00%

Published-06 Jul, 2018 | 17:00

Updated-16 Sep, 2024 | 23:16

Possible buffer overflows and array out of bounds accesses in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05 while flashing images.

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2017-18320

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 10.07%

7 Day CHG~0.00%

Published-03 Jan, 2019 | 15:00

Updated-05 Aug, 2024 | 21:20

QSEE unload attempt on a 3rd party TEE without previously loading results in a data abort in snapdragon automobile and snapdragon mobile in versions MSM8996AU, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016, SXR1130.

CWE ID-CWE-20

Improper Input Validation

CVE-2017-18295

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.06% / 19.23%

7 Day CHG~0.00%

Published-23 Oct, 2018 | 13:00

Updated-05 Aug, 2024 | 21:20

Possible buffer overflow if input is not null terminated in DSP Service module in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDX20.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2018-13905

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.05% / 15.42%

7 Day CHG~0.00%

Published-25 Feb, 2019 | 23:00

Updated-05 Aug, 2024 | 09:14

KGSL syncsource lock not handled properly during syncsource cleanup can lead to use after free issue in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, QCS605, SD 210/SD 212/SD 205, SD 439 / SD 429, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SD 855, SDM439, SDM660, SDX24.

CWE ID-CWE-416

Use After Free

CVE-2018-13889

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.02% / 3.19%

7 Day CHG~0.00%

Published-11 Feb, 2019 | 15:00

Updated-05 Aug, 2024 | 09:14

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Heap memory was accessed after it was freed

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-416

Use After Free

CVE-2017-18155

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.10% / 28.44%

7 Day CHG~0.00%

Published-12 Jul, 2018 | 14:00

Updated-16 Sep, 2024 | 23:36

While playing HEVC content using HD DMB in Snapdragon Automobile and Snapdragon Mobile in version MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, an uninitialized variable can be used leading to a kernel fault.

Product-sd_625 sd_820_firmware sd_835_firmware msm8996au sd_820 sd_625_firmware sd_450 sd_820a msm8996au_firmware sd_835 sd_450_firmware sd_820a_firmware Snapdragon Automobile, Snapdragon Mobile

CWE ID-CWE-20

Improper Input Validation

CVE-2017-18154

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.01% / 1.61%

7 Day CHG~0.00%

Published-06 Jun, 2018 | 21:00

Updated-17 Sep, 2024 | 03:03

A crafted binder request can cause an arbitrary unmap in MediaServer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2017-18131

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.03% / 8.20%

7 Day CHG~0.00%

Published-06 May, 2019 | 22:19

Updated-05 Aug, 2024 | 21:13

In QTEE, an incorrect fuse value can be blown in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 820, SD 820A, SD 835, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016.

CWE ID-CWE-665

Improper Initialization

CVE-2017-18297

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.05% / 16.17%

7 Day CHG~0.00%

Published-23 Oct, 2018 | 13:00

Updated-05 Aug, 2024 | 21:20

Double memory free while closing TEE SE API Session management in Snapdragon Mobile in version SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820.

Product-sd_652 sd_625 sd_425_firmware sd_820_firmware sd_820 sd_625_firmware sd_450 sd_650 sd_450_firmware sd_652_firmware sd_425 sd_430_firmware sd_430 sd_650_firmware Snapdragon Mobile

CWE ID-CWE-415

Double Free

CVE-2017-18328

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 11.86%

7 Day CHG~0.00%

Published-03 Jan, 2019 | 15:00

Updated-05 Aug, 2024 | 21:20

Use after free in QSH client rule processing in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 820, SD 835, SDA660, SDM630, SDM660, Snapdragon_High_Med_2016.

CWE ID-CWE-416

Use After Free

CVE-2018-13914

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.10% / 28.67%

7 Day CHG~0.00%

Published-25 Feb, 2019 | 23:00

Updated-05 Aug, 2024 | 09:14

Lack of input validation for data received from user space can lead to an out of bound array issue in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in version MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 636, SD 820A, SD 835, SDM630, SDM660, SDX20.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2017-18274

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.03% / 8.46%

7 Day CHG~0.00%

Published-06 May, 2019 | 22:37

Updated-05 Aug, 2024 | 21:13

While iterating through the models contained in a fixed-size array in the actData structure, which also stores an incorrect number of models that is greater than the size of the array, a buffer overflow occurs in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835

CWE ID-CWE-129

Improper Validation of Array Index

CVE-2020-25859

Matching Score-8

Assigner-JFrog

Matching Score-8

Assigner-JFrog

CVSS Score-6.7||MEDIUM

EPSS-0.08% / 24.34%

7 Day CHG~0.00%

Published-15 Oct, 2020 | 15:12

Updated-04 Aug, 2024 | 15:49

The QCMAP_CLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system() call without validating the input, while handling a SetGatewayUrl() request. A local attacker with shell access can pass shell metacharacters and run arbitrary commands. If QCMAP_CLI can be run via sudo or setuid, this also allows elevating privileges to root. This version of QCMAP is used in many kinds of networking devices, primarily mobile hotspots and LTE routers.

Vendor-n/a Qualcomm Technologies, Inc.

Product-qcmap Qualcomm QCMAP

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2017-18124

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.03% / 6.70%

7 Day CHG~0.00%

Published-26 Oct, 2018 | 13:00

Updated-05 Aug, 2024 | 21:13

During secure boot, addition is performed on uint8 ptrs which led to overflow issue in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20

Product-sd_850 mdm9635m_firmware mdm9640_firmware sd_820a msm8996au_firmware mdm9650 sd_615_firmware msm8909w_firmware msm8996au mdm9645 sd_650 sd_820 sd_450_firmware sd_845_firmware sd_410 sd_820a_firmware ipq4019_firmware mdm9206 sd_652 sd_425_firmware sd_800_firmware sd_625_firmware sd_450 mdm9635m sd_845 mdm9206_firmware mdm9640 sd_835_firmware mdm9650_firmware sd_835 sda660 sd_210_firmware sd_415_firmware sd_652_firmware msm8909w sd_616_firmware sd_205_firmware sd_415 sd_650_firmware sd_212 fsm9055 sd_412 sdx20 sd_616 sd_425 sd_430_firmware mdm9607_firmware sd_615 mdm9655_firmware sd_625 sd_210 mdm9607 sd_820_firmware mdm9645_firmware mdm9625_firmware fsm9055_firmware sd_800 sd_617 sd_212_firmware sd_850_firmware mdm9655 sd_412_firmware sda660_firmware mdm9625 sd_430 ipq4019 sd_810 sdx20_firmware sd_410_firmware sd_205 sd_810_firmware sd_617_firmware Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2017-18296

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.05% / 16.17%

7 Day CHG~0.00%

Published-23 Oct, 2018 | 13:00

Updated-05 Aug, 2024 | 21:20

Access control on applications is not applied while accessing SafeSwitch services can lead to improper access in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20.

CVE-2017-18310

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 10.07%

7 Day CHG~0.00%

Published-26 Oct, 2018 | 13:00

Updated-05 Aug, 2024 | 21:20

ClientEnv exposes services 0-32 to HLOS in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016

CVE-2017-18156

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.09% / 26.41%

7 Day CHG~0.00%

Published-06 May, 2019 | 22:28

Updated-05 Aug, 2024 | 21:13

While processing camera buffers in camera driver, a use after free condition can occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 625, SD 820, SD 820A, SD 835, SDX20.

CWE ID-CWE-416

Use After Free

CVE-2017-18293

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.05% / 16.17%

7 Day CHG~0.00%

Published-23 Oct, 2018 | 13:00

Updated-05 Aug, 2024 | 21:20

When a particular GPIO is protected by blocking access to the corresponding GPIO resource registers, the protection can be bypassed using the corresponding banked GPIO registers instead in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660.

CVE-2017-18159

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 10.52%

7 Day CHG~0.00%

Published-06 Jul, 2018 | 17:00

Updated-16 Sep, 2024 | 20:42

In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, while processing a StrHwPlatform with length smaller than EFICHIPINFO_MAX_ID_LENGTH, an array out of bounds access may occur.

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-125

Out-of-bounds Read

CVE-2017-18173

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.03% / 7.75%

7 Day CHG~0.00%

Published-06 May, 2019 | 22:34

Updated-05 Aug, 2024 | 21:13

In case of using an invalid android verified boot signature with very large length, an integer underflow occurs in Snapdragon Mobile in SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 810, SD 820, SD 835, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016.

CWE ID-CWE-190

Integer Overflow or Wraparound

CVE-2017-18172

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.03% / 6.39%

7 Day CHG~0.00%

Published-23 Oct, 2018 | 13:00

Updated-05 Aug, 2024 | 21:13

In a device, with screen size 1440x2560, the check of contiguous buffer will overflow on certain buffer size resulting in an Integer Overflow or Wraparound in System UI in Snapdragon Automobile, Snapdragon Mobile in version MDM9635M, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016.

CWE ID-CWE-190

Integer Overflow or Wraparound

CVE-2022-22085

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-8.4||HIGH

EPSS-0.12% / 32.25%

7 Day CHG~0.00%

Published-14 Jun, 2022 | 09:40

Updated-03 Aug, 2024 | 03:00

Memory corruption in video due to buffer overflow while reading the dts file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Product-qca9377_firmware sm6250p_firmware qcs610 sdx65 wcn3950_firmware qcs2290 qca6595au_firmware sa6155 qca6335 msm8917 csra6620_firmware qcs605_firmware sd_675_firmware csra6640_firmware qcs6125_firmware sd632 wcn3998 wcd9371_firmware wcn3950 sm4125 sd720g mdm9628 mdm9206_firmware sd_8_gen1_5g_firmware wcn3660b sd450_firmware sd710_firmware sd460_firmware qca4020 sm7315_firmware wcn7850 qca6574au_firmware wcd9375_firmware wcn3998_firmware sa6155_firmware msm8909w apq8009w_firmware qca6420 apq8053_firmware sm7450_firmware sd680_firmware qca9367_firmware wcn3999 qcs6125 sa8155_firmware sd662_firmware qcs405 qca6430 wcd9340 sd765g qualcomm215_firmware sw5100 sd680 qca4020_firmware qca6436 wcn6851 sa6155p qcs603_firmware wcn7851_firmware msm8937 mdm9250_firmware wcn3660_firmware wcd9341 pm8937_firmware qca6696_firmware wcd9371 sd870_firmware sd750g wcn3910_firmware wsa8830_firmware sd855_firmware sd660 sd865_5g_firmware wcn3988 sd660_firmware wcn7850_firmware sa8195p_firmware sm8475 wcn6750_firmware sd450 wcn3610 wcn3991 wcd9380_firmware sdm429w sw5100p msm8996au_firmware wcd9330 qca6564au sdx55m_firmware wcn6856_firmware sd670_firmware qca6574 sd632_firmware wcd9380 qualcomm215 qcs410 sd690_5g_firmware sdx50m_firmware qca9379_firmware qca6430_firmware wcd9335_firmware wcn3980 sd439_firmware qca6335_firmware qcs605 wcd9340_firmware wsa8815 wcn6850 wcn3910 qca6320 msm8937_firmware mdm9650_firmware qca6426_firmware wcn3660b_firmware wcn3680 sd835 wcn3980_firmware sd730 wcd9330_firmware sdx55m sm8475_firmware wcn6740_firmware msm8953 sd678_firmware ar8031_firmware wcn3680_firmware wcn6851_firmware qcs603 sd670 sd_636_firmware qca6564a_firmware apq8009w qcm4290_firmware sd480 sd870 wcn6855 wsa8832 sw5100p_firmware qcs610_firmware sa6145p sdxr1 ar8031 apq8096au qcs405_firmware sdm630_firmware sd820_firmware qca6391_firmware wcd9370_firmware sd780g_firmware sdx55 sd888_firmware apq8053 sa8155p csra6640 sd675 sd439 wcn3660 sm8475p_firmware qca9379 qcm2290 wcn3991_firmware wsa8830 sd678 qcs2290_firmware mdm9628_firmware mdm9650 sd_636 csra6620 qcs4290 mdm9250 sd765g_firmware qca6420_firmware qca6390_firmware apq8009_firmware sd690_5g sd730_firmware wcd9370 sd675_firmware qca6564 qca6426 wcn3990_firmware qca9377 sdw2500_firmware wcd9385_firmware sdxr2_5g_firmware wcd9326_firmware wcn3615_firmware sd662 sa8155 qca6320_firmware wcn3680b_firmware sdx55_firmware wcn3615 qca6595au wcn3999_firmware sm7250p_firmware wcn3610_firmware qca6436_firmware qca6564au_firmware sd778g sa6155p_firmware qca6310 pm8937 wcn7851 sd429 qcs6490 sdxr2_5g qca9367 sdm630 mdm9607_firmware wcn3988_firmware sd429_firmware sa6145p_firmware sm6250 sd778g_firmware sa8195p apq8017_firmware wsa8810_firmware sd765_firmware wcd9326 wcd9335 qca6174a_firmware qcs4290_firmware wcd9385 qcs6490_firmware qca6390 wcd9375 sd750g_firmware aqt1000 sm6250_firmware msm8953_firmware msm8917_firmware wcn3620_firmware sdx20_firmware wsa8815_firmware sd888_5g_firmware sd820 qcm6490 wcn6850_firmware wsa8835_firmware wcn3620 sm7450 apq8017 qca6564a qcm6125_firmware qcm2290_firmware wcn3990 sd_675 sd780g sd865_5g sd888 msm8909w_firmware wsa8835 msm8996au sdm429w_firmware sd888_5g sm6250p qca6574a mdm9206 wcn6855_firmware qca6174a sm7325p qca6310_firmware wcn6750 qca6574_firmware sd855 sm4125_firmware sm7325p_firmware sd765 qca6574a_firmware sd768g_firmware sm7315 apq8009 sd460 qca6391 sdxr1_firmware aqt1000_firmware sdx65_firmware mdm9626 qcm4290 qcm6490_firmware sdx50m wsa8832_firmware sdx20 sd480_firmware mdm9626_firmware qca6574au sd710 sa8155p_firmware mdm9607 wcd9341_firmware qcm6125 wsa8810 wcn6856 wcn3680b sd835_firmware qca6564_firmware sd768g wcn6740 qca6696 sd845_firmware sdw2500 apq8096au_firmware sd845 sm7250p sd720g_firmware sw5100_firmware qcs410_firmware sm8475p Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CWE ID-CWE-787

Out-of-bounds Write

CVE-2017-18298

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.05% / 16.17%

7 Day CHG~0.00%

Published-23 Oct, 2018 | 13:00

Updated-05 Aug, 2024 | 21:20

Lack of Input Validation in SDMX API can lead to NULL pointer access in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660 .

CWE ID-CWE-476

NULL Pointer Dereference

CVE-2017-18303

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.06% / 19.23%

7 Day CHG~0.00%

Published-23 Oct, 2018 | 13:00

Updated-05 Aug, 2024 | 21:20

While processing the sensors registry configuration file, if inputs are not validated a buffer overflow will occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MMDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SDA660, SDX20.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2017-18329

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 11.00%

7 Day CHG~0.00%

Published-03 Jan, 2019 | 15:00

Updated-05 Aug, 2024 | 21:20

Possible Buffer overflow when transmitting an RTP packet in snapdragon automobile and snapdragon wear in versions MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 810, SD 820, SD 835, SD 845 / SD 850, SDA660, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

Product-sd_850 mdm9635m_firmware mdm9640_firmware msm8996au_firmware sd_670_firmware mdm9650 sd_636 sd_615_firmware snapdragon_high_med_2016_firmware msm8909w_firmware msm8996au mdm9645 sd_650 sd_820 sd_450_firmware sd_845_firmware sd_652 sd_425_firmware sd_625_firmware sd_450 mdm9635m mdm9615 sd_845 sd_835_firmware mdm9650_firmware sd_835 sda660 sxr1130_firmware sd_210_firmware sd_415_firmware sd_652_firmware sxr1130 msm8909w sd_616_firmware sd_205_firmware sd_415 sd_650_firmware sd_212 sd_427_firmware sd_712 sd_616 sd_425 sdm660 sd_430_firmware sd_615 sd_435 mdm9655_firmware sd_710_firmware sdm630 sd_625 sd_210 sd_820_firmware sd_636_firmware mdm9645_firmware mdm9625_firmware snapdragon_high_med_2016 sd_212_firmware sd_850_firmware mdm9655 sd_712_firmware sdm630_firmware sda660_firmware mdm9625 sd_427 sd_430 sd_670 sd_810 sd_435_firmware mdm9615_firmware sd_710 sd_205 sd_810_firmware sdm660_firmware mdm9640 Snapdragon Mobile, Snapdragon Wear

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2017-18278

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.03% / 8.46%

7 Day CHG~0.00%

Published-06 May, 2019 | 22:54

Updated-05 Aug, 2024 | 21:13

An integer underflow may occur due to lack of check when received data length from font_mgr_qsee_request_service is bigger than the minimal value of the segment header, which may result in a buffer overflow, in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850.

CWE ID-CWE-191

Integer Underflow (Wrap or Wraparound)

CVE-2017-18141

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 10.07%

7 Day CHG~0.00%

Published-03 Jan, 2019 | 15:00

Updated-05 Aug, 2024 | 21:13

When a 3rd party TEE has been loaded it is possible for the non-secure world to create a secure monitor call which will give it access to privileged functions meant to only be accessible from the TEE in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016.

CVE-2017-18279

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.03% / 8.46%

7 Day CHG~0.00%

Published-06 May, 2019 | 22:58

Updated-05 Aug, 2024 | 21:13

Lack of check of buffer length before copying can lead to buffer overflow in camera module in Small Cell SoC, Snapdragon Mobile, Snapdragon Wear in FSM9055, FSM9955, IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835, SDM630, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016.