Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-6421

Summary
Assigner-qualcomm
Assigner Org ID-2cfc7d3e-20d3-47ac-8db7-1b7285aff15f
Published At-16 Aug, 2017 | 15:00
Updated At-17 Sep, 2024 | 01:01
Rejected At-
Credits

In the touch controller function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable may be controlled by the user and can lead to a buffer overflow.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:qualcomm
Assigner Org ID:2cfc7d3e-20d3-47ac-8db7-1b7285aff15f
Published At:16 Aug, 2017 | 15:00
Updated At:17 Sep, 2024 | 01:01
Rejected At:
▼CVE Numbering Authority (CNA)

In the touch controller function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable may be controlled by the user and can lead to a buffer overflow.

Affected Products
Vendor
Qualcomm Technologies, Inc.Qualcomm, Inc.
Product
All Qualcomm products
Versions
Affected
  • Android for MSM, Firefox OS for MSM, QRD Android
Problem Types
TypeCWE IDDescription
textN/ABuffer Copy without Checking Size of Input in Touch
Type: text
CWE ID: N/A
Description: Buffer Copy without Checking Size of Input in Touch
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://source.android.com/security/bulletin/2017-06-01
x_refsource_CONFIRM
https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=be42c7ff1f0396484882451fd18f47144c8f1b6b
x_refsource_MISC
http://www.securitytracker.com/id/1038623
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://source.android.com/security/bulletin/2017-06-01
Resource:
x_refsource_CONFIRM
Hyperlink: https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=be42c7ff1f0396484882451fd18f47144c8f1b6b
Resource:
x_refsource_MISC
Hyperlink: http://www.securitytracker.com/id/1038623
Resource:
vdb-entry
x_refsource_SECTRACK
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://source.android.com/security/bulletin/2017-06-01
x_refsource_CONFIRM
x_transferred
https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=be42c7ff1f0396484882451fd18f47144c8f1b6b
x_refsource_MISC
x_transferred
http://www.securitytracker.com/id/1038623
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://source.android.com/security/bulletin/2017-06-01
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=be42c7ff1f0396484882451fd18f47144c8f1b6b
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securitytracker.com/id/1038623
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@qualcomm.com
Published At:16 Aug, 2017 | 15:29
Updated At:20 Apr, 2025 | 01:37

In the touch controller function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable may be controlled by the user and can lead to a buffer overflow.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.08.8HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.05.8MEDIUM
AV:A/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 5.8
Base severity: MEDIUM
Vector:
AV:A/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Google LLC
google
>>android>>*
cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-120Primarynvd@nist.gov
CWE ID: CWE-120
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securitytracker.com/id/1038623product-security@qualcomm.com
Third Party Advisory
VDB Entry
https://source.android.com/security/bulletin/2017-06-01product-security@qualcomm.com
Patch
Vendor Advisory
https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=be42c7ff1f0396484882451fd18f47144c8f1b6bproduct-security@qualcomm.com
Issue Tracking
Patch
Third Party Advisory
http://www.securitytracker.com/id/1038623af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://source.android.com/security/bulletin/2017-06-01af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=be42c7ff1f0396484882451fd18f47144c8f1b6baf854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Patch
Third Party Advisory
Hyperlink: http://www.securitytracker.com/id/1038623
Source: product-security@qualcomm.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://source.android.com/security/bulletin/2017-06-01
Source: product-security@qualcomm.com
Resource:
Patch
Vendor Advisory
Hyperlink: https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=be42c7ff1f0396484882451fd18f47144c8f1b6b
Source: product-security@qualcomm.com
Resource:
Issue Tracking
Patch
Third Party Advisory
Hyperlink: http://www.securitytracker.com/id/1038623
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://source.android.com/security/bulletin/2017-06-01
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=be42c7ff1f0396484882451fd18f47144c8f1b6b
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Patch
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

442Records found
CVE-2023-33083
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.20% / 42.30%
||
7 Day CHG~0.00%
Published-05 Dec, 2023 | 03:04
Updated-02 Dec, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in WLAN Host

Memory corruption in WLAN Host while processing RRM beacon on the AP.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcn5024_firmwareqcn9070ipq4028_firmwareqca8337qfw7124ar9380wcn785x-5ipq8173_firmwareqca9563_firmwareqcf8001flight_rb5_5g_platformflight_rb5_5g_platform_firmwareqcn6224_firmwareqcn5124qca4024_firmwareqca8082qcn9072qca8386qca9880_firmwareqca9992immersive_home_318_platform_firmwareipq8078aipq5028_firmwareipq6000qcn5152_firmwareqca0000_firmwarewcn685x-1qrb5165n_firmwareqcn9000_firmwareqca9984_firmwarewcd9385_firmwareimmersive_home_216_platformipq8076aimmersive_home_316_platformimmersive_home_316_platform_firmwareqca8386_firmwareqca9563qcn6024_firmwareqca8084_firmwareimmersive_home_318_platformipq8074aqcn5124_firmwareqcn9011_firmwareqca8082_firmwareqcn5164_firmwareqcn5122_firmwaresdx55_firmwareqca8081_firmwareqcn6023_firmwareqfw7114qrb5165nipq5010qca9986ipq8070_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareipq8065ipq8078a_firmwareqcn9274ipq8174qca9990qrb5165m_firmwareipq5028qca7500ipq4029_firmwareqcn5052qca0000qcf8001_firmwareipq6010ipq8068qcn6112_firmwareqcn9074qca8085sdx65mwcd9340qcn6132qcn6224qcn9013snapdragon_x75_5g_modem-rf_systemqca8081qcf8000ipq8071aqcn6023sdx65m_firmwareipq8071a_firmwarewcn685x-1_firmwareimmersive_home_3210_platformqca8085_firmwareqca9888_firmwareipq8068_firmwareqcn6122wcd9385ipq9008_firmwareqca9988_firmwareipq9570qcn5154_firmwarear8035csr8811qca9898_firmwareipq4019qcc710_firmwareqcn9100_firmwarerobotics_rb5_platformqca9992_firmwareipq5010_firmwareipq8074a_firmwareqca9898qcn5022_firmwareipq4028immersive_home_216_platform_firmwareqca9988wcn785x-1qca8072qca9985_firmwarerobotics_rb5_platform_firmwareipq4018_firmwareqca8337_firmwarewcd9380_firmwareqcn9000ipq8072aqca7500_firmwareqca9980_firmwareqcf8000_firmwareipq8076a_firmwarear9380_firmwareipq8078qca8084ipq8173ipq9008qcn9012qcn5164qca9558qca9558_firmwareimmersive_home_326_platform_firmwareqcn6122_firmwareipq8065_firmwarecsr8811_firmwareqcn6274wcd9380qcn5054_firmwareqcn5154qca8075_firmwareipq4018ipq4019_firmwareqcn5024wcn685x-5_firmwareqca9889qcn6132_firmwareqca9888qca8072_firmwareqca9985qca9994_firmwareqcn5052_firmwareqcn9012_firmwareqcn9274_firmwareipq8070a_firmwareqfw7114_firmwarewcn3980ipq6018_firmwareipq8076_firmwareqca9886qcn5502_firmwarewcd9340_firmwarepmp8074_firmwareqcn6112ipq8076qca9986_firmwareqca9984ipq6028ipq8064qcn5021pmp8074qcn5152ipq9574_firmwarewcn785x-5_firmwareqcn9024qrb5165mimmersive_home_3210_platform_firmwareqca6391wcn3980_firmwareipq8064_firmwareqcn9100qcn6274_firmwaresnapdragon_x65_5g_modem-rf_systemipq8078_firmwareipq9570_firmwareqcn5054qcn9070_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewcn685x-5ipq8070ipq6028_firmwareipq8072a_firmwareqcn5502qca9994qcn9011qca9531wcn785x-1_firmwareqca9889_firmwareipq9574qca9980qcn5122ipq8174_firmwareqcn9024_firmwareqca9880immersive_home_326_platformipq6018qcn5022qcn9013_firmwareqca9886_firmwareqcc710ipq6010_firmwareimmersive_home_214_platformqca6391_firmwareimmersive_home_214_platform_firmwareqca4024sdx55qca8075qcn5021_firmwareqcn9022_firmwareqcn6024qcn9022qca9990_firmwareipq8070aqcn9072_firmwareqca9531_firmwareipq6000_firmwareqcn9074_firmwareqfw7124_firmwareipq4029ar8035_firmwareSnapdragon
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2018-9387
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.06%
||
7 Day CHG~0.00%
Published-17 Jan, 2025 | 23:14
Updated-10 Jul, 2025 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple functions of mnh-sm.c, there is a possible way to trigger a heap overflow due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-23375
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 6.64%
||
7 Day CHG~0.00%
Published-07 Oct, 2024 | 12:58
Updated-16 Oct, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in RIL

Memory corruption during the network scan request.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3680bsa6155p_firmwarewsa8830sw5100pwcn3980sa4155p_firmwaresnapdragon_w5\+_gen_1_wearable_platformsa4150p_firmwarewcn3660bwcn3988_firmwaresa8155pwsa8830_firmwaresa8155p_firmwarewsa8835sa8195pwcn3988wcn3660b_firmwarewsa8835_firmwarewcn3680b_firmwaresa8195p_firmwaresw5100sw5100_firmwarewcn3980_firmwaresa6155psw5100p_firmwaresa4155psa4150psnapdragon_w5\+_gen_1_wearable_platform_firmwareSnapdragonwcn3988_firmwarewsa8830_firmwaresa8155p_firmwaresa6155p_firmwarewcn3660b_firmwarewsa8835_firmwarewcn3680b_firmwaresa8195p_firmwaresa4155p_firmwaresw5100_firmwarewcn3980_firmwaresa4150p_firmwaresw5100p_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-21463
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.3||HIGH
EPSS-0.08% / 25.18%
||
7 Day CHG~0.00%
Published-01 Apr, 2024 | 15:06
Updated-13 Jan, 2025 | 21:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy Without Checking Size of Input in Audio

Memory corruption while processing Codec2 during v13k decoder pitch synthesis.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfw7124_firmwarewcn6740_firmwaresnapdragon_685_4g_mobile_firmwareqcn6274wsa8840_firmwareqam8255p_firmwareqca6797aq_firmwaresa4155p_firmwaresnapdragon_888\+_5g_mobilesrv1hsa7255psnapdragon_8_gen_3_mobile_firmwarewcd9370snapdragon_4_gen_2_mobileqca6595au_firmwaresa8145p_firmwareqfw7114sxr1230pqcn6024snapdragon_4_gen_1_mobile_firmwarewsa8810_firmwareqam8650p_firmwareqca6574_firmwaresnapdragon_8\+_gen_2_mobilesnapdragon_8_gen_1_mobileqcc710_firmwaresa8650p_firmwareqcm4490_firmwareqca6595auar8035sa7255p_firmwarewcd9340sa6145pwcn3950wcd9395_firmwarewsa8845h_firmwaretalynplus_firmwareqca6696qcm4325qca8337ssg2115pqca6584au_firmwareqca6574au_firmwaresnapdragon_685_4g_mobilewsa8845wcd9375_firmwaresxr1230p_firmwaresnapdragon_680_4g_mobile_firmwareqcm4325_firmwaresa6150p_firmwaresnapdragon_888_5g_mobile_firmwarewsa8835_firmwaresnapdragon_4_gen_1_mobilesd_8_gen1_5gqamsrv1hsg4150p_firmwaresnapdragon_x75_5g_modem-rfwcd9390_firmwaresnapdragon_888_5g_mobilewsa8815_firmwaresnapdragon_8_gen_2_mobileqca6574asw5100talynplussnapdragon_8\+_gen_2_mobile_firmwarewsa8815sm8550p_firmwarewcd9385_firmwaresw5100p_firmwaresa8620p_firmwarewcn3950_firmwarewcd9395sw5100pqam8650psa8770psnapdragon_xr2_5g_firmwareqca6574a_firmwaresa8620psa8145psnapdragon_480_5g_mobile_firmwareqca6696_firmwaresnapdragon_w5\+_gen_1_wearable_firmwaresa6155pqep8111sa8150pwsa8830_firmwaresnapdragon_ar2_gen_1qca6698aqqamsrv1h_firmwarewcn3980_firmwareqcs8550qam8775pwcd9380_firmwaresnapdragon_x65_5g_modem-rfsxr2250p_firmwareqca6174a_firmwareqca8081snapdragon_695_5g_mobilewsa8840wcn3988_firmwareqca6574auqcn9024ssg2125par8035_firmwaresa8195psnapdragon_8_gen_3_mobileqca8337_firmwareqamsrv1msxr2230psa8770p_firmwarefastconnect_6700_firmwarewsa8832qcc710qcs4490snapdragon_x35_5g_modem-rffastconnect_7800_firmwaresa8155pqam8255pqfw7124qcm4490srv1h_firmwaresnapdragon_auto_5g_modem-rf_gen_2sg8275p_firmwarewsa8845_firmwareqcn6224sa8255p_firmwarewcn3980snapdragon_4_gen_2_mobile_firmwaresnapdragon_ar2_gen_1_firmwareqcm8550snapdragon_auto_5g_modem-rf_gen_2_firmwaresnapdragon_480\+_5g_mobilewcd9390snapdragon_w5\+_gen_1_wearablewsa8835qca6678aq_firmwaresnapdragon_680_4g_mobilesw5100_firmwarefastconnect_7800qcn6274_firmwaresxr2250pwsa8830sa8295p_firmwareqfw7114_firmwaresa8295pwcd9375qcs8550_firmwarefastconnect_6900snapdragon_xr2_5gsnapdragon_x35_5g_modem-rf_firmwaresa6150psnapdragon_695_5g_mobile_firmwarefastconnect_6200_firmwaresrv1m_firmwaresnapdragon_8_gen_2_mobile_firmwareqca6584auqca6595sa8155p_firmwarewcn6740qca6595_firmwaresnapdragon_480\+_5g_mobile_firmwareqep8111_firmwarefastconnect_6700qcn6224_firmwareqca6174asa8255psnapdragon_480_5g_mobilesnapdragon_x65_5g_modem-rf_firmwarewcn3988sa4155pqcn6024_firmwaressg2115p_firmwareqca6797aqwsa8845hqam8775p_firmwareqamsrv1m_firmwarefastconnect_6900_firmwareqam8295p_firmwaressg2125p_firmwarewcd9380wsa8832_firmwaresa8650pwcd9385sd865_5g_firmwaresm8550pwcd9340_firmwaresg4150psa8195p_firmwaresa4150p_firmwaresnapdragon_x75_5g_modem-rf_firmwareqca6574sa8150p_firmwaresa8775pqca8081_firmwaresa9000p_firmwaresnapdragon_8\+_gen_1_mobile_firmwareqcn9024_firmwareqcs4490_firmwaresa4150psa6155p_firmwaresrv1mqam8295psnapdragon_888\+_5g_mobile_firmwaresa9000psnapdragon_8_gen_1_mobile_firmwaresxr2230p_firmwaresa8775p_firmwareqca6698aq_firmwarefastconnect_6200sd865_5gqca6678aqsg8275pqcm8550_firmwaresa6145p_firmwarewcd9370_firmwaresd_8_gen1_5g_firmwaresnapdragon_8\+_gen_1_mobilewsa8810Snapdragonqam8255p_firmwaretalynplus_firmwareqca8337_firmwarewcd9380_firmwaresa6150p_firmwaresa8145p_firmwaresxr2230p_firmwaresg8275p_firmwarear8035_firmwareqcn6224_firmwaresxr1230p_firmwarewcn3950_firmwaresnapdragon_888_5g_mobile_platform_firmwaresa8150p_firmwareqca6595au_firmwaresnapdragon_4_gen_1_mobile_platform_firmwaresnapdragon_4_gen_2_mobile_platform_firmwaressg2125p_firmwaresnapdragon_480_5g_mobile_platform_firmwareqca6584au_firmwareqep8111_firmwareqfw7114_firmwarewcd9385_firmwareqcn6024_firmwareqcm4325_firmwareqamsrv1h_firmwareqca6574_firmwaresd_8_gen1_5g_firmwarewcd9340_firmwarewsa8845_firmwareqam8295p_firmwaresnapdragon_xr2_5g_platform_firmwaresa9000p_firmwareqca6574a_firmwaresnapdragon_695_5g_mobile_platform_firmwareqca6574au_firmwarefastconnect_6200_firmwarewcd9375_firmwareqca8081_firmwarewsa8845h_firmwarewcn3980_firmwaresnapdragon_680_4g_mobile_platform_firmwarewcn6740_firmwaresa8620p_firmwaresa6155p_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqcm8550_firmwareqcm4490_firmwaresnapdragon_x35_5g_modem-rf_system_firmwareqca6678aq_firmwareqcn6274_firmwareqcs4490_firmwaresa8775p_firmwarewsa8840_firmwaresa4155p_firmwaresa8650p_firmwarewsa8832_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarefastconnect_6900_firmwaresrv1h_firmwareqcs8550_firmwarewcn3988_firmwareqca6797aq_firmwaresa6145p_firmwaresa8155p_firmwarefastconnect_6700_firmwareqcn9024_firmwaresa7255p_firmwarewsa8810_firmwarefastconnect_7800_firmwaresnapdragon_ar2_gen_1_platform_firmwaresa8255p_firmwarewcd9395_firmwaresw5100p_firmwaresnapdragon_8_gen_1_mobile_platform_firmwareqca6698aq_firmwareqamsrv1m_firmwaresrv1m_firmwareqca6174a_firmwareqam8650p_firmwaresa8770p_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwareqam8775p_firmwareqca6696_firmwareqca6595_firmwaresa4150p_firmwarewcd9370_firmwaresm8550p_firmwareqcc710_firmwaresnapdragon_8_gen_3_mobile_platform_firmwarewcd9390_firmwarewsa8830_firmwaresd865_5g_firmwarewsa8815_firmwaresxr2250p_firmwarewsa8835_firmwaresa8195p_firmwaressg2115p_firmwaresw5100_firmwareqfw7124_firmwaresa8295p_firmwaresg4150p_firmwaresnapdragon_8_gen_2_mobile_platform_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-21464
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.03% / 5.91%
||
7 Day CHG~0.00%
Published-06 Jan, 2025 | 10:33
Updated-10 Jan, 2025 | 17:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy Without Checking Size of Input in Data Network Stack & Connectivity

Memory corruption while processing IPA statistics, when there are no active clients registered.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-talynplus_firmwarewcn6740_firmwarewcd9395wsa8830fastconnect_7800wcn3950_firmwarewsa8845hqcm4490wcd9370_firmwarewsa8840wcd9390_firmwarefastconnect_6700talynplusqcs4490wcn6740fastconnect_6700_firmwarewcd9370wcd9390snapdragon_8\+_gen_1_mobilewsa8815wsa8832wcd9395_firmwarewsa8845wsa8810fastconnect_6900_firmwareqcm4490_firmwareqcs4490_firmwarewcn3950wsa8845_firmwarefastconnect_6900wsa8832_firmwarewsa8815_firmwarewsa8830_firmwarewsa8845h_firmwarefastconnect_7800_firmwarewsa8835_firmwarewsa8835wsa8840_firmwaresnapdragon_8\+_gen_1_mobile_firmwaresnapdragon_8_gen_3_mobilesnapdragon_8_gen_3_mobile_firmwarewsa8810_firmwareSnapdragon
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-25461
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.03% / 7.36%
||
7 Day CHG~0.00%
Published-09 Sep, 2021 | 18:05
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper length check in APAService prior to SMR Sep-2021 Release 1 results in stack based Buffer Overflow.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-21480
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.3||HIGH
EPSS-0.10% / 27.96%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 14:32
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Audio

Memory corruption while playing audio file having large-sized input buffer.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca6678aq_firmwareqcm8550_firmwaresa6150p_firmwaresd865_5gsw5100pwsa8832wsa8845_firmwaresnapdragon_480_5g_mobileqca6595srv1mqca6678aqqca8081_firmwarewcd9370snapdragon_x35_5g_modem-rfar8035_firmwareqca6696wcd9340_firmwaresa8530psa4150p_firmwarewcd9395_firmwareqcn6024qcc710_firmwaresnapdragon_8\+_gen_1_mobilewcn6740_firmwarefastconnect_6700snapdragon_685_4g_mobilesa4150pwsa8815_firmwarewsa8832_firmwaresa8195p_firmwareqca8337_firmwareqca8337wcd9395sg8275p_firmwareqcm6490_firmwareqca6574au_firmwaresnapdragon_x72_5g_modem-rfqam8295pqcm4490_firmwareqca6574auwcd9390sa8620p_firmwarewcn3950wsa8810_firmwarewsa8845h_firmwaresa9000p_firmwaresrv1hqca6797aq_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaretalynplus_firmwareqcs5430sa8295p_firmwareqcn6024_firmwaresa4155p_firmwareqcm5430qcm5430_firmwaresa4155psa8770pqca6584auqcn6274_firmwaressg2115pqcc710snapdragon_xr2_5g_firmwaresw5100_firmwaresa8540pwcn6740snapdragon_8_gen_3_mobile_firmwareqfw7114_firmwareqca6595_firmwarefastconnect_7800_firmwarefastconnect_6900snapdragon_w5\+_gen_1_wearable_firmwareqep8111sa7255pqfw7114wcd9385_firmwarefastconnect_6900_firmwareqam8255p_firmwarewcd9380sa6145p_firmwareqam8255psxr2230psnapdragon_xr2_5gsnapdragon_x65_5g_modem-rfsa8150pqcs4490snapdragon_680_4g_mobilewsa8845sa6155psxr1230pwsa8810qam8650psa9000psrv1h_firmwaresw5100qca6595auvideo_collaboration_vc3_platformsnapdragon_4_gen_1_mobile_firmwaresxr2250p_firmwaresa6155p_firmwaresnapdragon_685_4g_mobile_firmwarewsa8840qam8295p_firmwaresrv1m_firmwareqcs8550_firmwaresnapdragon_x35_5g_modem-rf_firmwaresnapdragon_8_gen_2_mobile_firmwareqfw7124_firmwareqca6698aq_firmwaresnapdragon_4_gen_2_mobile_firmwarewcd9385snapdragon_8_gen_1_mobilesnapdragon_695_5g_mobile_firmwareqcs4490_firmwaresnapdragon_680_4g_mobile_firmwaresa8255psxr1230p_firmwarewcd9390_firmwaresnapdragon_8_gen_2_mobileqep8111_firmwaresg8275pwcd9370_firmwaressg2125psa7255p_firmwareqca6574asnapdragon_8\+_gen_2_mobilesnapdragon_x72_5g_modem-rf_firmwareqcm4490qca6174asa8195psnapdragon_x65_5g_modem-rf_firmwarewcd9340snapdragon_480\+_5g_mobile_firmwareqamsrv1msnapdragon_auto_5g_modem-rf_gen_2talynplusqca6174a_firmwareqcm6490sa8540p_firmwareqam8650p_firmwaresm8550p_firmwaresxr2250pqcm8550wcn3988qcs6490_firmwareqcn9024qca6584au_firmwarewcn3980_firmwareqcn6274qca6574qfw7124sa8775psnapdragon_w5\+_gen_1_wearableqca6595au_firmwaresxr2230p_firmwarewsa8835wsa8840_firmwaresw5100p_firmwaresa8775p_firmwareqamsrv1hqca6696_firmwareqcn9024_firmwarewsa8845hwcd9380_firmwaresa6150pqca6574_firmwaresa8155p_firmwareqca8081wsa8815sg4150psa8155psd_8_gen1_5gwsa8830qam8775pqca6797aqsnapdragon_ar2_gen_1_firmwaresm8550psa6145psnapdragon_x75_5g_modem-rfqcm4325_firmwaresa8620psa8255p_firmwarear8035qca6574a_firmwareqamsrv1m_firmwaresnapdragon_4_gen_1_mobilesnapdragon_4_gen_2_mobilesa8650p_firmwareqcm4325sd_8_gen1_5g_firmwarewcd9375_firmwareqcn6224qcs5430_firmwareqca6698aqsg4150p_firmwaressg2125p_firmwarewcn3950_firmwaresa8530p_firmwaresa8295psa8770p_firmwareqcs8550snapdragon_480\+_5g_mobilefastconnect_6200fastconnect_7800sa8145p_firmwaresa8650pqam8775p_firmwaresd865_5g_firmwaresnapdragon_480_5g_mobile_firmwaresnapdragon_8\+_gen_2_mobile_firmwarewcd9375sa8150p_firmwaresnapdragon_ar2_gen_1wcn3988_firmwarefastconnect_6700_firmwareqamsrv1h_firmwarevideo_collaboration_vc3_platform_firmwaresa8145psnapdragon_8\+_gen_1_mobile_firmwaresnapdragon_x75_5g_modem-rf_firmwarewsa8835_firmwaressg2115p_firmwareqcs6490snapdragon_695_5g_mobilesnapdragon_8_gen_3_mobilewcn3980fastconnect_6200_firmwarewsa8830_firmwareqcn6224_firmwaresnapdragon_8_gen_1_mobile_firmwareSnapdragonqam8255p_firmwaresa6155p_firmwareqca8337_firmwareqcm4490_firmwareqcm8550_firmwaresa6150p_firmwareqca6678aq_firmwareqcn6274_firmwareqcs4490_firmwareqcm6490_firmwaresa4155p_firmwarefastconnect_6900_firmwareqcs8550_firmwareqca6797aq_firmwareqcn6224_firmwaresa6145p_firmwarefastconnect_6700_firmwareqcn9024_firmwaresa7255p_firmwarefastconnect_7800_firmwareqca6595au_firmwareqamsrv1m_firmwareqca6698aq_firmwareqcm5430_firmwareqca6174a_firmwareqam8650p_firmwareqam8775p_firmwareqca6584au_firmwareqep8111_firmwareqca6696_firmwareqca6595_firmwareqcs6490_firmwareqfw7114_firmwareqcs5430_firmwarequalcomm_video_collaboration_vc3_platform_firmwareqcn6024_firmwaresa4150p_firmwareqcm4325_firmwareqamsrv1h_firmwareqca6574_firmwareqcc710_firmwareqam8295p_firmwareqca6574a_firmwarefastconnect_6200_firmwareqca6574au_firmwareqca8081_firmwareqfw7124_firmwarear8035_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2018-5840
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.17%
||
7 Day CHG~0.00%
Published-06 Jun, 2018 | 21:00
Updated-16 Sep, 2024 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Copy without Checking Size of Input can occur during the DRM SDE driver initialization sequence in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-25467
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 2.71%
||
7 Day CHG~0.00%
Published-06 Oct, 2021 | 17:07
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Assuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kernel driver prior to SMR Oct-2021 Release 1 allows privilege escalation to Root by hijacking loaded library.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidexynos_9830exynos_980exynos_2100Samsung Mobile Devices
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2018-21090
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 40.27%
||
7 Day CHG~0.00%
Published-08 Apr, 2020 | 13:27
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with software through 2017-11-03 (S.LSI modem chipsets). The Exynos modem chipset has a baseband buffer overflow. The Samsung ID is SVE-2017-10745 (January 2018).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2018-21050
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.23% / 45.81%
||
7 Day CHG~0.00%
Published-08 Apr, 2020 | 17:41
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is a Buffer overflow in the esecomm Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12852 (October 2018).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-22547
Matching Score-6
Assigner-Google LLC
ShareView Details
Matching Score-6
Assigner-Google LLC
CVSS Score-6.3||MEDIUM
EPSS-0.03% / 5.61%
||
7 Day CHG~0.00%
Published-04 May, 2021 | 13:05
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer overrun in Google Cloud IoT Device SDK for Embedded C

In IoT Devices SDK, there is an implementation of calloc() that doesn't have a length check. An attacker could pass in memory objects larger than the buffer and wrap around to have a smaller buffer than required, allowing the attacker access to the other parts of the heap. We recommend upgrading the Google Cloud IoT Device SDK for Embedded C used to 1.0.3 or greater.

Action-Not Available
Vendor-Google LLC
Product-cloud_iot_device_sdk_for_embedded_cGoogle Cloud IoT Device SDK for Embedded C
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2018-21044
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.22% / 44.77%
||
7 Day CHG~0.00%
Published-08 Apr, 2020 | 17:09
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.0) software. The sem Trustlet has a buffer overflow that leads to arbitrary TEE code execution. The Samsung IDs are SVE-2018-13230, SVE-2018-13231, SVE-2018-13232, SVE-2018-13233 (December 2018).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-1965
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-27.45% / 96.23%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 05:31
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcn5024_firmwarewcn3991_firmwarewsa8830sd678qcn9070sa6150p_firmwaresa8145p_firmwareipq4028_firmwareqcn5550ar9380ipq8173_firmwareqcn5124qca4024_firmwareqcn9072qca9880_firmwareqca9992wcn3950_firmwareipq8078aipq5028_firmwaresa8150p_firmwareqca6420_firmwareqca6595au_firmwareqca6390_firmwareipq6000sd730_firmwarewcd9370sd_675_firmwaresd675_firmwareqcn5152_firmwareqca6426qcn9000_firmwareqca9984_firmwareipq5018wcn3998wcd9385_firmwaresdxr2_5g_firmwarewcn3950ipq8076aqcn6024_firmwaresd720gipq8074aqcn5124_firmwaresm7315_firmwareqca6574au_firmwareqcn5122_firmwareqcn5164_firmwaresdx55_firmwareqca6595auqca8081_firmwareqcn6023_firmwarewcd9375_firmwarewcn3998_firmwareqca6420qca6436_firmwareipq5010sd778gipq8070_firmwaresa6155p_firmwareipq8065ipq8078a_firmwareipq8174qca9990ipq5028qca7500ipq4029_firmwareqcn5052sdxr2_5gipq6010ipq8068wcn3988_firmwareqca6430qcn9074sa6145p_firmwaresm6250sd778g_firmwaresa8195pwsa8810_firmwareqca6436wcn6851sa6155pqca8081ipq8071aqcn6023ipq8071a_firmwarewcd9385qca9888_firmwareqcn6122ipq8068_firmwarewcd9341qca6696_firmwaresd870_firmwareqcn5154_firmwareqca6390csr8811qca9898_firmwareaqt1000ipq4019sa8150psm6250_firmwarewcd9375qcn9100_firmwarewcn3910_firmwarewsa8830_firmwareqca9992_firmwaresd855_firmwaresd865_5g_firmwareipq5010_firmwareipq8074a_firmwaresd888_5g_firmwarewcn3988wcn6850_firmwarewsa8815_firmwarewsa8835_firmwaresa8195p_firmwareqcn5121qca9898qcn5022_firmwarewcn6750_firmwareipq4028qca8072ipq5018_firmwareqca9985_firmwarewcn3991ipq4018_firmwarewcd9380_firmwareqcn9000ipq8072aqca7500_firmwareqca9980_firmwaresd_675sd780gipq8076a_firmwaresd865_5gar9380_firmwareipq8078sdx55m_firmwareipq8173wcn6856_firmwareqcn9012sd888qcn5164qcn6122_firmwareipq8065_firmwarewsa8835csr8811_firmwarewcd9380sd888_5gqcn5054_firmwareqcn5154qca8075_firmwareipq4019_firmwareipq4018ipq6005_firmwareqca6574aqcn5024sdx50m_firmwareqca9889wcn6855_firmwaresm7325pqca9888qca8072_firmwareqca9985qca6430_firmwareqca9994_firmwareqcn5052_firmwareqcn9012_firmwareipq8070a_firmwarewcn3980wcn6750ipq6018_firmwareipq8076_firmwareqca9886sd855wsa8815sm7325p_firmwarewcn6850pmp8074_firmwarewcn3910ipq8076qca6426_firmwareqca6574a_firmwareqca9984ipq6028ipq8064qcn5021pmp8074qcn5152qcn9024wcn3980_firmwaresm7315qcn5550_firmwareqca6391sd730sdx55mipq8064_firmwareipq6005aqt1000_firmwarewcn6740_firmwareqcn9100sd678_firmwaresdx50mipq8078_firmwareqcn5054qcn9070_firmwarewcn6851_firmwareipq8070ipq6028_firmwareipq8072a_firmwareqca9994qca6574auqca9889_firmwaresa8155p_firmwaresdx55qca9980qcn5122qcn9024_firmwareipq8174_firmwareqca9880wcd9341_firmwarewsa8810sd870qcn5121_firmwarewcn6855wcn6856ipq6018qcn5022sa6145pqca9886_firmwareipq6010_firmwaresa8145pwcn6740qca6696qca6391_firmwareqca4024sd780g_firmwarewcd9370_firmwaresa6150psd888_firmwareqca8075qcn5021_firmwareqcn9022_firmwareqcn6024qcn9022sa8155pqca9990_firmwareipq8070asd675qcn9072_firmwareipq6000_firmwaresd720g_firmwareqcn9074_firmwareipq4029Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-1972
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 49.34%
||
7 Day CHG~0.00%
Published-08 Sep, 2021 | 11:25
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaresm7250mdm9640_firmwaresm6250p_firmwareipq4028_firmwareqca8337ar9380ipq8173_firmwareqcn5124wcn3950_firmwareqca6595au_firmwaresa6155mdm8215sd_455_firmwareapq8076qcs6125_firmwaresa415mwcn3998wcd9371_firmwarewcn3950qcn6024_firmwaresd720gsm4125mdm9206_firmwarewcn3660bsd450_firmwaresd460_firmwaremdm9230_firmwaremdm8215mqca8081_firmwarewcn3998_firmwareapq8009w_firmwareqca6420apq8053_firmwareqca9986ipq8070_firmwareqca9367_firmwareipq8065ipq8078a_firmwareipq8072_firmwaresa8155_firmwareipq8068mdm9615mqca6430wcd9306_firmwarewcd9340sdm830_firmwaresd765gmdm9250_firmwareqca9888_firmwareqcn6122qca6696_firmwarewcd9371sd870_firmwareqcn5154_firmwaremdm8215_firmwaresd_8cxsa8150par7420_firmwaremdm9330_firmwareqca9992_firmwaresd660sd865_5g_firmwaresd660_firmwareqcn5121qcn5022_firmwarewcn6750_firmwaresd450qca6428_firmwareqca9985_firmwarewcn3991ipq4018_firmwareqca9980_firmwaresdm429wipq8078sdx55m_firmwareipq8173sd670_firmwareqca6574sd632_firmwarecsr8811_firmwarewcd9380qualcomm215qcs410qcn5024sd690_5g_firmwareqca9379_firmwaresdx24_firmwareqca9985qcn9012_firmwaresd439_firmwareipq6018_firmwarewcd9340_firmwarewsa8815wcn6850pmp8074_firmwareqca6584_firmwaresd_8c_firmwaremdm9215_firmwareipq6028ipq8064sd835pmp8074wcn3980_firmwaresd730wcn6740_firmwarear6003_firmwareqcn5064_firmwaresd678_firmwareapq8064au_firmwareipq8078_firmwareqcn5054qcs603qca9994qca9980sd670qcn9024_firmwareipq8174_firmwareapq8009wqcm4290_firmwareqcs610_firmwaresa6145pqca9886_firmwarear8031sdm630_firmwareqca6391_firmwareqca4024wcd9370_firmwaresdx55apq8053qcn5021_firmwarecsra6640wcn3660qca9379mdm9150_firmwareqcn5500wsa8830qca9561csrb31024qca9563_firmwaremdm9628_firmwaremdm9650sd_636fsm10055_firmwareqca9992qcs4290mdm9250qca6420_firmwareapq8009_firmwaresd690_5gmdm9310_firmwaresd675_firmwareipq8072qca6564qca6426wcn3990_firmwareqca9984_firmwareqca9377sdw2500_firmwarewcd9385_firmwaresdxr2_5g_firmwarewcd9326_firmwaremdm9615m_firmwarewcn3615_firmwareipq8074aqca9982sa8155qca6584qcn5122_firmwaresdx55_firmwarewcn3615qcn6023_firmwarewcn3610_firmwarewcd9306qca6584ausd778gqfe1952ipq8174sd429qcn5052qca9367sdm630mdm9607_firmwaresa415m_firmwarewcn3988_firmwareqcn9074sd205sd429_firmwareqca6421sd778g_firmwaresa8195pqca6694qca7550wcd9326wcd9335qca9982_firmwareqcn6023qcs4290_firmwareqca6390qca9898_firmwaresd750g_firmwareaqt1000wcd9375sm6250_firmwaremsm8917_firmwareipq5010_firmwareipq8074a_firmwaresd888_5g_firmwaresdx20_firmwarewsa8815_firmwareapq8017qcx315ar6003mdm9630_firmwareqcm6125_firmwareqca9882sd780gsd865_5gqca6595qca9896_firmwareipq8065_firmwareqcx315_firmwaresd665_firmwareqcn5154qca8075_firmwareipq6005_firmwaremdm9206qca9888qca6310_firmwaresm7325ipq8070a_firmwaremdm9615qca6574_firmwareqca9886qcn5502_firmwaresd665sd765qca6574a_firmwareapq8009mdm9310csrb31024_firmwareqcn9070_firmwaresd480_firmwareipq6028_firmwareipq8072a_firmwaremdm9626_firmwareqca9531qca9889_firmwaremdm8215m_firmwaremdm9607qcn5122sd710sdx20m_firmwareqcn5022qca6564_firmwaresd768gwcn6740sdw2500qca8075apq8096au_firmwareqcn6024qcn9022sd845mdm9615_firmwaresdm830ipq6000_firmwaresdx12qcs410_firmwaremdm9330sm7325_firmwarefsm10055sa6150p_firmwareqcs610qcn5550qca6431_firmwareqca9561_firmwareqca4024_firmwareipq8078aipq5028_firmwaresa8150p_firmwareqcs2290qca6335msm8917qcn5064csra6620_firmwareqcs605_firmwaresd_675_firmwarecsra6640_firmwaremdm8615m_firmwareqca9987_firmwaresd632ipq8076amdm9628sd710_firmwareqca4020qca6428qca6574au_firmwareqcn5164_firmwareipq8071mdm9630wcd9375_firmwaresa6155_firmwaresdx12_firmwaremsm8909wsdx20mqca6438_firmwarewcn3999qrb5165_firmwareipq5028qca7500ipq4029_firmwareqcs6125ipq6010sd662_firmwareqcs405qualcomm215_firmwarefsm10056_firmwareqca4020_firmwareqca6436wcn6851qcn3018_firmwaresa6155pqcs603_firmwarewcn3660_firmwarewcd9341ipq8068_firmwareqca6431sd750gqca9988_firmwarewcn3910_firmwareqfe1922wsa8830_firmwaresd855_firmwarewcn3988qca6438sa8195p_firmwareqca9898ipq4028wcn3610mdm9640ipq5018_firmwareqca8337_firmwarewcd9380_firmwareipq8072aqca7500_firmwarewcd9330msm8996au_firmwarecsr6030ipq8076a_firmwareqca7550_firmwareqca6564auipq4029wcn6856_firmwareqcn5164qca9558qca7520_firmwaremdm9230qcn5054_firmwareipq4019_firmwaresdx50m_firmwareqca8072_firmwareqca6174qca6430_firmwareqcn5052_firmwarewcd9335_firmwarewcn3980qca6335_firmwareqcs605wcn3910qca6320mdm9650_firmwareqca9986_firmwareqca6426_firmwarewcn3660b_firmwarewcn3680qca9984qcn9024qcn5550_firmwarewcd9330_firmwaresdx55mipq8064_firmwareqca6421_firmwaremsm8953ar8031_firmwarewcn3680_firmwareqrb5165wcn6851_firmwareipq8070qcn5502qca9887_firmwaresd_636_firmwareqca6564a_firmwareqca9880sd480sd870qcn5121_firmwaresd210_firmwareipq6018qcn3018sdxr1apq8096auqca6595_firmwareqcs405_firmwaresa8145psd780g_firmwaresd888_firmwaresa8155psd675sd439qca9531_firmwarear8035_firmwareqcm2290qcn5024_firmwarewcn3991_firmwaresd678qcn9070sa8145p_firmwareqca7520qcs2290_firmwarefsm10056sm7250_firmwarecsra6620qca9987qcn9072qca9880_firmwaresd765g_firmwareipq8069_firmwareqca6390_firmwareipq6000qca6174_firmwaresd730_firmwarewcd9370qcn5152_firmwareqca6584au_firmwareapq8076_firmwareqcn9000_firmwareipq5018sd_8cx_firmwareqca9563sd662qcn5124_firmwareqfe1952_firmwareqca6320_firmwarewcn3680b_firmwareqca6595auwcn3999_firmwareqca6436_firmwareipq5010qca6564au_firmwaresa6155p_firmwareqca6310sa515m_firmwareqca9990sdxr2_5gsa6145p_firmwaresm6250apq8017_firmwarewsa8810_firmwaresd765_firmwareqca8081ipq8071aqca6174a_firmwareipq8071a_firmwarewcd9385mdm8615mar8035csr8811apq8064auipq4019qca6694_firmwaremsm8953_firmwareqcn9100_firmwaresd210wcn3620_firmwarewcn6850_firmwarewsa8835_firmwarewcn3620csr6030_firmwareqca6564aqca9988qca8072qcm2290_firmwarewcn3990qcn9000sd_675ar9380_firmwaresdx24qcn9012sd888qca9558_firmwaremsm8909w_firmwareqcn6122_firmwaremsm8996ausdm429w_firmwarewsa8835sd888_5gsm6250pipq4018qca6574aqca9889qca6174aipq8074qca9994_firmwarewcn6750ipq8076_firmwaresa515mar7420sd855sm4125_firmwareipq8076qfe1922_firmwareqca9887qcn5021ipq8069qcn5152sd768g_firmwaresd460qca6391sdxr1_firmwareipq6005aqt1000_firmwareqcn9100mdm9626qcm4290sdx50mqca9882_firmwaresdx20mdm9215sd_455ipq8074_firmwareqca6574ausa8155p_firmwaresd205_firmwarewcd9341_firmwareqcm6125wsa8810qcn5500_firmwaremdm9150wcn6856sd_8cwcn3680bsd835_firmwareipq6010_firmwareqca6696sd845_firmwaresa6150pqcn9022_firmwareqca9990_firmwareipq8070aqcn9072_firmwaresd720g_firmwareipq8071_firmwareqcn9074_firmwareqca9896Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-1962
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 18.60%
||
7 Day CHG~0.00%
Published-09 Sep, 2021 | 07:36
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow while processing IOCTL for getting peripheral endpoint information there is no proper validation for input maximum endpoint pair and its size in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fsm10055wcn3991_firmwaremdm9150_firmwaresd678qca9561sa6150p_firmwaresa8145p_firmwareqcs610fsm10056ar9380qca9563_firmwareqca9561_firmwarefsm10055_firmwareqca9880_firmwareqca9992wcn3950_firmwaresa8150p_firmwareqca6420_firmwareqca6595au_firmwareipq8069_firmwaresa6155sd730_firmwarewcd9370qcs605_firmwaresd_675_firmwaresd675_firmwareqca6584au_firmwarewcn3990_firmwareqca9984_firmwarewcn3998wcn3950wcd9326_firmwaresd720gwcn3615_firmwareqca9563wcn3660bqca9982sa8155qca6574au_firmwaresdx55_firmwareqca6595ausa6155_firmwarewcd9375_firmwarewcn3615wcn3998_firmwarewcn3610_firmwareqca6420qca6584ausa6155p_firmwareipq8065qca9990sa8155_firmwareipq8068wcn3988_firmwareqca6430sa6145p_firmwaresd205sm6250wcd9340sa8195pwsa8810_firmwarequalcomm215_firmwarefsm10056_firmwarewcd9326wcd9335sa6155pqca9982_firmwareqca9888_firmwarewcd9341ipq8068_firmwareqca6696_firmwareqca9898_firmwarewcd9375aqt1000sa8150psm6250_firmwaresda429wsd210qca9992_firmwaresd855_firmwarewcn3620_firmwarewcn3988wsa8815_firmwarewcn3620sa8195p_firmwareqca9898wcn3610qca9882wcn3991sda429w_firmwarewcd9380_firmwarewcn3990sd_675qca9980_firmwareqca6595ar9380_firmwaresdx55m_firmwareqca9558qca9558_firmwareqca9896_firmwareipq8065_firmwareqca6574sd665_firmwarewcd9380qualcomm215qcs410qca6574asdx50m_firmwareqca9889qca9888qca6430_firmwareqca9994_firmwarewcd9335_firmwarewcn3980qca6574_firmwareqca9886qcs605sd855wcd9340_firmwarewsa8815sd665qca9887wcn3660b_firmwarewcn3680qca6574a_firmwareqca9984ipq8064ipq8069wcn3980_firmwaresd730qca6391sdx55mipq8064_firmwareaqt1000_firmwaresd678_firmwarewcn3680_firmwaresdx50mqca9882_firmwareqca9994qca9887_firmwareqca9531qca6574auqca9889_firmwaresa8155p_firmwareqca9980sd205_firmwareqca9880wcd9341_firmwarewsa8810sd210_firmwareqcs610_firmwaremdm9150sa6145pqca9886_firmwareqca6595_firmwaresa8145pqca6696qca6391_firmwarewcd9370_firmwaresa6150psdx55sa8155psd675qca9990_firmwareqca9531_firmwaresd720g_firmwareqcs410_firmwareqca9896Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-1915
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.51%
||
7 Day CHG~0.00%
Published-07 May, 2021 | 09:10
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow can occur due to improper validation of NDP application information length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfs2580qpm5679_firmwaresm6250p_firmwareipq4028_firmwareqca8337qdm5579ar9380ipq8173_firmwareqfs2608_firmwareqfs2530qpm8870_firmwareqln1030pm6125qcn5124qat5522_firmwarewcn3950_firmwarepm8150aqdm5670qca6595au_firmwareqpm5541_firmwareqpa5581_firmwaresa6155pm7150lqpa8821pm8998_firmwarewtr5975_firmwareqcs6125_firmwarepm456_firmwareqpa5580_firmwaresa415mwcn3998wcd9371_firmwarewcn3950qcn6024_firmwaresd720gsm4125qsw8573_firmwareqsw8574_firmwaresd460_firmwaresmb2351_firmwaresd6905gqpa4360_firmwareqca8081_firmwarewcn3998_firmwarepm855pqca6420pm6150aqpm6670_firmwareipq8070_firmwareipq8065ipq8078a_firmwarepm660_firmwarepm8150bipq8072_firmwaresa8155_firmwareipq8068qca6430qat3522pmr735awcd9340sd765gsdr660qfs2630_firmwaresdr865qdm5620_firmwareqca9888_firmwaresmr545qca6696_firmwareqln5020wcd9371sd870_firmwareqcn5154_firmwarepmm855au_firmwaresa8150ppm6350qdm5621qtc800sqat3514_firmwareqca9992_firmwaresd660qet6105pm640p_firmwaresd660_firmwareqcn5121qcn5022_firmwareqcn7606_firmwareqat5516_firmwarepm6150lwcn6750_firmwaresd8885gpm855l_firmwareqca6428_firmwareqca9985_firmwareqtc410sipq4018_firmwarewcn3991qca9980_firmwareqpa8801ipq8078pm8150l_firmwareipq8173qat5533_firmwaresdx55m_firmwaresdxr25gqpa8673_firmwarepm6150smb1354_firmwaresd670_firmwareqca6574qfs2630qpa8842csr8811_firmwarepmm8996ausdr052_firmwarewcd9380qln4640qcs410qpm5579_firmwaresmb1380_firmwarepmk8350_firmwareqcn5024pm855p_firmwaresmb1381pm7250qpa8803qca9985qcn9012_firmwaresdxr25g_firmwareqdm2301ipq6018_firmwarewcd9340_firmwarewsa8815wcn6850pmp8074_firmwareqdm5621_firmwareqdm2301_firmwareqpm6375ipq6028ipq8064sd835pmp8074wcn3980_firmwaresd730pm660l_firmwarepm6250_firmwarewcn6740_firmwarepm8008pm8350b_firmwareqtm525_firmwareqcn5064_firmwaresd678_firmwareipq8078_firmwareqpm5621_firmwareqcn5054qln1021aq_firmwarersw8577qca9896qpa6560_firmwareqca9994qpa8802_firmwareqln4640_firmwareqca9980qpm5621qcn9024_firmwareipq8174_firmwarepm8009_firmwareqpm6582qfs2580_firmwaresd670qcm4290_firmwarewcn6855qcn7605_firmwarepm8150lpmi8998_firmwareqcs610_firmwaresa6145ppm660a_firmwarepm4250qca9886_firmwarear8031qpm5577wtr2965sdm630_firmwaresa2150pqca6391_firmwarepm8150qca4024wcd9370_firmwareqat3516_firmwaresdx55qcn5021_firmwarecsra6640pm8350bhsqat3555_firmwareqpa8803_firmwarepm855bsmb2351qln1031qcn7606qpm5870qcn5500wsa8830pm660qca9561qet6110_firmwareqdm5579_firmwareqpm6325pm6125_firmwareqbt1500qpa5581csrb31024qca9563_firmwarepmx24_firmwarefsm10055_firmwareqbt1500_firmwareqpm5870_firmwareqca9992qcs4290pmm855auqet6100qca6420_firmwaresmb1394_firmwaresmb1396pm7150asd675_firmwareipq8072pm8350qca6564qpa4361_firmwarepm8350c_firmwareqpa5461_firmwareqca6426wcn3990_firmwareqca9984_firmwareqpm5641wcd9385_firmwareqdm5650_firmwareqpa4340_firmwarewcd9326_firmwarepm7250_firmwareqdm5620qln1021aqipq8074asmb1380qca9982pmk8002_firmwareqsw6310_firmwaresa8155qln1031_firmwareqdm4650_firmwareqcn5122_firmwarepmm6155au_firmwareqat5533sdx55_firmwareqcn6023_firmwaresm7250p_firmwareqsm7250_firmwareqpm6670pm7150l_firmwareqca6584auqpm4641qat5515_firmwareipq8174pm855qpm8830_firmwarepm8250qcn5052sdm630qdm4643qfs2530_firmwaresa415m_firmwarepmx55qpm4641_firmwareqcn9074wcn3988_firmwarepm8150c_firmwareqca6421qdm3301qpa8842_firmwareqat3519_firmwaresa8195psdr735_firmwareqpm5677qat5515qca6694qat3514wcd9326wcd9335qca9982_firmwarepm6350_firmwareqcn6023pm8004_firmwaresdr8150_firmwareqcs4290_firmwareqtc800h_firmwarepmk7350_firmwareqpm5620qpm4630qca6390qca9898_firmwaresd750g_firmwareaqt1000wcd9375sm6250_firmwarepmm8195auqln4642qpm5677_firmwareipq5010_firmwareipq8074a_firmwarewsa8815_firmwaresmr525_firmwarepm8998pmk7350wtr3925_firmwareqpm8820_firmwareqln1020_firmwareqpm6621_firmwareqcm6125_firmwareqca9882pmx55_firmwareqca6595pm8150_firmwaresmb1398_firmwareqpm8830pmm8996au_firmwareqat5522qca9896_firmwareipq8065_firmwarepm8150cpmr735bsd665_firmwareqpa4360pmk8003_firmwareqcn5154qca8075_firmwareqpa4361ipq6005_firmwareqpm4640_firmwareqpm5577_firmwarewcn6855_firmwareqdm5679_firmwarepm8350csmr525qca9888qca6310_firmwareipq8070a_firmwarepm6150l_firmwarepmr525pm8150a_firmwareqca6574_firmwareqca9886qcn5502_firmwareqln1036aq_firmwaresd665pm6150a_firmwarepm6150_firmwareqca6175asd765qca6574a_firmwareqpm4630_firmwareqat3555qpa5461sd8c_firmwarewtr2965_firmwarecsrb31024_firmwareqfs2608qcn9070_firmwaresd480_firmwareqln1036aqqtc801sipq6028_firmwareipq8072a_firmwareqca9531qpm5641_firmwareqca9889_firmwaresd710qcn5122pm8008_firmwareqpm6621pmr735a_firmwarepmx50qcn5022qca6564_firmwaresdr8250sd768gqln1030_firmwarewcn6740pm8004pm640lpmk8002qca8075apq8096au_firmwareqcn6024qcn9022sd845ipq6000_firmwareqcs410_firmwareqca6175a_firmwareqpa5580qpm5579fsm10055sa6150p_firmwareqcs610qcn5550qpm5620_firmwareqdm2307qca6431_firmwareqpa8802wcd9360_firmwareqpm6585_firmwareqca9561_firmwareqat3519qbt2000_firmwareqca4024_firmwareipq8078aqtc800hsa8150p_firmwareqcs2290sdr8250_firmwareqca6335qcn5064csra6620_firmwareqln1020smr546_firmwareqdm5671csra6640_firmwarepmc1000hqpm4650_firmwareqat3518sd8csdr425_firmwaresmr526_firmwareipq8076apm640a_firmwarewgr7640_firmwareqdm2305_firmwareqpm5670_firmwaresd710_firmwareqca6428qdm5652qca6574au_firmwareqcn5164_firmwareipq8071qpm8870wcd9375_firmwareqpm5679qbt2000sa6155_firmwarewcd9360qca6438_firmwarepmx50_firmwareqpa8675_firmwaresdr735gwcn3999qdm3301_firmwareqca7500qsm7250ipq4029_firmwareqcs6125ipq6010sd662_firmwareqcs405rsw8577_firmwareqdm2308_firmwarefsm10056_firmwareqca6436wcn6851sa6155pqpa6560sdr675_firmwarewcd9341ipq8068_firmwareqdm4643_firmwareqca6431sm7350_firmwareqet4100_firmwaresd750gqdm3302wcn3910_firmwareqpm5657qpm5875_firmwarewsa8830_firmwaresd855_firmwareqdm5650wcn3988qca6438wtr3925sdr052sa8195p_firmwaresmb1390qca9898ipq4028qet4100qpa8686_firmwareipq5018_firmwareqpm6585qca8337_firmwarewcd9380_firmwaresmb1355ipq8072aqca7500_firmwareqln4650sdr735g_firmwarepm8350bhs_firmwarewgr7640ipq8076a_firmwareqat5568qdm5671_firmwareqet5100qca6564auqpa8801_firmwareqtm527_firmwaresd636wcn6856_firmwarepm8005_firmwareqcn5164qca9558qet4101_firmwarepm7250bqln4642_firmwaresmb1355_firmwarepm7250b_firmwarepmd9655_firmwaresmb1351_firmwareqcn5054_firmwareipq4019_firmwaresdx50m_firmwaresdr735smb1395pm660lsmr526qca8072_firmwarewtr5975qca6430_firmwarepmk8003qcn5052_firmwareqtc801s_firmwareqat3522_firmwarewcd9335_firmwarewcn3980pm7350c_firmwareqca6335_firmwareqsw8573wcn3910qca6320smb1394qca6426_firmwarepm8350_firmwareqca9984qcn9024pm8009qpa8675qcn5550_firmwaresdr051_firmwaresdx55mipq8064_firmwareqca6421_firmwareqat3518_firmwareqsw8574pmi8998sd6905g_firmwarear8031_firmwarepm855lwcn6851_firmwareqdm5670_firmwareipq8070sd8655gqcn5502pm7150a_firmwarepm8150b_firmwareqca9887_firmwaresmr545_firmwarepmc1000h_firmwareqca6564a_firmwareqdm2310_firmwarepm4250_firmwareqca9880sd480sd870qcn5121_firmwaresd8885g_firmwareqdm5677pm8005ipq6018pm855_firmwareqdm2302pmm6155ausdxr1pm855b_firmwareapq8096auqca6595_firmwareqcs405_firmwareqpm6582_firmwareqpm6375_firmwarepm640l_firmwareqln4650_firmwareqpm5875qet5100msd888_firmwaresa8155psd675qet4101qca9531_firmwareqat3516qpm5658ar8035_firmwareqcm2290qpm5658_firmwareqcn5024_firmwarewcn3991_firmwareqdm5652_firmwarepmm8155au_firmwaresd678qcn9070sdr051qln5030qcs2290_firmwarepm4125fsm10056pmi632qpa2625_firmwarepm456pm8350bh_firmwarecsra6620pmr735b_firmwareqet5100_firmwareqpm4621qcn9072qca9880_firmwareqet6100_firmwaresdr660gsd765g_firmwareqpa8686qca6390_firmwareipq6000sd730_firmwarewcd9370qcn5152_firmwaresdr425pmr525_firmwareqca6584au_firmwareqcn9000_firmwareipq5018pmi632_firmwareqcn7605qpm5541qat5516qca9563sd662qpa8821_firmwareqcn5124_firmwaresdr660g_firmwarepm8350bhpm3003aqca6320_firmwareqca6595auwcn3999_firmwareqca6436_firmwaresm7350smb1354ipq5010qca6564au_firmwareqdm2305sa6155p_firmwareqca6310qpm8820qpm2630qln5020_firmwaresa515m_firmwareqca9990smb1398sa6145p_firmwaresdr675sm6250wsa8810_firmwaresd765_firmwareqdm5677_firmwareqca8081ipq8071aipq8071a_firmwarewcd9385qpm6325_firmwareqdm2302_firmwareqat3550_firmwarepmm8155auqln5040_firmwarepm4125_firmwarear8035csr8811qpa8673ipq4019qca6694_firmwareqdm2310qln5030_firmwareqcn9100_firmwaresmb1396_firmwarewcn6850_firmwarewsa8835_firmwareqca6564asmr546pmx24qet6110qln5040qca8072qcm2290_firmwareqpm8895qpm5670wcn3990qcn9000qtm527ar9380_firmwarepmk8350qcn9012qdm3302_firmwaresd888qca9558_firmwarepm8350bqdm2307_firmwarewsa8835qpm5657_firmwaresm6250psdr660_firmwareipq4018qca6574asmb1390_firmwareqca9889ipq8074qca9994_firmwareqpm4640wcn6750pm7350cqet5100m_firmwareipq8076_firmwareqpm4650qtm525sa515msa2150p_firmwarewtr6955sd855sm4125_firmwaresd8cxipq8076wtr6955_firmwareqca9887pm640pqcn5021qcn5152sd768g_firmwaresdr865_firmwarepm8250_firmwaresd460qca6391sd8cx_firmwaresdxr1_firmwaresmb1351ipq6005aqt1000_firmwareqcn9100qpm8895_firmwarepm660aqpa4340qcm4290sdx50mpm640aqca9882_firmwaresdr8150smb1395_firmwareqdm4650pmd9655ipq8074_firmwareqca6574ausa8155p_firmwareqsw6310qet6105_firmwaresd8655g_firmwarewcd9341_firmwareqcm6125wsa8810qtc410s_firmwareqpm2630_firmwareqcn5500_firmwareqat5568_firmwareqdm2308qat3550wcn6856qdm5679sd835_firmwareipq6010_firmwarepm3003a_firmwareqca6696qtc800s_firmwaresmb1381_firmwaresd845_firmwareqpa2625sa6150pqcn9022_firmwareqca9990_firmwareipq8070apmm8195au_firmwareqcn9072_firmwaresm7250psd720g_firmwareipq8071_firmwareqcn9074_firmwareqpm4621_firmwareipq4029sd636_firmwarepm6250Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2018-21066
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 40.27%
||
7 Day CHG~0.00%
Published-08 Apr, 2020 | 17:26
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with M(6.0) (Exynos or MediaTek chipsets) software. There is a buffer overflow in a Trustlet that can cause memory corruption. The Samsung ID is SVE-2018-11599 (July 2018).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-1931
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.16%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 05:30
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer overflow due to improper validation of buffer length while processing fast boot commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fsm10055qca9377_firmwarewcn3991_firmwarewsa8830sd678sa6150p_firmwaresm6250p_firmwaresa8145p_firmwareqcs610qcs2290_firmwarefsm10056qca8337qca6431_firmwarecsrb31024sd_636csra6620fsm10055_firmwareqcs4290wcn3950_firmwaresa8150p_firmwaresd765g_firmwareqca6420_firmwareqca6595au_firmwareqcs2290qca6390_firmwaresa6155qca6335sd690_5gsd730_firmwarewcd9370csra6620_firmwareqcs605_firmwaresd_675_firmwaresd675_firmwarecsra6640_firmwareqca6564qcs6125_firmwareqca6426qca6584au_firmwarewcn3990_firmwareqca9377sa415mwcn3998sd_8cx_firmwarewcd9371_firmwaresdxr2_5g_firmwarewcd9385_firmwaresm4125sd720gwcd9326_firmwarewcn3950sd662sd710_firmwaresd460_firmwaresa8155qca6320_firmwaresm7315_firmwareqca6574au_firmwaresdx55_firmwareqca6595ausa6155_firmwarewcd9375_firmwarewcn3998_firmwaresm7250p_firmwarewcn3999_firmwareqca6420qca6436_firmwareqca6564au_firmwareqca6584ausa6155p_firmwareqca6310sd778gwcn3999sdxr2_5gqcs6125sa8155_firmwaresd662_firmwaresdm630sa415m_firmwareqcs405qca6430wcn3988_firmwaresa6145p_firmwareqca6421sd778g_firmwaresm6250wcd9340sa8195psdm830_firmwarewsa8810_firmwaresd765gsd765_firmwarefsm10056_firmwareqca6436wcd9326wcd9335sa6155pwcn6851qcs603_firmwareqca6174a_firmwareqcs4290_firmwarewcd9385wcd9341qca6431qca6696_firmwarewcd9371sd750gsd870_firmwarear8035qca6390sd_8cxaqt1000sa8150psd750g_firmwaresm6250_firmwarewcd9375wcn3910_firmwarewsa8830_firmwaresd855_firmwaresd660sd865_5g_firmwarewcn3988sd888_5g_firmwarewcn6850_firmwaresd660_firmwarewsa8815_firmwarewsa8835_firmwaresa8195p_firmwareqca6564awcn6750_firmwareqcm6125_firmwareqcm2290_firmwarewcn3991qca8337_firmwarewcd9380_firmwarewcn3990sd_675sd780gsd865_5gqca6564ausdx24sdx55m_firmwarewcn6856_firmwaresd888sd670_firmwareqca6574wsa8835sd665_firmwarewcd9380sd888_5gsm6250pqcs410qca6574asd690_5g_firmwaresdx50m_firmwareqca6174asm7325psdx24_firmwareqca6310_firmwareqca6430_firmwarewcd9335_firmwarewcn3980wcn6750qca6335_firmwareqca6574_firmwareqcs605wcd9340_firmwaresd855sm4125_firmwaresm7325p_firmwaresd665wcn3910qca6320wcn6850wsa8815sd_8c_firmwaresd765qca6426_firmwareqca6574a_firmwaresd768g_firmwaresd835wcn3980_firmwaresm7315sd460qca6391sd730sdx55msdxr1_firmwareqca6421_firmwareaqt1000_firmwarewcn6740_firmwaresd678_firmwarear8031_firmwarecsrb31024_firmwareqcm4290sdx50msd480_firmwareqcs603wcn6851_firmwareqca6574ausa8155p_firmwaresd710sd_636_firmwaresd670qca6564a_firmwarewcd9341_firmwareqcm6125qcm4290_firmwaresd480sd870wsa8810qcs610_firmwarewcn6856sd_8csa6145psd835_firmwareqca6564_firmwaresdxr1sd768gar8031qcs405_firmwaresa8145pwcn6740qca6696sdm630_firmwareqca6391_firmwaresd845_firmwaresd780g_firmwarewcd9370_firmwaresa6150psd888_firmwaresdx55sa8155pcsra6640sd675sd845sm7250psdm830sd720g_firmwareqcs410_firmwarear8035_firmwareqcm2290Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-1889
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.03% / 8.51%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 05:30
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer overflow due to lack of length check in Trusted Application in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwarefsm10055mdm9640_firmwaresm6250p_firmwaresa6150p_firmwareqcs610qca8337qca6431_firmwarewcd9360_firmwarewcn3950_firmwaresc8180x\+sdx55sa8150p_firmwareqcs2290qca6595au_firmwaresa6155msm8917sd_455_firmwarecsra6620_firmwareqcs605_firmwaresd_675_firmwarecsra6640_firmwareqcs6125_firmwaresd632sa415mwcn3998wcd9371_firmwarewcn3950sm4125sd720gwcn3660bsd450_firmwareqsm8350_firmwareqsm8350sd460_firmwareqca4020qca6574au_firmwarewcd9375_firmwarewcn3998_firmwaresa6155_firmwareqca6420apq8053_firmwarewcd9360wcn3999qcs6125sa8155_firmwareqca4004_firmwaresd662_firmwareqcs405qca6430wcd9306_firmwaresd765gqualcomm215_firmwarefsm10056_firmwareqca4020_firmwareqca6436wcn6851sa6155pqcs603_firmwaremsm8937wcn3660_firmwaremdm9655qca6696_firmwarepm8937_firmwareqca6431wcd9371sd870_firmwaresd750gwcn3910_firmwaresd_8cxsa8150pqca4004wsa8830_firmwaresd855_firmwaresd660sd865_5g_firmwaresd712wcn3988sd660_firmwaresa8195p_firmwarewcn6750_firmwaresd450wcn3610mdm9640wcn3991qca8337_firmwaresda429w_firmwarewcd9380_firmwaresdm429wmsm8996au_firmwareqca6564ausdx55m_firmwarewcn6856_firmwaremsm8940_firmwaresd670_firmwareqca6574sd632_firmwarewcd9380qualcomm215qcs410sd690_5g_firmwaresdx50m_firmwareqca9379_firmwaresdx24_firmwareqca6430_firmwarewcd9335_firmwaresd439_firmwareqcs605wcn6850sd7cwcn3910qca6320msm8937_firmwaremdm9650_firmwaresd_8c_firmwareqca6426_firmwarewcn3660b_firmwarewcn3680sd835sd730sdx55mqca6421_firmwarewcn6740_firmwaremsm8953sd821_firmwaresd678_firmwareapq8064au_firmwarear8031_firmwarewcn3680_firmwareqca6234wcn6851_firmwareqcs603sd670sd_636_firmwareqca6564a_firmwareqca6694au_firmwareqcm4290_firmwaresd480sd870wcn6855qcs610_firmwareqsm8250sa6145psdxr1ar8031apq8096auqca6595_firmwareqcs405_firmwaresa8145psdm630_firmwaremdm9205_firmwareqca6391_firmwaresd820_firmwarewcd9370_firmwaresd780g_firmwaresdx55apq8053sa8155pcsra6640sd675sd439wcn3660qca9379qca6234_firmwarear8035_firmwareqsm8250_firmwareqcm2290wcn3991_firmwarewsa8830sd678sa8145p_firmwareqcs2290_firmwarefsm10056sd7c_firmwarecsrb31024mdm9650sd_636csra6620fsm10055_firmwareqcs4290sd765g_firmwareqca6420_firmwareqca6390_firmwaresd690_5gsd730_firmwarewcd9370sd675_firmwareqca6564qca6426qca6584au_firmwareqca9377sd_8cx_firmwarewcd9385_firmwaresdxr2_5g_firmwarewcn3615_firmwaresd662apq8037sa8155qca6320_firmwarewcn3680b_firmwaresdx55_firmwarewcn3615qca6595auwcn3999_firmwaresm7250p_firmwarewcn3610_firmwareqca6436_firmwarewcd9306qca6584ausd778gqca6564au_firmwaresa6155p_firmwarepm8937sa515m_firmwaresd429sdxr2_5gsdm630sd821mdm9655_firmwaresa415m_firmwarewcn3988_firmwaresd429_firmwaresa6145p_firmwareqca6421sd778g_firmwaresm6250sd712_firmwaresa8195papq8017_firmwareqca6694sd765_firmwarewcd9335qca6174a_firmwareqcs4290_firmwarewcd9385qca6390wcd9375sd750g_firmwareaqt1000ar8035apq8064ausm6250_firmwaresc8180x\+sdx55_firmwareqca6694_firmwaremsm8953_firmwareqca6694ausda429wmsm8917_firmwarewcn3620_firmwaresd820sd888_5g_firmwarewcn6850_firmwarewsa8835_firmwarewcn3620apq8017qca6564aqcm6125_firmwareqcm2290_firmwaresd_675sd780gsd865_5gqca6595sdx24wsa8835msm8996ausdm429w_firmwaresd665_firmwaresd888_5gsm6250pqca6574awcn6855_firmwareqca6174asm7325pwcn6750mdm9205sa515mqca6574_firmwaresd855sm4125_firmwaresm7325p_firmwaresd665qca6175asd765qca6574a_firmwaresd768g_firmwaresd850_firmwaresd460qca6391sdxr1_firmwareaqt1000_firmwaremsm8920qcm4290csrb31024_firmwaresdx50msd480_firmwaremsm8920_firmwaresd_455qca6574ausa8155p_firmwareqcm6125wcn6856sd_8cwcn3680bsd835_firmwareqca6564_firmwaresd768gwcn6740qca6696sa6150pmsm8940apq8096au_firmwareapq8037_firmwaresm7250psd720g_firmwareqcs410_firmwareqca6175a_firmwaresd850Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-1909
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.3||HIGH
EPSS-0.03% / 8.51%
||
7 Day CHG~0.00%
Published-09 Sep, 2021 | 07:35
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow occurs in trusted applications due to lack of length check of parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaresm7250mdm9640_firmwaresm6250p_firmwareipq4028_firmwareqca8337ar9380ipq8173_firmwareqcn5124fsm9950mdm9645wcn3950_firmwaresc8180x\+sdx55qca6595au_firmwaresa6155sd_455_firmwareapq8076fsm9905_firmwareqcs6125_firmwaremsm8108sa415mwcn3998wcd9371_firmwaremsm8108_firmwarewcn3950qcn6024_firmwaresd720gsm4125mdm9206_firmwareqsw8573_firmwarewcn3660bsd450_firmwareqsm8350_firmwareqsm8350sd460_firmwaremdm9230_firmwareipq8062apq8064_firmwareqca8081_firmwarewcn3998_firmwareapq8009w_firmwareqca6420apq8053_firmwareipq8070_firmwareqca9367_firmwareipq8065ipq8078a_firmwaremdm8207ipq8072_firmwaresa8155_firmwareqca4004_firmwareipq8068qca6430wcd9306_firmwarewcd9340sdm830_firmwaremdm9625_firmwaresd765gar3012_firmwareapq8052msm8209_firmwaremdm9250_firmwareqca9888_firmwareqcn6122qca6696_firmwarewcd9371sd870_firmwareqcn5154_firmwaresd_8cxsa8150par7420_firmwareqca4004mdm9330_firmwareqca9992_firmwaresd865_5g_firmwaresd712qcn5121qcn5022_firmwareqcn7606_firmwarewcn6750_firmwaresd450qca6428_firmwareqca9985_firmwarewcn3991ipq4018_firmwareqca9980_firmwaresdm429wipq8078sdx55m_firmwareipq8173msm8976_firmwareqca6574sd632_firmwaresd670_firmwarecsr8811_firmwarewcd9380qualcomm215qcs410qcn5024sd690_5g_firmwareqca9379_firmwaresdx24_firmwareqca9985qcn9012_firmwareipq6018_firmwareqca9890_firmwarewcd9340_firmwarewsa8815wcn6850pmp8074_firmwaremsm8956_firmwareqca6584_firmwaremsm8937_firmwaresd_8c_firmwareipq6028ipq8064sd835pmp8074qca1990sd730wcn6740_firmwaremdm9225qcn5064_firmwaresd678_firmwareapq8064au_firmwaremdm9225mipq8078_firmwareqca9890qca6234qcn5054qcs603fsm9900_firmwareqca9994qca6164_firmwareqca9980sd670qcn9024_firmwareipq8174_firmwareapq8009wqcm4290_firmwarewcn6855qcn7605_firmwareqcs610_firmwareapq8084_firmwaresa6145pqca9886_firmwarear8031mdm8207_firmwareqca6164sdm630_firmwaremdm9205_firmwareqca6391_firmwaresd820_firmwareqca4024wcd9370_firmwaresdx55apq8053qcn5021_firmwarecsra6640wcn3660qca9379qca6234_firmwareqcn7606qsm8250_firmwaremdm9150_firmwarewsa8830qca9561fsm9915_firmwarecsrb31024mdm9628_firmwaremdm9650fsm9916_firmwaresd_636fsm10055_firmwareqca9992qcs4290mdm9250qca6420_firmwarepmd9635_firmwareapq8009_firmwaresd690_5gfsm9915msm8916_firmwaresd675_firmwareipq8072qca6564qca6426qca9984_firmwareqca9377fsm9905sdw2500_firmwarewcd9385_firmwaresdxr2_5g_firmwarewhs9410ipq8074aqca9982mdm8635msa8155qca6584qcn5122_firmwaresdx55_firmwareqcn6023_firmwarewcn3610_firmwaremdm9207wcd9306qca6584ausd778gqfe1952msm8208ipq8174sd429msm8962qca9367qcn5052mdm9235m_firmwaresdm630mdm9607_firmwaremdm9655_firmwaremsm8976sgsa415m_firmwarewcn3988_firmwareqcn9074sd205sd429_firmwareqca6421sd778g_firmwaresa8195pqca6694qca7550wcn3660aqca9982_firmwareqcn6023qcs4290_firmwareqcs6490_firmwaremdm8635m_firmwaremdm9625qca6390qca9898_firmwaresd750g_firmwareaqt1000msm8956msm8976sc8180x\+sdx55_firmwaresm6250_firmwarewcd9375apq8056msm8917_firmwareipq5010_firmwareipq8074a_firmwaremdm9625msd888_5g_firmwaresdx20_firmwarewsa8815_firmwaremsm8916apq8017qcx315mdm9235mmdm9630_firmwareqcm6125_firmwareqca9882sd780gsd865_5gqca6595ipq8065_firmwareqcx315_firmwareqca10901sd665_firmwareqcn5154qca8075_firmwareipq6005_firmwaremdm9206wcn6855_firmwareqca9888qca6310_firmwaresm7325ipq8070a_firmwareqca6574_firmwareqca9886sd665qca6175asd765wtr3925lqca6574a_firmwaresd850_firmwarewcn3660a_firmwareapq8009csrb31024_firmwareqcm6490_firmwareqcn9070_firmwaresd480_firmwareipq6028_firmwareipq8072a_firmwaremdm9626_firmwareqca9531qca9889_firmwaremdm9607qcn5122mdm9645_firmwaresdx20m_firmwareqcn5022qca6564_firmwaresd768gwcn6740sdw2500msm8940qca8075apq8096au_firmwareqcn6024qcn9022sd845msm8962_firmwaresdm830ipq6000_firmwaresdx12qcs410_firmwaremdm9330qca6175a_firmwaresm7325_firmwareipq8062_firmwarefsm10055sa6150p_firmwareqcs610qcn5550fsm9955_firmwareqca6431_firmwarewcd9360_firmwareqca9561_firmwareqca4024_firmwareipq8078aipq5028_firmwaresa8150p_firmwareqcs2290qca6335msm8917qcn5064csra6620_firmwareqcs605_firmwaresd_675_firmwarecsra6640_firmwarefsm9916qca9987_firmwaresd632ipq8076amdm9628qca4020qca6428qca6574au_firmwareqcn5164_firmwareipq8071mdm9630wcd9375_firmwaresa6155_firmwaresdx12_firmwaremsm8909wwcd9360qca10901_firmwaresdx20mqca6438_firmwarewhs9410_firmwarewcn3999qrb5165_firmwareipq5028qca7500ipq4029_firmwareqcs6125apq8056_firmwareapq8016_firmwareipq6010apq8062_firmwaresd662_firmwareqcs405sc8280xp_firmwareqca1990_firmwarequalcomm215_firmwarefsm10056_firmwareqca4020_firmwareqca6436fsm9910_firmwareqcn3018_firmwaresa6155pwcn6851qcs603_firmwaremsm8937ipq8066_firmwarewcn3660_firmwareipq8068_firmwaremdm9655pm8937_firmwareqca6431sd750gwcn3910_firmwaremdm9207_firmwareqfe1922wsa8830_firmwaresd855_firmwarewcn3988qca6438sa8195p_firmwaremsm8208_firmwareqca9898ipq4028wcn3610mdm9640msm8608ipq5018_firmwarear9580_firmwareqca8337_firmwaresda429w_firmwarewcd9380_firmwareipq8072aqca7500_firmwarewcd9330msm8996au_firmwarecsr6030ipq8076a_firmwareqca7550_firmwaremdm9225m_firmwareqca6564auwcn6856_firmwareqcn5164msm8940_firmwareqca9558qca7520_firmwaremdm9230qcn5054_firmwareipq4019_firmwaresdx50m_firmwareipq8066qca8072_firmwareqca6174qca6430_firmwareqcn5052_firmwareqca6335_firmwareqsw8573qcs605sd7cmdm9225_firmwareqca6320wcn3910mdm9650_firmwareqca6426_firmwarewcn3660b_firmwarewcn3680qca9984qcn9024qcn5550_firmwarewcd9330_firmwaresdx55mipq8064_firmwareqca6421_firmwaremsm8953sd821_firmwareapq8064ar8031_firmwarewcn3680_firmwareqrb5165wcn6851_firmwareipq8070pmd9635qca9887_firmwarewtr3925l_firmwaresd_636_firmwareqca6564a_firmwareqca6694au_firmwareqca9880msm8976sg_firmwaresd480sd870qcn5121_firmwarear3012sd210_firmwareqsm8250ipq6018qcn3018sdxr1apq8096auqca6595_firmwareqcs405_firmwaresa8145par9580sd780g_firmwaresd888_firmwaresc8280xpsa8155psd675qca9531_firmwarear8035_firmwareqcm2290qcn5024_firmwarewcn3991_firmwaresd678qcn9070sa8145p_firmwareqca7520qcs2290_firmwarefsm10056sm7250_firmwaresd7c_firmwareqca9378csra6620qca9987qfe1100_firmwareqcn9072qca9880_firmwaresd765g_firmwareipq8069_firmwareqca6390_firmwareipq6000qca6174_firmwaresd730_firmwarewcd9370qcn5152_firmwareqca6584au_firmwareapq8076_firmwareqcn9000_firmwareipq5018sd_8cx_firmwareqcn7605fsm9950_firmwaresd662qcn5124_firmwareqfe1952_firmwareapq8037qca6320_firmwareqca6595auwcn3999_firmwareqca6436_firmwareipq5010qca6564au_firmwaresa6155p_firmwareqca6310pm8937sa515m_firmwareqca9990qcs6490sdxr2_5gapq8084sd821apq8062sa6145p_firmwaresm6250sd712_firmwareapq8017_firmwareqfe1100sd765_firmwareqca8081ipq8071aqca6174a_firmwareipq8071a_firmwarewcd9385ar8035csr8811apq8064auipq4019qca6694_firmwaremsm8953_firmwareqcn9100_firmwareqca6694aumsm8952sda429wsd210wcn3620_firmwaresd820qcm6490wcn6850_firmwarewsa8835_firmwarewcn3620csr6030_firmwareqca6564aqca8072qcm2290_firmwaremdm9635m_firmwareqcn9000sd_675mdm9625m_firmwarear9380_firmwaresdx24qcn9012sd888qca9558_firmwaremsm8952_firmwaremsm8909w_firmwareqcn6122_firmwaremsm8996ausdm429w_firmwarewsa8835sd888_5gsm6250pipq4018qca6574aqca9889qca6174aipq8074qca9994_firmwarewcn6750mdm9635mapq8052_firmwarefsm9910ipq8076_firmwaremdm9205sa515mar7420sd855sm4125_firmwareipq8076qfe1922_firmwareqca9887qca9378_firmwareqcn5021ipq8069qcn5152sd768g_firmwaremsm8209sd460qca6391sdxr1_firmwareipq6005aqt1000_firmwaremsm8920qcn9100mdm9626qcm4290sdx50mqca9882_firmwaresdx20msm8920_firmwaresd_455ipq8074_firmwareqca6574ausa8155p_firmwaresd205_firmwareqcm6125mdm9150wcn6856sd_8csd835_firmwareipq6010_firmwareqca6696fsm9955apq8016msm8608_firmwaresd845_firmwaresa6150pqcn9022_firmwarefsm9900qca9990_firmwareapq8037_firmwareipq8070aqcn9072_firmwaresd720g_firmwareipq8071_firmwareqcn9074_firmwareipq4029sd850Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-1961
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-1.15% / 77.60%
||
7 Day CHG~0.00%
Published-09 Sep, 2021 | 07:36
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer overflow due to lack of offset length check while updating the buffer value in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fsm10055qca9377_firmwaremdm9150_firmwarewcn3991_firmwaresm7250mdm9640_firmwaresa6150p_firmwaresa8145p_firmwareqcs610wsa8830fsm10056qca8337sm7250_firmwareqca6431_firmwaremdm9650csra6620fsm10055_firmwarewcn3950_firmwaresa8150p_firmwaresd765g_firmwareqca6420_firmwareqca6595au_firmwareqca6390_firmwareapq8009_firmwaresa6155sd690_5gwcd9370csra6620_firmwareqcs605_firmwarecsra6640_firmwareqcs6125_firmwareqca6426qca6584au_firmwarewcn3990_firmwareqca9377wcn3998sd_8cx_firmwarewcd9385_firmwaresdxr2_5g_firmwarewcn3950wcd9326_firmwarewcn3615_firmwaremdm9206_firmwarewcn3660bsd662sd460_firmwaresa8155qca6574au_firmwaresdx55_firmwarewcn3680b_firmwareqca6595ausa6155_firmwaresdx12_firmwarewcd9375_firmwarewcn3615wcn3998_firmwarewcn3610_firmwareqca6420qca6436_firmwareapq8053_firmwareqca6564au_firmwareqca6584ausa6155p_firmwareqca9367_firmwaresd778gwcn3999qrb5165_firmwaresdxr2_5gqca9367qcs6125sa8155_firmwaresd662_firmwareqcs405qca6430wcn3988_firmwaresa6145p_firmwaresd205qca6421sd778g_firmwarewcd9340sa8195pwsa8810_firmwarequalcomm215_firmwaresd765gsd765_firmwarefsm10056_firmwareqca6436wcd9326wcd9335sa6155pwcn6851qca6174a_firmwarewcd9385wcd9341qca6431qca6696_firmwaresd750gsd870_firmwarear8035qca6390sd_8cxaqt1000sa8150psd750g_firmwarewcd9375msm8953_firmwarewsa8830_firmwaresda429wsd210sd855_firmwaresd865_5g_firmwarewcn3620_firmwarewcn3988sd888_5g_firmwarewcn6850_firmwarewcn3620wsa8815_firmwarewsa8835_firmwaresa8195p_firmwareqca6564awcn6750_firmwarewcn3610qcm6125_firmwaremdm9640wcn3991qca8337_firmwaresda429w_firmwarewcd9380_firmwarewcn3990wcd9330msm8996au_firmwaresd780gsd865_5gqca6595qca6564ausdx55m_firmwarewcn6856_firmwarewsa8835qca6574msm8996ausd665_firmwarewcd9380sd888_5gwcn3999_firmwarequalcomm215qcs410qca6574asd690_5g_firmwaremdm9206wcn6855_firmwareqca6174asm7325qca6430_firmwarewcd9335_firmwarewcn3980wcn6750qca6574_firmwareqcs605wcd9340_firmwaresd855wsa8815wcn6850sd665mdm9650_firmwaresd_8c_firmwaresd765qca6426_firmwarewcn3660b_firmwarewcn3680qca6574a_firmwaresd768g_firmwarewcn3980_firmwareapq8009qca6391sd460sdx55mwcd9330_firmwareqca6421_firmwareaqt1000_firmwarewcn6740_firmwaremsm8953ar8031_firmwarewcn3680_firmwareqrb5165sd480_firmwarewcn6851_firmwareqca6574ausa8155p_firmwaresd205_firmwareqca6564a_firmwarewcd9341_firmwareqcm6125sd480sd870wsa8810wcn6855sd210_firmwareqcs610_firmwaremdm9150wcn6856qsm8250sd_8csa6145pwcn3680bsd768gapq8096auar8031qca6595_firmwareqcs405_firmwaresa8145pwcn6740qca6696qca6391_firmwaresd780g_firmwarewcd9370_firmwaresa6150psdx55apq8053apq8096au_firmwarecsra6640sa8155psdx12qcs410_firmwarear8035_firmwareqsm8250_firmwaresm7325_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-0421
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.99%
||
7 Day CHG~0.00%
Published-27 Sep, 2021 | 11:20
Updated-03 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In memory management driver, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05381235.

Action-Not Available
Vendor-n/aGoogle LLCMediaTek Inc.
Product-mt6757cdmt6592hmt6873mt6893mt6799mt6580mt6750mt6582emt6755smt6595mt6757cmt6765mt6737mt6883mt6891mt6592tmt6853tmt6739mt6757mt6797mt6769mt6761mt6875mt6889mt6768mt6755mt6592_90mt6771mt6758mt6833mt6732mt6885mt6582tmt6735mt6750smt6753mt6762mt6795mt6877mt6582wmt6853androidmt6757chmt6589tdmt6592emt6589mt6582hmt6582_90mt6752mt6779mt6785mt6731mt6763mt6592wMT6580, MT6582E, MT6582H, MT6582T, MT6582W, MT6582_90, MT6589, MT6589TD, MT6592E, MT6592H, MT6592T, MT6592W, MT6592_90, MT6595, MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-8940
Matching Score-6
Assigner-Google LLC
ShareView Details
Matching Score-6
Assigner-Google LLC
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 3.19%
||
7 Day CHG~0.00%
Published-15 Dec, 2020 | 14:55
Updated-04 Aug, 2024 | 10:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unchecked buffer overrun in enc_untrusted_recvmsg

An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_recvmsg using an attacker controlled result parameter. The parameter size is unchecked allowing the attacker to read memory locations outside of the intended buffer size including memory addresses within the secure enclave. We recommend upgrading or past commit fa6485c5d16a7355eab047d4a44345a73bc9131e

Action-Not Available
Vendor-Google LLC
Product-asyloAsylo
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-8942
Matching Score-6
Assigner-Google LLC
ShareView Details
Matching Score-6
Assigner-Google LLC
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 3.19%
||
7 Day CHG~0.00%
Published-15 Dec, 2020 | 14:55
Updated-04 Aug, 2024 | 10:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unchecked buffer overrun in enc_untrusted_read

An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_read whose return size was not validated against the requrested size. The parameter size is unchecked allowing the attacker to read memory locations outside of the intended buffer size including memory addresses within the secure enclave. We recommend upgrading past commit b1d120a2c7d7446d2cc58d517e20a1b184b82200

Action-Not Available
Vendor-Google LLC
Product-asyloAsylo
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-8944
Matching Score-6
Assigner-Google LLC
ShareView Details
Matching Score-6
Assigner-Google LLC
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 3.02%
||
7 Day CHG~0.00%
Published-15 Dec, 2020 | 14:55
Updated-04 Aug, 2024 | 10:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unchecked buffer overrun in ecall_restore

An arbitrary memory write vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to ecall_restore using the attribute output which fails to check the range of a pointer. An attacker can use this pointer to write to arbitrary memory addresses including those within the secure enclave We recommend upgrading past commit 382da2b8b09cbf928668a2445efb778f76bd9c8a

Action-Not Available
Vendor-Google LLC
Product-asyloAsylo
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-8896
Matching Score-6
Assigner-Google LLC
ShareView Details
Matching Score-6
Assigner-Google LLC
CVSS Score-4.2||MEDIUM
EPSS-0.09% / 25.86%
||
7 Day CHG~0.00%
Published-04 May, 2020 | 13:25
Updated-04 Aug, 2024 | 10:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Overflow in Google Earth Pro

A Buffer Overflow vulnerability in the khcrypt implementation in Google Earth Pro versions up to and including 7.3.2 allows an attacker to perform a Man-in-the-Middle attack using a specially crafted key to read data past the end of the buffer used to hold it. Mitigation: Update to Google Earth Pro 7.3.3.

Action-Not Available
Vendor-Google LLC
Product-earthGoogle Earth Pro
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-8941
Matching Score-6
Assigner-Google LLC
ShareView Details
Matching Score-6
Assigner-Google LLC
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 3.32%
||
7 Day CHG~0.00%
Published-15 Dec, 2020 | 14:55
Updated-04 Aug, 2024 | 10:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unchecked buffer overrun in enc_untrusted_inet_pton

An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_inet_pton using an attacker controlled klinux_addr_buffer parameter. The parameter size is unchecked allowing the attacker to read memory locations outside of the intended buffer size including memory addresses within the secure enclave. We recommend upgrading past commit 8fed5e334131abaf9c5e17307642fbf6ce4a57ec

Action-Not Available
Vendor-Google LLC
Product-asyloAsylo
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-8943
Matching Score-6
Assigner-Google LLC
ShareView Details
Matching Score-6
Assigner-Google LLC
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 3.19%
||
7 Day CHG~0.00%
Published-15 Dec, 2020 | 14:55
Updated-04 Aug, 2024 | 10:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unchecked buffer overrun in enc_untrusted_recvfrom

An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_recvfrom whose return size was not validated against the requested size. The parameter size is unchecked allowing the attacker to read memory locations outside of the intended buffer size including memory addresses within the secure enclave. We recommend upgrading past commit 6e158d558abd3c29a0208e30c97c9a8c5bd4230f

Action-Not Available
Vendor-Google LLC
Product-asyloAsylo
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-8905
Matching Score-6
Assigner-Google LLC
ShareView Details
Matching Score-6
Assigner-Google LLC
CVSS Score-2.8||LOW
EPSS-0.06% / 18.25%
||
7 Day CHG~0.00%
Published-12 Aug, 2020 | 18:20
Updated-17 Sep, 2024 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Confidential Information Disclosure vulnerability in Asylo

A buffer length validation vulnerability in Asylo versions prior to 0.6.0 allows an attacker to read data they should not have access to. The 'enc_untrusted_recvfrom' function generates a return value which is deserialized by 'MessageReader', and copied into three different 'extents'. The length of the third 'extents' is controlled by the outside world, and not verified on copy, allowing the attacker to force Asylo to copy trusted memory data into an untrusted buffer of significantly small length.. We recommend updating Asylo to version 0.6.0 or later.

Action-Not Available
Vendor-Google LLC
Product-asyloAsylo
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-8937
Matching Score-6
Assigner-Google LLC
ShareView Details
Matching Score-6
Assigner-Google LLC
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 3.02%
||
7 Day CHG~0.00%
Published-15 Dec, 2020 | 14:55
Updated-04 Aug, 2024 | 10:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary enclave memory location write from untrusted environment

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to enc_untrusted_create_wait_queue that uses a pointer queue that relies on UntrustedLocalMemcpy, which fails to validate where the pointer is located. This allows an attacker to write memory values from within the enclave. We recommend upgrading past commit a37fb6a0e7daf30134dbbf357c9a518a1026aa02

Action-Not Available
Vendor-Google LLC
Product-asyloAsylo
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-13916
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.09% / 27.24%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 14:38
Updated-05 Aug, 2024 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds memory access in Qurt kernel function when using the identifier to access Qurt kernel buffer to retrieve thread data. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX55, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwaremdm9635m_firmwareapq8096_firmwaremdm9640_firmwareqcm2150_firmwaresdm632_firmwaremsm8996au_firmwaresdm845sdm450_firmwaresdm632apq8096sdm439qcs404_firmwaremdm9650sdm429msm8940_firmwaresnapdragon_high_med_2016_firmwaremsm8909w_firmwaremsm8976_firmwaremsm8996auapq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwaresc8180xmdm9206sdm670_firmwareqcs404ipq8074sdm636sda845_firmwaremdm9635mapq8098qcn7605mdm9206_firmwareqcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaremsm8905_firmwaresda660sdx55_firmwaresxr1130_firmwareqca8081_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwaresda845nicobarsdm850_firmwaremsm8920msm8953sdm450sdm636_firmwaresdm845_firmwareapq8098_firmwaresdx20msm8998_firmwareqcm2150msm8920_firmwaresdm630mdm9607_firmwaresm8250_firmwaremdm9655_firmwaresdm660sc8180x_firmwareqcs405ipq8074_firmwaresdm710qm215mdm9607apq8017_firmwaresdm710_firmwareqcn7605_firmwareqca8081mdm9150msm8937msm8996_firmwaremsm8905snapdragon_high_med_2016sm8150_firmwaremsm8909sxr2130_firmwaremdm9655apq8096ausdm439_firmwareqcs405_firmwaresdm630_firmwaresda660_firmwareqm215_firmwaremsm8976sdx55msm8953_firmwaremsm8940apq8053apq8096au_firmwaresm8250msm8917_firmwaremsm8998sm8150sdx20_firmwaresdm850apq8017msm8996nicobar_firmwaresdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-3678
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.16% / 37.46%
||
7 Day CHG~0.00%
Published-02 Nov, 2020 | 06:21
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'A buffer overflow could occur if the API is improperly used due to UIE init does not contain a buffer size a param' in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Agatti, Kamorta, QCS404, QCS605, SDA845, SDM670, SDM710, SDM845, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-kamorta_firmwaresdm670_firmwareqcs404sda845_firmwaresdm845agattiqcs605qcs404_firmwaresdm710agatti_firmwaresdm710_firmwaresxr1130_firmwarekamortasxr1130sdm670qcs605_firmwaresda845sdm845_firmwareSnapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-3661
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.05%
||
7 Day CHG~0.00%
Published-22 Jun, 2020 | 07:10
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow will happen while parsing mp4 clip with corrupted sample atoms values which exceeds MAX_UINT32 range due to lack of validation checks in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-kamorta_firmwaresdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632sdm439sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996ausdm429w_firmwaresm7150apq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwaremdm9206sdm670_firmwaresdm636apq8098mdm9206_firmwareqcs605msm8937_firmwaresdm429_firmwaremsm8905_firmwareqca6574au_firmwaresda660sxr1130_firmwaresxr1130msm8909wapq8009apq8053_firmwaremsm8920msm8953sdm450sdm636_firmwareapq8098_firmwaresdx20msm8998_firmwaresdm660msm8920_firmwaresdm630mdm9607_firmwaresm8250_firmwareqcs405qca6574ausdm710qm215mdm9607apq8017_firmwaresdm710_firmwaremsm8937mdm9207c_firmwaremsm8996_firmwaremsm8905mdm9207csm8150_firmwaresxr2130_firmwareapq8096ausdm439_firmwareqcs405_firmwarerennellsdm630_firmwaresda660_firmwarerennell_firmwareqm215_firmwaremsm8953_firmwaremsm8940saipan_firmwaresm6150_firmwareapq8053msm8917_firmwareapq8096au_firmwaremsm8998sm8150sdx20_firmwaresm8250kamortaapq8017msm8996saipansdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-3668
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.45% / 62.90%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Buffer overflow while parsing PMF enabled MCBC frames due to frame length being lesser than what is expected while parsing' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, Kamorta, Nicobar, QCA6390, QCA8081, QCN7605, QCS404, QCS405, QCS605, Rennell, SA415M, SC7180, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm850_firmwarekamorta_firmwaresdm845qcs404_firmwaresc8180x_firmwaresa415m_firmwareqcs405sm7150_firmwareipq8074_firmwaresdm710sc7180_firmwaresm6150sdm710_firmwaresm7150qca6390_firmwareqcn7605_firmwaresdm670qca8081qcs605_firmwaresc8180xipq6018sdm670_firmwareqcs404sm8150_firmwareipq8074qcs405_firmwarerennellsa415msc7180sda845_firmwareqcn7605rennell_firmwareqca6390ipq6018_firmwareqcs605sm6150_firmwaresm8150sdm850sxr1130_firmwarekamortaqca8081_firmwarenicobar_firmwaresxr1130sda845nicobarsdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-3699
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.30% / 52.47%
||
7 Day CHG~0.00%
Published-30 Jul, 2020 | 11:40
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible out of bound access while processing assoc response from host due to improper length check before copying into buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCM2150, QCN7605, QCS405, QCS605, QM215, SA6155P, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwareqcm2150_firmwaremdm9640_firmwaresdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632sdm439mdm9650sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996ausdm429w_firmwaresm7150apq8009_firmwaremsm8917sxr2130qcs605_firmwaresc8180xmdm9206qca9379_firmwareqca6174asdm636sda845_firmwareqca9377qcn7605mdm9206_firmwareqcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaremsm8905_firmwareqca6574au_firmwaresdx55_firmwaremsm8909wapq8009apq8053_firmwaresda845nicobarsa6155p_firmwaremsm8920msm8953sdm450sdm636_firmwaresdm845_firmwaresdx20qcm2150msm8920_firmwaresdm630mdm9607_firmwaresm8250_firmwaresdm660sc8180x_firmwareqcs405qca6574auqm215mdm9607apq8017_firmwareqcn7605_firmwaresa6155pmsm8937mdm9207c_firmwaremsm8905mdm9207cqca6174a_firmwaresm8150_firmwaresxr2130_firmwareapq8096ausdm439_firmwareqcs405_firmwaresdm630_firmwareqm215_firmwaresdx55msm8953_firmwaremsm8940saipan_firmwaresm6150_firmwareapq8053msm8917_firmwareapq8096au_firmwaresm8250sm8150sdx20_firmwareapq8017saipannicobar_firmwareqca9379sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-3662
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.05%
||
7 Day CHG~0.00%
Published-22 Jun, 2020 | 07:10
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow can occur while parsing eac3 header while playing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632sdm439sdm429sm7150_firmwaresm6150msm8909w_firmwaremsm8996ausdm429w_firmwaresm7150apq8009_firmwaremsm8917sxr2130qcs605_firmwaresdm636apq8098qcs605sdm429_firmwareqca6574au_firmwaresda660apq8009msm8909wapq8053_firmwaremsm8953sdm450sdm636_firmwareapq8098_firmwaresdx20msm8998_firmwaresdm660sdm630sm8250_firmwareqcs405qca6574auqm215apq8017_firmwaremsm8996_firmwaresm8150_firmwaresxr2130_firmwareapq8096ausdm439_firmwareqcs405_firmwarerennellsdm630_firmwaresda660_firmwarerennell_firmwareqm215_firmwaremsm8953_firmwareapq8053apq8096au_firmwaresaipan_firmwaresm6150_firmwaremsm8917_firmwaresm8250msm8998sm8150sdx20_firmwareapq8017msm8996saipansdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-3657
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-3.07% / 86.23%
||
7 Day CHG~0.00%
Published-02 Nov, 2020 | 06:21
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Remote code execution can happen by sending a carefully crafted POST query when Device configuration is accessed from a tethered client through webserver due to lack of array bound check.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8953, MSM8996AU, QCA6574AU, QCS405, QCS610, QRB5165, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM8250

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwaremdm9640_firmwareqcs610sdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm632sdx24mdm9650sdm429msm8909w_firmwaremsm8996ausdm429w_firmwareapq8009_firmwaresc8180xipq4019_firmwaremdm9206sdx24_firmwareipq8074sdm636sda845_firmwareapq8098ipq6018_firmwaremdm9206_firmwaremdm9640sdm429_firmwaremdm9650_firmwaremsm8905_firmwareipq8064qca6574au_firmwaresda660sdx55_firmwaremsm8909wapq8009apq8053_firmwareipq8064_firmwaresda845msm8953sdm636_firmwareapq8098_firmwareqrb5165_firmwaresdx20qrb5165sdm660sdm630mdm9607_firmwaresm8250_firmwaresc8180x_firmwareqcs405ipq8074_firmwareqca6574aumdm9607apq8017_firmwareqcs610_firmwaremdm9150mdm9207c_firmwareipq6018msm8905mdm9207capq8096auqcs405_firmwaresdm630_firmwaresda660_firmwareipq4019sdx55msm8953_firmwareapq8053apq8096au_firmwaresm8250sdx20_firmwareapq8017sdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-3625
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.80%
||
7 Day CHG~0.00%
Published-02 Jun, 2020 | 15:05
Updated-04 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When making query to DSP capabilities, Stack out of bounds occurs due to wrong buffer length configured for DSP attributes in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sm8250sxr2130sm8250_firmwaresxr2130_firmwareSnapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-3656
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.80%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 06:25
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound access can happen in MHI command process due to lack of check of command channel id value received from MHI devices in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, Kamorta, MDM9607, MSM8917, MSM8953, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-kamorta_firmwaresa6155p_firmwareqcm2150_firmwaremsm8953sdm450sdm429wsdm632_firmwaresdm845sdm450_firmwaresdm632qcm2150sdm439mdm9607_firmwaresm8250_firmwaresc8180x_firmwaresdm429qcs405sm7150_firmwaresa8155p_firmwareqm215mdm9607sdm710sdm429w_firmwaresm6150sdm710_firmwaresm7150apq8009_firmwaremsm8917sa6155psxr2130qcs605_firmwaresc8180xsm8150_firmwaresxr2130_firmwaresdm439_firmwareqcs405_firmwarerennellrennell_firmwareqm215_firmwareqcs605sdx55msm8953_firmwaresa8155psaipan_firmwaresm6150_firmwaremsm8917_firmwaresdm429_firmwaresm8250sm8150kamortasdx55_firmwarenicobar_firmwareapq8009saipannicobarsdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-3646
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.83%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-04 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Buffer overflow seen as the destination buffer size is lesser than the source buffer size in video application' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Bitra, MSM8909W, QCM2150, QCS405, QCS605, Saipan, SC8180X, SDA845, SDM429W, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcm2150_firmwaresdm429wqcm2150sdx24sm8250_firmwaresc8180x_firmwareqcs405sm7150_firmwaresm6150msm8909w_firmwaresdm429w_firmwaresm7150sxr2130sc8180xqcs605_firmwaresm8150_firmwaresdx24_firmwaresxr2130_firmwareqcs405_firmwaresda845_firmwarebitraqcs605sdx55saipan_firmwaresm6150_firmwaresm8250bitra_firmwaresm8150sdx55_firmwaresaipanmsm8909wsda845Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-3692
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.14%
||
7 Day CHG~0.00%
Published-02 Nov, 2020 | 06:21
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Possible buffer overflow while updating output buffer for IMEI and Gateway Address due to lack of check of input validation for parameters received from server' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in Agatti, Kamorta, Nicobar, QCM6125, QCS610, Rennell, SA415M, Saipan, SC7180, SC8180X, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-kamorta_firmwareqcs610sdx24sm8250_firmwaresc8180x_firmwaresa415m_firmwaresm7150_firmwaresm6150sc7180_firmwareagatti_firmwareqcm6125sm7150qcs610_firmwaresxr2130sc8180xsm8150_firmwaresdx24_firmwaresxr2130_firmwarerennellsa415msc7180rennell_firmwaresdx55saipan_firmwarenicobarsm6150_firmwaresm8250sm8150kamortasdx55_firmwarenicobar_firmwaresaipanagattiqcm6125_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-3629
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.10%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-04 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Stack out of bound issue occurs when making query to DSP capabilities due to wrong assumption was made on determining the buffer size for the DSP attributes' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Bitra, Kamorta, Rennell, SC7180, SDM845, SM6150, SM7150, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-kamorta_firmwaresm8150_firmwaresxr2130_firmwarerennellsc7180bitrasdm845rennell_firmwaresm8250_firmwaresm7150_firmwaresm6150_firmwaresm8250sm6150sc7180_firmwarebitra_firmwaresm8150kamortasm7150sxr2130sdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-3616
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.51%
||
7 Day CHG~0.00%
Published-02 Jun, 2020 | 15:05
Updated-04 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in display function due to memory copy without checking length of size using strcpy function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8909W, MSM8917, MSM8953, MSM8996AU, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SM6150, SM7150, SM8150

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-msm8953sdm450sdm636_firmwaresdm632_firmwaremsm8996au_firmwareapq8098_firmwaresdm845sdm450_firmwaresdm632sdx20sdm660sdm439mdm9607_firmwaresdm630sdm429sm7150_firmwaresm6150msm8909w_firmwaremdm9607msm8996auqm215apq8017_firmwaresm7150msm8917qcs605_firmwaremdm9207c_firmwaremdm9206mdm9207csm8150_firmwareapq8096ausdm439_firmwaresda845_firmwaresdm636sdm630_firmwareapq8098sda660_firmwaremdm9206_firmwareqcs605qm215_firmwaremsm8953_firmwareapq8053apq8096au_firmwaresm6150_firmwaremsm8917_firmwaresdm429_firmwaresm8150sdx20_firmwaresda660apq8017msm8909wapq8053_firmwaresdm660_firmwaresda845sdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-3614
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.31% / 53.52%
||
7 Day CHG~0.00%
Published-22 Jun, 2020 | 07:10
Updated-04 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer overflow while copying the frame to local buffer due to lack of check of length before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6174A, QCA6574AU, QCA6584AU, QCA9377, QCA9379, QCA9886, QCM2150, QCS405, QCS605, QM215, Rennell, SC7180, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwareapq8096_firmwaremdm9640_firmwareqcm2150_firmwaresdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632apq8096sdx24sdm439mdm9650sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996ausdm429w_firmwaresm7150apq8009_firmwaremsm8917sdm670qcs605_firmwareapq8076sc8180xmdm9206qca9379_firmwareqca6174asdm670_firmwaresdx24_firmwareqca6584au_firmwareapq8076_firmwareipq8074sdm636qca9377apq8098ipq6018_firmwaremdm9206_firmwareqcs605qca9886msm8937_firmwaremdm9650_firmwaresdm429_firmwaremsm8905_firmwareqca6574au_firmwaresxr1130_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwarenicobarqca6584aumsm8920msm8953sdm450sdm636_firmwaresdm845_firmwareapq8098_firmwaresdx20msm8998_firmwareqcm2150msm8920_firmwaresdm630mdm9607_firmwaresdm660sc8180x_firmwareqcs405ipq8074_firmwareqca6574ausdm710qm215sc7180_firmwaremdm9607apq8017_firmwaresdm710_firmwaremsm8937mdm9207c_firmwaremsm8905ipq6018mdm9207cqca6174a_firmwareqca9886_firmwaresm8150_firmwaremsm8909apq8096ausdm439_firmwareqcs405_firmwarerennellsc7180sdm630_firmwarerennell_firmwareqm215_firmwaremsm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaremsm8998sm8150sdx20_firmwareapq8017nicobar_firmwareqca9379sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2018-11980
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.78%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 05:25
Updated-05 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When a fake broadcast/multicast 11w rmf without mmie received, since no proper length check in wma_process_bip, buffer overflow will happen in both cds_is_mmie_valid and qdf_nbuf_trim_tail in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8937, MSM8996AU, MSM8998, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS605, SDM630, SDM636, SDM660, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaremdm9640_firmwaresdm636_firmwareapq8064msm8996au_firmwaresdx20msm8998_firmwaresdm660sdx24sdm630mdm9607_firmwaremdm9650sm7150_firmwareqca6574ausm6150mdm9607msm8996auapq8017_firmwaresm7150apq8009_firmwareqcn7605_firmwaremsm8937mdm9207c_firmwareqcs605_firmwaremdm9206mdm9207cqca6174a_firmwareqca6174aqca9379_firmwaresm8150_firmwaresdx24_firmwareapq8096ausdm636qca9377sdm630_firmwareqcn7605mdm9206_firmwareqcs605sdx55apq8053apq8096au_firmwaresm6150_firmwaremsm8937_firmwaremdm9650_firmwaremsm8998sdx20_firmwaresm8150qca6574au_firmwaresdx55_firmwaresxr1130_firmwareapq8017apq8064_firmwaresxr1130apq8009qca9379apq8053_firmwaresdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-28341
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.89%
||
7 Day CHG~0.00%
Published-08 Nov, 2020 | 04:03
Updated-04 Aug, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos990 chipsets) software. The S3K250AF Secure Element CC EAL 5+ chip allows attackers to execute arbitrary code and obtain sensitive information via a buffer overflow. The Samsung ID is SVE-2020-18632 (November 2020).

Action-Not Available
Vendor-n/aGoogle LLCSamsung
Product-androidexynos_990n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-25279
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.24% / 47.64%
||
7 Day CHG~0.00%
Published-11 Sep, 2020 | 21:06
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. The baseband component has a buffer overflow via an abnormal SETUP message, leading to execution of arbitrary code. The Samsung ID is SVE-2020-18098 (September 2020).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-52346
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-6
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 0.55%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 02:21
Updated-06 May, 2025 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In modem driver, there is a possible system crash due to improper input validation. This could lead to local information disclosure with System execution privileges needed

Action-Not Available
Vendor-Unisoc (Shanghai) Technologies Co., Ltd.Google LLC
Product-t770t612sc7731et606t610sc9832eandroids8000sc9863at310t820t616t618t760SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2015-5524
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.16% / 37.49%
||
7 Day CHG~0.00%
Published-10 Apr, 2020 | 18:29
Updated-06 Aug, 2024 | 06:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with KK(4.4) and later software through 2015-05-13. There is a buffer overflow in datablock_write because the amount of received data is not validated. The Samsung ID is SVE-2015-4018 (December 2015).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 8
  • 9
  • Next
Details not found