Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-9684

Summary
Assigner-qualcomm
Assigner Org ID-2cfc7d3e-20d3-47ac-8db7-1b7285aff15f
Published At-18 Aug, 2017 | 19:00
Updated At-16 Sep, 2024 | 18:29
Rejected At-
Credits

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a USB driver can lead to a Use After Free condition.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:qualcomm
Assigner Org ID:2cfc7d3e-20d3-47ac-8db7-1b7285aff15f
Published At:18 Aug, 2017 | 19:00
Updated At:16 Sep, 2024 | 18:29
Rejected At:
▼CVE Numbering Authority (CNA)

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a USB driver can lead to a Use After Free condition.

Affected Products
Vendor
Qualcomm Technologies, Inc.Qualcomm, Inc.
Product
All Qualcomm products
Versions
Affected
  • All Android releases from CAF using the Linux kernel
Problem Types
TypeCWE IDDescription
textN/AUse After Free in USB
Type: text
CWE ID: N/A
Description: Use After Free in USB
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://source.android.com/security/bulletin/2017-06-01
x_refsource_CONFIRM
http://www.securityfocus.com/bid/100213
vdb-entry
x_refsource_BID
Hyperlink: https://source.android.com/security/bulletin/2017-06-01
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/100213
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://source.android.com/security/bulletin/2017-06-01
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/100213
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://source.android.com/security/bulletin/2017-06-01
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/100213
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@qualcomm.com
Published At:18 Aug, 2017 | 19:29
Updated At:20 Apr, 2025 | 01:37

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a USB driver can lead to a Use After Free condition.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.0HIGH
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.07.6HIGH
AV:N/AC:H/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.0
Base score: 7.0
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.6
Base severity: HIGH
Vector:
AV:N/AC:H/Au:N/C:C/I:C/A:C
CPE Matches
Google LLC
google
>>android>>*
cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-362Primarynvd@nist.gov
CWE-416Primarynvd@nist.gov
CWE ID: CWE-362
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-416
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/100213product-security@qualcomm.com
Third Party Advisory
VDB Entry
https://source.android.com/security/bulletin/2017-06-01product-security@qualcomm.com
Vendor Advisory
https://source.android.com/security/bulletin/2017-08-01nvd@nist.gov
Vendor Advisory
http://www.securityfocus.com/bid/100213af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://source.android.com/security/bulletin/2017-06-01af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/100213
Source: product-security@qualcomm.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://source.android.com/security/bulletin/2017-06-01
Source: product-security@qualcomm.com
Resource:
Vendor Advisory
Hyperlink: https://source.android.com/security/bulletin/2017-08-01
Source: nvd@nist.gov
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/100213
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://source.android.com/security/bulletin/2017-06-01
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1888Records found
CVE-2015-1234
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-6.8||MEDIUM
EPSS-2.01% / 82.97%
||
7 Day CHG~0.00%
Published-01 Apr, 2015 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in gpu/command_buffer/service/gles2_cmd_decoder.cc in Google Chrome before 41.0.2272.118 allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact by manipulating OpenGL ES commands.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-windowslinux_kernelmacoschromen/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2022-3449
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.07% / 21.62%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-24 Oct, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chromeChromechrome
CWE ID-CWE-416
Use After Free
CVE-2023-5852
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.56% / 67.17%
||
7 Day CHG~0.00%
Published-01 Nov, 2023 | 17:14
Updated-29 Apr, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLCFedora ProjectDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2025-8576
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.20%
||
7 Day CHG~0.00%
Published-07 Aug, 2025 | 01:30
Updated-12 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)

Action-Not Available
Vendor-Apple Inc.Linux Kernel Organization, IncGoogle LLCMicrosoft Corporation
Product-windowschromemacoslinux_kernelChrome
CWE ID-CWE-416
Use After Free
CVE-2023-5854
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.56% / 67.17%
||
7 Day CHG~0.00%
Published-01 Nov, 2023 | 17:14
Updated-29 Apr, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLCFedora ProjectDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2021-1976
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.29% / 51.61%
||
7 Day CHG~0.00%
Published-17 Sep, 2021 | 07:05
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwarefsm10055sm7250mdm9640_firmwaresm6250p_firmwaresa6150p_firmwareqcs610ipq4028_firmwareqcn5550qca8337ar9380ipq8173_firmwareqca9561_firmwareqcn5124qca4024_firmwarewcn3950_firmwareipq8078aipq5028_firmwaresa8150p_firmwareqcs2290qca6595au_firmwaresa6155qca6335msm8917qcn5064sd_455_firmwarecsra6620_firmwareqcs605_firmwaresd_675_firmwarecsra6640_firmwareqcs6125_firmwareqca9987_firmwaresd632sa415mwcn3998wcd9371_firmwarewcn3950qcn6024_firmwaresd720gsm4125mdm9206_firmwareipq8076amdm9628wcn3660bsd450_firmwaresd460_firmwareqca6428qca6574au_firmwareqcn5164_firmwareipq8071wcd9375_firmwareqca8081_firmwarewcn3998_firmwaresa6155_firmwaresdx12_firmwaremsm8909wapq8009w_firmwareqca6420apq8053_firmwaresdx20mqca6438_firmwareqca9986ipq8070_firmwareqca9367_firmwareipq8065ipq8078a_firmwarewcn3999qrb5165_firmwareipq5028qca7500ipq8072_firmwareipq4029_firmwareqcs6125sa8155_firmwareipq6010sd662_firmwareipq8068qcs405qca6430wcd9340sdm830_firmwaresd765gqualcomm215_firmwarefsm10056_firmwareqca6436wcn6851qcn3018_firmwaresa6155pqcs603_firmwaremdm9250_firmwarewcn3660_firmwareqca9888_firmwareqcn6122ipq8068_firmwareqca6696_firmwarewcd9371sd870_firmwaresd750gqca9988_firmwareqcn5154_firmwarewcn3910_firmwaresa8150par7420_firmwarewsa8830_firmwareqca9992_firmwaresd865_5g_firmwaresd855_firmwarewcn3988qca6438sa8195p_firmwareqcn5121qcn5022_firmwarewcn6750_firmwareqca9898sd450ipq4028wcn3610mdm9640qca6428_firmwareipq5018_firmwareqca9985_firmwarewcn3991ipq4018_firmwareqca8337_firmwarewcd9380_firmwareipq8072aqca7500_firmwareqca9980_firmwaresdm429wwcd9330msm8996au_firmwareipq8076a_firmwareqca7550_firmwareipq8078qca6564ausdx55m_firmwareipq8173wcn6856_firmwareqcn5164qca9558sd670_firmwareqca6574sd632_firmwarecsr8811_firmwareqca7520_firmwarewcd9380qualcomm215qcn5054_firmwareqcs410qcn5024sd690_5g_firmwareipq4019_firmwaresdx50m_firmwaresdx24_firmwareqca8072_firmwareqca9985qcn9012_firmwareqca6174qca6430_firmwaresd439_firmwareqcn5052_firmwareqca6335_firmwareipq6018_firmwareqcs605wcd9340_firmwarewsa8815wcn6850pmp8074_firmwarewcn3910qca6320mdm9650_firmwareqca9986_firmwareqca6426_firmwarewcn3660b_firmwarewcn3680qca9984ipq6028ipq8064sd835pmp8074qcn9024sd730qcn5550_firmwarewcd9330_firmwaresdx55mipq8064_firmwarewcn6740_firmwaremsm8953qcn5064_firmwaresd678_firmwareapq8064au_firmwarear8031_firmwarewcn3680_firmwareipq8078_firmwareqcn5054qrb5165wcn6851_firmwareqcs603ipq8070qca9896qcn5502qca9994qca9887_firmwareqca9980sd670qcn9024_firmwareipq8174_firmwareapq8009wsd_636_firmwareqca6564a_firmwareqca9880qcm4290_firmwaresd480sd870qcn5121_firmwaresd210_firmwareqcs610_firmwaresa6145pipq6018qcn3018qca9886_firmwaresdxr1ar8031apq8096auqca6595_firmwareqcs405_firmwaresa8145psdm630_firmwareqca6391_firmwareqca4024wcd9370_firmwaresd780g_firmwaresdx55sd888_firmwareapq8053qcn5021_firmwarecsra6640sa8155psd675sd439qca9531_firmwarewcn3660ar8035_firmwareqcm2290qcn5024_firmwarewcn3991_firmwaremdm9150_firmwareqcn5500wsa8830qca9561sd678qcn9070sa8145p_firmwareqca7520qcs2290_firmwarefsm10056sm7250_firmwarecsrb31024qca9563_firmwaremdm9628_firmwaremdm9650sd_636csra6620fsm10055_firmwareqca9987qcn9072qca9880_firmwareqca9992qcs4290mdm9250sd765g_firmwareqca6420_firmwareipq8069_firmwareapq8009_firmwareqca6390_firmwaresd690_5gipq6000qca6174_firmwaresd730_firmwarewcd9370sd675_firmwareipq8072qcn5152_firmwareqca6564qca6426qca6584au_firmwareqcn9000_firmwareqca9984_firmwareqca9377ipq5018sdw2500_firmwarewcd9385_firmwaresdxr2_5g_firmwarewcn3615_firmwareqca9563ipq8074asd662qcn5124_firmwareqca9982sa8155qca6320_firmwarewcn3680b_firmwareqcn5122_firmwaresdx55_firmwarewcn3615qcn6023_firmwareqca6595auwcn3999_firmwarewcn3610_firmwareqca6436_firmwareipq5010qca6564au_firmwareqca6584ausd778gsa6155p_firmwareqca6310ipq8174sd429sa515m_firmwareqca9990sdxr2_5gqcn5052qca9367sdm630mdm9607_firmwaresa415m_firmwarewcn3988_firmwareqcn9074sd205sd429_firmwaresa6145p_firmwaresd778g_firmwaresm6250sa8195papq8017_firmwarewsa8810_firmwareqca6694qca7550sd765_firmwareqca8081qca9982_firmwareqcn6023ipq8071aqca6174a_firmwareipq8071a_firmwareqcs4290_firmwarewcd9385qca6390qca9898_firmwaresd750g_firmwareaqt1000wcd9375ar8035sm6250_firmwarecsr8811apq8064auipq4019qca6694_firmwaremsm8953_firmwareqcn9100_firmwaremsm8917_firmwaresd210wcn3620_firmwareipq5010_firmwareipq8074a_firmwaresd888_5g_firmwaresdx20_firmwarewsa8815_firmwarewcn6850_firmwarewsa8835_firmwarewcn3620apq8017qcx315qca6564aqca9988qcm6125_firmwareqca9882qca8072qcm2290_firmwareqcn9000sd_675sd780gsd865_5gqca6595ar9380_firmwaresdx24qcn9012sd888qca9558_firmwareqca9896_firmwaremsm8909w_firmwareipq8065_firmwareqcx315_firmwareqcn6122_firmwaremsm8996ausd665_firmwaresdm429w_firmwarewsa8835sd888_5gsm6250pqcn5154qca8075_firmwareipq4018qca6574aipq6005_firmwaremdm9206qca9889qca6174aqca9888qca6310_firmwaresm7325ipq8074qca9994_firmwarewcn6750ipq8070a_firmwareipq8076_firmwaresa515mqca6574_firmwareqca9886qcn5502_firmwarear7420sd855sm4125_firmwaresd665ipq8076sd765qca9887qca6574a_firmwareqcn5021ipq8069qcn5152sd768g_firmwareapq8009sd460qca6391sdxr1_firmwareipq6005aqt1000_firmwareqcn9100mdm9626qcm4290csrb31024_firmwaresdx50mqca9882_firmwareqcn9070_firmwaresdx20sd480_firmwareipq6028_firmwareipq8072a_firmwaresd_455mdm9626_firmwareqca9531ipq8074_firmwareqca6574auqca9889_firmwaresa8155p_firmwaremdm9607qcn5122sd205_firmwaresdx20m_firmwareqcm6125wsa8810qcn5500_firmwaremdm9150wcn6856qcn5022wcn3680bsd835_firmwareqca6564_firmwaresd768gipq6010_firmwarewcn6740qca6696sd845_firmwaresdw2500sa6150pqca8075qcn9022_firmwareapq8096au_firmwareqcn6024qcn9022sd845qca9990_firmwareipq8070aqcn9072_firmwaresdm830ipq6000_firmwaresd720g_firmwaresdx12ipq8071_firmwareqcs410_firmwareqcn9074_firmwareipq4029sm7325_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-416
Use After Free
CVE-2021-1958
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 9.90%
||
7 Day CHG~0.00%
Published-09 Sep, 2021 | 07:35
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A race condition in fastrpc kernel driver for dynamic process creation can lead to use after free scenario in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3991_firmwarewcn3991sda429w_firmwarewcd9380_firmwaresa6150p_firmwarewsa8830sa8145p_firmwaresd780gqca6595wcn6856_firmwarewsa8835wcd9380sa8150p_firmwaresd888_5gqca6595au_firmwarewcd9370qca6574awcn6855_firmwaresm7325wcn3980wcn6750wcd9385_firmwarewcn3660bwcn6850wcn3660b_firmwaresa8155qca6574a_firmwareqca6574au_firmwareqca6595auwcd9375_firmwarewcn3980_firmwarewcn3610_firmwarewcn6740_firmwaresd778gsa6155p_firmwaresd480_firmwaresa8155_firmwarewcn6851_firmwarewcn3988_firmwareqca6574ausa6145p_firmwaresa8155p_firmwaresd778g_firmwaresa8195pwcd9341_firmwaresd480wcn6855wcn6851sa6155pwcn6856sa6145pwcd9385wcd9341qca6696_firmwareqca6595_firmwaresa8145pwcn6740qca6696wcd9375sd780g_firmwarewcd9370_firmwaresa8150psa6150psa8155pwsa8830_firmwaresda429wwcn3620_firmwarewcn3988sd888_5g_firmwarewsa8835_firmwarewcn3620wcn6850_firmwaresa8195p_firmwarewcn6750_firmwarewcn3610sm7325_firmwareSnapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2018-9461
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7||HIGH
EPSS-0.01% / 1.16%
||
7 Day CHG~0.00%
Published-17 Jan, 2025 | 23:13
Updated-10 Jul, 2025 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In onAttachFragment of ShareIntentActivity.java, there is a possible way for an app to read files in the messages app due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2021-0703
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.8||MEDIUM
EPSS-0.02% / 2.16%
||
7 Day CHG~0.00%
Published-22 Oct, 2021 | 13:27
Updated-03 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SecondStageMain of init.cpp, there is a possible use after free due to incorrect shared_ptr usage. This could lead to local escalation of privilege if the attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-184569329

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2018-13909
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7||HIGH
EPSS-0.03% / 5.35%
||
7 Day CHG~0.00%
Published-14 Jun, 2019 | 17:02
Updated-05 Aug, 2024 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Metadata verification and partial hash system calls by bootloader may corrupt parallel hashing state in progress resulting in unexpected behavior in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, Qualcomm 215, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_427_firmwaresd_712sd_850sd_632sd_412sd_439sd_670_firmwaresd_425sd_429sdm660sd_430_firmwaremdm9607_firmwaresd_435mdm9655_firmwaremdm9650sd_636sd_710_firmwaresd_625sdm439sdm630snapdragon_high_med_2016_firmwareqm215mdm9607sd_636_firmwaresd_450_firmwaresd_845_firmwaresd_410sd_439_firmwareqcs605_firmwaresd_429_firmwaremdm9206sd_425_firmwaresnapdragon_high_med_2016sd_850_firmwaresd_625_firmwaresd_450mdm9655sdm439_firmwaresd_412_firmwaresd_712_firmwaresdm630_firmwaresd_8cx_firmwaresda660_firmwaresd_845qm215_firmwareqcs605mdm9206_firmwaresd_427sd_430sd_670sd_8cxsd_435_firmwaresd_632_firmwaremdm9650_firmwaresd_710sd_410_firmwaresda660sxr1130_firmwaresxr1130sdm660_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2014-1713
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.92% / 82.62%
||
7 Day CHG~0.00%
Published-16 Mar, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the AttributeSetter function in bindings/templates/attributes.cpp in the bindings in Blink, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the document.location value.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-windowslinux_kernelmac_os_xchromen/a
CWE ID-CWE-416
Use After Free
CVE-2018-13919
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.50%
||
7 Day CHG~0.00%
Published-14 Jun, 2019 | 17:02
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability will occur if reset of the routing table encounters an invalid rule id while processing command to reset in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, QCS405, QCS605, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX20, SDX24

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_712sd_850mdm9150_firmwaresd_855sd_730_firmwaresd_820asd_675sdx20sd_670_firmwaresdm660sdx24sdm630mdm9607_firmwaresd_710_firmwaresd_636mdm9650qcs405sd_625msm8909w_firmwaremdm9607sd_636_firmwaresd_820_firmwaresd_820sd_845_firmwaresd_820a_firmwaremdm9150qcs605_firmwaresd_675_firmwaremdm9206sd_730sd_850_firmwaresdx24_firmwaresd_625_firmwareqcs405_firmwaresd_712_firmwaresdm630_firmwaresd_845mdm9206_firmwareqcs605sd_670sd_835_firmwaremdm9650_firmwaresd_710sdx20_firmwaresd_835msm8909wsdm660_firmwaresd_855_firmwareSnapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-416
Use After Free
CVE-2018-13899
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.57%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 16:44
Updated-05 Aug, 2024 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Processing messages after error may result in user after free memory fault in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SM7150

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_712sd_850mdm9150_firmwaresd_632sd_855sd_820asd_675sd_439sdx20sd_670_firmwaresd_425sd_429sdm660sdm439mdm9607_firmwaresd_710_firmwaremdm9650sd_636sdm630sdx24sd_625sm7150_firmwaremsm8909w_firmwaremdm9607qm215sd_636_firmwaresd_820_firmwaresd_820sd_450_firmwaresd_845_firmwaresm7150sd_439_firmwaresd_820a_firmwaremdm9150sd_429_firmwareqcs605_firmwaresd_675_firmwaremdm9206sd_425_firmwaresd_850_firmwaresdx24_firmwaresd_625_firmwaresd_450sdm439_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaresd_845qm215_firmwareqcs605mdm9206_firmwaresd_670sd_632_firmwaremdm9650_firmwaresd_710sdx20_firmwaresda660msm8909wsdm660_firmwaresd_855_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-416
Use After Free
CVE-2018-9417
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.29%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 21:10
Updated-22 Nov, 2024 | 22:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In f_hidg_read and hidg_disable of f_hid.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-416
Use After Free
CVE-2023-5218
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.26% / 48.94%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 22:28
Updated-30 Apr, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Action-Not Available
Vendor-Google LLCFedora ProjectDebian GNU/Linux
Product-debian_linuxfedorachromeChrome
CWE ID-CWE-416
Use After Free
CVE-2022-33263
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.65%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 07:38
Updated-07 Jan, 2025 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use after free in Core

Memory corruption due to use after free in Core when multiple DCI clients register and deregister.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3991_firmwareqam8255p_firmwarewcn3991wsa8830wcd9380_firmwaresw5100psnapdragon_w5\+_gen_1_wearable_platformwcn785x-5sm8350-ac_firmwaresm8150-acwsa8835wcn3950_firmwaresd_8_gen1_5gwcd9380sm4450_firmwareqca6420_firmwareqca6595au_firmwaresnapdragon_wear_4100\+_platform_firmwaresm8350wcd9370snapdragon_wear_4100\+_platformwcn685x-5_firmwarewcn685x-1sm8450wcn6750qca6430_firmwarewcn3998wcn3980wcd9385_firmwarewcn3950sd_8_gen1_5g_firmwarewcn3660bsd855wsa8815sm4450wcn3660b_firmwareqca6574au_firmwarewcn3680b_firmwareqca6595auwcn3998_firmwarewcn785x-5_firmwarewcn3980_firmwarewcn3610_firmwareqca6420snapdragon_w5\+_gen_1_wearable_platform_firmwaresm8475_firmwareaqt1000_firmwarewcn6740_firmwaresa6155p_firmwareqcs8155wsa8832_firmwareqca6698aqsm8350_firmwarewcn685x-5wcn3988_firmwareqca6430qca6797aq_firmwarewcn785x-1_firmwareqca6574ausa8155p_firmwaresa8195pwsa8810_firmwarewcd9341_firmwaresm8450_firmwaresw5100wsa8810wsa8832sa8255p_firmwaresa6155psw5100p_firmwaresm8150-ac_firmwareqca6698aq_firmwarewcn3680bsm8350-acwcn685x-1_firmwarewcd9385sm8150_firmwaresa8255pwcd9341wcn6740qca6797aqwcd9370_firmwareaqt1000sa8155pwsa8830_firmwaresd855_firmwaresm8150wcn785x-1wcn3988wsa8815_firmwarewsa8835_firmwaresa8195p_firmwareqcs8155_firmwaresw5100_firmwaresm8475wcn6750_firmwareqam8255pwcn3610Snapdragon
CWE ID-CWE-416
Use After Free
CVE-2022-33245
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 6.39%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 04:43
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use after free in WLAN

Memory corruption in WLAN due to use after free

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3991_firmwarewsa8830sa6150p_firmwaresa8145p_firmwareqcs610csrb31024wcd9360_firmwaremdm9650csra6620wcn3950_firmwaresa8150p_firmwaresd765g_firmwareqca6420_firmwareqca6595au_firmwaresa6155sd690_5gwcd9370csra6620_firmwarecsra6640_firmwareqca6564wcn3990_firmwaresa415mwcn3998qcn7605wcd9385_firmwarewcn3950wcn3660bsa8155qca6320_firmwareqca6574au_firmwaresdx55_firmwareqca6595ausa6155_firmwarewcd9375_firmwarewcn3998_firmwaresm7250p_firmwareqca6420wcd9360qca6564au_firmwaresa6155p_firmwareqca6310sa515m_firmwaresd429sa8155_firmwaresa415m_firmwareqcs405qca6430wcn3988_firmwareqcn9074sa6145p_firmwaresd429_firmwarewcd9340sa8195pwsa8810_firmwaresd765gsd765_firmwarewcn6851wcd9335sa6155pwcd9385wcd9341qca6696_firmwaresd750gwcd9375sd750g_firmwareapq8064auaqt1000sa8150pwsa8830_firmwaresd855_firmwarewcn3620_firmwarewcn3988wcn6850_firmwarewsa8815_firmwarewcn3620wsa8835_firmwaresa8195p_firmwareqcn7606_firmwareqca6564awcn3991wcd9380_firmwarewcn3990sdm429wmsm8996au_firmwareqca6564auwsa8835qca6574msm8996ausdm429w_firmwarewcd9380qcs410qca6574asd690_5g_firmwareqca6310_firmwareqca6430_firmwarewcd9335_firmwarewcn3980sa515mqca6574_firmwarewcd9340_firmwaresd855wsa8815wcn6850qca6320mdm9650_firmwareqca6175asd765wcn3660b_firmwareqca6574a_firmwaresd768g_firmwaresd835wcn3980_firmwareaqt1000_firmwareapq8064au_firmwarear8031_firmwarecsrb31024_firmwarewcn6851_firmwareqca6574ausa8155p_firmwareqca6564a_firmwarewcd9341_firmwarewsa8810qcn7605_firmwareqcs610_firmwaresa6145psd835_firmwareqca6564_firmwaresd768gapq8096auar8031qcs405_firmwaresa8145pqca6696wcd9370_firmwaresa6150psdx55apq8096au_firmwarecsra6640sa8155psm7250pqcn9074_firmwareqcs410_firmwareqca6175a_firmwareqcn7606Snapdragonwcn3991_firmwarewcd9380_firmwaresa6150p_firmwaresa8145p_firmwaremsm8996au_firmwarewcd9360_firmwaresdm429w_firmwarewcn3950_firmwaresa8150p_firmwaresd765g_firmwareqca6420_firmwareqca6595au_firmwarecsra6620_firmwaresd690_5g_firmwarecsra6640_firmwarewcn3990_firmwareqca6310_firmwareqca6430_firmwarewcd9335_firmwarewcd9385_firmwareqca6574_firmwarewcd9340_firmwaremdm9650_firmwarewcn3660b_firmwareqca6320_firmwareqca6574a_firmwareqca6574au_firmwaresd768g_firmwaresdx55_firmwarewcd9375_firmwaresa6155_firmwarewcn3980_firmwarewcn3998_firmwaresm7250p_firmwareaqt1000_firmwareqca6564au_firmwaresa6155p_firmwaresa515m_firmwarear8031_firmwareapq8064au_firmwarecsrb31024_firmwarewcn6851_firmwaresa8155_firmwaresa415m_firmwarewcn3988_firmwaresa6145p_firmwaresa8155p_firmwaresd429_firmwareqca6564a_firmwarewsa8810_firmwarewcd9341_firmwaresd765_firmwareqcn7605_firmwareqcs610_firmwaresd835_firmwareqca6564_firmwareqca6696_firmwareqcs405_firmwaresd750g_firmwarewcd9370_firmwareapq8096au_firmwarewsa8830_firmwaresd855_firmwarewcn3620_firmwarewsa8815_firmwarewcn6850_firmwarewsa8835_firmwaresa8195p_firmwareqcn9074_firmwareqcs410_firmwareqcn7606_firmwareqca6175a_firmware
CWE ID-CWE-416
Use After Free
CVE-2022-3311
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 32.21%
||
7 Day CHG+0.01%
Published-01 Nov, 2022 | 00:00
Updated-03 Aug, 2024 | 01:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in import in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2022-3309
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.68%
||
7 Day CHG+0.01%
Published-01 Nov, 2022 | 00:00
Updated-06 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in assistant in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chrome_oschromeChrome
CWE ID-CWE-416
Use After Free
CVE-2022-32645
Matching Score-6
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-6
Assigner-MediaTek, Inc.
CVSS Score-4.1||MEDIUM
EPSS-0.02% / 3.08%
||
7 Day CHG~0.00%
Published-03 Jan, 2023 | 00:00
Updated-10 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In vow, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494477; Issue ID: ALPS07494477.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-androidmt6833mt6855mt8797mt6893mt8781mt6879mt6877mt6983mt6789mt6885mt8791mt6883mt6875mt6895mt8791tmt6873mt6853mt6891MT6789, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6891, MT6893, MT6895, MT6983, MT8781, MT8791, MT8791T, MT8797
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-662
Improper Synchronization
CVE-2022-33298
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 6.08%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 04:46
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use after free in Modem

Memory corruption due to use after free in Modem while modem initialization.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wsa8830sa6150p_firmwaresa8145p_firmwarewcn3950_firmwaresa8150p_firmwareqca6420_firmwareqca6595au_firmwareqca6390_firmwaresd730_firmwarewcd9370snapdragon_835_mobile_platform_firmwareqca6564qca6426wcn685x-1wcn3990_firmwaresm4375wcn3998sm8250-abwcd9385_firmwarewcn3950wcd9326_firmwaresm6375_firmwarewcn3660bsm7150-acqca6320_firmwaresnapdragon_x55_5g_modem-rf_systemqca6574au_firmwaresdx55_firmwarewcn3680b_firmwareqca6595auwcn3998_firmwarewcd9375_firmwarewcn3610_firmwareqca6420qca6436_firmwaresm4350-acsnapdragon_w5\+_gen_1_wearable_platform_firmwareqca6564au_firmwaresa6155p_firmwareqca6310sm8250_firmwaresm8250-acwcn3988_firmwareqca6430sa6145p_firmwaresm6250wcd9340sa8195psxr1120sdm710_firmwarewsa8810_firmwaresm4375_firmwaresw5100qca6436wcd9326wcd9335sa6155pwcn685x-1_firmwarewcd9385sm8150_firmwaresxr2130_firmwarewcd9341qca6696_firmwaresm7150-abqca6390sm4350_firmwarewcd9375aqt1000sa8150psm6250_firmwaresm6150_firmwaresm8250-ac_firmwarewsa8830_firmwaresd855_firmwaresd865_5g_firmwaresm8150wcn3988wsa8815_firmwarewsa8835_firmwaresa8195p_firmwaresxr1120_firmwarewcn3610sm6375wcd9380_firmwarewcn3990sw5100psd865_5gsnapdragon_w5\+_gen_1_wearable_platformqca6564ausm8150-acsm6150wsa8835snapdragon_835_mobile_platformwcd9380snapdragon_wear_4100\+_platform_firmwaresxr2130qca6574asnapdragon_wear_4100\+_platformwcn685x-5_firmwaresm7150-aa_firmwareqca6310_firmwareqca6430_firmwarewcd9335_firmwarewcn3980sm7150-ac_firmwarewcd9340_firmwaresd855sm6150-ac_firmwarewsa8815qca6320snapdragon_xr2_5g_platform_firmwareqca6426_firmwarewcn3660b_firmwareqca6574a_firmwaresd835wcn3980_firmwaresnapdragon_x55_5g_modem-rf_system_firmwaresd730qca6391sm8250-ab_firmwaresnapdragon_x50_5g_modem-rf_system_firmwaresm7150-aasm7125aqt1000_firmwaresnapdragon_xr2_5g_platformsnapdragon_xr1_platformsm7150-ab_firmwarewcn685x-5qca6574ausa8155p_firmwaresdm710wcd9341_firmwarewsa8810sw5100p_firmwaresm8150-ac_firmwaresa6145pwcn3680bsd835_firmwareqca6564_firmwaresa8145pqca6696qca6391_firmwaresm4350wcd9370_firmwaresm6150-acsm4350-ac_firmwaresm7125_firmwaresa6150psdx55snapdragon_x50_5g_modem-rf_systemsa8155psm8250sw5100_firmwaresnapdragon_xr1_platform_firmwareSnapdragonwcd9380_firmwaresa6150p_firmwaresa8145p_firmwarewcn3950_firmwaresa8150p_firmwareqca6420_firmwareqca6595au_firmwaresd730_firmwaresnapdragon_4_gen_1_mobile_platform_firmwaresnapdragon_835_mobile_platform_firmwaresnapdragon_480_5g_mobile_platform_firmwarewcn3990_firmwareqca6310_firmwareqca6430_firmwarewcd9335_firmwarewcd9385_firmwarewcd9326_firmwarewcd9340_firmwaresnapdragon_xr2_5g_platform_firmwareqca6426_firmwarewcn3660b_firmwareqca6320_firmwarefastconnect_6200_firmwarewcn3680b_firmwareqca6574a_firmwareqca6574au_firmwaresdx55_firmwaresnapdragon_695_5g_mobile_platform_firmwarewcd9375_firmwarewcn3980_firmwaresnapdragon_x55_5g_modem-rf_system_firmwarewcn3610_firmwareqca6436_firmwaresnapdragon_x50_5g_modem-rf_system_firmwareaqt1000_firmwareqca6564au_firmwaresa6155p_firmwarefastconnect_6900_firmwarewcn3988_firmwaresa6145p_firmwaresa8155p_firmwarewsa8810_firmwarewcd9341_firmwaresw5100p_firmwaresd835_firmwareqca6564_firmwaresxr2130_firmwareqca6696_firmwareqca6391_firmwaresnapdragon_710_mobile_platform_firmwaresnapdragon_855_mobile_platform_firmwarewcd9370_firmwaresm6250_firmwarewsa8830_firmwaresd855_firmwaresd865_5g_firmwarewsa8815_firmwarewsa8835_firmwaresa8195p_firmwaresnapdragon_865_5g_mobile_platform_firmwaresw5100_firmwarefastconnect_6800_firmwaresxr1120_firmwaresnapdragon_720g_mobile_platform_firmwaresnapdragon_xr1_platform_firmwaresnapdragon_675_mobile_platform_firmware
CWE ID-CWE-416
Use After Free
CVE-2023-5187
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.18% / 40.08%
||
7 Day CHG~0.00%
Published-28 Sep, 2023 | 15:23
Updated-13 Feb, 2025 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectGoogle LLC
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2018-13925
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.46% / 63.37%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 16:44
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Error in parsing PMT table frees the memory allocated for the map section but does not reset the context map section reference causing heap use after free issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850sd_632sd_820amsm8996au_firmwaresd_439sd_670_firmwaresd_429sdm439mdm9650sd_636sd_615_firmwaresnapdragon_high_med_2016_firmwaremsm8909w_firmwaremsm8996ausd_820sd_650sd_450_firmwaresd_845_firmwaresd_820a_firmwareqcs605_firmwaremdm9206sd_652sd_425_firmwaresd_625_firmwaresd_450sd_845mdm9206_firmwareqcs605sd_632_firmwaresd_835_firmwaremdm9650_firmwaresd_835sda660sxr1130_firmwaresd_210_firmwaresd_600sd_652_firmwaresd_415_firmwaresxr1130msm8909wsd_616_firmwaresd_205_firmwaresd_415sd_212sd_650_firmwaresd_427_firmwaresd_712sd_855sdx20sd_616sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435sd_615sd_710_firmwaresdm630sd_625qm215sd_820_firmwaresd_210mdm9607sd_636_firmwaresd_439_firmwaresd_429_firmwaresnapdragon_high_med_2016sd_212_firmwaresd_850_firmwaresdm439_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwareqm215_firmwaresd_430sd_427sd_670sd_435_firmwaresdx20_firmwaresd_710sd_600_firmwaresd_205sdm660_firmwaresd_855_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-416
Use After Free
CVE-2018-13900
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.42%
||
7 Day CHG~0.00%
Published-25 Feb, 2019 | 23:00
Updated-05 Aug, 2024 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability will occur as there is no protection for the route table`s rule in IPA driver in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in versions MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9150_firmwaremdm9640_firmwaresd_820amsm8996au_firmwaresd_439sd_670_firmwaresd_429sdx24sdm439mdm9650sd_636msm8909w_firmwaremsm8996ausd_820sd_450_firmwaresd_845_firmwaresd_820a_firmwareqcs605_firmwaremdm9206sd_425_firmwaresdx24_firmwaresd_625_firmwaresd_450sd_845mdm9206_firmwareqcs605mdm9640sd_835_firmwaremdm9650_firmwaresd_835sda660sd_210_firmwaremsm8909wsd_205_firmwaresd_212sd_427_firmwaresd_712sd_855sdx20sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435sd_710_firmwaresdm630sd_625sd_210mdm9607sd_636_firmwaresd_820_firmwaresd_439_firmwaremdm9150sd_429_firmwaresd_212_firmwaresd_850_firmwaresdm439_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaresd_427sd_430sd_670sd_435_firmwaresd_710sdx20_firmwaresd_205sdm660_firmwaresd_855_firmwareSnapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-416
Use After Free
CVE-2022-32612
Matching Score-6
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-6
Assigner-MediaTek, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 3.99%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 00:00
Updated-01 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203500; Issue ID: ALPS07203500.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6789mt6769mt6833mt6875mt6762mt6853mt6889mt6891mt6877androidmt8789mt8768mt8365mt6853tmt6781mt6883mt8185mt6855mt8791mt6785mt8797mt8798mt6873mt6779mt6893mt8168mt6768mt6879mt6895mt6983mt8696mt8786mt6885MT6762, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8168, MT8185, MT8365, MT8696, MT8768, MT8786, MT8789, MT8791, MT8797, MT8798
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2022-32607
Matching Score-6
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-6
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 4.95%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 00:00
Updated-02 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In aee, there is a possible use after free due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07202891; Issue ID: ALPS07202891.

Action-Not Available
Vendor-MediaTek Inc.Google LLC
Product-mt8765mt6853tmt6879mt6761mt8666mt6889androidmt6762mt8167smt8675mt6739mt8696mt8891mt6891mt6877mt6875mt8791mt8788mt8385mt6765mt6883mt8795tmt6781mt6893mt6833mt6768mt6895mt6580mt8768mt8786mt6853mt6873mt6983mt8791tmt6779mt8797mt6785mt6769mt6885mt6771mt8365mt8167mt8362amt8168mt8175mt8766mt6789mt8173mt8871MT6580, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8362A, MT8365, MT8385, MT8666, MT8675, MT8696, MT8765, MT8766, MT8768, MT8786, MT8788, MT8791, MT8791T, MT8795T, MT8797, MT8871, MT8891
CWE ID-CWE-416
Use After Free
CVE-2022-33225
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.65%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 06:58
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use after free in Trusted Application Environment

Memory corruption due to use after free in trusted application environment.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca6564au_firmwarewcd9380_firmwaresdm429wmsm8996au_firmwaresd429sdxr2_5gsd865_5gwcn6851_firmwareqca6564ausdx55m_firmwaremdm9628_firmwareqca6574ausd205sd429_firmwaremsm8996ausd205_firmwareqca6564a_firmwaresdm429w_firmwarewcd9340wsa8810_firmwarequalcomm215_firmwarewcd9380wsa8810sd870qca6390_firmwareqca6436qualcomm215wcn6851sd210_firmwareqca6574aqca6426apq8096ausd870_firmwareqca6391_firmwaresdxr2_5g_firmwareqca6390mdm9628wcd9340_firmwarewcn3660bwsa8815wcn6850apq8096au_firmwaresd210sd865_5g_firmwarewcn3620_firmwareqca6426_firmwarewcn3660b_firmwarewcn6850_firmwareqca6574a_firmwarewcn3620qca6574au_firmwarewsa8815_firmwarewcn3610_firmwareqca6564aqca6391sdx55mqca6436_firmwarewcn3610Snapdragonqca6564au_firmwarewcd9380_firmwaremsm8996au_firmwaresd870_firmwareqca6391_firmwaresdxr2_5g_firmwarewcn6851_firmwaresdx55m_firmwaremdm9628_firmwarewcd9340_firmwareapq8096au_firmwaresd429_firmwaresd205_firmwaresdm429w_firmwareqca6564a_firmwaresd865_5g_firmwarewcn3620_firmwareqca6426_firmwarewsa8810_firmwarequalcomm215_firmwarewcn3660b_firmwarewcn6850_firmwareqca6574a_firmwarewsa8815_firmwareqca6574au_firmwareqca6390_firmwarewcn3610_firmwaresd210_firmwareqca6436_firmware
CWE ID-CWE-416
Use After Free
CVE-2025-8292
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.83%
||
7 Day CHG~0.00%
Published-30 Jul, 2025 | 01:18
Updated-01 Aug, 2025 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Media Stream in Google Chrome prior to 138.0.7204.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Linux Kernel Organization, IncApple Inc.Microsoft CorporationGoogle LLC
Product-chromemacoswindowslinux_kernelChrome
CWE ID-CWE-416
Use After Free
CVE-2022-3305
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.62% / 69.22%
||
7 Day CHG+0.04%
Published-01 Nov, 2022 | 00:00
Updated-06 May, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chrome_oschromeChrome
CWE ID-CWE-416
Use After Free
CVE-2022-3306
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.54% / 66.71%
||
7 Day CHG+0.03%
Published-01 Nov, 2022 | 00:00
Updated-06 May, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chrome_oschromeChrome
CWE ID-CWE-416
Use After Free
CVE-2022-3304
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.37% / 57.97%
||
7 Day CHG+0.02%
Published-01 Nov, 2022 | 00:00
Updated-06 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2018-13920
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.50%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 16:44
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free condition due to Improper handling of hrtimers when the PMU driver tries to access its events in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SD 855, SDM439, SDM630, SDM660, SDX24

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_712sd_850sd_632sd_855sd_820asd_439sd_670_firmwaresd_429sd_425sdm660sdm439mdm9607_firmwaresd_710_firmwaremdm9650sd_636sdm630sdx24sd_625msm8909w_firmwaremdm9607qm215sd_636_firmwaresd_450_firmwaresd_845_firmwaresd_439_firmwaresd_820a_firmwaresd_429_firmwareqcs605_firmwaremdm9206sd_425_firmwaresd_850_firmwaresdx24_firmwaresd_625_firmwaresd_450sdm439_firmwaresd_712_firmwaresdm630_firmwaresd_845qm215_firmwareqcs605mdm9206_firmwaresd_670sd_632_firmwaremdm9650_firmwaresd_710msm8909wsdm660_firmwaresd_855_firmwareSnapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-416
Use After Free
CVE-2022-3314
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 32.49%
||
7 Day CHG+0.01%
Published-01 Nov, 2022 | 00:00
Updated-06 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in logging in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2022-32613
Matching Score-6
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-6
Assigner-MediaTek, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 3.59%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 00:00
Updated-01 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In vcu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07206340; Issue ID: ALPS07206340.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6789mt6769mt6833mt6875mt6762mt6853mt6889mt6891mt6877androidmt8789mt8768mt8365mt6853tmt6781mt6883mt8185mt6855mt8791mt6785mt8797mt8798mt6873mt6779mt6893mt8168mt6768mt6879mt6895mt6983mt8696mt8786mt6885MT6762, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8168, MT8185, MT8365, MT8696, MT8768, MT8786, MT8789, MT8791, MT8797, MT8798
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2025-8578
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.20%
||
7 Day CHG~0.00%
Published-07 Aug, 2025 | 01:30
Updated-12 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Apple Inc.Linux Kernel Organization, IncGoogle LLCMicrosoft Corporation
Product-windowschromemacoslinux_kernelChrome
CWE ID-CWE-416
Use After Free
CVE-2024-1060
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.51% / 65.29%
||
7 Day CHG~0.00%
Published-30 Jan, 2024 | 21:14
Updated-29 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-fedorachromeChrome
CWE ID-CWE-416
Use After Free
CVE-2021-1947
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.10% / 27.69%
||
7 Day CHG~0.00%
Published-17 Sep, 2021 | 07:05
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in kernel graphics driver because of storing an invalid pointer in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3991_firmwarewsa8830sm7250qca9561qcs2290_firmwareqca8337sm7250_firmwarear9380qca9563_firmwareqca9561_firmwareqca9880_firmwareqca9992qcs4290wcn3950_firmwaresd765g_firmwareqcs2290ipq8069_firmwareqca6390_firmwaresd690_5gwcd9370qcs6125_firmwareqca6426wcn3990_firmwareqca9984_firmwarewcn3998wcd9385_firmwarewcn3950sm4125wcd9326_firmwarewcn3615_firmwareqca9563qsw8573_firmwarewcn3660bsd662qca9982sd460_firmwareqca6320_firmwarewcn3680b_firmwaresdx55_firmwarewcd9375_firmwarewcn3615wcn3998_firmwaremsm8909wapq8009w_firmwarewcn3610_firmwareapq8053_firmwareipq8065qca9990qrb5165_firmwaresd429qcs6125sd662_firmwareipq8068wcn3988_firmwaresd429_firmwarewcd9340sdm830_firmwarewsa8810_firmwaresd765gsd765_firmwarewcd9326wcd9335wcn6851qca9982_firmwareqcs4290_firmwarewcd9385qca9888_firmwarewcd9341ipq8068_firmwaresd750gsd870_firmwareqca6390qca9898_firmwaresd750g_firmwarewcd9375wcn3910_firmwaremsm8953_firmwarewsa8830_firmwaresda429wqca9992_firmwaresd660sd855_firmwaresd865_5g_firmwarewcn3620_firmwarewcn3988wcn6850_firmwaresd660_firmwarewcn3620wsa8815_firmwarewsa8835_firmwareqca9898wcn3610qcm6125_firmwareqca9882qcm2290_firmwarewcn3991qca8337_firmwaresda429w_firmwarewcd9380_firmwarewcn3990qca9980_firmwaresdm429wsd865_5gar9380_firmwaresdx55m_firmwareqca9558qca9558_firmwareqet4101_firmwareqca9896_firmwaremsm8909w_firmwareipq8065_firmwarewsa8835sdm429w_firmwaresd665_firmwarewcd9380sd690_5g_firmwareqca9889qca9888qca9994_firmwarewcd9335_firmwarewcn3980qsw8573qca9886wcd9340_firmwaresd855sm4125_firmwarewcn6850sd665wcn3910qca6320wsa8815sd765qca9887qca6426_firmwarewcn3660b_firmwareqca9984ipq8064ipq8069sd768g_firmwarewcn3980_firmwaresd460qca6391sdx55mipq8064_firmwaremsm8953qcm4290qca9882_firmwareqrb5165wcn6851_firmwareqca9994qca9531qca9887_firmwareqca9889_firmwareqca9980apq8009wqca9880wcd9341_firmwareqcm6125qcm4290_firmwaresd870wsa8810wcn3680bqca9886_firmwaresd768gqca6391_firmwarewcd9370_firmwaresdx55apq8053qca9990_firmwareqet4101qca9531_firmwaresdm830qca9896qcm2290Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-416
Use After Free
CVE-2022-3197
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.73% / 71.87%
||
7 Day CHG~0.00%
Published-26 Sep, 2022 | 00:00
Updated-21 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-fedorachromeChrome
CWE ID-CWE-416
Use After Free
CVE-2018-11998
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.06% / 17.73%
||
7 Day CHG~0.00%
Published-18 Jan, 2019 | 22:00
Updated-05 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

While processing a packet decode request in MQTT, Race condition can occur leading to an out-of-bounds access in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 427, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660, Snapdragon_High_Med_2016

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_427_firmwaremdm9206snapdragon_high_med_2016sd_212_firmwaresd_625_firmwaresd_450sdm630_firmwaresda660_firmwaresdm660sdm630mdm9607_firmwaresd_435sd_636mdm9206_firmwaresd_427sd_625snapdragon_high_med_2016_firmwaresd_210mdm9607sd_636_firmwaresd_435_firmwaresd_835_firmwaresd_835sd_205sd_450_firmwaresda660sd_210_firmwaresd_205_firmwaresdm660_firmwaresd_212Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2021-1927
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.04% / 9.64%
||
7 Day CHG~0.00%
Published-07 May, 2021 | 09:10
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible use after free due to lack of null check while memory is being freed in FastRPC driver in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfs2580qca9377_firmwareqpm5679_firmwaresm6250p_firmwareipq4028_firmwareqca8337qdm5579ar9380ipq8173_firmwareqfs2608_firmwareqfs2530qpm8870_firmwareqln1030pm6125qcn5124qat5522_firmwarewcn3950_firmwarepm8150aqdm5670qca6595au_firmwareqpm5541_firmwareqpa5581_firmwaresa6155pm7150lqcc1110_firmwarepm8998_firmwareqpa8821wtr5975_firmwareqcs6125_firmwarepm456_firmwareqpa5580_firmwaresa415mwcn3998wcd9371_firmwarewcn3950qcn6024_firmwaresd720gsm4125qsw8573_firmwarewcn3660bsd450_firmwareqfe4320qsw8574_firmwaresd460_firmwaresmb2351_firmwarepm8953_firmwaresd6905gqpa4360_firmwareqca8081_firmwareqfe2520_firmwarewcn3998_firmwareapq8009w_firmwarepm855papq8053_firmwareqca6420pm6150aqpm6670_firmwareipq8070_firmwareipq8065ipq8078a_firmwarepm660_firmwarepm8150bipq8072_firmwaresa8155_firmwareipq8068qfe2101qca6430qat3522pmr735awcd9340sdm830_firmwaresd765gsdr660qfs2630_firmwaresdr865qdm5620_firmwaresmb1358qca9888_firmwaresmr545qca6696_firmwareqln5020wcd9371sd870_firmwareqcn5154_firmwarepmm855au_firmwaresa8150ppm6350qdm5621qfe3340qtc800sqat3514_firmwareqca9992_firmwaresd660qet6105pm640p_firmwaresd660_firmwareqcn5121qcn5022_firmwareqat5516_firmwarepm6150lsd450sd8885gpm855l_firmwareqca6428_firmwareqca9985_firmwareqtc410sipq4018_firmwarewcn3991qca9980_firmwareqpa8801sdm429wipq8078pm8150l_firmwareipq8173qat5533_firmwaresdx55m_firmwaresdxr25gqpa8673_firmwarepm6150smb1354_firmwaresd670_firmwareqca6574sd632_firmwareqfs2630qpa8842csr8811_firmwaresdr052_firmwarewcd9380qualcomm215qln4640qcs410qpm5579_firmwaresmb1380_firmwareqfe4309_firmwarepmk8350_firmwareqcn5024pm855p_firmwaresmb1381pm7250qca9379_firmwarewtr4905qpa8803sdx24_firmwareqca9985qcn9012_firmwaresd439_firmwaresdxr25g_firmwareqdm2301ipq6018_firmwarewcd9340_firmwarewsa8815wcn6850qfe2101_firmwarepmp8074_firmwareqdm5621_firmwareqdm2301_firmwareqpm6375ipq6028ipq8064pmp8074wcn3980_firmwaresd730pm660l_firmwarepm6250_firmwarewcn6740_firmwarepm8008pm8350b_firmwareqtm525_firmwarepme605_firmwareqcn5064_firmwarepme605sd678_firmwareipq8078_firmwareqpm5621_firmwareqcn5054qln1021aq_firmwareqcs603qca9896rsw8577qpa6560_firmwareqca9994qpa8802_firmwareqln4640_firmwareqfe4308_firmwareqca9980qpm5621qcn9024_firmwareipq8174_firmwareapq8009wpm8009_firmwareqfe4303qfs2580_firmwareqpm6582sd670qcm4290_firmwarewcn6855pm8150lpmi8998_firmwareqcs610_firmwaresa6145ppm660a_firmwarepm215pm4250qca9886_firmwarear8031qpm5577wtr2965sa2150pqca6391_firmwarepm8150qca4024pmi8937_firmwarewcd9370_firmwareqat3516_firmwaresdx55apq8053qcn5021_firmwarecsra6640pm8350bhsqat3555_firmwareqpa8803_firmwarewcn3660qca9379pm855bsmb2351qln1031qsm8250_firmwareqpm5870pm8909qcn5500wsa8830pm660qca9561qet6110_firmwareqdm5579_firmwareqpm6325pm6125_firmwareqbt1500qpa5581csrb31024qca9563_firmwarepmx24_firmwarefsm10055_firmwareqbt1500_firmwareqpm5870_firmwareqca9992qcs4290pmm855auqet6100qca6420_firmwaresmb1394_firmwareapq8009_firmwaresmb1396pm7150asd675_firmwareipq8072pm8350qpa5461_firmwareqpa4361_firmwarepm8350c_firmwareqca6426wcn3990_firmwareqca9984_firmwareqca9377qpm5641qpa5373_firmwarewcd9385_firmwareqdm5650_firmwareqpa4340_firmwarewcd9326_firmwarewcn3615_firmwarewtr2955pm7250_firmwaresdr845_firmwareqdm5620qln1021aqipq8074asmb1380qca9982pmk8002_firmwareqsw6310_firmwaresa8155qln1031_firmwareqdm4650_firmwareqcn5122_firmwarepmm6155au_firmwareqat5533sdx55_firmwareqcn6023_firmwarewcn3615sm7250p_firmwarewcn3610_firmwareqsm7250_firmwareqpm6670pm7150l_firmwareqca6584auqpm4641qat5515_firmwareipq8174pm855qpm8830_firmwaresd429pm8250qcn5052qdm4643qfs2530_firmwaresa415m_firmwarepmx55qpm4641_firmwareqcn9074sd205sd429_firmwarepm8150c_firmwareqca6421qdm3301qpa8842_firmwareqat3519_firmwaresa8195psdr735_firmwarepm8953qat5515qpm5677qat3514wcd9326wcd9335qca9982_firmwarepm6350_firmwareqcn6023pm8004_firmwaresdr8150_firmwareqcs4290_firmwarepm439qtc800h_firmwarepmk7350_firmwareqpm5620qpm4630qca6390qca9898_firmwaresd750g_firmwareaqt1000wcd9375sm6250_firmwarepmm8195auqln4642msm8917_firmwareqpm5677_firmwareipq5010_firmwareipq8074a_firmwarewsa8815_firmwarepmi8937pm8998pmk7350sdw3100qpm8820_firmwaresmr525_firmwarewtr3925_firmwareqfe4301_firmwareapq8017qln1020_firmwareqpm6621_firmwarepm670a_firmwareqcm6125_firmwarepmx55_firmwarewtr2955_firmwareqfe4373fc_firmwarepm8150_firmwaresmb1398_firmwareqpm8830qat5522qca9896_firmwareipq8065_firmwarepm8150cpmr735bsd665_firmwareqpa4360pmk8003_firmwareqcn5154qca8075_firmwareqpa4361ipq6005_firmwareqpm4640_firmwareqpm5577_firmwarewcn6855_firmwareqdm5679_firmwarepm8350csmr525qca9888qca6310_firmwareqfe4305_firmwareipq8070a_firmwarepm6150l_firmwarepmr525pm8150a_firmwareqca6574_firmwareqca9886qcn5502_firmwareqln1036aq_firmwaresd665pm6150a_firmwarepm6150_firmwaresd765qca6574a_firmwareqpm4630_firmwareqat3555apq8009qpa5461sd8c_firmwarewtr2965_firmwarepm670_firmwarecsrb31024_firmwareqfs2608qcn9070_firmwaresd480_firmwareqln1036aqqtc801sipq6028_firmwareipq8072a_firmwareqca9531qpm5641_firmwareqca9889_firmwaresd710qcn5122pm8008_firmwareqpm6621pmr735a_firmwarepmw3100pmx50qcn5022sdr8250sd768gqln1030_firmwarewcn6740pmw3100_firmwarepm8004pm640lpmk8002qca8075qcn6024qcn9022sd845sdm830ipq6000_firmwareqcs410_firmwareqpa5580qpm5579fsm10055qfe2550sa6150p_firmwareqcs610qcn5550qpm5620_firmwareqdm2307qca6431_firmwareqpa8802wcd9360_firmwareqpm6585_firmwareqca9561_firmwareqat3519qbt2000_firmwareqca4024_firmwarepm855a_firmwareipq8078aqtc800hsa8150p_firmwareqcs2290sdr8250_firmwareqca6335msm8917qcn5064csra6620_firmwareqcs605_firmwareqln1020smr546_firmwareqdm5671csra6640_firmwarepmc1000hqpm4650_firmwareqat3518sd8csd632sdr425_firmwaresmr526_firmwareipq8076aqpa5460pm640a_firmwarewgr7640_firmwareqdm2305_firmwareqpm5670_firmwaresd710_firmwareqca4020qca6428qdm5652qca6574au_firmwareqcn5164_firmwareipq8071qpm8870wcd9375_firmwareqpm5679qbt2000sa6155_firmwaremsm8909wwcd9360qca6438_firmwarepmx50_firmwareqpa8675_firmwaresdr735gqpa5460_firmwarewcn3999qdm3301_firmwareqca7500qsm7250ipq4029_firmwareqcs6125ipq6010sd662_firmwareqcc1110qcs405smb1360qualcomm215_firmwarersw8577_firmwareqdm2308_firmwarefsm10056_firmwarepm439_firmwareqca4020_firmwareqca6436sa6155pwcn6851qcs603_firmwareqpa6560sdr675_firmwarewcn3660_firmwarewcd9341ipq8068_firmwarepmi8952pm8937_firmwareqca6431qdm4643_firmwaresm7350_firmwareqet4100_firmwaresd750gqfe4320_firmwareqdm3302wcn3910_firmwareqpm5657qpm5875_firmwarewsa8830_firmwaresd855_firmwareqdm5650wcn3988qca6438wtr3925sdr052sa8195p_firmwaresmb1390sdw3100_firmwareqca9898ipq4028qet4100wcn3610qpa8686_firmwareipq5018_firmwareqpm6585qca8337_firmwaresda429w_firmwarewcd9380_firmwaresmb1355ipq8072aqca7500_firmwareqln4650sdr735g_firmwarepm8350bhs_firmwarewgr7640ipq8076a_firmwareqat5568qdm5671_firmwareqet5100qca6564auqpa8801_firmwareqtm527_firmwarewcn6856_firmwarepm8005_firmwareqcn5164qca9558qet4101_firmwarepm7250bqln4642_firmwaresmb1355_firmwarepm7250b_firmwarepmd9655_firmwaresmb1351_firmwareqcn5054_firmwareipq4019_firmwaresdx50m_firmwaresdr735smb1395pm660lsmr526qca8072_firmwarewtr5975qca6430_firmwarepmk8003qcn5052_firmwareqtc801s_firmwareqat3522_firmwarewcd9335_firmwarewcn3980pm7350c_firmwareqca6335_firmwareqsw8573qcs605wcn3910smb1394qca6426_firmwarepm8350_firmwarewcn3660b_firmwarewcn3680qca9984qfe4309qcn9024pm8009qpa8675qcn5550_firmwaresdr051_firmwaresdx55mipq8064_firmwarepm670aqca6421_firmwareqfe4373fcmsm8953qat3518_firmwarepmi8998qfe2520qsw8574sd6905g_firmwarear8031_firmwarewcn3680_firmwarepm855lwcn6851_firmwareqdm5670_firmwareipq8070sd8655gqcn5502pm7150a_firmwarepm8150b_firmwareqca9887_firmwareqfe4302smr545_firmwarepmc1000h_firmwareqca6564a_firmwareqdm2310_firmwarepm4250_firmwareqca9880sd480sd870qcn5121_firmwaresd8885g_firmwarepm670sd210_firmwareqdm5677pm8005qsm8250ipq6018pm855_firmwareqdm2302pmm6155ausdxr1pm855b_firmwareqcs405_firmwareqpm6582_firmwareqpm6375_firmwarepm640l_firmwareqln4650_firmwareqpm5875qet5100msd888_firmwaresa8155psd675sd439qet4101qca9531_firmwareqat3516pm670lqpm5658ar8035_firmwareqcm2290qpm5658_firmwareqcn5024_firmwarewcn3991_firmwareqdm5652_firmwarepmm8155au_firmwaresd678qcn9070sdr051qln5030qcs2290_firmwarepm4125fsm10056pmi632qpa2625_firmwarepm456pm8350bh_firmwarecsra6620pmr735b_firmwareqet5100_firmwareqpa5373qpm4621qcn9072smb1360_firmwareqca9880_firmwareqet6100_firmwarepm670l_firmwaresdr660gsd765g_firmwareqpa8686smb1358_firmwareqca6390_firmwareipq6000sd730_firmwarewcd9370qcn5152_firmwaresdr425pmr525_firmwareqca6584au_firmwareqcn9000_firmwareqfe3340_firmwareipq5018pmi632_firmwareqpm5541qat5516qca9563sd662qpa8821_firmwareqfe4308qcn5124_firmwaresdr660g_firmwarepm8350bhpm3003awcn3680b_firmwareqca6595auwcn3999_firmwareqca6436_firmwaresm7350smb1354ipq5010qca6564au_firmwareqdm2305sa6155p_firmwareqca6310qpm8820pm8937qpm2630qln5020_firmwaresa515m_firmwareqca9990smb1398sa6145p_firmwaresdr675sm6250apq8017_firmwarewsa8810_firmwaresd765_firmwareqdm5677_firmwareqca8081ipq8071aqca6174a_firmwareipq8071a_firmwarewcd9385qpm6325_firmwareqdm2302_firmwareqat3550_firmwarepmm8155auqln5040_firmwarepm4125_firmwarear8035csr8811qpa8673ipq4019qdm2310qfe2550_firmwaremsm8953_firmwareqcn9100_firmwareqln5030_firmwaresda429wsd210wcn3620_firmwareqfe4302_firmwaresmb1396_firmwarewcn6850_firmwarewcn3620wsa8835_firmwareqca6564asmr546pmx24qet6110pmi8952_firmwareqca8072qcm2290_firmwareqln5040qpm8895sdr845qpm5670wcn3990qcn9000qtm527ar9380_firmwarepmk8350sdx24qcn9012qdm3302_firmwaresd888qca9558_firmwarepm8350bqdm2307_firmwaremsm8909w_firmwarewsa8835sdm429w_firmwareqpm5657_firmwaresm6250ppm855asdr660_firmwarepm8909_firmwareqca6574aipq4018pm8916_firmwareqca9889qca6174asmb1390_firmwareipq8074qfe4303_firmwareqca9994_firmwareqpm4640pm7350cqet5100m_firmwareipq8076_firmwareqpm4650qtm525sa515msa2150p_firmwarewtr6955sd855sm4125_firmwaresd8cxqfe4305ipq8076wtr6955_firmwareqca9887pm640pqcn5021qcn5152sd768g_firmwaresdr865_firmwarepm8250_firmwaresd460qca6391sd8cx_firmwaresdxr1_firmwaresmb1351ipq6005aqt1000_firmwarepm215_firmwareqcn9100qpm8895_firmwarepm660aqpa4340qcm4290sdx50mpm640asdr8150pm8916smb1395_firmwareqdm4650pmd9655ipq8074_firmwareqca6574ausa8155p_firmwaresd205_firmwareqsw6310qet6105_firmwaresd8655g_firmwarewcd9341_firmwareqcm6125wsa8810qtc410s_firmwareqpm2630_firmwareqcn5500_firmwareqat5568_firmwareqdm2308qat3550wtr4905_firmwarewcn6856qdm5679wcn3680bipq6010_firmwarepm3003a_firmwareqca6696qfe4301qtc800s_firmwaresmb1381_firmwaresd845_firmwareqpa2625sa6150pqcn9022_firmwareqca9990_firmwareipq8070apmm8195au_firmwareqcn9072_firmwaresm7250psd720g_firmwareipq8071_firmwareqcn9074_firmwareqpm4621_firmwarewcn3988_firmwareipq4029pm6250Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-416
Use After Free
CVE-2018-11960
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.14%
||
7 Day CHG~0.00%
Published-20 Dec, 2018 | 15:00
Updated-05 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition can occur in the SPS driver which can lead to error in kernel.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-416
Use After Free
CVE-2022-3198
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.73% / 71.87%
||
7 Day CHG~0.00%
Published-26 Sep, 2022 | 00:00
Updated-21 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-fedorachromeChrome
CWE ID-CWE-416
Use After Free
CVE-2018-11983
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.04%
||
7 Day CHG~0.00%
Published-20 Dec, 2018 | 15:00
Updated-05 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Error in kernel observed while accessing freed mask pointers after reallocating memory for mask table.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-416
Use After Free
CVE-2022-3196
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.73% / 71.87%
||
7 Day CHG~0.00%
Published-26 Sep, 2022 | 00:00
Updated-21 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-fedorachromeChrome
CWE ID-CWE-416
Use After Free
CVE-2022-32621
Matching Score-6
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-6
Assigner-MediaTek, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.01% / 2.05%
||
7 Day CHG~0.00%
Published-05 Dec, 2022 | 00:00
Updated-24 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In isp, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310829; Issue ID: ALPS07310829.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-androidmt6895mt6983MT6895, MT6983
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-8882
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.91%
||
7 Day CHG~0.00%
Published-13 Aug, 2025 | 02:43
Updated-14 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Apple Inc.Linux Kernel Organization, IncGoogle LLCMicrosoft Corporation
Product-macoswindowslinux_kernelchromeChrome
CWE ID-CWE-416
Use After Free
CVE-2021-0955
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7||HIGH
EPSS-0.01% / 0.74%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 18:05
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In pf_write_buf of FuseDaemon.cpp, there is possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-192085766

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2021-0656
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 2.28%
||
7 Day CHG~0.00%
Published-18 Nov, 2021 | 14:57
Updated-03 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In edma driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05709376; Issue ID: ALPS05709376.

Action-Not Available
Vendor-n/aGoogle LLCMediaTek Inc.
Product-mt6873mt6853tmt6893androidmt6885mt8797mt6889mt8791mt6877mt8195mt6853mt6883MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6893, MT8195, MT8791, MT8797
CWE ID-CWE-416
Use After Free
CVE-2018-12014
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.19%
||
7 Day CHG~0.00%
Published-11 Feb, 2019 | 15:00
Updated-05 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Null pointer dereference vulnerability may occur due to missing NULL assignment in NAT module of freed pointer.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-416
Use After Free
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-3307
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.33% / 55.12%
||
7 Day CHG+0.02%
Published-01 Nov, 2022 | 00:00
Updated-06 May, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
  • Previous
  • 1
  • 2
  • ...
  • 5
  • 6
  • 7
  • ...
  • 37
  • 38
  • Next
Details not found