Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-11968

Summary
Assigner-qualcomm
Assigner Org ID-2cfc7d3e-20d3-47ac-8db7-1b7285aff15f
Published At-24 May, 2019 | 16:44
Updated At-05 Aug, 2024 | 08:24
Rejected At-
Credits

Improper check before assigning value can lead to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA4020, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, QCN5502, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX20, SDX24, SM7150, Snapdragon_High_Med_2016, SXR1130

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:qualcomm
Assigner Org ID:2cfc7d3e-20d3-47ac-8db7-1b7285aff15f
Published At:24 May, 2019 | 16:44
Updated At:05 Aug, 2024 | 08:24
Rejected At:
▼CVE Numbering Authority (CNA)

Improper check before assigning value can lead to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA4020, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, QCN5502, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX20, SDX24, SM7150, Snapdragon_High_Med_2016, SXR1130

Affected Products
Vendor
Qualcomm Technologies, Inc.Qualcomm, Inc.
Product
Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
Versions
Affected
  • IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA4020, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, QCN5502, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX20, SDX24, SM7150, Snapdragon_High_Med_2016, SXR1130
Problem Types
TypeCWE IDDescription
textN/AInteger Overflow or Wraparound in WLAN
Type: text
CWE ID: N/A
Description: Integer Overflow or Wraparound in WLAN
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.qualcomm.com/company/product-security/bulletins#_CVE-2018-11968
x_refsource_CONFIRM
Hyperlink: https://www.qualcomm.com/company/product-security/bulletins#_CVE-2018-11968
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.qualcomm.com/company/product-security/bulletins#_CVE-2018-11968
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.qualcomm.com/company/product-security/bulletins#_CVE-2018-11968
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@qualcomm.com
Published At:24 May, 2019 | 17:29
Updated At:29 May, 2019 | 15:21

Improper check before assigning value can lead to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA4020, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, QCN5502, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX20, SDX24, SM7150, Snapdragon_High_Med_2016, SXR1130

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.07.2HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.2
Base severity: HIGH
Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Qualcomm Technologies, Inc.
qualcomm
>>ipq4019>>-
cpe:2.3:h:qualcomm:ipq4019:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>ipq4019_firmware>>-
cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>ipq8064>>-
cpe:2.3:h:qualcomm:ipq8064:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>ipq8064_firmware>>-
cpe:2.3:o:qualcomm:ipq8064_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>ipq8074>>-
cpe:2.3:h:qualcomm:ipq8074:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>ipq8074_firmware>>-
cpe:2.3:o:qualcomm:ipq8074_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9206>>-
cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9206_firmware>>-
cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9607>>-
cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9607_firmware>>-
cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9640>>-
cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9640_firmware>>-
cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9650>>-
cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9650_firmware>>-
cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>msm8996au>>-
cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>msm8996au_firmware>>-
cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca4020_firmware>>-
cpe:2.3:o:qualcomm:qca4020_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca4020>>-
cpe:2.3:h:qualcomm:qca4020:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6174a_firmware>>-
cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6174a>>-
cpe:2.3:h:qualcomm:qca6174a:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6564_firmware>>-
cpe:2.3:o:qualcomm:qca6564_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6564>>-
cpe:2.3:h:qualcomm:qca6564:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6574_firmware>>-
cpe:2.3:o:qualcomm:qca6574_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6574>>-
cpe:2.3:h:qualcomm:qca6574:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6574au_firmware>>-
cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6574au>>-
cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6584_firmware>>-
cpe:2.3:o:qualcomm:qca6584_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6584>>-
cpe:2.3:h:qualcomm:qca6584:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6584au_firmware>>-
cpe:2.3:o:qualcomm:qca6584au_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6584au>>-
cpe:2.3:h:qualcomm:qca6584au:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca8081_firmware>>-
cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca8081>>-
cpe:2.3:h:qualcomm:qca8081:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca9377_firmware>>-
cpe:2.3:o:qualcomm:qca9377_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca9377>>-
cpe:2.3:h:qualcomm:qca9377:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca9379_firmware>>-
cpe:2.3:o:qualcomm:qca9379_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca9379>>-
cpe:2.3:h:qualcomm:qca9379:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca9531_firmware>>-
cpe:2.3:o:qualcomm:qca9531_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca9531>>-
cpe:2.3:h:qualcomm:qca9531:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca9558_firmware>>-
cpe:2.3:o:qualcomm:qca9558_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca9558>>-
cpe:2.3:h:qualcomm:qca9558:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca9563_firmware>>-
cpe:2.3:o:qualcomm:qca9563_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca9563>>-
cpe:2.3:h:qualcomm:qca9563:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca9880_firmware>>-
cpe:2.3:o:qualcomm:qca9880_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca9880>>-
cpe:2.3:h:qualcomm:qca9880:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca9886>>-
cpe:2.3:h:qualcomm:qca9886:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca9886_firmware>>-
cpe:2.3:o:qualcomm:qca9886_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca9980_firmware>>-
cpe:2.3:o:qualcomm:qca9980_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca9980>>-
cpe:2.3:h:qualcomm:qca9980:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qcn5502_firmware>>-
cpe:2.3:o:qualcomm:qcn5502_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qcn5502>>-
cpe:2.3:h:qualcomm:qcn5502:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-190Primarynvd@nist.gov
CWE ID: CWE-190
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.qualcomm.com/company/product-security/bulletins#_CVE-2018-11968product-security@qualcomm.com
Vendor Advisory
Hyperlink: https://www.qualcomm.com/company/product-security/bulletins#_CVE-2018-11968
Source: product-security@qualcomm.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

785Records found
CVE-2017-17764
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.87%
||
7 Day CHG~0.00%
Published-23 Feb, 2018 | 23:00
Updated-16 Sep, 2024 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all Qualcomm products with Android releases from CAF using the Linux kernel, the num_failure_info value from firmware is not properly validated in wma_rx_aggr_failure_event_handler() so that an integer overflow vulnerability in a buffer size calculation may potentially lead to a buffer overflow.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-11235
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.39%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 05:00
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow might occur while parsing unified command due to lack of check of input data received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfe3100qfe2080fc_firmwareqca9377_firmwareqpm5679_firmwarepmd9607_firmwareqca1023qfs2530qpm8870_firmwareqln1030pm6125mdm9645msm8992_firmwarewcn3950_firmwarepm8150aqdm5670qpm5541_firmwareqpa5581_firmwareqpa8821mdm8215qcs6125_firmwarepm456_firmwarewcn3998wcd9371_firmwarewcn3950mdm9206_firmwareqsw8573_firmwarewcn3660bsmb2351_firmwarepm855pwtr4605_firmwarepm6150aqca9367_firmwareipq8072_firmwaresa8155_firmwareipq8068qat3522qfe4455fcpmr735asdm830_firmwaresd765gsdr660qfe1045_firmwareqfe3345qfs2630_firmwaresdr865mdm9250_firmwareqdm5620_firmwareqca6696_firmwareqln5020mdm8215_firmwarepmm855au_firmwaresd_8cxpmm8920auqcn5501_firmwaresa8150pqfe3340sd660sd712pm640p_firmwareqcn5121wcn6750_firmwarepm6150lpm855l_firmwareqca6428_firmwareqtc410sipq4018_firmwareqca4531_firmwareqfe3335_firmwareqpa8801ipq8078qat5533_firmwareipq8173sdx55m_firmwareqpa8673_firmwaresd670_firmwareqfs2630pmm8996auqpm5579_firmwaresmb1380_firmwarepmk8350_firmwareqcn5024pm855p_firmwaresd690_5g_firmwaresmb1381pm7250wtr4905sdx24_firmwareqca9985qcn9012_firmwareqdm2301qca9890_firmwareqfe2101_firmwareqca6584_firmwareqdm5621_firmwareqpm6375sd_8c_firmwareipq6028ipq8064pmp8074qca1990wcn3980_firmwaresd730qfe3320_firmwarepm8008pm8350b_firmwaremdm9225pme605_firmwarepme605apq8064au_firmwaremdm9225mipq8078_firmwareqcn5054qln1021aq_firmwareqcs603qca6164_firmwareqln4640_firmwareqca9980qpm6582qcn9024_firmwareapq8084_firmwareqca9886_firmwarear8031wtr2965qca6164qca6391_firmwarepmx20_firmwareqca4024qat3516_firmwareapq8053qcn5021_firmwareqca9379pm855bsmb2351qpa5581qfe1040_firmwarecsrb31024qca9563_firmwaremdm9628_firmwaremdm9650qbt1500_firmwareqpm5870_firmwarepmk8001qet6100pmd9635_firmwaresmb1394_firmwareapq8009_firmwaresd690_5gmdm9310_firmwaresd675_firmwareipq8072qca6426qca9984_firmwareqca9377qpm5641sdxr2_5g_firmwarewtr2955rgr7640au_firmwarepm7250_firmwareqdm5620ipq8074aqca9982qcn5122_firmwareqat5533qcn6023_firmwaresm7250p_firmwarewcn3610_firmwareqsm7250_firmwareqpm6670pm7150l_firmwareqca6584aupm855pm8250qcn5052mdm9235m_firmwaremdm9607_firmwaremdm9655_firmwareqfs2530_firmwareqat3519_firmwareqpm5677qat5515qca9982_firmwareqtc800h_firmwarepmk7350_firmwareqpm5620mdm9625sd750g_firmwareaqt1000sm6250_firmwareqln4642msm8994ipq5010_firmwareipq8074a_firmwaremdm9625msd888_5g_firmwaresmr525_firmwarewsa8815_firmwareqpm8820_firmwareapq8017qpm6621_firmwaremdm9630_firmwarewtr2955_firmwareqbt1000_firmwarepm8019qca6595smb1398_firmwareqca9896_firmwareipq8065_firmwarepm8150cpmr735bsd665_firmwareqcn5154qpm5577_firmwareqdm5679_firmwareqca6310_firmwareapq8094_firmwarepm6150l_firmwaremdm9615qca6574_firmwareqcn5502_firmwaresd665pm6150a_firmwarepmd9607mdm9310wtr2965_firmwarecsrb31024_firmwareqfs2608qcn9070_firmwareqln1036aqipq6028_firmwareipq8072a_firmwareqca9889_firmwaresd710mdm9607mdm9645_firmwareqln1035bd_firmwaresdx20m_firmwareqca6564_firmwarewcn6740smb1350_firmwarepmk8002apq8096au_firmwareqcn9022sdm830smb1357qpa5580pm8018_firmwareqpm5579qfe2550qcn5550qdm2307qca6431_firmwareqpa8802wcd9360_firmwareqpm6585_firmwareqat3519qbt2000_firmwareipq8078asa8150p_firmwaresdr8250_firmwareqcn5064csra6620_firmwareqln1020csra6640_firmwarepmc1000hqat3518qca9987_firmwaresmr526_firmwareipq8076apm640a_firmwarewgr7640_firmwareqca4020qca6428qdm5652qcn5164_firmwareipq8071sa6155_firmwarewcd9360sdx20mqca6438_firmwareqpa8675_firmwarewtr1625lqpa5460_firmwarewcn3999qsm7250pm8996ipq4029_firmwareipq6010sd662_firmwareqdm2308_firmwareqca4020_firmwareqca6436wcn6851sa6155pqcs603_firmwarepmc7180ipq8068_firmwarepmi8952mdm9655qca6431qca9988_firmwarewcn3910_firmwareqfe1922sd855_firmwareqdm5650qfe2080fcsdr052sa8195p_firmwaresmb1390qca9898ipq4028qpa8686_firmwarewcd9380_firmwareqca7500_firmwarepm8350bhs_firmwarewgr7640csr6030qat5568qca7550_firmwareqdm5671_firmwareqpa8801_firmwareqtm527_firmwarepm8005_firmwareqca9558pm7250b_firmwarepmd9655_firmwaresmb1351_firmwaremdm9230pm8996_firmwareipq4019_firmwaresmb358sar8151smr526qca8072_firmwareqca6174pmk8003qca6430_firmwareqtc801s_firmwareqat3522_firmwarewcn3980qsw8573qcs605qbt1000mdm9225_firmwaresd7cwcn3910qca9986_firmwaresmb1394qca6426_firmwarepm8350_firmwarepm8009ipq8064_firmwareqat3518_firmwaresd821_firmwarepmi8998qfe2520ar8031_firmwarepm855lpmd9635qcn5502pm8150b_firmwaresd_636_firmwareqca9880pm670sd210_firmwarepm8005qcn3018qdm2302sdxr1apq8096auqcs405_firmwarepmi8996_firmwareqln4650_firmwareqet5100mqca9378a_firmwarepm8952qca9531_firmwareqat3516qpm5658ar8035_firmwareqpm5658_firmwareqcn5024_firmwarewcn3991_firmwareqdm5652_firmwareqfe4465fcqcn9070pmi632qca9378pm8350bh_firmwarepmr735b_firmwaresmb1360_firmwareqca9880_firmwarepm670l_firmwaresdr660gqfe2340ipq8069_firmwaresd730_firmwarewcd9370sdr425qcn9000_firmwareipq5018qca9369ar8151_firmwaresd_8cx_firmwareqpm5541qat5516qcn5124_firmwarepm8350bhqca6320_firmwarewcn3680b_firmwareqca6595auipq5010qdm2305sa6155p_firmwareqca6310pm8937qpm2630qca9990sdxr2_5gsmb1398qcn5501msm8994_firmwaresa6145p_firmwaresdr675ipq8071aipq8071a_firmwarewcd9385qat3550_firmwareqln5040_firmwarepm4125_firmwarear8035pm8019_firmwareapq8064auqca6694_firmwareqdm2310qfe2550_firmwareqcn9100_firmwareqln5030_firmwarepm8952_firmwaresd820smb1396_firmwarecsr6030_firmwarepmx24qfe1055qca8072qln5040qpm8895sdr845qtm527qfe3440fc_firmwarepmk8350qdm3302_firmwarepmc7180_firmwareqca9558_firmwaremsm8996aupm8994_firmwareqfe1035qpm5657_firmwaresd888_5gsm6250pqln1035bdpm855asdr660_firmwarepm8909_firmwareipq4018qca6574aqpm4640mdm9635mqet5100m_firmwareipq8076_firmwareqpm4650sa515mipq8076qfe1922_firmwareqca9887qca9378_firmwaresdr865_firmwareqfe4465fc_firmwarepm8250_firmwaresd460qca6391sdxr1_firmwaremdm9626pm660asdx50mpm640apm8916qdm4650ipq8074_firmwareqca6574ausa8155p_firmwareqsw6310qcm6125qpm2630_firmwaresmb231_firmwareqdm2308qat3550wcn6856sd835_firmwareqtc800s_firmwaresa6150pqcn9022_firmwareqpa8688_firmwareipq8070aqcn9072_firmwaresm7250psd720g_firmwareqpm4621_firmwareqca9896ipq4029sd850qln4640qfs2580mdm9640_firmwaresm6250p_firmwareipq4028_firmwareqfe4455fc_firmwareqca8337qdm5579ar9380ipq8173_firmwareqfs2608_firmwareqpa8688qcn5124qat5522_firmwaresc8180x\+sdx55qca6595au_firmwaresa6155pm7150lpm8998_firmwaresd_455_firmwareapq8076wtr5975_firmwareqpa5580_firmwareqcn6024_firmwaresd720gsm4125wtr1605pmm8920au_firmwareqsw8574_firmwaresd460_firmwaremdm9230_firmwarepm8953_firmwareqpa4360_firmwareqca8081_firmwareqfe2520_firmwarewcn3998_firmwareqca6420apq8053_firmwareqca9986qpm6670_firmwareipq8070_firmwareipq8065ipq8078a_firmwarepm660_firmwarepm8150bqca0000qfe2101qca6430wcd9340mdm9625_firmwaresmb1358qca9888_firmwarewcd9371smb1350qfe1055_firmwareqcn5154_firmwarewtr3950pm6350qdm5621ar7420_firmwareqtc800sqat3514_firmwaremdm9330_firmwareqca9992_firmwaresd865_5g_firmwaresd660_firmwareqcn5022_firmwareqcn7606_firmwareqat5516_firmwareqca9985_firmwarewcn3991qca9980_firmwarepm8150l_firmwarepm6150smb1354_firmwaremsm8976_firmwareqca6574qpa8842csr8811_firmwaresdr052_firmwarewcd9380qfe3100_firmwareqca9379_firmwareqpa8803pmd9645ipq6018_firmwarewcd9340_firmwarewsa8815wcn6850pmp8074_firmwareqdm2301_firmwaremdm9215_firmwaresd835pm660l_firmwarepm6250_firmwarewcn6740_firmwareqtm525_firmwareqcn5064_firmwareqca9890qpm5621_firmwareqca6234rsw8577qpa6560_firmwareqca9994qpa8802_firmwareqpm5621sd670ipq8174_firmwarepm8009_firmwareqfs2580_firmwarewcn6855qcn7605_firmwarepm8150lpmi8998_firmwaresa6145ppm660a_firmwareqca1023_firmwareqpm5577sdm630_firmwaresd820_firmwarepm8150wcd9370_firmwaresdx55csra6640pm8350bhsqat3555_firmwarepmi8994qpa8803_firmwareqca6234_firmwareqln1031qcn7606qpm5870pm8909qcn5500qfe1040wsa8830pm660qca9561qet6110_firmwareqdm5579_firmwareqpm6325pm6125_firmwareqbt1500qfe2340_firmwaresd_636pmx24_firmwareqca9378aqca9992pmm855aumdm9250qca6420_firmwaresmb1396pm7150apm8350qca6564qpa4361_firmwarepm8350c_firmwareqpa5461_firmwarewcn3990_firmwareqca4531wcd9385_firmwareqdm5650_firmwareqpa4340_firmwarewcd9326_firmwarewhs9410wcn3615_firmwaresdr845_firmwareqln1021aqsmb1380pmk8002_firmwareapq8094qsw6310_firmwaresa8155qca6584qdm4650_firmwareqln1031_firmwarepmm6155au_firmwaresdx55_firmwarewcn3615qfe1952qpm4641qat5515_firmwareipq8174qpm8830_firmwareqca9367qfe2082fc_firmwareapq8092sdm630qdm4643wcn3988_firmwarepmx55qpm4641_firmwareqcn9074pm8150c_firmwareqca6421qdm3301qpa8842_firmwaresa8195psdr735_firmwarepm8953qca6694qca7550qat3514wcd9326wcd9335pm6350_firmwareqcn6023pm8004_firmwaresdr8150_firmwareqpm4630qca6390qca9898_firmwarewcd9375msm8976sc8180x\+sdx55_firmwareqpm5677_firmwareapq8092_firmwaresdx20_firmwarewtr3925_firmwarepm8998pmk7350qln1020_firmwaremdm9235mpm670a_firmwareqcm6125_firmwareqca9882wtr1625l_firmwarepmx55_firmwaresd865_5gpm8150_firmwareqpm8830pmm8996au_firmwareqat5522qca9369_firmwareqpa4360pmk8003_firmwareqca8075_firmwareqpa4361ipq6005_firmwaremdm9206qpm4640_firmwarewcn6855_firmwarepm8350csmr525qca9888ipq8070a_firmwarepmr525pm8150a_firmwarewtr3950_firmwareqca9886qln1036aq_firmwarepm6150_firmwareqca6175asd765wtr3925lpmx20qca6574a_firmwareqpm4630_firmwareqat3555sd850_firmwareapq8009qpa5461qfe2082fcpm670_firmwareqtc801smdm9626_firmwareqca9531qpm5641_firmwareqfe3320qcn5122pm8008_firmwareqpm6621pmr735a_firmwarepmx50pm8018qfe3345_firmwareqcn5022sdr8250sd768gqln1030_firmwarepm8004pm640lqca8075qcn6024sd845mdm9615_firmwareipq6000_firmwaremdm9330qca6175a_firmwaresa6150p_firmwarepmi8996qpm5620_firmwareqfe1045qca9561_firmwareqca4024_firmwarepm855a_firmwareqtc800hqca6335qcs605_firmwaresd_675_firmwarewtr3905qdm5671qfe2330qpm4650_firmwaresdr425_firmwaremdm9628qpa5460qdm2305_firmwareqpm5670_firmwaresd710_firmwareqca6574au_firmwaremdm9630qpm8870wcd9375_firmwareqpm5679qbt2000pmx50_firmwarewhs9410_firmwaresdr735gqdm3301_firmwareqca7500qcs6125smb1360qcs405qca1990_firmwareqfe3440fcrsw8577_firmwareqcn3018_firmwareqpa6560sdr675_firmwarewcd9341sm7350_firmwareqdm4643_firmwarepm8937_firmwareqet4100_firmwaresd750gqdm3302qpm5657wtr1605_firmwareqpm5875_firmwarewsa8830_firmwarewcn3988qca6438wtr3925qet4100wcn3610mdm9640ipq5018_firmwareqpm6585qca8337_firmwaresmb1355ipq8072aqln4650qtc800t_firmwaremsm8996au_firmwaresdr735g_firmwarewcd9330ipq8076a_firmwareqet5100mdm9225m_firmwareqca6564auwcn6856_firmwareqcn5164pm8994qet4101_firmwarepm7250bqln4642_firmwarepmk8001_firmwareqca7520_firmwaresmb1355_firmwareqcn5054_firmwareqet4200aq_firmwaresdx50m_firmwaresdr735smb1395pm660lsmb358s_firmwarewtr5975wcd9335_firmwareqcn5052_firmwarepm7350c_firmwareqca6335_firmwareqca6320mdm9650_firmwarewcn3660b_firmwareqca9984qcn9024qpa8675qcn5550_firmwaresdr051_firmwaresdx55mwcd9330_firmwarepm670aqca6421_firmwarewtr3905_firmwareqsw8574wcn6851_firmwareqdm5670_firmwareipq8070pm7150a_firmwareqca9887_firmwarewtr3925l_firmwarepmc1000h_firmwareqca6564a_firmwareqdm2310_firmwarepmd9645_firmwareqcn5121_firmwareqdm5677ipq6018pm855_firmwarepmm6155aupm855b_firmwareqca6595_firmwareqpm6582_firmwareqpm6375_firmwarepm640l_firmwareqpm5875sa8155psd675wtr4605qet4101pm670lqfe2330_firmwarepmm8155au_firmwaresdr051qln5030qca7520pm4125qpa2625_firmwarepm456sd7c_firmwareqfe2081fc_firmwarecsra6620qet5100_firmwareqca9987qfe1100_firmwareqcn9072qpm4621qet6100_firmwaresd765g_firmwareqpa8686smb1358_firmwareqca6390_firmwareipq6000qca6174_firmwareqcn5152_firmwareqca0000_firmwarepmr525_firmwareqca6584au_firmwareapq8076_firmwareqfe3340_firmwarepmi632_firmwareqcn7605qca9563sd662qpa8821_firmwareqfe1952_firmwaresdr660g_firmwarepm3003awcn3999_firmwareqca6436_firmwareqtc800tsm7350smb1354qca6564au_firmwareqpm8820qfe2081fcqln5020_firmwaresa515m_firmwareapq8084sd821msm8992sm6250sd712_firmwareapq8017_firmwarewsa8810_firmwaresmb231qfe1100sd765_firmwareqdm5677_firmwareqca8081qet4200aqqca6174a_firmwareqpm6325_firmwareqdm2302_firmwarepmm8155aucsr8811qpa8673ipq4019sd210wcn6850_firmwarewsa8835_firmwareqca6564aqca9988qet6110pmi8952_firmwaremdm9635m_firmwareqpm5670wcn3990qcn9000sd_675mdm9625m_firmwarear9380_firmwaresdx24qcn9012pmi8994_firmwarepm8350bqdm2307_firmwarewsa8835rgr7640aupm8916_firmwareqca9889qca6174asmb1390_firmwareipq8074qca9994_firmwarewcn6750pm8956_firmwarepm7350cqtm525wtr6955ar7420qfe3335sd855sm4125_firmwarewtr6955_firmwarepm640pqcn5021ipq8069qcn5152sd768g_firmwaresmb1351smb1357_firmwareipq6005aqt1000_firmwareqcn9100qpm8895_firmwareqpa4340qfe1035_firmwareqca9882_firmwaresdr8150sdx20smb1395_firmwaremdm9215sd_455pmd9655wcd9341_firmwarewsa8810qtc410s_firmwareqcn5500_firmwareqat5568_firmwarewtr4905_firmwareqdm5679sd_8cwcn3680bipq6010_firmwarepm3003a_firmwareqca6696smb1381_firmwaresd845_firmwareqpa2625qca9990_firmwareipq8071_firmwareqcn9074_firmwarepm8956pm6250Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-11205
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.39%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 10:00
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Possible integer overflow to heap overflow while processing command due to lack of check of packet length received' in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile in QSM8350, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155P, SA8195P, SDX55M, SM8250, SM8350, SM8350P, SXR2130, SXR2130P

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa6145psm8350p_firmwaresa6155p_firmwaresm8350psxr2130p_firmwaresa6150p_firmwaresxr2130_firmwaresxr2130psm8350_firmwaresdx55m_firmwaresm8250_firmwaresa8150psa6150pqsm8350_firmwaresa8155psm8250sa6145p_firmwaresa8155p_firmwareqsm8350sa8195psa8150p_firmwaresa8195p_firmwaresa6155sm8350sa6155_firmwaresa6155psdx55msxr2130Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-11127
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.39%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 10:00
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Integer overflow can cause a buffer overflow due to lack of table length check in the extensible boot Loader during the validation of security metadata while processing objects to be loaded' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in MDM9205, QCM4290, QCS405, QCS410, QCS4290, QCS610, QSM8250, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180X+SDX55, SC8180XP, SDA640, SDA845, SDA855, SDM1000, SDM640, SDM830, SDM845, SDM850, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR2130, SXR2130P

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sm6115_firmwaresm7250sa6150p_firmwaresm6250p_firmwareqcs610sdm640sdm845sm7250_firmwaresdx24sdx55m_firmwaresm6115p_firmwaresm7150_firmwaresm6150qcs4290sa8150p_firmwaresm7150sm6250psa6155qcs410sda640_firmwaresc8180xsxr2130sdx50m_firmwaresm6115sm7150psdx24_firmwaresda845_firmwaresa415msm4250sc8180xpsm4125sm7225sa515msda855mdm9205sm6115psm4125_firmwaresa8155sdx55_firmwaresa6155_firmwaresdm1000sm7250p_firmwaresxr2130psda855_firmwaresdx55msm6150p_firmwaresda845sm6350sm7125sdm850_firmwaresm4250p_firmwaresa6155p_firmwaresxr2130p_firmwaresda640sa515m_firmwareqcm4290sdx50msa8155_firmwaresm8250_firmwaresc8180x_firmwaresa415m_firmwareqcs405sm6350_firmwaresa6145p_firmwaresc7180_firmwaresm4250_firmwaresm6250sa8155p_firmwaresa8195psdm830_firmwareqcm4290_firmwaresa6155pqcs610_firmwareqsm8250sa6145pqcs4290_firmwaresm8150_firmwaresxr2130_firmwaresm7150p_firmwaresm4250pqcs405_firmwaresc7180mdm9205_firmwaresc8180xp_firmwaresa8150psm7125_firmwaresm6250_firmwaresa6150psdx55sm6150_firmwaresa8155psm8250sm8150p_firmwaresm7225_firmwaresm8150sdm850sdm1000_firmwaresm7250psdm830sa8195p_firmwaresdm640_firmwareqcs410_firmwaresm8150psm6150pqsm8250_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-15828
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.37%
||
7 Day CHG~0.00%
Published-18 Sep, 2018 | 18:00
Updated-05 Aug, 2024 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while accessing the keystore in LK, an integer overflow vulnerability exists which may potentially lead to a buffer overflow.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-30274
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.03% / 7.69%
||
7 Day CHG~0.00%
Published-03 Jan, 2022 | 07:25
Updated-03 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible integer overflow in access control initialization interface due to lack and size and address validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fsm10055qca9377_firmwaremdm9150_firmwarewcn3991_firmwaresd678qcn9070sa6150p_firmwaresa8145p_firmwareqcs610sm6250p_firmwarewsa8830qcs2290_firmwarefsm10056qca8337sd7c_firmwarecsrb31024csra6620fsm10055_firmwareqcn9072qcs4290wcn3950_firmwaresa8150p_firmwaresd765g_firmwareqcs2290qca6595au_firmwareqca6390_firmwaresa6155ipq6000sd690_5gsd730_firmwarecsra6620_firmwarewcd9370sd_675_firmwaresd675_firmwarecsra6640_firmwareqcn5152_firmwareqca6564qca6426wcn3990_firmwareqrb5165n_firmwareqcn9000_firmwareqca9984_firmwareqca9377sa415msd_8cx_firmwarewcd9385_firmwaresdxr2_5g_firmwarewcn3950qcn6024_firmwaresd720gsm6375_firmwaresd662sd460_firmwaresa8155qca6574au_firmwareqcn5122_firmwaresdx55_firmwareqca6595auqca8081_firmwareqcn6023_firmwaresa6155_firmwaresm7250p_firmwarewcd9375_firmwarewcn3999_firmwareqca6436_firmwareqrb5165nqca6564au_firmwaresd778gsa6155p_firmwarewcd9306sm6225wcn3999sa515m_firmwareqcs6490qrb5165_firmwaresdxr2_5gqcn5052sa8155_firmwareipq6010qca4004_firmwaresd662_firmwaresa415m_firmwareqcs405wcn3988_firmwareqcn9074sa6145p_firmwaresm6250sd778g_firmwarewcd9306_firmwarewcd9340sa8195psd765gsd765_firmwarefsm10056_firmwareqca6436wcn6851wcd9335sa6155pqca8081qcn6023qca6174a_firmwareqcs4290_firmwarewcd9385qca6696_firmwareqcs6490_firmwaresd750gsd870_firmwarear8035csr8811qca6390sd_8cxsa8150psd750g_firmwaresm6250_firmwarewcd9375wcn3910_firmwareqca4004wsa8830_firmwaresd660sd865_5g_firmwareqcm6490sd888_5g_firmwarewcn3988sd660_firmwarewcn6850_firmwarewsa8835_firmwaresa8195p_firmwareqcn5121qcx315qcn5022_firmwareqca6564awcn6750_firmwareqca8072qcm2290_firmwaresm6375wcn3991qca8337_firmwarewcd9380_firmwarewcn3990qcn9000sd_675sd865_5gqca6564ausdx24sdx55m_firmwarewcn6856_firmwarewsa8835qca6574qcx315_firmwaresd665_firmwarecsr8811_firmwarewcd9380sd888_5gsm6250pqcs410qca8075_firmwareqca6574asd690_5g_firmwareipq6005_firmwarewcn6855_firmwareqca6174asm7325psdx24_firmwareqca8072_firmwarewcd9335_firmwareqcn5052_firmwarewcn3980wcn6750ipq6018_firmwaremdm9205sa515mqca6574_firmwarewcd9340_firmwaresm7325p_firmwaresd665sd7cwcn3910wcn6850sdx57m_firmwaresd765qca6426_firmwareqca6574a_firmwareqca9984ipq6028qcn5021qcn5152qcn9024sd768g_firmwarewcn3980_firmwaresd460qca6391sd730sdx55mipq6005sd678_firmwarear8031_firmwarecsrb31024_firmwareqcm4290qcm6490_firmwareqcn9070_firmwareqrb5165sd480_firmwarewcn6851_firmwareipq6028_firmwaresm6225_firmwareqca6574ausa8155p_firmwareqcn5122qca6564a_firmwareqcn9024_firmwaresdx57mqcm4290_firmwaresd480sd870qcn5121_firmwarewcn6855qcs610_firmwaremdm9150wcn6856qsm8250ipq6018qcn5022sa6145pqca6564_firmwareipq6010_firmwarear8031sd768gqcs405_firmwaresa8145pqca6696mdm9205_firmwareqca6391_firmwarewcd9370_firmwaresa6150psdx55qca8075qcn5021_firmwareqcn9022_firmwarecsra6640qcn6024qcn9022sa8155psd675qcn9072_firmwaresm7250pipq6000_firmwaresd720g_firmwareqcn9074_firmwareqcs410_firmwarear8035_firmwareqcm2290qsm8250_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-8276
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.73%
||
7 Day CHG~0.00%
Published-18 Jan, 2019 | 22:00
Updated-05 Aug, 2024 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authorization involving a fuse in TrustZone in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_632sd_820amsm8996au_firmwaresd_439sd_429sdx24sdm439sd_636sd_615_firmwaresnapdragon_high_med_2016_firmwaremsm8996ausd_820sd_650sd_450_firmwaresd_410sd_820a_firmwaremdm9206sd_652sd_425_firmwaresdx24_firmwaresd_625_firmwaresd_450mdm9206_firmwaresd_632_firmwaresd_835_firmwaresd_835sda660sd_210_firmwaresd_415_firmwaresd_652_firmwaresd_616_firmwaresd_205_firmwaresd_415sd_650_firmwaresd_212sd_427_firmwaresd_412sd_616sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435sd_615sdm630sd_625sd_210mdm9607sd_636_firmwaresd_820_firmwaresd_439_firmwaresd_429_firmwaresnapdragon_high_med_2016sd_212_firmwaresdm439_firmwaresd_412_firmwaresdm630_firmwaresda660_firmwaresd_427sd_430sd_810sd_435_firmwaresd_410_firmwaresd_205sd_810_firmwaresdm660_firmwareSnapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-863
Incorrect Authorization
CVE-2017-14880
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.35%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 17:00
Updated-16 Sep, 2024 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while IPA WAN-driver is processing multiple requests from modem/user-space module, the global variable "num_q6_rule" does not have a mutex lock and thus can be accessed and modified by multiple threads.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2019-2288
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.09% / 27.25%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 08:30
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound write in TZ while copying the secure dump structure on HLOS provided buffer as a part of memory dump in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8996, MSM8996AU, MSM8998, QCA8081, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, Snapdragon_High_Med_2016, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwareapq8096_firmwaresdm632_firmwaremsm8996au_firmwaresdm845sdm450_firmwaresdm632apq8096sdm439mdm9650sdm429msm8940_firmwaresnapdragon_high_med_2016_firmwaremsm8976_firmwaremsm8996auapq8009_firmwaremsm8917sdm670qcs605_firmwaremdm9206sdm670_firmwareipq8074sdm636sda845_firmwareapq8098mdm9206_firmwareqcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaremsm8905_firmwaresda660sxr1130_firmwareqca8081_firmwaresxr1130apq8009msm8909_firmwareapq8053_firmwaresda845sdm850_firmwaremsm8920msm8953sdm450sdm636_firmwareapq8098_firmwaremsm8998_firmwaresdm660msm8920_firmwaresdm630mdm9607_firmwareipq8074_firmwaresdm710qm215mdm9607apq8017_firmwaresdm710_firmwareqca8081mdm9150msm8937msm8996_firmwaremsm8905snapdragon_high_med_2016msm8909apq8096ausdm439_firmwaresdm630_firmwaresda660_firmwareqm215_firmwaremsm8976msm8953_firmwaremsm8940apq8053apq8096au_firmwaremsm8917_firmwaremsm8998sdm850apq8017msm8996sdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-2346
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.69%
||
7 Day CHG~0.00%
Published-25 Jul, 2019 | 16:33
Updated-04 Aug, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Firmware is getting into loop of overwriting memory when scan command is given from host because of improper validation. in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, QCA8081, QCS404, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_427_firmwaresd_712sd_850sd_855sd_670_firmwaresd_425sdm660sd_430_firmwareqcs404_firmwaresd_435sd_636sd_710_firmwaresdm630qcs405sd_625ipq8074_firmwaresd_820_firmwaresd_636_firmwaresd_820sd_450_firmwaresd_845_firmwareqca8081qcs605_firmwaresd_425_firmwareqcs404sd_850_firmwaresd_625_firmwareipq8074sd_450qcs405_firmwaresd_712_firmwaresdm630_firmwaresd_8cx_firmwaresda660_firmwaresd_845sd_8cxqcs605sd_427sd_430sd_670sd_435_firmwaresd_835_firmwaresd_710sd_835sda660qca8081_firmwaresdm660_firmwaresd_855_firmwareSnapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2017-18329
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.93%
||
7 Day CHG~0.00%
Published-03 Jan, 2019 | 15:00
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible Buffer overflow when transmitting an RTP packet in snapdragon automobile and snapdragon wear in versions MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 810, SD 820, SD 835, SD 845 / SD 850, SDA660, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9635m_firmwaremdm9640_firmwaremsm8996au_firmwaresd_670_firmwaremdm9650sd_636sd_615_firmwaresnapdragon_high_med_2016_firmwaremsm8909w_firmwaremsm8996aumdm9645sd_650sd_820sd_450_firmwaresd_845_firmwaresd_652sd_425_firmwaresd_625_firmwaresd_450mdm9635mmdm9615sd_845sd_835_firmwaremdm9650_firmwaresd_835sda660sxr1130_firmwaresd_210_firmwaresd_415_firmwaresd_652_firmwaresxr1130msm8909wsd_616_firmwaresd_205_firmwaresd_415sd_650_firmwaresd_212sd_427_firmwaresd_712sd_616sd_425sdm660sd_430_firmwaresd_615sd_435mdm9655_firmwaresd_710_firmwaresdm630sd_625sd_210sd_820_firmwaresd_636_firmwaremdm9645_firmwaremdm9625_firmwaresnapdragon_high_med_2016sd_212_firmwaresd_850_firmwaremdm9655sd_712_firmwaresdm630_firmwaresda660_firmwaremdm9625sd_427sd_430sd_670sd_810sd_435_firmwaremdm9615_firmwaresd_710sd_205sd_810_firmwaresdm660_firmwaremdm9640Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-18316
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.01%
||
7 Day CHG~0.00%
Published-28 Nov, 2018 | 15:00
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Secure application can access QSEE kernel memory through Ontario kernel driver in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX24, SXR1130.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850sd_820amsm8996au_firmwaresd_425sdx24sd_430_firmwaremdm9607_firmwaremdm9650sd_625sd_210mdm9607msm8996ausd_820_firmwaresd_820sd_450_firmwaresd_845_firmwaresd_820a_firmwaremdm9206sd_425_firmwaresd_212_firmwaresd_850_firmwaresdx24_firmwaresd_625_firmwaresd_450sda845_firmwaresda660_firmwaresd_845mdm9206_firmwaresd_430sd_835_firmwaremdm9650_firmwaresd_835sd_205sda660sxr1130_firmwaresd_210_firmwaresda845sxr1130sd_205_firmwaresd_212Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
CVE-2017-18159
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.45%
||
7 Day CHG~0.00%
Published-06 Jul, 2018 | 17:00
Updated-16 Sep, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, while processing a StrHwPlatform with length smaller than EFICHIPINFO_MAX_ID_LENGTH, an array out of bounds access may occur.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-18154
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.59%
||
7 Day CHG~0.00%
Published-06 Jun, 2018 | 21:00
Updated-17 Sep, 2024 | 03:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A crafted binder request can cause an arbitrary unmap in MediaServer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-18274
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.39%
||
7 Day CHG~0.00%
Published-06 May, 2019 | 22:37
Updated-05 Aug, 2024 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

While iterating through the models contained in a fixed-size array in the actData structure, which also stores an incorrect number of models that is greater than the size of the array, a buffer overflow occurs in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_820asd_425sd_430_firmwaremdm9607_firmwaremdm9650sd_650_firmwaresd_625sd_210mdm9607sd_820_firmwaresd_820sd_650sd_450_firmwaresd_617sd_820a_firmwaremdm9206sd_652sd_425_firmwaresd_212_firmwaresd_625_firmwaresd_450mdm9206_firmwaresd_430sd_835_firmwaremdm9650_firmwaresd_835sd_205sd_210_firmwaresd_652_firmwaresd_205_firmwaresd_212sd_617_firmwareSnapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2017-18331
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.01%
||
7 Day CHG~0.00%
Published-18 Jan, 2019 | 22:00
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control on secure display buffers in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, SDA660

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9206sd_212_firmwaresd_820amsm8996au_firmwaresda660_firmwaremdm9206_firmwaremdm9607_firmwaremdm9650sd_210mdm9607msm8996ausd_820_firmwaresd_820sd_835_firmwaremdm9650_firmwaresd_835sd_205sda660sd_210_firmwaresd_820a_firmwaresd_205_firmwaresd_212Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
CVE-2017-18158
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.94%
||
7 Day CHG~0.00%
Published-06 Jul, 2018 | 17:00
Updated-16 Sep, 2024 | 23:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer overflows and array out of bounds accesses in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05 while flashing images.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-18124
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.67%
||
7 Day CHG~0.00%
Published-26 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

During secure boot, addition is performed on uint8 ptrs which led to overflow issue in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9635m_firmwaremdm9640_firmwaresd_820amsm8996au_firmwaremdm9650sd_615_firmwaremsm8909w_firmwaremsm8996aumdm9645sd_650sd_820sd_450_firmwaresd_845_firmwaresd_410sd_820a_firmwareipq4019_firmwaremdm9206sd_652sd_425_firmwaresd_800_firmwaresd_625_firmwaresd_450mdm9635msd_845mdm9206_firmwaremdm9640sd_835_firmwaremdm9650_firmwaresd_835sda660sd_210_firmwaresd_415_firmwaresd_652_firmwaremsm8909wsd_616_firmwaresd_205_firmwaresd_415sd_650_firmwaresd_212fsm9055sd_412sdx20sd_616sd_425sd_430_firmwaremdm9607_firmwaresd_615mdm9655_firmwaresd_625sd_210mdm9607sd_820_firmwaremdm9645_firmwaremdm9625_firmwarefsm9055_firmwaresd_800sd_617sd_212_firmwaresd_850_firmwaremdm9655sd_412_firmwaresda660_firmwaremdm9625sd_430ipq4019sd_810sdx20_firmwaresd_410_firmwaresd_205sd_810_firmwaresd_617_firmwareSmall Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-18328
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.81%
||
7 Day CHG~0.00%
Published-03 Jan, 2019 | 15:00
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in QSH client rule processing in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 820, SD 835, SDA660, SDM630, SDM660, Snapdragon_High_Med_2016.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_427_firmwaremdm9635m_firmwaremdm9640_firmwaresd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435mdm9655_firmwaremdm9650sd_636sdm630sd_625snapdragon_high_med_2016_firmwaremsm8909w_firmwaremdm9607sd_210mdm9645mdm9645_firmwaresd_636_firmwaresd_820_firmwaresd_820sd_450_firmwaremdm9206sd_425_firmwaresnapdragon_high_med_2016sd_212_firmwaresd_625_firmwaresd_450mdm9655mdm9635msdm630_firmwaresda660_firmwaremdm9206_firmwaresd_427sd_430sd_435_firmwaresd_835_firmwaremdm9650_firmwaresd_835sd_205sda660sd_210_firmwaremsm8909wsd_205_firmwaresdm660_firmwaresd_212mdm9640Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-416
Use After Free
CVE-2017-17771
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.38%
||
7 Day CHG~0.00%
Published-30 Mar, 2018 | 21:00
Updated-16 Sep, 2024 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In msm_isp_prepare_v4l2_buf in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-02-12, an array out of bounds can occur.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2017-18308
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.21% / 43.15%
||
7 Day CHG~0.00%
Published-26 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Modem segments are unlocked after authentication, leaving modem segments open to all in Snapdragon Mobile, Snapdragon Wear in version MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_425_firmwaremsm8909w_firmwaremdm9607sd_210sd_212_firmwaresd_205sd_210_firmwaresd_205_firmwaremsm8909wsd_425sd_430_firmwaremdm9607_firmwaresd_212sd_430Snapdragon Mobile, Snapdragon Wear
CVE-2017-18296
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.15%
||
7 Day CHG~0.00%
Published-23 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Access control on applications is not applied while accessing SafeSwitch services can lead to improper access in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_820amsm8996au_firmwaresdx20sd_415sd_616sd_425sd_430_firmwaremdm9607_firmwaresd_615mdm9650sd_650_firmwaresd_625sd_615_firmwaremsm8909w_firmwaremdm9607msm8996ausd_210sd_650sd_820_firmwaresd_820sd_450_firmwaresd_845_firmwaresd_617sd_820a_firmwaremdm9206sd_652sd_425_firmwaresd_212_firmwaresd_625_firmwaresd_450sda660_firmwaresd_845mdm9206_firmwaresd_430sd_835_firmwaremdm9650_firmwaresdx20_firmwaresd_835sd_205sda660sd_210_firmwaresd_415_firmwaresd_652_firmwaremsm8909wsd_616_firmwaresd_205_firmwaresd_212sd_617_firmwareSnapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
CVE-2017-18156
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.39%
||
7 Day CHG~0.00%
Published-06 May, 2019 | 22:28
Updated-05 Aug, 2024 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

While processing camera buffers in camera driver, a use after free condition can occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 625, SD 820, SD 820A, SD 835, SDX20.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9206sd_212_firmwaresd_820asd_625_firmwaremsm8996au_firmwaresdx20mdm9206_firmwaremdm9607_firmwaremdm9650sd_625sd_210mdm9607msm8996ausd_820_firmwaresd_820sd_835_firmwaremdm9650_firmwaresdx20_firmwaresd_835sd_205sd_210_firmwaresd_820a_firmwaresd_205_firmwaresd_212Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-416
Use After Free
CVE-2017-18278
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.39%
||
7 Day CHG~0.00%
Published-06 May, 2019 | 22:54
Updated-05 Aug, 2024 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer underflow may occur due to lack of check when received data length from font_mgr_qsee_request_service is bigger than the minimal value of the segment header, which may result in a buffer overflow, in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850sd_820asd_425sd_430_firmwaremdm9607_firmwaremdm9650sd_650_firmwaresd_625sd_210mdm9607sd_820_firmwaresd_820sd_650sd_450_firmwaresd_845_firmwaresd_820a_firmwaremdm9206sd_652sd_425_firmwaresd_212_firmwaresd_850_firmwaresd_625_firmwaresd_450sd_845mdm9206_firmwaresd_430sd_835_firmwaremdm9650_firmwaresd_835sd_205sd_210_firmwaresd_652_firmwaresd_205_firmwaresd_212Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2017-18317
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.01%
||
7 Day CHG~0.00%
Published-28 Nov, 2018 | 15:00
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Restrictions related to the modem (sim lock, sim kill) can be bypassed by manipulating the system to issue a deactivation flow sequence in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU,SD 410/12,SD 820,SD 820A.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_820_firmwaremsm8996ausd_412sd_820sd_410_firmwaresd_820asd_412_firmwaremsm8996au_firmwaresd_410sd_820a_firmwareSnapdragon Automobile, Snapdragon Mobile
CWE ID-CWE-20
Improper Input Validation
CVE-2017-18157
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.39%
||
7 Day CHG~0.00%
Published-06 May, 2019 | 22:31
Updated-05 Aug, 2024 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Use After Free Condition can occur in Thermal Engine in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDX20.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_820amsm8996au_firmwaresdx20sd_415sd_616sd_425mdm9607_firmwaresd_615mdm9650sd_650_firmwaresd_625sd_615_firmwaremsm8909w_firmwaremdm9607msm8996ausd_210sd_650sd_820_firmwaresd_820sd_450_firmwaresd_845_firmwaresd_820a_firmwaremdm9206sd_652sd_425_firmwaresd_212_firmwaresd_625_firmwaresd_450sd_845mdm9206_firmwaresd_835_firmwaremdm9650_firmwaresdx20_firmwaresd_835sd_205sd_210_firmwaresd_415_firmwaresd_652_firmwaremsm8909wsd_616_firmwaresd_205_firmwaresd_212Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-416
Use After Free
CVE-2017-18293
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.15%
||
7 Day CHG~0.00%
Published-23 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When a particular GPIO is protected by blocking access to the corresponding GPIO resource registers, the protection can be bypassed using the corresponding banked GPIO registers instead in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9206sd_652sd_425_firmwaresd_212_firmwaresd_625_firmwaresd_450sda660_firmwaresd_425sd_430_firmwaremdm9607_firmwaremdm9206_firmwaremdm9650sd_430sd_625sd_210mdm9607sd_835_firmwaremdm9650_firmwaresd_650sd_212sd_835sd_205sd_450_firmwaresda660sd_210_firmwaresd_652_firmwaresd_205_firmwaresd_650_firmwareSnapdragon Mobile, Snapdragon Wear
CVE-2017-18282
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.15%
||
7 Day CHG~0.00%
Published-23 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Non-secure SW can cause SDCC to generate secure bus accesses, which may expose RPM access in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9206sd835_firmwaresd212_firmwaresd430sd212sd625_firmwaresda660_firmwaresd650_firmwaremdm9206_firmwaremdm9607_firmwaresd430_firmwaremdm9650sd450_firmwaresd425_firmwaresd205sd210mdm9607sd205_firmwaremdm9650_firmwaresd450sd652_firmwaresda660sd835sd650sd425sd652sd210_firmwaresd625Snapdragon Mobile, Snapdragon Wear
CVE-2017-18304
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.15%
||
7 Day CHG~0.00%
Published-23 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient memory allocation in boot due to incorrect size being passed could result in out of bounds access in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in version FSM9055, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660 and SDX20

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fsm9055mdm9640_firmwaresd_820asd_617_firmwaremsm8996au_firmwaresdx20sd_415sd_616sd_425sd_430_firmwaremdm9607_firmwaresd_615mdm9650sd_650_firmwaresd_625sd_615_firmwaremsm8909w_firmwaremdm9607msm8996ausd_210sd_650sd_820_firmwaresd_820fsm9055_firmwaresd_450_firmwaresd_617sd_820a_firmwaremdm9206sd_652sd_425_firmwaresd_212_firmwaresd_625_firmwaresd_450sda660_firmwaremdm9206_firmwaresd_430sd_810sd_835_firmwaremdm9650_firmwaresdx20_firmwaresd_835sd_205sda660sd_210_firmwaresd_415_firmwaresd_652_firmwaremsm8909wsd_810_firmwaresd_616_firmwaresd_205_firmwaresd_212mdm9640Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-125
Out-of-bounds Read
CVE-2013-4738
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.11% / 30.27%
||
7 Day CHG~0.00%
Published-03 Feb, 2014 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges via (1) a crafted VIDIOC_MSM_VPE_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/vpe/msm_vpe.c, or (2) a crafted VIDIOC_MSM_CPP_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c.

Action-Not Available
Vendor-codeauroran/aQualcomm Technologies, Inc.
Product-quic_mobile_station_modem_kernelandroid-msmn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-18276
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.69%
||
7 Day CHG~0.00%
Published-06 May, 2019 | 22:46
Updated-05 Aug, 2024 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Secure camera logic allows display/secure camera controllers to access HLOS memory during secure display or camera session in Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9206sd_850sd_212_firmwaresd_850_firmwaresd_845mdm9206_firmwaremdm9607_firmwaremdm9650sd_210mdm9607mdm9650_firmwaresd_835_firmwaresd_835sd_205sd_210_firmwaresd_845_firmwaresd_205_firmwaresd_212Snapdragon Mobile, Snapdragon Wear
CVE-2017-18295
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.16%
||
7 Day CHG~0.00%
Published-23 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer overflow if input is not null terminated in DSP Service module in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDX20.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_820amsm8996au_firmwaresdx20sd_415sd_616mdm9607_firmwaresd_615mdm9650sd_650_firmwaresd_625sd_615_firmwaremsm8909w_firmwaremdm9607msm8996ausd_210sd_650sd_820_firmwaresd_820sd_450_firmwaresd_820a_firmwaremdm9206sd_652sd_212_firmwaresd_625_firmwaresd_450mdm9206_firmwaresd_835_firmwaremdm9650_firmwaresdx20_firmwaresd_835sd_205sd_210_firmwaresd_415_firmwaresd_652_firmwaremsm8909wsd_616_firmwaresd_205_firmwaresd_212Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-18310
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.01%
||
7 Day CHG~0.00%
Published-26 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ClientEnv exposes services 0-32 to HLOS in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_427_firmwaresd_820asd_412sdm636_firmwaresdm632_firmwaremsm8996au_firmwaresdm632sd_415sd_616sd_425sdm660sd_430_firmwaresd_615sd_435sd_650_firmwaresdm439sdm429sdm630sd_625sd_615_firmwaremsm8909w_firmwaresd_210msm8996ausd_820_firmwaresd_650sd_820sd_450_firmwaresd_845_firmwaresd_410sd_617sd_820a_firmwaresd_652sd_425_firmwaresd_212_firmwaresd_625_firmwaresd_450sdm439_firmwaresd_412_firmwaresdm636sdm630_firmwaresda660_firmwaresd_845sd_427sd_430sd_810sd_435_firmwaresd_835_firmwaresdm429_firmwaresd_410_firmwaresd_835sd_205sda660sd_210_firmwaresd_415_firmwaresd_652_firmwaremsm8909wsd_810_firmwaresd_616_firmwaresd_205_firmwaresdm660_firmwaresd_212sd_617_firmwareSnapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
CVE-2017-18330
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.44%
||
7 Day CHG~0.00%
Published-03 Jan, 2019 | 15:00
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in AES-CCM and AES-GCM encryption via initialization vector in snapdragon automobile, snapdragon mobile and snapdragon wear in versions IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_632mdm9635m_firmwaremdm9640_firmwaresd_820amsm8996au_firmwaresd_439sd_429sdx24sdm439mdm9650sd_636sd_615_firmwaresnapdragon_high_med_2016_firmwaremsm8909w_firmwaremsm8996ausd_820sd_650sd_450_firmwaresd_410sd_820a_firmwaremdm9206sd_652sd_425_firmwaresdx24_firmwaresd_625_firmwareipq8074sd_450mdm9635mmdm9206_firmwaresd_632_firmwaresd_835_firmwaremdm9650_firmwaresd_835sda660sd_210_firmwaresd_415_firmwaresd_652_firmwaremsm8909wsd_616_firmwaresd_205_firmwaresd_415sd_212sd_650_firmwaresd_427_firmwaresd_412sd_616sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435mdm9655_firmwaresd_615sdm630sd_625ipq8074_firmwaresd_820_firmwaresd_210mdm9607sd_636_firmwaresd_439_firmwaresd_429_firmwaresnapdragon_high_med_2016sd_212_firmwaremdm9655sdm439_firmwaresd_412_firmwaresdm630_firmwaresda660_firmwaresd_430sd_427sd_810sd_435_firmwaresd_410_firmwaresd_205sd_810_firmwaresdm660_firmwaremdm9640Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
CVE-2017-17767
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.19%
||
7 Day CHG~0.00%
Published-23 Feb, 2018 | 23:00
Updated-17 Sep, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all Qualcomm products with Android releases from CAF using the Linux kernel, the IL client may free a buffer OMX Video Encoder Component and then subsequently access the already freed buffer.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-18131
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.13%
||
7 Day CHG~0.00%
Published-06 May, 2019 | 22:19
Updated-05 Aug, 2024 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In QTEE, an incorrect fuse value can be blown in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 820, SD 820A, SD 835, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_427_firmwaresd_820asd_412sdm636_firmwaresdm632_firmwaremsm8996au_firmwaresdm632sd_415sd_616sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435sd_615sdm439sdm429sdm630sd_625sd_615_firmwaresnapdragon_high_med_2016_firmwaresd_210mdm9607msm8996ausd_820_firmwaresd_820sd_450_firmwaresd_845_firmwaresd_410sd_820a_firmwaremdm9206sd_425_firmwaresnapdragon_high_med_2016sd_212_firmwaresd_625_firmwaresd_450sdm439_firmwaresd_412_firmwaresdm636sdm630_firmwaresd_845mdm9206_firmwaresd_427sd_430sd_435_firmwaresd_835_firmwaresdm429_firmwaresd_410_firmwaresd_835sd_205sd_210_firmwaresd_415_firmwaresd_616_firmwaresd_205_firmwaresdm660_firmwaresd_212Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-665
Improper Initialization
CVE-2017-18311
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.69%
||
7 Day CHG~0.00%
Published-26 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XPU Master privilege escalation is possible due to improper access control of unused configuration xPU ports where unused configuration ports are open in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9635m_firmwaremdm9640_firmwaresd_820asdm632_firmwaremsm8996au_firmwaresdm632sdm439mdm9650sdm429sd_615_firmwaremsm8909w_firmwaremsm8996aumdm9645sd_650sd_820sd_450_firmwaresd_410sd_820a_firmwaresd_652sd_425_firmwaresd_625_firmwaresd_450sdm636mdm9635msd_835_firmwaresdm429_firmwaremdm9650_firmwaresd_835sda660sd_210_firmwaresd_415_firmwaresd_652_firmwaremsm8909wsd_616_firmwaresd_205_firmwaresd_415sd_650_firmwaresd_212sd_427_firmwaresd_412sdm636_firmwaresd_616sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435mdm9655_firmwaresd_615sdm630sd_625sd_210mdm9607sd_820_firmwaremdm9645_firmwaresd_212_firmwaremdm9655sdm439_firmwaresd_412_firmwaresdm630_firmwaresda660_firmwaresd_427sd_430sd_810sd_435_firmwaresd_410_firmwaresd_205sd_810_firmwaresdm660_firmwaremdm9640Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
CVE-2017-18297
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.15%
||
7 Day CHG~0.00%
Published-23 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double memory free while closing TEE SE API Session management in Snapdragon Mobile in version SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_652sd_625sd_425_firmwaresd_820_firmwaresd_820sd_625_firmwaresd_450sd_650sd_450_firmwaresd_652_firmwaresd_425sd_430_firmwaresd_430sd_650_firmwareSnapdragon Mobile
CWE ID-CWE-415
Double Free
CVE-2017-18298
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.15%
||
7 Day CHG~0.00%
Published-23 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lack of Input Validation in SDMX API can lead to NULL pointer access in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660 .

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850sd_820asd_412msm8996au_firmwaresd_415sd_616sd_425sd_430_firmwaresd_615mdm9607_firmwaremdm9650sd_650_firmwaresd_625sd_615_firmwaresd_210mdm9607msm8996ausd_820_firmwaresd_650sd_820sd_450_firmwaresd_845_firmwaresd_410sd_617sd_820a_firmwaremdm9206sd_652sd_425_firmwaresd_212_firmwaresd_850_firmwaresd_625_firmwaresd_450sd_412_firmwaresda660_firmwaresd_845mdm9206_firmwaresd_430sd_810sd_835_firmwaremdm9650_firmwaresd_410_firmwaresd_835sd_205sda660sd_210_firmwaresd_415_firmwaresd_652_firmwaresd_810_firmwaresd_616_firmwaresd_205_firmwaresd_212sd_617_firmwareSnapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-18312
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.24%
||
7 Day CHG~0.00%
Published-23 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

While accessing SafeSwitch services, third party can manipulate a given device and perform unauthorized operation due to lack of checking of same state transitions in Snapdragon Automobile, Snapdragon Mobile in version MSM8996AU, SD 410/12, SD 617, SD 650/52, SD 810, SD 820, SD 820A

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_652sd_820asd_412sd_412_firmwaremsm8996au_firmwaresd_810sd_820_firmwaresd_810_firmwaremsm8996ausd_820sd_650sd_410_firmwaresd_652_firmwaresd_410sd_617sd_820a_firmwaresd_650_firmwaresd_617_firmwareSnapdragon Automobile, Snapdragon Mobile
CWE ID-CWE-862
Missing Authorization
CVE-2017-18303
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.16%
||
7 Day CHG~0.00%
Published-23 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

While processing the sensors registry configuration file, if inputs are not validated a buffer overflow will occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MMDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SDA660, SDX20.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_820amsm8996au_firmwaresdx20sd_415sd_616sd_425sd_430_firmwaremdm9607_firmwaresd_615mdm9650sd_650_firmwaresd_625sd_615_firmwaremsm8909w_firmwaremdm9607msm8996ausd_210sd_650sd_820_firmwaresd_820sd_450_firmwaresd_800sd_617sd_820a_firmwaremdm9206sd_652sd_425_firmwaresd_212_firmwaresd_800_firmwaresd_625_firmwaresd_450sda660_firmwaremdm9206_firmwaresd_430sd_810sd_835_firmwaremdm9650_firmwaresdx20_firmwaresd_600_firmwaresd_205sd_835sda660sd_210_firmwaresd_600sd_415_firmwaresd_652_firmwaremsm8909wsd_810_firmwaresd_616_firmwaresd_205_firmwaresd_212sd_617_firmwareSnapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15845
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.70%
||
7 Day CHG~0.00%
Published-10 Jan, 2018 | 22:00
Updated-16 Sep, 2024 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an invalid input of firmware size (negative value) from user space can potentially lead to the memory leak or buffer overflow during the WLAN cal data store operation.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-11081
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.72%
||
7 Day CHG~0.00%
Published-10 Jan, 2018 | 22:00
Updated-17 Sep, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a potential buffer overflow vulnerability in hdd_parse_setrmcenable_command and hdd_parse_setrmcactionperiod_command APIs as buffers defined in this API can hold maximum 32 bytes but data more than 32 bytes can get copied.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15861
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.59%
||
7 Day CHG~0.00%
Published-23 Feb, 2018 | 23:00
Updated-16 Sep, 2024 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function wma_roam_synch_event_handler, vdev_id is received from firmware and used to access an array without validation.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2017-15826
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.35%
||
7 Day CHG~0.00%
Published-30 Mar, 2018 | 21:00
Updated-16 Sep, 2024 | 22:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Due to a race condition in MDSS rotator in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-20, a double free vulnerability may potentially exist when two threads free the same perf structures.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-415
Double Free
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2020-11292
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.19%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 06:20
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer overflow in voice service due to lack of input validation of parameters in QMI Voice API in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaremdm9640_firmwaresm6250p_firmwareqcs610qca6431_firmwarewcd9360_firmwaremdm9645wcn3950_firmwaresc8180x\+sdx55qca6595au_firmwareqca6335msm8917mdm8215sd_455_firmwareqcs605_firmwaresd_675_firmwareqcs6125_firmwaremdm8615m_firmwaresd632msm8108sa415mwcn3998wcd9371_firmwaremsm8108_firmwarewcn3950sd720gmdm9628mdm9206_firmwareqsw8573_firmwarewcn3660bsd450_firmwaresd710_firmwaremdm9230_firmwaremdm8215mqca6574au_firmwaremdm9630wcd9375_firmwarewcn3998_firmwaremsm8909wapq8009w_firmwareqca6420apq8053_firmwarewcd9360qca9367_firmwarewhs9410_firmwaremdm8207qcs6125sa8155_firmwareqca4004_firmwaremdm9615mqca6430wcd9306_firmwarewcd9340mdm9625_firmwaresd765gqca1990_firmwarequalcomm215_firmwareqca6436wcn6851qcs603_firmwaremsm8937msm8209_firmwaremdm9250_firmwarewcn3660_firmwarewcd9341mdm9655qca6696_firmwareqca6431wcd9371sd870_firmwaresd750gmdm8215_firmwarewcn3910_firmwaresd_8cxmdm9207_firmwareqca4004wsa8830_firmwaremdm9330_firmwaresd855_firmwaresd660sd865_5g_firmwaresd712wcn3988sd660_firmwaremsm8208_firmwaresd450wcn3610mdm9640msm8608wcn3991sda429w_firmwarewcd9380_firmwaresdm429wwcd9330msm8996au_firmwarecsr6030qca6564ausdx55m_firmwarewcn6856_firmwaremsm8940_firmwareqet4101_firmwaremsm8976_firmwareqca6574sd632_firmwaresd670_firmwarewcd9380qualcomm215mdm9230qcs410sd690_5g_firmwaresdx50m_firmwareqca9379_firmwaresdx24_firmwareqca6174qca6430_firmwarewcd9335_firmwaresd439_firmwarewcn3980qca6335_firmwareqsw8573qcs605wcd9340_firmwarewsa8815wcn6850wcn3910qca6320qca6584_firmwaremsm8937_firmwaremdm9650_firmwaresd_8c_firmwaremdm9215_firmwareqca6426_firmwarewcn3660b_firmwarewcn3680sd835qca1990wcn3980_firmwaresd730wcd9330_firmwaresdx55mqca6421_firmwarear6003_firmwaremsm8953sd821_firmwaresd678_firmwarewcn3680_firmwarewcn6851_firmwareqcs603sd670sd_636_firmwareqca6564a_firmwareapq8009wqca6694au_firmwaremsm8976sg_firmwareqcm4290_firmwaresd480sd870wcn6855sd210_firmwareqcs610_firmwareapq8084_firmwaresdxr1apq8096aumdm8207_firmwaresdm630_firmwaremdm9205_firmwareqca6391_firmwaresd820_firmwarewcd9370_firmwaresdx55apq8053sa8155psd675sd439qet4101wcn3660qca9379wcn3991_firmwaremdm9150_firmwarewsa8830sd678csrb31024mdm9628_firmwaremdm9650sd_636qcs4290mdm9250sd765g_firmwareqca6420_firmwareqca6390_firmwareapq8009_firmwaresd690_5gqca6174_firmwaresd730_firmwaremdm9310_firmwarewcd9370sd675_firmwareqca6426qca6584au_firmwarewcn3990_firmwareqca9377sdw2500_firmwaresd_8cx_firmwarewcd9385_firmwaresdxr2_5g_firmwarewhs9410wcd9326_firmwaremdm9615m_firmwarewcn3615_firmwareapq8037sa8155qca6320_firmwareqca6584wcn3680b_firmwaresdx55_firmwarewcn3615qca6595ausm7250p_firmwarewcn3610_firmwareqca6436_firmwaremdm9207wcd9306qca6584auqca6564au_firmwareqca6310msm8208sa515m_firmwaresd429sdxr2_5gqca9367apq8084sdm630mdm9607_firmwaresd821mdm9655_firmwaremsm8976sgsa415m_firmwarewcn3988_firmwaresd205sd429_firmwareqca6421sm6250sd712_firmwareapq8017_firmwarewsa8810_firmwareqca6694sd765_firmwarewcd9326wcd9335qca6174a_firmwareqcs4290_firmwarewcd9385mdm8615mmdm9625qca6390wcd9375sd750g_firmwareaqt1000msm8976qca6694_firmwaresm6250_firmwaresc8180x\+sdx55_firmwaremsm8953_firmwareqca6694ausda429wmsm8917_firmwaresd210wcn3620_firmwaresdx20_firmwarewsa8815_firmwaresd888_5g_firmwaresd820wcn6850_firmwarewsa8835_firmwarewcn3620apq8017ar6003csr6030_firmwareqca6564amdm9630_firmwareqcm6125_firmwaremdm9635m_firmwarewcn3990sd_675sd865_5gsdx24msm8909w_firmwarewsa8835msm8996ausdm429w_firmwaresd665_firmwaresd888_5gsm6250pqca6574amdm9206wcn6855_firmwareqca6174aqca6310_firmwaremdm9635mmdm9615mdm9205sa515mqca6574_firmwaresd855sd665sd765qca6574a_firmwaresd768g_firmwaremsm8209sd850_firmwareapq8009qca6391sdxr1_firmwaremdm9310aqt1000_firmwaremsm8920qcm4290csrb31024_firmwaresdx50msdx20sd480_firmwaremsm8920_firmwaremdm9215sd_455qca6574ausd710mdm8215m_firmwaremdm9607sa8155p_firmwaresd205_firmwaremdm9645_firmwarewcd9341_firmwareqcm6125wsa8810mdm9150wcn6856sd_8cwcn3680bsd835_firmwaresd768gqca6696sd845_firmwaremsm8608_firmwaresdw2500msm8940apq8096au_firmwaresd845mdm9615_firmwareapq8037_firmwaresm7250psd720g_firmwareqcs410_firmwaremdm9330sd850Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-11288
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.69%
||
7 Day CHG~0.00%
Published-07 May, 2021 | 09:10
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound write can occur in playready while processing command due to lack of input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfs2580qca9377_firmwareqpm5679_firmwaresm6250p_firmwareqca8337qfs2608_firmwareqfs2530qpm8870_firmwareqpa8688pm6125qat5522_firmwarewcn3950_firmwarepm8150asc8180x\+sdx55qdm5670qca6595au_firmwareqpm5541_firmwareqpa5581_firmwaresa6155pm7150lqpa8821pm8998_firmwarewtr5975_firmwareqcs6125_firmwarepm456_firmwareqpa5580_firmwaresa415mwcn3998wcd9371_firmwarewcn3950sm4125sd720gqsw8573_firmwareqsm8350_firmwareqsw8574_firmwareqsm8350sd460_firmwaresmb2351_firmwaresd6905gqpa4360_firmwarewcn3998_firmwarepm855pqca6420pm6150aqpm6670_firmwarepm660_firmwarepm8150bsa8155_firmwareqca4004_firmwareqca6430qat3522pmr735awcd9306_firmwarewcd9340sd765gsdr660qfs2630_firmwaresdr865qdm5620_firmwaresmr545qca6696_firmwareqln5020wcd9371sd870_firmwarepmm855au_firmwaresa8150ppm6350qdm5621qtc800sqca4004qet6105sd712pm640p_firmwarewcn6750_firmwareqat5516_firmwarepm6150lsd8885gpm855l_firmwareqtc410swcn3991qpa8801pm8150l_firmwareqat5533_firmwaresdx55m_firmwaresdxr25gqpa8673_firmwarepm6150smb1354_firmwaresd670_firmwareqca6574qfs2630qpa8842sdr052_firmwarewcd9380qcs410qpm5579_firmwaresmb1380_firmwarepmk8350_firmwaresmb1381pm855p_firmwarepm7250qpa8803sdx24_firmwaresdxr25g_firmwareqdm2301wcd9340_firmwarewsa8815wcn6850qdm5621_firmwareqdm2301_firmwareqpm6375wcn3980_firmwaresd730pm660l_firmwarepm6250_firmwarepm8008pm8350b_firmwareqtm525_firmwarepme605_firmwarepme605sd678_firmwareqpm5621_firmwareqln1021aq_firmwareqcs603qpa6560_firmwareqpa8802_firmwareqln4640_firmwareqpm5621qpm6582sd670pm8009_firmwareqfs2580_firmwareqcm4290_firmwarewcn6855pm8150lpmi8998_firmwareqcs610_firmwaresa6145psdr105pm4250ar8031qpm5577wtr2965mdm9205_firmwareqca6391_firmwaresa2150ppm8150wcd9370_firmwareqat3516_firmwaresdx55csra6640qat3555_firmwareqpa8803_firmwarepm855bsmb2351qln1031qsm8250_firmwareqpm5870wsa8830pm660qet6110_firmwareqpm6325pm6125_firmwareqbt1500qpa5581csrb31024pmx24_firmwarefsm10055_firmwareqbt1500_firmwareqpm5870_firmwareqcs4290qet6100pmm855auqca6420_firmwaresmb1396pm7150asd675_firmwarepm8350qca6564qpa4361_firmwarepm8350c_firmwareqpa5461_firmwareqca6426wcn3990_firmwareqca9377qpm5641wcd9385_firmwareqdm5650_firmwarewcd9326_firmwarepm7250_firmwareqdm5620qln1021aqsmb1380pmk8002_firmwareqsw6310_firmwaresa8155qln1031_firmwareqdm4650_firmwaresdx55_firmwarepmm6155au_firmwareqat5533sm7250p_firmwareqsm7250_firmwareqpm6670pm7150l_firmwarewcd9306qca6584auqpm4641qat5515_firmwarepm855qpm8830_firmwarepm8250qdm4643qfs2530_firmwaresa415m_firmwarepmx55qpm4641_firmwarewcn3988_firmwarepm8150c_firmwareqca6421qdm3301qpa8842_firmwareqat3519_firmwaresa8195psdr735_firmwareqpm5677qat5515wcd9326wcd9335pm6350_firmwarepm8004_firmwaresdr8150_firmwareqcs4290_firmwareqtc800h_firmwareqpm5620qpm4630qca6390wcd9375sd750g_firmwareaqt1000sc8180x\+sdx55_firmwarepmm8195ausm6250_firmwareqln4642qpm5677_firmwarewsa8815_firmwarewtr3925_firmwaresmr525_firmwarepm8998qpm8820_firmwareqpm6621_firmwarepm670a_firmwareqcm6125_firmwarepmx55_firmwareqca6595pm8150_firmwaresmb1398_firmwareqpm8830qat5522pm8150cpmr735bsd665_firmwareqpa4360pmk8003_firmwareqpa4361qpm4640_firmwarewcn6855_firmwareqpm5577_firmwareqdm5679_firmwarepm8350csmr525qca6310_firmwarepm6150l_firmwarepmr525pm8150a_firmwareqca6574_firmwareqln1036aq_firmwaresd665pm6150a_firmwarepm6150_firmwareqca6175asd765qca6574a_firmwareqpm4630_firmwareqat3555sd850_firmwareqpa5461sd8c_firmwarewtr2965_firmwarepm670_firmwarecsrb31024_firmwareqfs2608sd480_firmwareqln1036aqqtc801sqpm5641_firmwaresd710pm8008_firmwareqpm6621pmr735a_firmwarepmx50qca6564_firmwaresdr8250sd768gpm8004pm640lpmk8002sd845qcs410_firmwareqca6175a_firmwareqpa5580qpm5579fsm10055sa6150p_firmwareqcs610qpm5620_firmwareqdm2307qca6431_firmwareqpa8802wcd9360_firmwareqpm6585_firmwareqat3519qbt2000_firmwareqtc800hsa8150p_firmwareqcs2290sdr8250_firmwareqca6335csra6620_firmwareqcs605_firmwaresmr546_firmwareqdm5671csra6640_firmwarepmc1000hqpm4650_firmwareqat3518sd8csdr425_firmwaresmr526_firmwarepm640a_firmwarewgr7640_firmwareqdm2305_firmwareqpm5670_firmwaresd710_firmwareqdm5652qca6574au_firmwareqpm8870wcd9375_firmwareqpm5679qbt2000sa6155_firmwarewcd9360pmx50_firmwareqpa8675_firmwaresdr735gwcn3999qdm3301_firmwareqsm7250qcs6125sd662_firmwareqcs405qdm2308_firmwarefsm10056_firmwareqca6436wcn6851sa6155pqcs603_firmwareqpa6560sdr675_firmwarewcd9341qdm4643_firmwareqca6431qet4100_firmwaresd750gwcn3910_firmwareqpm5657qpm5875_firmwarewsa8830_firmwaresd855_firmwareqdm5650wcn3988wtr3925sdr052sa8195p_firmwaresmb1390qet4100qpa8686_firmwareqpm6585qca8337_firmwarewcd9380_firmwaresmb1355qln4650sdr735g_firmwarewgr7640qat5568qet5100qdm5671_firmwareqpa8801_firmwareqca6564auqtm527_firmwarewcn6856_firmwarepm8005_firmwareqet4101_firmwarepm7250bqln4642_firmwaresmb1355_firmwarepm7250b_firmwarepmd9655_firmwaresmb1351_firmwareqet4200aq_firmwaresdx50m_firmwaresdr735smb1395pm660lsmr526wtr5975qca6430_firmwarepmk8003qtc801s_firmwarewcd9335_firmwareqat3522_firmwarewcn3980qca6335_firmwareqsw8573qcs605sd7cwcn3910qca6426_firmwarepm8350_firmwarepm8009qpa8675sdr051_firmwaresdx55mpm670aqca6421_firmwareqat3518_firmwareqsw8574pmi8998sd6905g_firmwarear8031_firmwarepm855lwcn6851_firmwareqdm5670_firmwaresd8655gpm7150a_firmwarepm8150b_firmwaresmr545_firmwarepmc1000h_firmwareqca6564a_firmwareqdm2310_firmwarepm4250_firmwaresdr105_firmwaresd480sd870sd8885g_firmwarepm670qdm5677pm8005qsm8250pm855_firmwareqdm2302pmm6155ausdxr1pm855b_firmwareqca6595_firmwareqcs405_firmwareqpm6582_firmwareqpm6375_firmwarepm640l_firmwareqln4650_firmwareqpm5875qet5100msd888_firmwaresa8155psd675qet4101qat3516pm670lqpm5658ar8035_firmwareqcm2290qpm5658_firmwarewcn3991_firmwareqdm5652_firmwarepmm8155au_firmwaresd678sdr051qln5030qcs2290_firmwarepm4125fsm10056pmi632qpa2625_firmwarepm456sd7c_firmwarepm8350bh_firmwarecsra6620pmr735b_firmwareqet5100_firmwareqpm4621qet6100_firmwarepm670l_firmwaresdr660gsd765g_firmwareqpa8686qca6390_firmwaresd730_firmwarewcd9370sdr425pmr525_firmwareqca6584au_firmwarepmi632_firmwareqpm5541qat5516sd662qpa8821_firmwaresdr660g_firmwarepm8350bhpm3003aqca6595auwcn3999_firmwareqca6436_firmwaresmb1354qca6564au_firmwareqdm2305sa6155p_firmwareqca6310qpm8820qln5020_firmwaresa515m_firmwaresmb1398sa6145p_firmwaresdr675sm6250sd712_firmwarewsa8810_firmwaresmb231sd765_firmwareqdm5677_firmwareqet4200aqqca6174a_firmwarewcd9385qpm6325_firmwareqdm2302_firmwareqat3550_firmwarepmm8155auqln5040_firmwarepm4125_firmwarear8035qpa8673qdm2310qln5030_firmwaresmb1396_firmwarewcn6850_firmwarewsa8835_firmwareqca6564asmr546pmx24qet6110qln5040qcm2290_firmwareqpm8895qpm5670wcn3990qtm527pmk8350sdx24sd888pm8350bqdm2307_firmwarewsa8835qpm5657_firmwaresm6250psdr660_firmwareqca6574asmb1390_firmwareqca6174aqpm4640wcn6750qet5100m_firmwareqpm4650mdm9205qtm525sa515msa2150p_firmwaresd855sm4125_firmwaresd8cxpm640psd768g_firmwaresdr865_firmwarepm8250_firmwarepm6250sd460qca6391sd8cx_firmwaresdxr1_firmwaresmb1351aqt1000_firmwareqpm8895_firmwareqcm4290sdx50mpm640asdr8150smb1395_firmwareqdm4650pmd9655qca6574ausa8155p_firmwareqsw6310qet6105_firmwaresd8655g_firmwarewcd9341_firmwareqcm6125wsa8810qtc410s_firmwaresmb231_firmwareqat5568_firmwareqdm2308qat3550wcn6856qdm5679pm3003a_firmwareqca6696qtc800s_firmwaresmb1381_firmwaresd845_firmwareqpa2625sa6150pqpa8688_firmwarepmm8195au_firmwaresm7250psd720g_firmwareqpm4621_firmwaresd850qln4640Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-11242
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.03% / 7.69%
||
7 Day CHG~0.00%
Published-07 Apr, 2021 | 07:55
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

User could gain access to secure memory due to incorrect argument into address range validation api used in SDI to capture requested contents in Snapdragon Industrial IOT, Snapdragon Mobile

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-pm660wcn3990sd636qca6595qca6564auqet4101_firmwarepm855a_firmwarewcn3950_firmwarepmm855ausd455qtc800hsmb1351_firmwareqca6595au_firmwareqpa4360pm855aqet4200aq_firmwaresdr660_firmwareqca6574apm660lwcn3990_firmwarewcn3980wcd9335_firmwareqat3522_firmwareqpa4340_firmwarewcn3950qpa5460wcd9340_firmwareqln1036aq_firmwareqln1021aqqca6574a_firmwareqln1031_firmwareqca6574au_firmwareqpa4360_firmwareqca6595auwcn3980_firmwaresmb1351pm660l_firmwareqca6564au_firmwareqpa5460_firmwarepm660_firmwarepm660aqpa4340qln1021aq_firmwarersw8577qln1036aqsdm630qca6574auqat3522qca6564a_firmwarewcd9340wcd9341_firmwarersw8577_firmwareqat3514sdr660wcd9335qet4200aqqat3550pm660a_firmwareqln1031wcd9341qtc800h_firmwareqca6595_firmwareqet4100_firmwaresdm630_firmwareqat3550_firmwareqtc800s_firmwarepmm855au_firmwareqet4100qtc800sqat3514_firmwaresd660qet4101sd455_firmwaresd660_firmwareqca6564asd636_firmwareSnapdragon Industrial IOT, Snapdragon Mobile
CVE-2017-14895
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.49%
||
7 Day CHG~0.00%
Published-05 Dec, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, after a subsystem reset, iwpriv is not giving correct information.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-672
Operation on a Resource after Expiration or Release
CVE-2017-14896
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.38%
||
7 Day CHG~0.00%
Published-05 Dec, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a memory allocation without a length field validation in the mobicore driver which can result in an undersize buffer allocation. Ultimately this can result in a kernel memory overwrite.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 15
  • 16
  • Next
Details not found