ByteOS

Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Product

Versions

Affected

MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SM7150

Problem Types

Type	CWE ID	Description
text	N/A	Use-After-Free Issue in HLOS-Linux

Type: text

CWE ID: N/A

Description: Use-After-Free Issue in HLOS-Linux

References

Hyperlink	Resource
https://www.qualcomm.com/company/product-security/bulletins#_CVE-2018-12005	x_refsource_CONFIRM

Hyperlink: https://www.qualcomm.com/company/product-security/bulletins#_CVE-2018-12005

Resource:

x_refsource_CONFIRM

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://www.qualcomm.com/company/product-security/bulletins#_CVE-2018-12005	x_refsource_CONFIRM x_transferred

Hyperlink: https://www.qualcomm.com/company/product-security/bulletins#_CVE-2018-12005

Resource:

x_refsource_CONFIRM

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:product-security@qualcomm.com

Published At:24 May, 2019 | 17:29

Updated At:29 May, 2019 | 18:42

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary	2.0	4.9	MEDIUM	AV:L/AC:L/Au:N/C:N/I:N/A:C

Type: Primary

Version: 3.0

Base score: 5.5

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Type: Primary

Version: 2.0

Base score: 4.9

Base severity: MEDIUM

Vector:

AV:L/AC:L/Au:N/C:N/I:N/A:C

CPE Matches

cpe:2.3:o:qualcomm:mdm9150_firmware:-:*:*:*:*:*:*:*

>>mdm9150_firmware>>-

cpe:2.3:h:qualcomm:mdm9150:-:*:*:*:*:*:*:*

>>mdm9150>>-

cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*

>>mdm9206_firmware>>-

cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*

>>mdm9206>>-

cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*

>>mdm9607>>-

cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*

>>mdm9607_firmware>>-

cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*

>>mdm9640>>-

cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*

>>mdm9640_firmware>>-

cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*

>>mdm9650>>-

cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*

>>mdm9650_firmware>>-

cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*

>>msm8909w>>-

cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*

>>msm8909w_firmware>>-

cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*

>>msm8996au>>-

cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*

>>msm8996au_firmware>>-

cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*

>>qcs605>>-

cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*

>>qcs605_firmware>>-

cpe:2.3:o:qualcomm:qm215_firmware:-:*:*:*:*:*:*:*

>>qm215_firmware>>-

cpe:2.3:h:qualcomm:qm215:-:*:*:*:*:*:*:*

>>qm215>>-

cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*

>>sd_210>>-

cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*

>>sd_210_firmware>>-

cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*

>>sd_212>>-

cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*

>>sd_212_firmware>>-

cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*

>>sd_205_firmware>>-

cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*

>>sd_205>>-

cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*

>>sd_425_firmware>>-

cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*

>>sd_425>>-

cpe:2.3:o:qualcomm:sd_439_firmware:-:*:*:*:*:*:*:*

>>sd_439_firmware>>-

cpe:2.3:h:qualcomm:sd_439:-:*:*:*:*:*:*:*

>>sd_439>>-

cpe:2.3:o:qualcomm:sd_429_firmware:-:*:*:*:*:*:*:*

>>sd_429_firmware>>-

cpe:2.3:h:qualcomm:sd_429:-:*:*:*:*:*:*:*

>>sd_429>>-

cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*

>>sd_450_firmware>>-

cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*

>>sd_450>>-

cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*

>>sd_625_firmware>>-

cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*

>>sd_625>>-

cpe:2.3:o:qualcomm:sd_632_firmware:-:*:*:*:*:*:*:*

>>sd_632_firmware>>-

cpe:2.3:h:qualcomm:sd_632:-:*:*:*:*:*:*:*

>>sd_632>>-

cpe:2.3:o:qualcomm:sd_636_firmware:-:*:*:*:*:*:*:*

>>sd_636_firmware>>-

cpe:2.3:h:qualcomm:sd_636:-:*:*:*:*:*:*:*

>>sd_636>>-

cpe:2.3:o:qualcomm:sd_675_firmware:-:*:*:*:*:*:*:*

>>sd_675_firmware>>-

cpe:2.3:h:qualcomm:sd_675:-:*:*:*:*:*:*:*

>>sd_675>>-

cpe:2.3:o:qualcomm:sd_712_firmware:-:*:*:*:*:*:*:*

>>sd_712_firmware>>-

cpe:2.3:h:qualcomm:sd_712:-:*:*:*:*:*:*:*

>>sd_712>>-

cpe:2.3:o:qualcomm:sd_710_firmware:-:*:*:*:*:*:*:*

>>sd_710_firmware>>-

cpe:2.3:h:qualcomm:sd_710:-:*:*:*:*:*:*:*

>>sd_710>>-

cpe:2.3:o:qualcomm:sd_670_firmware:-:*:*:*:*:*:*:*

>>sd_670_firmware>>-

cpe:2.3:h:qualcomm:sd_670:-:*:*:*:*:*:*:*

>>sd_670>>-

cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*

>>sd_820a_firmware>>-

cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*

>>sd_820a>>-

cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*

>>sd_835_firmware>>-

cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*

>>sd_835>>-

Weaknesses

CWE ID	Type	Source
CWE-416	Primary	nvd@nist.gov

CWE ID: CWE-416

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://www.qualcomm.com/company/product-security/bulletins#_CVE-2018-12005	product-security@qualcomm.com	Vendor Advisory

Hyperlink: https://www.qualcomm.com/company/product-security/bulletins#_CVE-2018-12005

Source: product-security@qualcomm.com

Resource:

Vendor Advisory

Similar CVEs

352Records found

CVE-2019-2336

Matching Score-10

Assigner-Qualcomm, Inc.

Matching Score-10

Assigner-Qualcomm, Inc.

CVSS Score-5.5||MEDIUM

EPSS-0.12% / 31.74%

7 Day CHG~0.00%

Published-21 Nov, 2019 | 14:38

Updated-04 Aug, 2024 | 18:49

Subsequent use of the CBO listener may result in further memory corruption due to use after free issue. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in MDM9205, QCS404, SDX55, SM6150, SM7150, SM8150, SXR2130

Product-sm7150_firmware sxr2130 sm6150_firmware sm6150 qcs404 sm8150_firmware sm8150 sxr2130_firmware sdx55_firmware sm7150 mdm9205_firmware mdm9205 qcs404_firmware sdx55 Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

CWE ID-CWE-416

Use After Free

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-10515

Matching Score-10

Assigner-Qualcomm, Inc.

Matching Score-10

Assigner-Qualcomm, Inc.

CVSS Score-5.5||MEDIUM

EPSS-0.04% / 12.75%

7 Day CHG~0.00%

Published-06 Nov, 2019 | 17:11

Updated-04 Aug, 2024 | 22:24

DCI client which might be preemptively freed up might be accessed for transferring packets leading to kernel error in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24

Product-sd_850 mdm9150_firmware sd_632 mdm9640_firmware sd_820a sd_675 msm8996au_firmware sd_439 sd_670_firmware sd_429 sdx24 sdm439 mdm9650 sd_636 msm8909w_firmware msm8996au sd_820 sd_450_firmware sd_845_firmware sd_820a_firmware sd_675_firmware mdm9206 sd_425_firmware sd_665 sdx24_firmware sd_625_firmware sd_450 sd_845 mdm9206_firmware sd_632_firmware sd_835_firmware mdm9650_firmware sd_835 sda660 sd_210_firmware msm8909w sd_665_firmware sd_205_firmware sd_212 sd_427_firmware sd_712 sd_855 sd_730_firmware sdx20 sd_425 sdm660 sd_430_firmware mdm9607_firmware sd_435 sd_710_firmware sdm630 qcs405 sd_625 sd_820_firmware sd_210 mdm9607 sd_636_firmware sd_439_firmware mdm9150 sd_429_firmware sd_730 sd_212_firmware sd_850_firmware sd_855_firmware sdm439_firmware qcs405_firmware sd_712_firmware sdm630_firmware sda660_firmware sd_430 sd_427 sd_670 sd_435_firmware sdx20_firmware sd_710 sd_205 sdm660_firmware mdm9640 Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CWE ID-CWE-416

Use After Free

CVE-2019-2330

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-5.5||MEDIUM

EPSS-0.04% / 12.75%

7 Day CHG~0.00%

Published-25 Jul, 2019 | 16:33

Updated-04 Aug, 2024 | 18:49

improper input validation in allocation request for secure allocations can lead to page fault. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24

Product-sd_850 mdm9150_firmware sd_632 mdm9640_firmware sd_820a sd_675 msm8996au_firmware sd_439 sd_670_firmware sd_429 sdx24 sdm439 mdm9650 sd_636 msm8909w_firmware msm8996au sd_450_firmware sd_845_firmware sd_820a_firmware qcs605_firmware ipq4019_firmware sd_675_firmware sd_425_firmware sd_665 sdx24_firmware sd_625_firmware ipq8074 sd_450 sd_845 qcs605 mdm9640 sd_632_firmware sd_835_firmware mdm9650_firmware sd_835 ipq8064 sda660 msm8909w sd_665_firmware ipq8064_firmware sd_427_firmware sd_712 sd_855 sd_730_firmware qualcomm_215 sdx20 sd_425 sdm660 sd_430_firmware sd_710_firmware sd_435 sdm630 qcs405 sd_625 ipq8074_firmware sd_636_firmware sd_439_firmware qualcomm_215_firmware mdm9150 sd_429_firmware sd_730 sd_850_firmware sdm439_firmware qcs405_firmware sd_712_firmware sdm630_firmware sda660_firmware sd_427 ipq4019 sd_430 sd_670 sd_435_firmware sd_710 sdx20_firmware sdm660_firmware sd_855_firmware Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

CWE ID-CWE-20

Improper Input Validation

CVE-2019-2239

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-5.5||MEDIUM

EPSS-0.04% / 13.30%

7 Day CHG~0.00%

Published-25 Jul, 2019 | 16:33

Updated-04 Aug, 2024 | 18:42

Sanity checks are missing in layout which can lead to SUI Corruption or can lead to Denial of Service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in MDM9150, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8996AU, QCS404, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, Snapdragon_High_Med_2016, SXR1130

Product-sd_850 mdm9150_firmware sd_632 mdm9635m_firmware mdm9640_firmware sd_820a sd_675 msm8996au_firmware sd_439 sd_670_firmware sd_429 sdx24 sdm439 qcs404_firmware mdm9650 sd_636 sd_615_firmware snapdragon_high_med_2016_firmware msm8996au sd_820 sd_650 sd_450_firmware sd_845_firmware sd_410 sd_820a_firmware qcs605_firmware sd_675_firmware mdm9206 sd_652 sd_425_firmware qcs404 sdx24_firmware sd_625_firmware sd_450 mdm9635m sd_8cx_firmware sd_845 mdm9206_firmware qcs605 sd_632_firmware sd_835_firmware mdm9650_firmware sd_835 sda660 sxr1130_firmware sd_210_firmware sd_415_firmware sd_652_firmware sxr1130 sd_616_firmware sd_205_firmware sd_415 sd_212 sd_650_firmware sd_427_firmware sd_712 sd_730_firmware sd_412 qualcomm_215 sdx20 sd_616 sd_425 sdm660 sd_430_firmware mdm9607_firmware sd_435 mdm9655_firmware sd_615 sd_710_firmware sdm630 sd_625 sd_820_firmware sd_210 mdm9607 sd_636_firmware sd_439_firmware qualcomm_215_firmware mdm9150 sd_429_firmware sd_730 snapdragon_high_med_2016 sd_212_firmware sd_850_firmware mdm9655 sdm439_firmware sd_412_firmware sd_712_firmware sdm630_firmware sda660_firmware sd_8cx sd_430 sd_427 sd_670 sd_435_firmware sdx20_firmware sd_710 sd_410_firmware sd_205 sdm660_firmware mdm9640 Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

CWE ID-CWE-129

Improper Validation of Array Index

CVE-2019-2236

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-5.5||MEDIUM

EPSS-0.04% / 13.30%

7 Day CHG~0.00%

Published-25 Jul, 2019 | 16:33

Updated-04 Aug, 2024 | 18:42

Null pointer dereference during secure application termination using specific application ids. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCA8081, QCS605, Qualcomm 215, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

Product-sd_632 sd_820a sd_675 msm8996au_firmware sd_439 sd_670_firmware sd_429 sdm439 mdm9650 sd_636 snapdragon_high_med_2016_firmware msm8996au sd_820 sd_650 sd_450_firmware sd_410 sd_820a_firmware qcs605_firmware sd_675_firmware mdm9206 sd_652 sd_425_firmware sd_625_firmware ipq8074 sd_450 sd_8cx_firmware mdm9206_firmware qcs605 sd_632_firmware sd_835_firmware mdm9650_firmware sd_835 sda660 sxr1130_firmware sd_652_firmware qca8081_firmware sxr1130 sd_650_firmware sd_427_firmware sd_712 sd_730_firmware sd_412 qualcomm_215 sd_425 sdm660 sd_430_firmware mdm9607_firmware sd_435 mdm9655_firmware sd_710_firmware sdm630 sd_625 ipq8074_firmware sd_820_firmware mdm9607 sd_636_firmware sd_439_firmware qualcomm_215_firmware qca8081 sd_429_firmware sd_730 snapdragon_high_med_2016 mdm9655 sdm439_firmware sd_412_firmware sd_712_firmware sdm630_firmware sda660_firmware sd_8cx sd_427 sd_430 sd_670 sd_435_firmware sd_710 sd_410_firmware sdm660_firmware Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

CWE ID-CWE-476

NULL Pointer Dereference

CVE-2017-18301

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-5.5||MEDIUM

EPSS-0.05% / 15.20%

7 Day CHG~0.00%

Published-20 Sep, 2018 | 13:00

Updated-05 Aug, 2024 | 21:20

In Small Cell SoC and Snapdragon (Automobile, Mobile, Wear) in version FSM9055, FSM9955, MDM9607, MDM9640, MDM9650, MSM8909W, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDM630, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, providing the NULL argument of ICE regulator while processing create key IOCTL results in system restart.

Vendor-n/a Qualcomm Technologies, Inc.

CWE ID-CWE-476

NULL Pointer Dereference

CVE-2019-14075

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-5.5||MEDIUM

EPSS-0.04% / 11.86%

7 Day CHG~0.00%

Published-16 Apr, 2020 | 10:46

Updated-05 Aug, 2024 | 00:12

Null pointer dereference issue in radio interface layer due to lack of null check in sapmodule destructor in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9607, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCS605, Rennell, Saipan, SDM450, SDM630, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SM8250, SXR2130

CWE ID-CWE-476

NULL Pointer Dereference

CVE-2019-10616

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-5.5||MEDIUM

EPSS-0.04% / 11.86%

7 Day CHG~0.00%

Published-05 Mar, 2020 | 08:56

Updated-04 Aug, 2024 | 22:31

Possibility of null pointer access if the SPDM commands are executed in the non-standard way in TZ. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8016, MDM9150, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8998, SA6155P, SDX24

CWE ID-CWE-476

NULL Pointer Dereference

CVE-2019-10520

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-5.5||MEDIUM

EPSS-0.04% / 12.75%

7 Day CHG~0.00%

Published-12 Dec, 2019 | 08:30

Updated-04 Aug, 2024 | 22:24

An unprivileged application can allocate GPU memory by calling memory allocation ioctl function and can exhaust all the memory which results in out of memory in Snapdragon Mobile, Snapdragon Voice & Music in QCS405, SD 210/SD 212/SD 205, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855

CWE ID-CWE-772

Missing Release of Resource after Effective Lifetime

CVE-2018-5860

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-5.5||MEDIUM

EPSS-0.01% / 2.55%

7 Day CHG~0.00%

Published-15 Jun, 2018 | 20:00

Updated-16 Sep, 2024 | 23:36

In the MDSS driver in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, a data structure may be used without being initialized correctly.

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-824

Access of Uninitialized Pointer

CVE-2021-35101

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.1||HIGH

EPSS-0.04% / 11.86%

7 Day CHG~0.00%

Published-14 Jun, 2022 | 09:40

Updated-04 Aug, 2024 | 00:33

Improper handling of writes to virtual GICR control can lead to assertion failure in the hypervisor in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile

CWE ID-CWE-617

Reachable Assertion

CVE-2015-9218

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-5.5||MEDIUM

EPSS-0.05% / 13.83%

7 Day CHG~0.00%

Published-18 Apr, 2018 | 14:00

Updated-17 Sep, 2024 | 00:45

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, when processing bad HEVC clips, the DPB fills, and with no error handling for DPB being full, a hang occurs.

CWE ID-CWE-388

Not Available

CVE-2018-11999

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-5.5||MEDIUM

EPSS-0.05% / 13.83%

7 Day CHG~0.00%

Published-18 Jan, 2019 | 22:00

Updated-05 Aug, 2024 | 08:24

Improper input validation in trustzone can lead to denial of service in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 636, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM630, SDM660, SDX24

CWE ID-CWE-20

Improper Input Validation

CVE-2018-11280

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-5.5||MEDIUM

EPSS-0.03% / 8.41%

7 Day CHG~0.00%

Published-18 Sep, 2018 | 18:00

Updated-05 Aug, 2024 | 08:01

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing user-space there is no size validation of the NAT entry input. If the user input size of the NAT entry is greater than the max allowed size, memory exhaustion will occur.

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-20

Improper Input Validation

CVE-2017-18169

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-5.5||MEDIUM

EPSS-0.02% / 3.26%

7 Day CHG~0.00%

Published-15 Jun, 2018 | 20:00

Updated-16 Sep, 2024 | 23:31

User process can perform the kernel DOS in ashmem when doing cache maintenance operation in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-617

Reachable Assertion

CVE-2017-18277

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-5.5||MEDIUM

EPSS-0.11% / 29.60%

7 Day CHG~0.00%

Published-23 Oct, 2018 | 13:00

Updated-05 Aug, 2024 | 21:13

When dynamic memory allocation fails, currently the process sleeps for one second and continues with infinite loop without retrying for memory allocation in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, QCN5502, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835.

CWE ID-CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

CVE-2017-18292

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-5.5||MEDIUM

EPSS-0.05% / 16.59%

7 Day CHG~0.00%

Published-23 Oct, 2018 | 13:00

Updated-05 Aug, 2024 | 21:20

Secure app running in non secure space can restart TZ by calling Widevine app API repeatedly in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A.

CWE ID-CWE-20

Improper Input Validation

CVE-2017-18299

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-5.5||MEDIUM

EPSS-0.05% / 16.59%

7 Day CHG~0.00%

Published-23 Oct, 2018 | 13:00

Updated-05 Aug, 2024 | 21:20

Improper translation table consolidation logic leads to resource exhaustion and QSEE error in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660

CWE ID-CWE-400

Uncontrolled Resource Consumption

CVE-2017-15841

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-5.5||MEDIUM

EPSS-0.11% / 29.60%

7 Day CHG~0.00%

Published-06 May, 2019 | 22:23

Updated-05 Aug, 2024 | 20:04

When HOST sends a Special command ID packet, Controller triggers a RAM Dump and FW reset in Snapdragon Mobile in version SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, Snapdragon_High_Med_2016.

CVE-2021-30294

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-8.4||HIGH

EPSS-0.03% / 9.22%

7 Day CHG~0.00%

Published-09 Sep, 2021 | 07:36

Updated-03 Aug, 2024 | 22:32

Potential null pointer dereference in KGSL GPU auxiliary command due to improper validation of user input in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

Product-qca9377_firmware wcn3991_firmware wcn3991 wsa8830 wcd9380_firmware sa6150p_firmware sa8145p_firmware sd780g wcn6856_firmware sd888 wsa8835 qca6574 wcd9380 sa8150p_firmware sd888_5g qca6595au_firmware sa6155 wcd9370 qca6574a wcn6855_firmware qca6174a sm7325 wcd9335_firmware qca9377 wcn6750 wcd9385_firmware qca6574_firmware wcn6850 sa8155 qca6574a_firmware qca6574au_firmware qca6595au sa6155_firmware sdx12_firmware wcd9375_firmware wcn6740_firmware sd778g sa6155p_firmware qcs6490 qcm6490_firmware sd480_firmware sa8155_firmware wcn6851_firmware wcn3988_firmware qca6574au sa6145p_firmware sa8155p_firmware sd778g_firmware sa8195p wcd9341_firmware sd480 wcn6855 wcn6851 wcd9335 sa6155p wcn6856 sa6145p qca6174a_firmware wcd9385 wcd9341 qca6696_firmware qcs6490_firmware sa8145p wcn6740 qca6696 wcd9375 sd780g_firmware wcd9370_firmware sa8150p sa6150p sd888_firmware sa8155p wsa8830_firmware qcm6490 sd888_5g_firmware wcn3988 wcn6850_firmware wsa8835_firmware sa8195p_firmware sdx12 wcn6750_firmware sm7325_firmware Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

CWE ID-CWE-476

NULL Pointer Dereference

CVE-2021-1935

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.1||HIGH

EPSS-0.04% / 11.86%

7 Day CHG~0.00%

Published-09 Sep, 2021 | 07:35

Updated-03 Aug, 2024 | 16:25

Possible null pointer dereference due to lack of validation check for passed pointer during key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables

Product-qca9377_firmware fsm10055 sm7250 mdm9640_firmware sm6250p_firmware sa6150p_firmware qcs610 qca8337 qca6431_firmware wcn3950_firmware sc8180x\+sdx55 sa8150p_firmware qcs2290 qca6595au_firmware sa6155 qca6335 msm8917 sd_455_firmware csra6620_firmware qcs605_firmware sd_675_firmware csra6640_firmware qcs6125_firmware sd632 msm8108 sa415m wcn3998 wcd9371_firmware msm8108_firmware wcn3950 sm4125 sd720g mdm9628 mdm9206_firmware wcn3660b sd450_firmware qsm8350_firmware qsm8350 sd460_firmware qca4020 qca6574au_firmware wcd9375_firmware wcn3998_firmware sa6155_firmware qca6420 apq8053_firmware qca9367_firmware mdm8207 wcn3999 qrb5165_firmware qcs6125 sa8155_firmware qca4004_firmware sd662_firmware qcs405 qca6430 wcd9306_firmware wcd9340 sd765g qualcomm215_firmware fsm10056_firmware qca4020_firmware qca6436 wcn6851 sa6155p qcs603_firmware msm8937 msm8209_firmware wcn3660_firmware mdm9655 qca6696_firmware pm8937_firmware qca6431 wcd9371 sd870_firmware sd750g wcn3910_firmware sd_8cx sa8150p mdm9207_firmware qca4004 wsa8830_firmware sd855_firmware sd865_5g_firmware sd712 wcn3988 sa8195p_firmware msm8208_firmware wcn6750_firmware sd450 wcn3610 msm8608 mdm9640 wcn3991 qca8337_firmware sda429w_firmware wcd9380_firmware sdm429w wcd9330 msm8996au_firmware qca6564au sdx55m_firmware wcn6856_firmware msm8940_firmware sd670_firmware qca6574 sd632_firmware wcd9380 qualcomm215 qcs410 sd690_5g_firmware sdx50m_firmware qca9379_firmware sdx24_firmware qca6430_firmware qca6335_firmware qcs605 wcd9340_firmware wsa8815 wcn6850 sd7c wcn3910 qca6320 msm8937_firmware mdm9650_firmware sd_8c_firmware qca6426_firmware wcn3660b_firmware wcn3680 sd835 sd730 wcd9330_firmware sdx55m qca6421_firmware wcn6740_firmware msm8953 sd821_firmware sd678_firmware apq8064au_firmware ar8031_firmware wcn3680_firmware qca6234 qrb5165 wcn6851_firmware qcs603 sd670 sd_636_firmware qca6564a_firmware qca6694au_firmware qcm4290_firmware sd480 sd870 wcn6855 sd210_firmware qcs610_firmware qsm8250 sa6145p sdxr1 ar8031 apq8096au qca6595_firmware qcs405_firmware sa8145p mdm8207_firmware sdm630_firmware mdm9205_firmware qca6391_firmware sd820_firmware wcd9370_firmware sd780g_firmware sdx55 apq8053 sa8155p csra6640 sd675 wcn3660 qca9379 qca6234_firmware ar8035_firmware qsm8250_firmware qcm2290 wcn3991_firmware mdm9150_firmware wsa8830 sd678 sa8145p_firmware qcs2290_firmware fsm10056 sm7250_firmware sd7c_firmware csrb31024 mdm9628_firmware mdm9650 sd_636 csra6620 fsm10055_firmware qcs4290 sd765g_firmware qca6420_firmware qca6390_firmware apq8009_firmware sd690_5g sd730_firmware wcd9370 sd675_firmware qca6564 qca6426 qca6584au_firmware qca9377 sd_8cx_firmware wcd9385_firmware sdxr2_5g_firmware sd662 apq8037 sa8155 qca6320_firmware sdx55_firmware qca6595au wcn3999_firmware wcn3610_firmware qca6436_firmware mdm9207 wcd9306 qca6584au sd778g qca6564au_firmware msm8208 sa6155p_firmware qca6310 pm8937 sa515m_firmware sd429 qcs6490 sdxr2_5g qca9367 sdm630 mdm9607_firmware sd821 mdm9655_firmware sa415m_firmware wcn3988_firmware sd205 sd429_firmware qca6421 sd778g_firmware sa6145p_firmware sm6250 sa8195p sd712_firmware apq8017_firmware qca6694 sd765_firmware qca6174a_firmware qcs4290_firmware wcd9385 qcs6490_firmware qca6390 wcd9375 sd750g_firmware aqt1000 ar8035 apq8064au sm6250_firmware sc8180x\+sdx55_firmware qca6694_firmware msm8953_firmware qca6694au sda429w msm8917_firmware sd210 wcn3620_firmware sd820 wsa8815_firmware sd888_5g_firmware qcm6490 wcn6850_firmware wsa8835_firmware wcn3620 apq8017 qcx315 qca6564a qcm6125_firmware qcm2290_firmware sd_675 sd780g sd865_5g qca6595 sdx24 wsa8835 qcx315_firmware msm8996au sdm429w_firmware sd665_firmware sd888_5g sm6250p qca6574a mdm9206 wcn6855_firmware qca6174a qca6310_firmware sm7325 wcn6750 mdm9205 sa515m qca6574_firmware sd855 sm4125_firmware sd665 qca6175a sd765 qca6574a_firmware sd768g_firmware msm8209 sd850_firmware apq8009 sd460 qca6391 sdxr1_firmware aqt1000_firmware msm8920 qcm4290 csrb31024_firmware qcm6490_firmware sdx50m sd480_firmware msm8920_firmware sd_455 qca6574au sa8155p_firmware mdm9607 sd205_firmware qcm6125 mdm9150 wcn6856 sd_8c sd835_firmware qca6564_firmware sd768g wcn6740 qca6696 sd845_firmware msm8608_firmware sa6150p msm8940 apq8096au_firmware sd845 apq8037_firmware sd720g_firmware qcs410_firmware qca6175a_firmware sd850 sm7325_firmware Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables

CWE ID-CWE-476

NULL Pointer Dereference

CVE-2021-1939

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-8.4||HIGH

EPSS-0.03% / 9.22%

7 Day CHG~0.00%

Published-17 Sep, 2021 | 07:05

Updated-03 Aug, 2024 | 16:25

Null pointer dereference occurs due to improper validation when the preemption feature enablement is toggled in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables

Product-qca9377_firmware wcn3991_firmware wsa8830 sd678 sa6150p_firmware sm7250 sa8145p_firmware sm7250_firmware qca6431_firmware wcn3950_firmware sa8150p_firmware sd765g_firmware qca6420_firmware qca6595au_firmware qca6390_firmware apq8009_firmware qca6335 msm8917 sa6155 sd690_5g sd730_firmware wcd9370 qcs605_firmware sd_675_firmware sd675_firmware qca6426 sd632 qca9377 wcn3998 wcd9371_firmware wcd9385_firmware sdxr2_5g_firmware wcn3950 sm4125 wcn3615_firmware qsw8573_firmware wcn3660b sd450_firmware qca4020 sa8155 qca6574au_firmware sdx55_firmware wcn3680b_firmware qca6595au sa6155_firmware wcd9375_firmware wcn3615 msm8909w wcn3998_firmware apq8009w_firmware qca6420 qca6436_firmware apq8053_firmware wcn3610_firmware sd778g sa6155p_firmware qca6310 sd429 sdxr2_5g sa8155_firmware wcn3988_firmware qca6430 sa6145p_firmware sd205 qca6421 sd429_firmware sd778g_firmware wcd9340 sa8195p apq8017_firmware sdm830_firmware wsa8810_firmware qualcomm215_firmware sd765g sd765_firmware qca4020_firmware qca6436 wcd9335 sa6155p wcn6851 qcs603_firmware qca6174a_firmware wcn3660_firmware wcd9385 qca6431 qca6696_firmware wcd9371 sd750g sd870_firmware qca6390 wcd9375 sd750g_firmware aqt1000 sa8150p wcn3910_firmware msm8953_firmware wsa8830_firmware sda429w msm8917_firmware sd210 sd855_firmware sd865_5g_firmware wcn3620_firmware wcn3988 sd888_5g_firmware wcn6850_firmware wcn3620 wsa8815_firmware wsa8835_firmware sa8195p_firmware apq8017 wcn6750_firmware sd450 wcn3610 wcn3991 sda429w_firmware wcd9380_firmware sd_675 sdm429w sd780g sd865_5g sdx24 sdx55m_firmware wcn6856_firmware sd888 qet4101_firmware msm8909w_firmware qca6574 sd632_firmware sd670_firmware sdm429w_firmware sd665_firmware wsa8835 wcd9380 sd888_5g qualcomm215 qca6574a sd690_5g_firmware wcn6855_firmware qca9379_firmware qca6174a sdx24_firmware qca6310_firmware sm7325 qca6430_firmware wcd9335_firmware wcn6750 sd439_firmware qca6335_firmware qsw8573 qca6574_firmware qcs605 wcd9340_firmware sd855 sm4125_firmware wcn6850 sd665 wcn3910 wsa8815 sd765 qca6426_firmware wcn3660b_firmware wcn3680 qca6574a_firmware sd768g_firmware apq8009 qca6391 sd730 sdx55m sdxr1_firmware qca6421_firmware aqt1000_firmware wcn6740_firmware msm8953 sd678_firmware wcn3680_firmware sd480_firmware qcs603 wcn6851_firmware qca6574au sa8155p_firmware sd205_firmware sd670 apq8009w sd480 sd870 wsa8810 wcn6855 sd210_firmware wcn6856 qsm8250 sa6145p wcn3680b sdxr1 sd768g sa8145p wcn6740 qca6696 qca6391_firmware sd845_firmware sd780g_firmware wcd9370_firmware sa6150p sd888_firmware sdx55 apq8053 sa8155p sd675 sd845 sd439 qet4101 sdm830 wcn3660 qca9379 qsm8250_firmware sm7325_firmware Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables

CWE ID-CWE-476

NULL Pointer Dereference

CVE-2019-10513

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-5.5||MEDIUM

EPSS-0.11% / 29.60%

7 Day CHG~0.00%

Published-18 Dec, 2019 | 05:25

Updated-04 Aug, 2024 | 22:24

Possibility of Null pointer access if the SPDM commands are executed in the non-standard way in Trustzone in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ8074, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCS404, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130

Product-mdm9150_firmware apq8096_firmware sdm632_firmware msm8996au_firmware sdm845 sdm450_firmware sdm632 apq8096 sdx24 sdm439 qcs404_firmware mdm9650 sdm429 msm8940_firmware sm7150_firmware sm6150 msm8909w_firmware msm8996au sm7150 apq8009_firmware msm8917 sdm670 sxr2130 qcs605_firmware mdm9206 sdm670_firmware qcs404 sdx24_firmware ipq8074 sdm636 sda845_firmware apq8098 mdm9205 mdm9206_firmware qcs605 msm8937_firmware mdm9650_firmware sdm429_firmware msm8905_firmware sda660 sdx55_firmware sxr1130_firmware qca8081_firmware sxr1130 msm8909w apq8009 msm8909_firmware apq8053_firmware sda845 nicobar sdm850_firmware msm8920 msm8953 sdm450 sdm636_firmware apq8098_firmware msm8998_firmware sdm660 msm8920_firmware sdm630 mdm9607_firmware ipq8074_firmware sdm710 qm215 mdm9607 apq8017_firmware sdm710_firmware qca8081 mdm9150 msm8937 mdm9207c_firmware msm8996_firmware msm8905 mdm9207c sm8150_firmware msm8909 sxr2130_firmware apq8096au sdm439_firmware sdm630_firmware mdm9205_firmware sda660_firmware qm215_firmware sdx55 msm8953_firmware msm8940 sm6150_firmware apq8053 apq8096au_firmware msm8917_firmware msm8998 sm8150 sdm850 apq8017 msm8996 nicobar_firmware sdm660_firmware sdm845_firmware Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

CWE ID-CWE-476

NULL Pointer Dereference

CVE-2018-13920

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 12.33%

7 Day CHG~0.00%

Published-24 May, 2019 | 16:44

Updated-05 Aug, 2024 | 09:21

Use-after-free condition due to Improper handling of hrtimers when the PMU driver tries to access its events in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SD 855, SDM439, SDM630, SDM660, SDX24

CWE ID-CWE-416

Use After Free

CVE-2018-13925

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.46% / 63.79%

7 Day CHG~0.00%

Published-24 May, 2019 | 16:44

Updated-05 Aug, 2024 | 09:21

Error in parsing PMT table frees the memory allocated for the map section but does not reset the context map section reference causing heap use after free issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130

Product-sd_850 sd_632 sd_820a msm8996au_firmware sd_439 sd_670_firmware sd_429 sdm439 mdm9650 sd_636 sd_615_firmware snapdragon_high_med_2016_firmware msm8909w_firmware msm8996au sd_820 sd_650 sd_450_firmware sd_845_firmware sd_820a_firmware qcs605_firmware mdm9206 sd_652 sd_425_firmware sd_625_firmware sd_450 sd_845 mdm9206_firmware qcs605 sd_632_firmware sd_835_firmware mdm9650_firmware sd_835 sda660 sxr1130_firmware sd_210_firmware sd_600 sd_652_firmware sd_415_firmware sxr1130 msm8909w sd_616_firmware sd_205_firmware sd_415 sd_212 sd_650_firmware sd_427_firmware sd_712 sd_855 sdx20 sd_616 sd_425 sdm660 sd_430_firmware mdm9607_firmware sd_435 sd_615 sd_710_firmware sdm630 sd_625 qm215 sd_820_firmware sd_210 mdm9607 sd_636_firmware sd_439_firmware sd_429_firmware snapdragon_high_med_2016 sd_212_firmware sd_850_firmware sdm439_firmware sd_712_firmware sdm630_firmware sda660_firmware qm215_firmware sd_430 sd_427 sd_670 sd_435_firmware sdx20_firmware sd_710 sd_600_firmware sd_205 sdm660_firmware sd_855_firmware Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables

CWE ID-CWE-416

Use After Free

CVE-2018-13899

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.03% / 10.09%

7 Day CHG~0.00%

Published-24 May, 2019 | 16:44

Updated-05 Aug, 2024 | 09:14

Processing messages after error may result in user after free memory fault in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SM7150

CWE ID-CWE-416

Use After Free

CVE-2018-13919

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 12.33%

7 Day CHG~0.00%

Published-14 Jun, 2019 | 17:02

Updated-05 Aug, 2024 | 09:21

Use-after-free vulnerability will occur if reset of the routing table encounters an invalid rule id while processing command to reset in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, QCS405, QCS605, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX20, SDX24

CWE ID-CWE-416

Use After Free

CVE-2018-13905

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.05% / 15.79%

7 Day CHG~0.00%

Published-25 Feb, 2019 | 23:00

Updated-05 Aug, 2024 | 09:14

KGSL syncsource lock not handled properly during syncsource cleanup can lead to use after free issue in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, QCS605, SD 210/SD 212/SD 205, SD 439 / SD 429, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SD 855, SDM439, SDM660, SDX24.

CWE ID-CWE-416

Use After Free

CVE-2018-13900

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.05% / 15.79%

7 Day CHG~0.00%

Published-25 Feb, 2019 | 23:00

Updated-05 Aug, 2024 | 09:14

Use-after-free vulnerability will occur as there is no protection for the route table`s rule in IPA driver in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in versions MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24.

Product-sd_850 mdm9150_firmware mdm9640_firmware sd_820a msm8996au_firmware sd_439 sd_670_firmware sd_429 sdx24 sdm439 mdm9650 sd_636 msm8909w_firmware msm8996au sd_820 sd_450_firmware sd_845_firmware sd_820a_firmware qcs605_firmware mdm9206 sd_425_firmware sdx24_firmware sd_625_firmware sd_450 sd_845 mdm9206_firmware qcs605 mdm9640 sd_835_firmware mdm9650_firmware sd_835 sda660 sd_210_firmware msm8909w sd_205_firmware sd_212 sd_427_firmware sd_712 sd_855 sdx20 sd_425 sdm660 sd_430_firmware mdm9607_firmware sd_435 sd_710_firmware sdm630 sd_625 sd_210 mdm9607 sd_636_firmware sd_820_firmware sd_439_firmware mdm9150 sd_429_firmware sd_212_firmware sd_850_firmware sdm439_firmware sd_712_firmware sdm630_firmware sda660_firmware sd_427 sd_430 sd_670 sd_435_firmware sd_710 sdx20_firmware sd_205 sdm660_firmware sd_855_firmware Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CWE ID-CWE-416

Use After Free

CVE-2018-13889

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.02% / 4.31%

7 Day CHG~0.00%

Published-11 Feb, 2019 | 15:00

Updated-05 Aug, 2024 | 09:14

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Heap memory was accessed after it was freed

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-416

Use After Free

CVE-2018-11984

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.02% / 5.06%

7 Day CHG~0.00%

Published-20 Dec, 2018 | 15:00

Updated-05 Aug, 2024 | 08:24

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition and an out-of-bounds access can occur in the DIAG driver.

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-416

Use After Free

CVE-2018-11843

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.02% / 3.93%

7 Day CHG~0.00%

Published-18 Sep, 2018 | 18:00

Updated-05 Aug, 2024 | 08:17

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack fo check on return value in WMA response handler can lead to potential use after free.

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-416

Use After Free

CVE-2018-12014

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.02% / 4.31%

7 Day CHG~0.00%

Published-11 Feb, 2019 | 15:00

Updated-05 Aug, 2024 | 08:24

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Null pointer dereference vulnerability may occur due to missing NULL assignment in NAT module of freed pointer.

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-416

Use After Free

CWE ID-CWE-476

NULL Pointer Dereference

CVE-2018-11960

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.02% / 5.27%

7 Day CHG~0.00%

Published-20 Dec, 2018 | 15:00

Updated-05 Aug, 2024 | 08:24

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition can occur in the SPS driver which can lead to error in kernel.

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-416

Use After Free

CVE-2018-11983

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.02% / 4.09%

7 Day CHG~0.00%

Published-20 Dec, 2018 | 15:00

Updated-05 Aug, 2024 | 08:24

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Error in kernel observed while accessing freed mask pointers after reallocating memory for mask table.

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-416

Use After Free

CVE-2018-11816

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 12.11%

7 Day CHG~0.00%

Published-26 Nov, 2024 | 13:56

Updated-06 Feb, 2025 | 16:41

Use After Free in Video

Crafted Binder Request Causes Heap UAF in MediaServer

CWE ID-CWE-416

Use After Free

CVE-2024-38415

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.18% / 39.77%

7 Day CHG~0.00%

Published-04 Nov, 2024 | 10:04

Updated-07 Nov, 2024 | 19:41

Use After Free in Computer Vision

Memory corruption while handling session errors from firmware.

CWE ID-CWE-416

Use After Free

CVE-2024-38411

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-6.6||MEDIUM

EPSS-0.03% / 9.77%

7 Day CHG~0.00%

Published-03 Feb, 2025 | 16:51

Updated-11 Aug, 2025 | 15:06

Use After Free in Computer Vision

Memory corruption while registering a buffer from user-space to kernel-space using IOCTL calls.

CWE ID-CWE-416

Use After Free

CVE-2018-11962

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.02% / 5.27%

7 Day CHG~0.00%

Published-11 Feb, 2019 | 15:00

Updated-05 Aug, 2024 | 08:24

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Use-after-free issue in heap while loading audio effects config in audio effects factory.

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-416

Use After Free

CVE-2018-11819

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 12.68%

7 Day CHG~0.00%

Published-14 Jun, 2019 | 17:02

Updated-05 Aug, 2024 | 08:17

Use after issue in WLAN function due to multiple ACS scan requests at a time in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 675, SD 730, SD 820A, SD 835, SD 855, SDA660, SDX20, SDX24

CWE ID-CWE-416

Use After Free

CVE-2024-38412

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-6.6||MEDIUM

EPSS-0.03% / 9.22%

7 Day CHG~0.00%

Published-03 Feb, 2025 | 16:51

Updated-05 Feb, 2025 | 13:58

Use After Free in Computer Vision

Memory corruption while invoking IOCTL calls from user-space to kernel-space to handle session errors.

Product-fastconnect_7800_firmware wsa8840 snapdragon_8_gen_3_mobile_firmware wsa8845_firmware wsa8845h_firmware wsa8845 snapdragon_8_gen_3_mobile wcd9395_firmware wcd9390 wsa8840_firmware wsa8845h wcd9395 fastconnect_7800 wcd9390_firmware Snapdragon

CWE ID-CWE-416

Use After Free

CVE-2019-14117

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 10.73%

7 Day CHG~0.00%

Published-08 Sep, 2020 | 09:31

Updated-05 Aug, 2024 | 00:12

u'Whenever the page list is updated via privileged user, the previous list elements are freed but are not deleted from the list which results in a use after free causing an unhandled page fault exception in rmnet driver' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Bitra, MDM9607, QCS405, Saipan, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

CWE ID-CWE-416

Use After Free

CVE-2024-38402

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.66% / 70.72%

7 Day CHG~0.00%

Published-02 Sep, 2024 | 10:22

Updated-11 Aug, 2025 | 15:06

Use After Free in DSP Services

Memory corruption while processing IOCTL call for getting group info.

CWE ID-CWE-416

Use After Free

CVE-2024-38399

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-8.4||HIGH

EPSS-0.08% / 23.28%

7 Day CHG~0.00%

Published-07 Oct, 2024 | 12:58

Updated-16 Oct, 2024 | 18:17

Use After Free in Graphics

Memory corruption while processing user packets to generate page faults.

Product-qam8255p_firmware snapdragon_8_gen_1_mobile_platform wsa8830 wcd9380_firmware qam8650p qca6595 qam8775p qamsrv1m wsa8835 wcn3950_firmware wcd9380 snapdragon_685_4g_mobile_platform_\(sm6225-ad\)_firmware qca6595au_firmware snapdragon_685_4g_mobile_platform_\(sm6225-ad\)wcd9370 qamsrv1h qam8295p wcn3950 sa8650p qamsrv1h_firmware sa9000p qca6688aq qam8295p_firmware sa9000p_firmware sa8775p qca6574au_firmware sa7255p wcd9375_firmware qca6595au snapdragon_680_4g_mobile_platform_firmware sa8295p fastconnect_7800 sa8620p_firmware sa6155p_firmware sa8775p_firmware sa8650p_firmware qca6698aq fastconnect_6900 srv1h_firmware fastconnect_6900_firmware qca6797aq_firmware qca6574au srv1h sa8155p_firmware sa7775p_firmware sa8195p sa7255p_firmware wsa8810_firmware fastconnect_7800_firmware wsa8810 sa8620p sa8255p_firmware sg4150p sa6155p snapdragon_8_gen_1_mobile_platform_firmware snapdragon_680_4g_mobile_platform qca6698aq_firmware srv1m_firmware sa7775p qamsrv1m_firmware qam8650p_firmware sa8770p_firmware sa8255p qam8775p_firmware qca6696_firmware qca6595_firmware qca6696 qca6797aq wcd9375 wcd9370_firmware sa8155p wsa8830_firmware wsa8835_firmware srv1m sa8195p_firmware sa8295p_firmware qam8255p sg4150p_firmware sa8770p qca6688aq_firmware Snapdragon qam8255p_firmware sa8620p_firmware sa6155p_firmware wcd9380_firmware sa8775p_firmware sa8650p_firmware fastconnect_6900_firmware srv1h_firmware qca6797aq_firmware sa8155p_firmware sa7775p_firmware sa7255p_firmware wcn3950_firmware wsa8810_firmware fastconnect_7800_firmware qca6595au_firmware sa8255p_firmware snapdragon_8_gen_1_mobile_platform_firmware qca6698aq_firmware qamsrv1m_firmware srv1m_firmware qam8650p_firmware sa8770p_firmware qam8775p_firmware qca6696_firmware qca6595_firmware qamsrv1h_firmware wcd9370_firmware wsa8830_firmware qam8295p_firmware sa9000p_firmware wsa8835_firmware qca6574au_firmware sa8195p_firmware wcd9375_firmware sa8295p_firmware sg4150p_firmware snapdragon_680_4g_mobile_platform_firmware qca6688aq_firmware

CWE ID-CWE-416

Use After Free

CVE-2024-38421

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.15% / 35.98%

7 Day CHG~0.00%

Published-04 Nov, 2024 | 10:04

Updated-07 Nov, 2024 | 19:44

Use After Free in Graphics Linux

Memory corruption while processing GPU commands.

Product-qam8255p_firmware wsa8830 qam8650p qam8775p qamsrv1m wsa8840 wcn3950_firmware srv1l_firmware wcn6755_firmware qca6595au_firmware snapdragon_480_5g_mobile_platform video_collaboration_vc3_platform wcd9370 qcs6125_firmware snapdragon_480\+_5g_mobile_platform_firmware snapdragon_480_5g_mobile_platform_firmware qamsrv1h wcd9385_firmware qam8295p wcn7881_firmware wcn3950 fastconnect_6200 qamsrv1h_firmware qca6688aq qam8295p_firmware sa9000p_firmware snapdragon_695_5g_mobile_platform_firmware qca6574au_firmware sa7255p wsa8845h_firmware wcd9375_firmware snapdragon_8_gen_3_mobile_platform qca6595au wcn7860 snapdragon_w5\+_gen_1_wearable_platform_firmware sa8620p_firmware sa6155p_firmware wcn7881 qca6678aq_firmware sa8775p_firmware qcs6490 wsa8840_firmware qca6698aq sm4635 qcs6125 video_collaboration_vc5_platform sm8635 wcn3988_firmware wcn7880_firmware srv1h sa7775p_firmware sa8195p wsa8810_firmware sw5100 wsa8845h wcn6755 wcd9395_firmware sa8255p_firmware sm8750p_firmware sm8750_firmware sa6155p qcs7230 qca6698aq_firmware sa7775p qam8620p wcd9385 sa8770p_firmware sa8255p qam8775p_firmware qca6696_firmware qcs6490_firmware qca6797aq wcd9375 wcd9390 wsa8830_firmware wsa8815_firmware wcn3988 wsa8835_firmware sa8195p_firmware video_collaboration_vc5_platform_firmware sa8295p_firmware wcn7880 sa8770p qcm6125_firmware qca6688aq_firmware sm4635_firmware sw5100p wcd9378_firmware snapdragon_w5\+_gen_1_wearable_platform qca6595 qcs7230_firmware wsa8835 qca6574 snapdragon_4_gen_1_mobile_platform_firmware sm8635_firmware qca6574a video_collaboration_vc3_platform_firmware wcn3980 wsa8845 sa8650p sa9000p qca6574_firmware wsa8815 wsa8845_firmware snapdragon_4_gen_1_mobile_platform qcs8250 sm8750p sa8775p qca6574a_firmware fastconnect_6200_firmware wcn3980_firmware qca6391 sa8295p fastconnect_7800 qca6678aq wcn7861_firmware wsa8832_firmware sa8650p_firmware srv1h_firmware video_collaboration_vc1_platform_firmware qca6797aq_firmware qca6574au sa8155p_firmware srv1l sa7255p_firmware qcs8250_firmware qcm6125 wsa8810 sa8620p wsa8832 fastconnect_7800_firmware sw5100p_firmware srv1m_firmware qamsrv1m_firmware sm8750 qam8650p_firmware wcn7860_firmware qca6595_firmware wcn7861 wcd9395 qca6696 qca6391_firmware wcd9370_firmware wcd9390_firmware snapdragon_8_gen_3_mobile_platform_firmware sa8155p snapdragon_695_5g_mobile_platform video_collaboration_vc1_platform srv1m sw5100_firmware qam8620p_firmware wcd9378 qam8255p snapdragon_480\+_5g_mobile_platform Snapdragon qam8255p_firmware qualcomm_video_collaboration_vc1_platform_firmware sm4635_firmware wcd9378_firmware qcs7230_firmware wcn3950_firmware srv1l_firmware wcn6755_firmware qca6595au_firmware snapdragon_4_gen_1_mobile_platform_firmware sm8635_firmware qcs6125_firmware snapdragon_480_5g_mobile_platform_firmware qualcomm_video_collaboration_vc3_platform_firmware wcd9385_firmware wcn7881_firmware qamsrv1h_firmware qca6574_firmware wsa8845_firmware qam8295p_firmware sa9000p_firmware qca6574a_firmware fastconnect_6200_firmware qca6574au_firmware snapdragon_695_5g_mobile_platform_firmware wcd9375_firmware wsa8845h_firmware wcn3980_firmware sa8620p_firmware sa6155p_firmware qca6678aq_firmware sa8775p_firmware wcn7861_firmware sa8650p_firmware wsa8832_firmware wsa8840_firmware srv1h_firmware qca6797aq_firmware wcn3988_firmware wcn7880_firmware sa8155p_firmware sa7775p_firmware sa7255p_firmware wsa8810_firmware qcs8250_firmware fastconnect_7800_firmware wcd9395_firmware sa8255p_firmware sm8750_firmware sm8750p_firmware sw5100p_firmware qca6698aq_firmware qamsrv1m_firmware srv1m_firmware qam8650p_firmware sa8770p_firmware qam8775p_firmware qca6696_firmware qca6595_firmware qcs6490_firmware wcn7860_firmware qca6391_firmware wcd9370_firmware qualcomm_video_collaboration_vc5_platform_firmware snapdragon_8_gen_3_mobile_platform_firmware wcd9390_firmware wsa8830_firmware wsa8815_firmware wsa8835_firmware sa8195p_firmware sw5100_firmware qam8620p_firmware sa8295p_firmware qca6688aq_firmware qcm6125_firmware

CWE ID-CWE-416

Use After Free

CVE-2018-11281

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.03% / 6.91%

7 Day CHG~0.00%

Published-18 Sep, 2018 | 18:00

Updated-05 Aug, 2024 | 08:01

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while calling IPA_IOC_MDFY_RT_RULE IPA IOCTL, header entry is not checked before use. If IPA_IOC_MDFY_RT_RULE IOCTL called for header entries formerly deleted, a Use after free condition will occur.

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-416

Use After Free

CVE-2018-11258

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.09% / 25.51%

7 Day CHG~0.00%

Published-06 Jul, 2018 | 17:00

Updated-16 Sep, 2024 | 23:02

In ADSP RPC in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, a Use After Free condition can occur in versions MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDX20.

CWE ID-CWE-416

Use After Free

CVE-2022-33292

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.05% / 16.80%

7 Day CHG~0.00%

Published-02 May, 2023 | 05:08

Updated-03 Aug, 2024 | 08:01

Use after free in Qualcomm IPC

Memory corruption in Qualcomm IPC due to use after free while receiving the incoming packet and reposting it.

Product-sm6225 sm6225-ad_firmware wcn3950 wcd9375 wcd9370_firmware sm6225_firmware wcn3988_firmware wcn3950_firmware wcn3988 wsa8810_firmware wsa8810 wcd9375_firmware sm6225-ad sg4150p wcd9370 sg4150p_firmware Snapdragon

CWE ID-CWE-416

Use After Free

CVE-2019-2260

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7||HIGH

EPSS-0.03% / 8.88%

7 Day CHG~0.00%

Published-22 Jul, 2019 | 13:47

Updated-04 Aug, 2024 | 18:42

A race condition occurs while processing perf-event which can lead to a use after free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM439, SDM630, SDM660, SDX20, SDX24, Snapdragon_High_Med_2016, SXR1130

Product-sd_850 mdm9150_firmware sd_632 mdm9640_firmware sd_820a sd_439 sd_670_firmware sd_429 sdx24 sdm439 mdm9650 sd_636 snapdragon_high_med_2016_firmware msm8909w_firmware sd_450_firmware sd_845_firmware sd_820a_firmware qcs605_firmware mdm9206 sd_425_firmware sd_665 sdx24_firmware sd_625_firmware sd_450 sd_845 mdm9206_firmware qcs605 sd_632_firmware sd_835_firmware mdm9650_firmware sd_835 sxr1130_firmware sd_210_firmware sxr1130 msm8909w sd_665_firmware sd_205_firmware sd_212 sd_427_firmware sd_712 sd_855 sd_730_firmware qualcomm_215 sdx20 sd_425 sdm660 sd_430_firmware mdm9607_firmware sd_435 sd_710_firmware sdm630 qcs405 sd_625 sd_210 mdm9607 sd_636_firmware sd_439_firmware qualcomm_215_firmware mdm9150 sd_429_firmware sd_730 snapdragon_high_med_2016 sd_212_firmware sd_850_firmware sd_855_firmware sdm439_firmware qcs405_firmware sd_712_firmware sdm630_firmware sd_430 sd_427 sd_670 sd_435_firmware sdx20_firmware sd_710 sd_205 sdm660_firmware mdm9640 Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CWE ID-CWE-416

Use After Free

CWE ID-CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVE-2019-2263

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 13.35%

7 Day CHG~0.00%

Published-25 Jul, 2019 | 16:33

Updated-04 Aug, 2024 | 18:42

Access to freed memory can happen while reading from diag driver due to use after free issue in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA9531, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDM660, SDX20, Snapdragon_High_Med_2016