Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-13902

Summary
Assigner-qualcomm
Assigner Org ID-2cfc7d3e-20d3-47ac-8db7-1b7285aff15f
Published At-14 Jun, 2019 | 17:02
Updated At-05 Aug, 2024 | 09:14
Rejected At-
Credits

Out of bounds memory read and access due to improper array index validation may lead to unexpected behavior while decoding XTRA file in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:qualcomm
Assigner Org ID:2cfc7d3e-20d3-47ac-8db7-1b7285aff15f
Published At:14 Jun, 2019 | 17:02
Updated At:05 Aug, 2024 | 09:14
Rejected At:
▼CVE Numbering Authority (CNA)

Out of bounds memory read and access due to improper array index validation may lead to unexpected behavior while decoding XTRA file in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130

Affected Products
Vendor
Qualcomm Technologies, Inc.Qualcomm, Inc.
Product
Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Versions
Affected
  • MDM9150, MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130
Problem Types
TypeCWE IDDescription
textN/AImproper Validation of Array Index in GNSS XTRA Parser
Type: text
CWE ID: N/A
Description: Improper Validation of Array Index in GNSS XTRA Parser
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.qualcomm.com/company/product-security/bulletins
x_refsource_CONFIRM
Hyperlink: https://www.qualcomm.com/company/product-security/bulletins
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.qualcomm.com/company/product-security/bulletins
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.qualcomm.com/company/product-security/bulletins
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@qualcomm.com
Published At:14 Jun, 2019 | 17:29
Updated At:17 Jun, 2019 | 15:51

Out of bounds memory read and access due to improper array index validation may lead to unexpected behavior while decoding XTRA file in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.5HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
Qualcomm Technologies, Inc.
qualcomm
>>mdm9150_firmware>>-
cpe:2.3:o:qualcomm:mdm9150_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9150>>-
cpe:2.3:h:qualcomm:mdm9150:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9206_firmware>>-
cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9206>>-
cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9607_firmware>>-
cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9607>>-
cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9615_firmware>>-
cpe:2.3:o:qualcomm:mdm9615_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9615>>-
cpe:2.3:h:qualcomm:mdm9615:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9635m_firmware>>-
cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9635m>>-
cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9640_firmware>>-
cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9640>>-
cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9650_firmware>>-
cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9650>>-
cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9655_firmware>>-
cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9655>>-
cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>msm8909w_firmware>>-
cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>msm8909w>>-
cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>msm8996au_firmware>>-
cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>msm8996au>>-
cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qcs605_firmware>>-
cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qcs605>>-
cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qc_215_firmware>>-
cpe:2.3:o:qualcomm:qc_215_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qc_215>>-
cpe:2.3:h:qualcomm:qc_215:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_210_firmware>>-
cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_210>>-
cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_212_firmware>>-
cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_212>>-
cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_205_firmware>>-
cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_205>>-
cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_425_firmware>>-
cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_425>>-
cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_427_firmware>>-
cpe:2.3:o:qualcomm:sd_427_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_427>>-
cpe:2.3:h:qualcomm:sd_427:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_430_firmware>>-
cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_430>>-
cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_435_firmware>>-
cpe:2.3:o:qualcomm:sd_435_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_435>>-
cpe:2.3:h:qualcomm:sd_435:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_439_firmware>>-
cpe:2.3:o:qualcomm:sd_439_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_439>>-
cpe:2.3:h:qualcomm:sd_439:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_429_firmware>>-
cpe:2.3:o:qualcomm:sd_429_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_429>>-
cpe:2.3:h:qualcomm:sd_429:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_450_firmware>>-
cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_450>>-
cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_625_firmware>>-
cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_625>>-
cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_632_firmware>>-
cpe:2.3:o:qualcomm:sd_632_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_632>>-
cpe:2.3:h:qualcomm:sd_632:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_636_firmware>>-
cpe:2.3:o:qualcomm:sd_636_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_636>>-
cpe:2.3:h:qualcomm:sd_636:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-129Primarynvd@nist.gov
CWE ID: CWE-129
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.qualcomm.com/company/product-security/bulletinsproduct-security@qualcomm.com
Vendor Advisory
Hyperlink: https://www.qualcomm.com/company/product-security/bulletins
Source: product-security@qualcomm.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

221Records found
CVE-2019-10611
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 61.54%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 06:30
Updated-04 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow can occur while processing clip due to lack of check of object size before parsing in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, Nicobar, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm429wsdm632_firmwaresdm845sdm450_firmwaresdm632sdm439sdm429msm8940_firmwaresm6150msm8909w_firmwaresdm429w_firmwareapq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwaremdm9206sdm670_firmwaresda845_firmwareapq8098mdm9206_firmwaremsm8939qcs605msm8937_firmwaresdm429_firmwaremsm8905_firmwaresda660sxr1130_firmwareapq8064_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwaresda845nicobarsa6155p_firmwaremsm8920msm8953sdm450apq8064apq8098_firmwaresdx20sdm660msm8920_firmwaremdm9607_firmwaresm8250_firmwaresdm710qm215mdm9607apq8017_firmwaresdm710_firmwaremsm8939_firmwaresa6155pmsm8937mdm9207c_firmwaremsm8996_firmwaremsm8905mdm9207csm8150_firmwaremsm8909sxr2130_firmwareapq8096ausdm439_firmwaresda660_firmwareqm215_firmwaremsm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaresm8250sm8150sdx20_firmwareapq8017msm8996nicobar_firmwaresdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2019-10594
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.13%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 08:56
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack overflow can occur when SDP is received with multiple payload types in the FMTP attribute of a video M line in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwaremdm9635m_firmwareapq8096_firmwaremdm9640_firmwareqcm2150_firmwaresdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632apq8096sdx24sdm439mdm9650sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996aumdm9645sdm429w_firmwaresm7150apq8009_firmwaremsm8917sdm670qcs605_firmwareapq8076sc8180xmdm9206sdm670_firmwaresdx24_firmwareapq8076_firmwaresdm636sda845_firmwaremdm9635mapq8098mdm9615mdm9206_firmwareqcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaremsm8905_firmwaresda660sdx55_firmwaresxr1130_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwaresda845nicobarsdm850_firmwaremsm8920msm8953sdm450sdm636_firmwaresdm845_firmwareapq8098_firmwaresdx20msm8998_firmwareqcm2150msm8920_firmwaresdm630mdm9607_firmwaresdm660mdm9655_firmwaresc8180x_firmwaresdm710qm215mdm9607mdm9645_firmwareapq8017_firmwaremdm9625_firmwaresdm710_firmwaremdm9150msm8937msm8905sm8150_firmwaremsm8909mdm9655apq8096ausdm439_firmwarerennellsdm630_firmwaresda660_firmwaremdm9625rennell_firmwareqm215_firmwaresdx55msm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaremdm9615_firmwaremsm8998sm8150sdx20_firmwaresdm850apq8017nicobar_firmwaresdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-129
Improper Validation of Array Index
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-10499
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.53%
||
7 Day CHG~0.00%
Published-30 Sep, 2019 | 15:40
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation of read and write index of tx and rx fifo`s before using for data copy from fifo can lead to out-of-bound access. in Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, QCS405, SD 665, SD 675, SD 730, SD 855

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_730sd_855sd_665sd_730_firmwareipq8074sd_675qcs405_firmwareipq4019_firmwareipq4019qcs405ipq8074_firmwareipq8064sd_665_firmwareipq8064_firmwaresd_675_firmwaresd_855_firmwareSnapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2019-10601
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.09% / 27.23%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 05:25
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound access can occur while processing firmware event due to lack of validation of WMI message received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MSM8996AU, Nicobar, QCA6574AU, QCN7605, QCS405, SDM630, SDM636, SDM660, SDM845, SM6150, SM7150, SM8150

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm636_firmwaremsm8996au_firmwaresdm845sdm660sdm630qcs405sm7150_firmwareipq8074_firmwareqca6574ausm6150msm8996ausm7150qcn7605_firmwareipq4019_firmwaresm8150_firmwareipq8074apq8096ausdm636qcs405_firmwaresdm660_firmwaresdm630_firmwareqcn7605ipq4019apq8096au_firmwaresm6150_firmwaresm8150ipq8064qca6574au_firmwarenicobar_firmwareipq8064_firmwarenicobarsdm845_firmwareSnapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2022-40537
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.3||HIGH
EPSS-0.07% / 22.15%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 04:43
Updated-03 Aug, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Validation of Array Index in Bluetooth HOST

Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaresa6150p_firmwareqcs610qca8337wcn3950_firmwaresa8150p_firmwareqcs2290qca6595au_firmwareqca6335msm8917csra6620_firmwareqcs605_firmwaresd_675_firmwarecsra6640_firmwareqcs6125_firmwaresd632msm8108wcn3998msm8108_firmwarewcn3950sm4125sd720gmdm9628sd_8_gen1_5g_firmwarewcn3660bsd450_firmwaresd710_firmwaresd460_firmwaresm7315_firmwarewcn7850qca6574au_firmwarewcd9375_firmwarewcn3998_firmwaremsm8909wapq8009w_firmwareqca6420sdx20msd680_firmwareqrb5165_firmwareqrb5165m_firmwareqcs6125sa8155_firmwaresd662_firmwareqcs405qca6430wcd9340sd626_firmwaresd765gqualcomm215_firmwaresw5100sd680qca6436wcn6851sa6155pwcn7851_firmwaremsm8209_firmwaremdm9250_firmwarewcn3660_firmwarewcd9341qca6696_firmwaresd870_firmwaresd750gwcn3910_firmwaresxr2150p_firmwaresa8150pwsa8830_firmwaresd855_firmwaresd660sd865_5g_firmwaresnapdragon_4_gen_1wcn3988sd660_firmwarewcn7850_firmwaresa8195p_firmwaresm8475msm8208_firmwareqcn7606_firmwarewcn6750_firmwaresd450wcn3610msm8608wcn3991qca8337_firmwarewcd9380_firmwaresdm429wsw5100pmsm8996au_firmwaresd625_firmwareqca6564ausdx55m_firmwarewcn6856_firmwaresd670_firmwareqca6574sd632_firmwarewcd9380qualcomm215qcs410sd690_5g_firmwaresdx50m_firmwaresdx24_firmwareqcn9012_firmwaresd626qca6430_firmwaresd439_firmwarewcd9335_firmwarewcn3980qca6335_firmwareqcs605wcd9340_firmwarewsa8815wcn6850wcn3910qca6320mdm9650_firmwareqca6426_firmwarewcn3660b_firmwarewcn3680sd695sd835wcn3980_firmwaresd730sdx55mqcc5100_firmwarewcn6740_firmwaresd678_firmwareapq8064au_firmwarear8031_firmwarewcn3680_firmwareqrb5165wcn6851_firmwaresd670sd_636_firmwareqca6564a_firmwareapq8009wqcm4290_firmwaresd480sd870wcn6855sw5100p_firmwaresd210_firmwareqcs610_firmwaresa6145psd695_firmwaresdxr1ar8031apq8096auqcs405_firmwaresa8145psdm630_firmwareqca6391_firmwarewcd9370_firmwaresd780g_firmwaresdx55sd888_firmwaresa8155pcsra6640sd675sd439wcn3660sxr2150pqcm2290qcn7606wcn3991_firmwaremdm9150_firmwarewsa8830sd678sa8145p_firmwareqcs2290_firmwaremdm9628_firmwaresnapdragon_4_gen_1_firmwaremdm9650sd_636csra6620qcs4290mdm9250sd765g_firmwareqca6420_firmwareqca6390_firmwareapq8009_firmwaresd690_5gsd730_firmwarewcd9370sd675_firmwaresd625qca6426qca6584au_firmwarewcn3990_firmwareqrb5165n_firmwareqca9377sdw2500_firmwarewcd9385_firmwaresdxr2_5g_firmwarewcd9326_firmwarewcn3615_firmwaresd662qcn9011_firmwaresa8155qca6320_firmwarewcn3680b_firmwaresdx55_firmwarewcn3615qca6595ausm7250p_firmwarewcn3610_firmwareqca6436_firmwareqrb5165nqca6564au_firmwareqca6584ausd778gsa6155p_firmwaremsm8208qca6310wcn7851sd429qcs6490sdxr2_5gsdm630mdm9607_firmwarewcn3988_firmwareqcn9074sd205sd429_firmwaresa6145p_firmwaresd778g_firmwaresm6250sa8195papq8017_firmwarewsa8810_firmwaresd765_firmwarewcd9326wcd9335qca6174a_firmwareqcs4290_firmwarewcd9385qcs6490_firmwareqca6390wcd9375sd750g_firmwareaqt1000apq8064ausm6250_firmwaremsm8917_firmwaresd210wcn3620_firmwaresdx20_firmwarewsa8815_firmwaresd888_5g_firmwareqcm6490wcn6850_firmwarewsa8835_firmwarewcn3620apq8017qca6564aqcm6125_firmwareqcm2290_firmwarewcn3990sd_675sd780gsd865_5gqcc5100sdx24qcn9012sd888msm8909w_firmwarewsa8835msm8996ausdm429w_firmwaresd665_firmwaresd888_5gqca6574awcn6855_firmwareqca6174asm7325pqca6310_firmwarewcn6750qca6574_firmwaresd855sm4125_firmwaresm7325p_firmwaresd665sd765qca6574a_firmwaresd768g_firmwaremsm8209qrb5165msm7315apq8009sd460qca6391sdxr1_firmwareaqt1000_firmwareqcm4290qcm6490_firmwaresdx50msdx20sd480_firmwareqcn9011qca6574ausd710sa8155p_firmwaremdm9607sd205_firmwarewcd9341_firmwaresdx20m_firmwareqcm6125wsa8810mdm9150wcn6856wcn3680bsd835_firmwaresd768gwcn6740qca6696sd845_firmwaremsm8608_firmwaresdw2500sa6150papq8096au_firmwaresd845sm7250psd720g_firmwaresw5100_firmwareqcn9074_firmwareqcs410_firmwareSnapdragon
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2024-45582
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.81%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 16:51
Updated-05 Feb, 2025 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Validation of Array Index in Camera Driver

Memory corruption while validating number of devices in Camera kernel .

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fastconnect_7800_firmwarewsa8840sm8550p_firmwaresm7675wsa8845h_firmwarewcn7881_firmwarewsa8845wcn6650_firmwarewcn7881wcd9380_firmwarewcn6450sm8635pwcn6650sm8635p_firmwarewsa8845_firmwarevideo_collaboration_vc3_platform_firmwarewcd9370wcd9378qcm8550_firmwaresm7675_firmwaresnapdragon_8\+_gen_2_mobilewcn6755_firmwaresm7635_firmwarewsa8835wsa8845hfastconnect_7800wcn6450_firmwaresnapdragon_8_gen_1_mobilesnapdragon_8_gen_2_mobileqcm8550wcd9395_firmwarewcd9378_firmwaresm7635sm7675pfastconnect_6900sm6650_firmwarewcd9375_firmwaresnapdragon_8_gen_1_mobile_firmwaresm7675p_firmwarewcd9385_firmwarewsa8832wcd9390_firmwaresm8635snapdragon_8_gen_3_mobile_firmwarewcd9375sm8635_firmwaresnapdragon_8_gen_3_mobilesm6650wcn7861wcd9380video_collaboration_vc3_platformwsa8830wsa8832_firmwaresnapdragon_8\+_gen_2_mobile_firmwarewcn7861_firmwarewsa8830_firmwarewcn6755fastconnect_6900_firmwareqcs6490snapdragon_8_gen_2_mobile_firmwareqcs6490_firmwaresm8550pwcd9390wcd9385wsa8840_firmwarewcd9395wsa8835_firmwarewcd9370_firmwareSnapdragon
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2022-25720
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.25% / 48.32%
||
7 Day CHG~0.00%
Published-19 Oct, 2022 | 00:00
Updated-09 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3660wcd9340_firmwaresd210_firmwaremdm9250qcs6125_firmwaresw5100pqcn6024sd439wcd9385_firmwarewcn3988_firmwaremdm9615qca6431_firmwaremdm9215qcs610mdm9230_firmwareqam8295p_firmwareqca6174qcs6125sd210msm8976sg_firmwaremdm8615mmdm9206_firmwareapq8096au_firmwaresd460sd_8_gen1_5g_firmwareapq8052wcd9385wcn7850_firmwaresdx55m_firmwaremdm8215mqrb5165n_firmwaresd845wcd9340mdm9615mqcn7606_firmwaremdm9630_firmwaresd730_firmwaremdm9150_firmwareapq8056wcn7850sdx12_firmwaremdm9250_firmwaresw5100p_firmwaresdx55msdx65_firmwareapq8009w_firmwarewcn6851_firmwaresa415mwcd9326sdm429wmdm9628sa8155qca6574_firmwaresd678_firmwareqca6595aumdm8215m_firmwarewcn3680bsa8150pwcn3680_firmwarewcn3660bqca8337_firmwarewcd9330_firmwarewcn7851_firmwaremsm8208_firmwarewsa8835wcn3990_firmwarear8035_firmwareapq8076csra6640sdm429w_firmwareqca6175aqca6320_firmwaresa8195psa6150pqca9367sm4125sd865_5gqca6421_firmwareqca6574asd429_firmwareqca6310_firmwaresd_675wcn3990sdxr2_5gwsa8810_firmwaresd670msm8952wcd9335_firmwarewcn3998_firmwarewsa8815qca6436_firmwaresa6155psa8155psdx55qca6335sdx12mdm9640qca6554a_firmwareqca6564asdx65msm8608qcn7605qca6564a_firmwarewcd9306wcn3660b_firmwarewcd9360qca6391_firmwaresa4155pqca6696_firmwarewcn6855sd710mdm8215_firmwareqca6554aqca4020_firmwarecsrb31024_firmwaremsm8956sa4150psd662_firmwarecsra6640_firmwaresd820sd845_firmwaresdx24sd660qca6174asd450sdxr1_firmwaremsm8976sgqet4101qsw8573sd205sm8475mdm9615m_firmwaremsm8909w_firmwareqca8081aqt1000_firmwaremsm8208wcd9371_firmwaremsm8108_firmwareqcs605apq8009wqca9377wcn3620wcn7851qcn6024_firmwaresa8155_firmwaremdm8215qca9379_firmwarewcn6740qca6431sd730msm8909wsa8145p_firmwaresdx24_firmwareqca6174_firmwarewcn3910_firmwarewcn3910wcd9380_firmwarewcn6740_firmwaremsm8996au_firmwareapq8017_firmwarewcd9370apq8096ausd678qca6574ausa6145pqcc5100_firmwarewsa8815_firmwarewcn3950_firmwaresdxr2_5g_firmwaresd870sw5100qca9377_firmwareqca8081_firmwaremdm9310_firmwaremsm8953_firmwareqca6426_firmwaresa8150p_firmwaresd870_firmwareqcs405_firmwarewcn3950mdm9607wcd9380mdm9150qcs610_firmwareqca9379qcn9024_firmwarewcd9326_firmwareqcm6125_firmwareqcn7606sm4125_firmwareapq8053_firmwareqrb5165_firmwarewcn3615sd662sd675qca6420_firmwareqrb5165sa515m_firmwareqcm6125sd820_firmwarewcd9341msm8917_firmwarewcd9306_firmwaremdm9650_firmwareqca6426qca6335_firmwarewsa8835_firmwaresd821_firmwareapq8056_firmwareqca6390sdw2500sd205_firmwarear6003wcn3980qca6696wcn6856_firmwareqcx315_firmwarewcd9360_firmwaremdm9650qcx315sdx20msa6150p_firmwareqcs605_firmwarewcn3620_firmwarecsrb31024qcc5100sa8295psdxr1mdm9615_firmwaresa4155p_firmwareqca6420qca6174a_firmwareqca8337wcn3999apq8017sdw2500_firmwaresd_675_firmwareqca6430qualcomm215_firmwareqet4101_firmwarewsa8810sd675_firmwaresd865_5g_firmwarewcd9341_firmwarewcn6850ar8031wcn3660_firmwaremdm9628_firmwaremsm8976_firmwaremdm9630qrb5165m_firmwareqca6574a_firmwarewcn3999_firmwaresdx20_firmwareqca6595au_firmwaresd460_firmwaresd439_firmwaresda429wqca6175a_firmwareapq8064ausa8295p_firmwaresw5100_firmwarewcn3610msm8953sd632qca6390_firmwareqca6564au_firmwareqca6574wcn3610_firmwarewcn3998wcd9335mdm8615m_firmwareqca6430_firmwarewcd9330sa415m_firmwareqcs405qca6436aqt1000qca6421qcn7605_firmwaremsm8209apq8076_firmwaresa515msd855_firmwaresdx50msd855wcn6856qcn9024qcs410_firmwareqam8295pmdm9206qca6584wcn6855_firmwaremsm8108qrb5165nsd429mdm9607_firmwaremsm8956_firmwaresa4150p_firmwareapq8009sd835_firmwarewcd9371msm8917mdm9215_firmwareqcs410qca4020qrb5165mapq8009_firmwaresd632_firmwareqca6391qca6595csra6620sd835sd710_firmwarewcn3615_firmwaresd670_firmwaresa6155p_firmwareqca6584auqca6584au_firmwaremsm8209_firmwaresa8195p_firmwareqca6574au_firmwarewcd9370_firmwaresa8155p_firmwaremdm9330wcn3680wcd9375qca6310sdx20m_firmwarear6003_firmwareapq8064au_firmwareapq8053apq8052_firmwareqsw8573_firmwarear8035sda429w_firmwaresd821wsa8830mdm9310msm8952_firmwareqca6564msm8996auwcd9375_firmwarewcn3980_firmwaremsm8608_firmwareqca6320qca6595_firmwarewcn6850_firmwaresd660_firmwaresdx20wcn6851qca6564_firmwaremsm8976mdm9330_firmwareqca9367_firmwarear8031_firmwaremdm9230wcn3988wsa8830_firmwareqca6564auwcn3680b_firmwaresdx55_firmwarecsra6620_firmwarequalcomm215sa8145pqca6584_firmwaresd450_firmwaresdx50m_firmwaresa6145p_firmwaremdm9640_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2018-5914
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.73%
||
7 Day CHG~0.00%
Published-26 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in TZ led to array out of bound in TZ function while accessing the peripheral details using the incoming data in Snapdragon Mobile, Snapdragon Wear version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9206sd_652sd_425_firmwaresd_212_firmwaresd_625_firmwaresd_450sda660_firmwaresd_425sd_430_firmwaremdm9607_firmwaremdm9206_firmwaremdm9650sd_430sd_625sd_210mdm9607sd_835_firmwaremdm9650_firmwaresd_650sd_212sd_835sd_205sd_450_firmwaresda660sd_210_firmwaresd_652_firmwaresd_205_firmwaresd_650_firmwareSnapdragon Mobile, Snapdragon Wear
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2024-45550
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.87%
||
7 Day CHG~0.00%
Published-06 Jan, 2025 | 10:33
Updated-13 Jan, 2025 | 21:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Validation of Array Index in DSP Services

Memory corruption occurs when invoking any IOCTL-calling application that executes all MCDM driver IOCTL calls.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wsa8840_firmwarefastconnect_7800wsa8845hwsa8845h_firmwarefastconnect_7800_firmwarewcd9380_firmwarewcd9385_firmwarefastconnect_6900_firmwarewcd9380wcd9385fastconnect_6900sc8380xp_firmwaresc8380xpwsa8840wsa8845_firmwarewsa8845Snapdragon
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2024-45578
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.59%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 08:32
Updated-09 May, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Validation of Array Index in Camera Driver

Memory corruption while acquire and update IOCTLs during IFE output resource ID validation.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9380_firmwaresnapdragon_429_mobile_firmwarefastconnect_7800_firmwarewcn3620_firmwarewcd9385wsa8835sxr2230p_firmwarewcn3660bwcd9385_firmwaresxr2230pwcn3620sdm429w_firmwarewsa8830wsa8830_firmwarewsa8835_firmwaresxr2250p_firmwarewcd9380snapdragon_8_gen_1_mobile_firmwaresnapdragon_429_mobilefastconnect_6900sdm429wfastconnect_6900_firmwaresnapdragon_8_gen_1_mobilewsa8832_firmwarewsa8832wcn3660b_firmwarefastconnect_7800sxr2250pSnapdragon
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2018-5838
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.48%
||
7 Day CHG~0.00%
Published-06 Jul, 2018 | 17:00
Updated-16 Sep, 2024 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Validation of Array Index In the adreno OpenGL driver in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur in SurfaceFlinger.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_820amsm8996au_firmwaresdx20sd_415sd_616sd_425sd_430_firmwaremdm9607_firmwaresd_615mdm9650sd_650_firmwaresd_625sd_615_firmwaremsm8909w_firmwaremdm9607msm8996ausd_210sd_650sd_820_firmwaresd_820sd_450_firmwaresd_800sd_845_firmwaresd_617sd_820a_firmwaremdm9206sd_652sd_425_firmwaresd_212_firmwaresd_800_firmwaresd_625_firmwaresd_450sd_845mdm9206_firmwaresd_430sd_810sd_835_firmwaremdm9650_firmwaresdx20_firmwaresd_600_firmwaresd_205sd_835sd_210_firmwaresd_600sd_415_firmwaresd_652_firmwaremsm8909wsd_810_firmwaresd_616_firmwaresd_205_firmwaresd_212sd_617_firmwareSnapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2022-25711
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 5.69%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-22 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption in camera due to improper validation of array index in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9380_firmwarewcd9340_firmwareqca6595au_firmwarequalcomm215_firmwarewsa8835mdm9150_firmwaresdx55msd855_firmwarewcn3998wcn6850_firmwaresdx55wsa8810_firmwareqca8337_firmwarewsa8815_firmwaresa8150pqca6696wcn3610_firmwarewcn7850qca6436qca6426_firmwarewcn3660bqca6574auwcn7850_firmwarewcn3660b_firmwaresa6150pqcs410_firmwaresd205_firmwaresa8155pwsa8810sa6145p_firmwaresd210wcd9341_firmwarewsa8830sw5100p_firmwarewcn6856wsa8815qca6390sda429w_firmwarewcn3680baqt1000_firmwaresa6155pwsa8835_firmwaresa8150p_firmwareqca6430sa8145p_firmwaresw5100sd855wcn7851_firmwareqca6391wcn3998_firmwarewcd9340wcn6850sa8145pwcn6851sdx55_firmwarewcn3950wcd9370_firmwaresdxr2_5g_firmwareqca6420_firmwaresa8195psda429wqcc5100_firmwaresd210_firmwarewsa8830_firmwareqca8337sd_8_gen1_5g_firmwarewcn3680b_firmwaresdxr2_5gsd865_5g_firmwarewcd9341wcn3980_firmwareqca6574au_firmwarewcn6851_firmwareqcs610qcs610_firmwarequalcomm215sa6155p_firmwareqca6391_firmwareqcn9074_firmwareqcn9074sd205sa8155p_firmwareqcc5100wcd9380sa6145pwcn3610sw5100_firmwareqca6430_firmwaresa6150p_firmwareqca6696_firmwaresd865_5gwcn6856_firmwaresd870qca6426sdx55m_firmwareaqt1000sm8475wcn3950_firmwarewcn3988mdm9150qca6390_firmwarewcn6855_firmwareqca6420wcn6855wcn3988_firmwarewcn7851qcs8155_firmwaresd870_firmwareqcs8155sw5100pqca6436_firmwaresa8195p_firmwareqca6595auwcd9370qcs410wcn3980Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2018-5894
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 52.57%
||
7 Day CHG~0.00%
Published-06 Jul, 2018 | 17:00
Updated-16 Sep, 2024 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Validation of Array Index in Multimedia While parsing an mp4 file in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_820amsm8996au_firmwaresdx20sd_415sd_616sd_425sd_430_firmwaremdm9607_firmwaresd_615mdm9650sd_650_firmwaresd_625sd_615_firmwaremsm8909w_firmwaremdm9607msm8996ausd_210sd_650sd_820_firmwaresd_820sd_450_firmwaresd_845_firmwaresd_617sd_820a_firmwaremdm9206sd_652sd_425_firmwaresd_212_firmwaresd_625_firmwaresd_450sd_845mdm9206_firmwaresd_430sd_835_firmwaremdm9650_firmwaresdx20_firmwaresd_600_firmwaresd_205sd_835sd_210_firmwaresd_600sd_415_firmwaresd_652_firmwaremsm8909wsd_616_firmwaresd_205_firmwaresd_212sd_617_firmwareSnapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-129
Improper Validation of Array Index
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-3576
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.03%
||
7 Day CHG~0.00%
Published-12 Jun, 2018 | 20:00
Updated-16 Sep, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

improper validation of array index in WiFi driver function sapInterferenceRssiCount() leads to array out-of-bounds access in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2022-22099
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.05% / 16.02%
||
7 Day CHG~0.00%
Published-02 Sep, 2022 | 11:31
Updated-03 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption in multimedia due to improper validation of array index in Snapdragon Auto

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa8540psa9000psa8540p_firmwaresa9000p_firmwareSnapdragon Auto
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2018-13913
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.18%
||
7 Day CHG~0.00%
Published-25 Feb, 2019 | 23:00
Updated-05 Aug, 2024 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation of array index can lead to unauthorized access while processing debugFS in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in version MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9150_firmwaremdm9640_firmwaresnapdragon_internet_of_thingssd_820amsm8996au_firmwaresd_439snapdragon_mobile_firmwaresd_670_firmwaresd_429sdx24sdm439mdm9650sd_636sd_615_firmwaremsm8909w_firmwaremsm8996ausd_650sd_845_firmwaresd_820a_firmwareqcs605_firmwaremdm9206sd_652snapdragon_industrial_internet_of_things_firmwaresd_425_firmwaresnapdragon_auto_firmwaresnapdragon_mobilesdx24_firmwaresd_625_firmwaresnapdragon_voice_\&_music_firmwaresnapdragon_consumer_internet_of_thingssd_845mdm9206_firmwareqcs605snapdragon_autosnapdragon_voice_\&_musicsd_835_firmwaremdm9650_firmwaresd_835sda660sd_210_firmwaresd_415_firmwaresd_652_firmwaremsm8909wsd_616_firmwaresd_205_firmwaresd_415sd_212sd_650_firmwaresd_712snapdragon_consumer_internet_of_things_firmwaresd_855sdx20sd_616sd_425sdm660sdm630mdm9607_firmwaresd_615sd_710_firmwaresd_625sd_210mdm9607sd_636_firmwaresd_439_firmwaremdm9150sd_429_firmwaresd_212_firmwaresd_850_firmwaresd_855_firmwaresdm439_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaresnapdragon_internet_of_things_firmwaresd_670sdx20_firmwaresd_710sd_205sdm660_firmwaresnapdragon_industrial_internet_of_thingsmdm9640Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2018-11996
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.04%
||
7 Day CHG~0.00%
Published-28 Nov, 2018 | 15:00
Updated-05 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When a malformed command is sent to the device programmer, an out-of-bounds access can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600, SD 820, SD 820A, SD 835, SDA660, SDX20, SDX24.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_820amsm8996au_firmwaresdx20sdx24mdm9607_firmwaremdm9655_firmwaremdm9650msm8909w_firmwaremdm9607msm8996ausd_210sd_820_firmwaresd_820sd_820a_firmwaremdm9206sd_212_firmwaresdx24_firmwaremdm9655sda660_firmwaremdm9206_firmwaresd_835_firmwaremdm9650_firmwaresdx20_firmwaresd_600_firmwaresd_205sd_835sda660sd_210_firmwaresd_600msm8909wsd_205_firmwaresd_212Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2018-11948
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 17.30%
||
7 Day CHG~0.00%
Published-25 Feb, 2019 | 23:00
Updated-05 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Exceeding the limit of usage entries are not tracked and the information will be lost causing the content to lose continuity in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in versions MSM8996AU, QCS605, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_427_firmwaresd_712sd_850sd_632sd_820asd_412sd_675msm8996au_firmwaresd_439sd_670_firmwaresd_425sd_429sdm660sd_430_firmwaresd_710_firmwaresd_435sd_636sdm439sdm630sd_625snapdragon_high_med_2016_firmwaresd_820_firmwaremsm8996ausd_636_firmwaresd_820sd_450_firmwaresd_845_firmwaresd_410sd_439_firmwaresd_820a_firmwaresd_429_firmwareqcs605_firmwaresd_675_firmwaresd_425_firmwaresnapdragon_high_med_2016sd_850_firmwaresd_625_firmwaresd_450sdm439_firmwaresd_412_firmwaresd_712_firmwaresdm630_firmwaresd_8cx_firmwaresda660_firmwaresd_845sd_8cxsd_427qcs605sd_430sd_670sd_435_firmwaresd_632_firmwaresd_835_firmwaresd_710sd_410_firmwaresd_835sda660sxr1130_firmwaresxr1130sdm660_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2018-11903
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.08%
||
7 Day CHG~0.00%
Published-19 Sep, 2018 | 14:00
Updated-05 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from caller function used as an array index for WMA interfaces can lead to OOB write in WLAN HOST.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-129
Improper Validation of Array Index
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-11883
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.08%
||
7 Day CHG~0.00%
Published-19 Sep, 2018 | 14:00
Updated-05 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in policy mgr unit test if mode parameter in wlan function is given an out of bound value it can cause an out of bound access while accessing the PCL table.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2018-11891
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-8.8||HIGH
EPSS-0.44% / 62.19%
||
7 Day CHG~0.00%
Published-19 Sep, 2018 | 14:00
Updated-05 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on the length of array while accessing can lead to an out of bound read in WLAN HOST function.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2018-11899
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.01%
||
7 Day CHG~0.00%
Published-11 Feb, 2019 | 15:00
Updated-05 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

While processing radio connection status change events, Radio index is not properly validated in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Voice & Music in versions MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9640_firmwaresd_820asd_675msm8996au_firmwaresd_439sd_670_firmwaresd_429sdx24sdm439mdm9650sd_636msm8996ausd_820sd_650sd_450_firmwaresd_845_firmwaresd_820a_firmwaresd_675_firmwaremdm9206sd_652sd_425_firmwaresdx24_firmwaresd_625_firmwaresd_450sd_845mdm9206_firmwaremdm9640sd_835_firmwaremdm9650_firmwaresd_835sda660sd_210_firmwaresd_652_firmwaresd_205_firmwaresd_650_firmwaresd_212sd_427_firmwaresd_712sd_855sdx20sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435sd_710_firmwaresdm630sd_625sd_210mdm9607sd_636_firmwaresd_820_firmwaresd_439_firmwaresd_429_firmwaresd_212_firmwaresd_850_firmwaresdm439_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaresd_427sd_430sd_670sd_435_firmwaresd_710sdx20_firmwaresd_205sdm660_firmwaresd_855_firmwareSnapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2018-11902
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.49%
||
7 Day CHG~0.00%
Published-19 Sep, 2018 | 14:00
Updated-05 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to OOB access in WLAN HOST.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2018-11827
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.19%
||
7 Day CHG~0.00%
Published-18 Sep, 2018 | 18:00
Updated-05 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper validation of array index in WMA roam synchronization handler can lead to OOB write.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2018-11267
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.04%
||
7 Day CHG~0.00%
Published-20 Sep, 2018 | 13:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, when sending an malformed XML data to deviceprogrammer/firehose it may do an out of bounds buffer write allowing a region of memory to be filled with 0x20.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9640_firmwaresdm632_firmwaresd430msm8996au_firmwaresd625_firmwaresdm632sd650_firmwaresd600sdm439mdm9650sdm429sd616_firmwaresd616sd820a_firmwaresnapdragon_high_med_2016_firmwaremsm8996ausd652sd412sd427_firmwaresd625mdm9206sd435_firmwaresd600_firmwaresdm636sd427mdm9615mdm9206_firmwaresd430_firmwaresd450_firmwaresd615mdm9640sdm429_firmwaremdm9650_firmwaresda660sd835sd820asd850_firmwaresd617sdm636_firmwaresdx20sdm660sdm630mdm9607_firmwaremdm9655_firmwaresd425_firmwaresd205sd617_firmwaremdm9607sd205_firmwaresd410_firmwaresd652_firmwaresd615_firmwaresd425sd210_firmwaresd435sd212_firmwaresd835_firmwaresnapdragon_high_med_2016mdm9655sdm439_firmwaresd412_firmwaresd212sdm630_firmwaresd820_firmwaresda660_firmwaresd415sd845_firmwaresd845sd210mdm9615_firmwaresd820sdx20_firmwaresd415_firmwaresd650sd450sdm660_firmwaresd850sd410Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2018-11288
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.73%
||
7 Day CHG~0.00%
Published-18 Jan, 2019 | 22:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible undefined behavior due to lack of size check in function for parameter segment_idx can lead to a read outside of the intended region in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDX24, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_712sd_850sd_820asd_412msm8996au_firmwaresd_670_firmwaresdx24mdm9607_firmwaresd_710_firmwaremdm9655_firmwaremdm9650sd_210mdm9607msm8996ausd_820_firmwaresd_820sd_845_firmwaresd_410sd_820a_firmwaremdm9206sd_212_firmwaresd_850_firmwaresdx24_firmwaremdm9655sd_412_firmwaresd_712_firmwaresd_845mdm9206_firmwaresd_670sd_835_firmwaremdm9650_firmwaresd_710sd_410_firmwaresd_835sd_205sxr1130_firmwaresd_210_firmwaresxr1130sd_205_firmwaresd_212Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2018-11269
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.96%
||
7 Day CHG~0.00%
Published-20 Sep, 2018 | 13:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016, a potential buffer overflow exists when parsing TFTP options.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9635m_firmwaremdm9640_firmwaresd810sdm632_firmwaremsm8996au_firmwaresd430sd625_firmwaresdm632sd650_firmwaresdm439mdm9650sdm429sd820a_firmwaremsm8909w_firmwaremsm8996aumdm9645sd652sd427_firmwaresd625mdm9206sd435_firmwaresdm636sd427mdm9635mmdm9206_firmwaresd430_firmwaresd450_firmwaresdm429_firmwaremdm9650_firmwaresda660sd835sd820asd850_firmwaremsm8909wsdm636_firmwaresdx20sdm660sdm630mdm9607_firmwaremdm9655_firmwaresd425_firmwaresd205sdm710mdm9607sd205_firmwaremdm9645_firmwaresdm710_firmwaresd652_firmwaresd425sd210_firmwaresd435sd212_firmwaresd835_firmwaremdm9655sdm439_firmwaresd212sd810_firmwaresdm630_firmwaresd820_firmwaresda660_firmwaresd845_firmwaresd845sd210sd820sdx20_firmwaresd650sd450sdm660_firmwaresd850mdm9640SSnapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2018-11299
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.19%
||
7 Day CHG~0.00%
Published-18 Sep, 2018 | 18:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when WLAN FW has not filled the vdev id correctly in stats events then WLAN host driver tries to access interface array without proper bound check which can lead to invalid memory access and as a side effect kernel panic or page fault.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2018-11268
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.96%
||
7 Day CHG~0.00%
Published-20 Sep, 2018 | 13:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016, a potential buffer overflow exists when parsing TFTP options.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9635m_firmwaremdm9640_firmwaresd810sdm632_firmwaremsm8996au_firmwaresd430sd625_firmwaresdm632sd650_firmwaresdm439mdm9650sdm429sd820a_firmwaremsm8909w_firmwaremsm8996aumdm9645sd652sd427_firmwaresd625mdm9206sd435_firmwaresdm636sd427mdm9635mmdm9206_firmwaresd430_firmwaresd450_firmwaresdm429_firmwaremdm9650_firmwaresda660sd835sd820asd850_firmwaremsm8909wsdm636_firmwaresdx20sdm660sdm630mdm9607_firmwaremdm9655_firmwaresd425_firmwaresd205sdm710mdm9607sd205_firmwaremdm9645_firmwaresdm710_firmwaresd652_firmwaresd425sd210_firmwaresd435sd212_firmwaresd835_firmwaremdm9655sdm439_firmwaresd212sd810_firmwaresdm630_firmwaresd820_firmwaresda660_firmwaresd845_firmwaresd845sd210sd820sdx20_firmwaresd650sd450sdm660_firmwaresd850mdm9640Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2018-11263
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-8.8||HIGH
EPSS-0.07% / 23.10%
||
7 Day CHG~0.00%
Published-06 Sep, 2018 | 14:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all Android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, radio_id is received from the FW and is used to access the buffer to copy the radio stats received for each radio from FW. If the radio_id received from the FW is greater than or equal to maximum, an OOB write will occur. On supported Google Pixel and Nexus devices, this has been addressed in security patch level 2018-08-05.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2021-35121
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 8.70%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 09:40
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An array index is improperly used to lock and unlock a mutex which can lead to a Use After Free condition In the Synx driver in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcm2290_firmwarewcn3991_firmwarewcn3991wsa8830wcd9380_firmwareqcs2290_firmwaresd865_5gsdx55m_firmwarewsa8835qcs4290wcn3950_firmwarewcd9380sd765g_firmwareqcs2290qca6390_firmwaresd690_5gwcd9370sd690_5g_firmwareqca6426qrb5165n_firmwarewcn3998wcd9385_firmwaresdxr2_5g_firmwarewcn3950wcd9326_firmwarewcn3615_firmwarewsa8815wcn6850sd662wcn3910sd460_firmwaresd765qca6426_firmwarewcn3680b_firmwaresd768g_firmwarewcd9375_firmwarewcn3615wcn3998_firmwareqrb5165msm7250p_firmwaresd460qca6391sdx55mapq8053_firmwareqca6436_firmwareqrb5165nsd680_firmwaremsm8953qcm4290qrb5165_firmwareqrb5165m_firmwaresdxr2_5gqrb5165wcn6851_firmwaresd662_firmwarewcn3988_firmwarewsa8810_firmwaresd765gqcm4290_firmwaresd765_firmwaresd870qca6436sd680wcd9326wcn6851wsa8810wcn3680bqcs4290_firmwarewcd9385sd768gsd750gsd870_firmwareqca6391_firmwareqca6390wcd9375sd750g_firmwarewcn3910_firmwarewcd9370_firmwaremsm8953_firmwareapq8053wsa8830_firmwaresd865_5g_firmwarewcn3988wcn6850_firmwarewsa8815_firmwarewsa8835_firmwaresm7250pqcm2290Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2021-35072
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.15% / 35.56%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 09:50
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer overflow due to improper validation of array index while processing external DIAG command in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaremdm9150_firmwarewsa8830mdm9640_firmwareqcs2290_firmwaremdm9628_firmwaremdm9650qcs4290wcn3950_firmwaremdm9250qcs2290apq8009_firmwaremsm8917wcd9370sd632wcn3990_firmwaremsm8108qca9377wcn3998sdw2500_firmwaremsm8108_firmwarewcn3950sm4125mdm9628wcd9326_firmwaremdm9206_firmwarewcn3615_firmwarewcn3660bsd450_firmwaresd662sd460_firmwareapq8037qca6320_firmwareqca6584qca6574au_firmwarewcn3680b_firmwarewcd9375_firmwaresdx12_firmwarewcn3615wcn3998_firmwaremsm8909wapq8009w_firmwarewcn3610_firmwareapq8053_firmwareqca6564au_firmwaresd680_firmwareqca6310msm8208qca9367_firmwaresd429qca9367sd662_firmwaremdm9607_firmwaresd821wcn3988_firmwaresd429_firmwarewcd9340apq8017_firmwarewsa8810_firmwarequalcomm215_firmwaresw5100sd680wcd9326wcd9335msm8937msm8209_firmwareqca6174a_firmwaremdm9250_firmwareqcs4290_firmwarewcd9341wcn3660_firmwarewcn3910_firmwarewcd9375msm8953_firmwarewsa8830_firmwaremsm8917_firmwaresd210wcn3620_firmwaresd820wcn3988wsa8815_firmwarewsa8835_firmwarewcn3620apq8017msm8208_firmwareqca6564asd450wcn3610msm8608qcm2290_firmwaremdm9640wcn3990sdm429wmsm8996au_firmwaresw5100pwcd9330qca6564aumsm8940_firmwaremsm8909w_firmwareqca6574msm8996ausd632_firmwaresdm429w_firmwarewsa8835qualcomm215qca6574amdm9206qca9379_firmwareqca6174aqca6310_firmwarewcd9335_firmwarewcn3980sd439_firmwareqca6574_firmwarewcd9340_firmwaresm4125_firmwarewsa8815wcn3910qca6320qca6584_firmwaremsm8937_firmwaremdm9650_firmwarewcn3660b_firmwarewcn3680qca6574a_firmwaresd835msm8209wcn3980_firmwareapq8009sd460wcd9330_firmwaremsm8920msm8953sd821_firmwareqcm4290wcn3680_firmwaremsm8920_firmwareqca6574aumdm9607qca6564a_firmwareapq8009wwcd9341_firmwareqcm4290_firmwarewsa8810sw5100p_firmwaresd210_firmwaremdm9150wcn3680bsd835_firmwareapq8096ausd820_firmwaremsm8608_firmwarewcd9370_firmwaresdw2500msm8940apq8053apq8096au_firmwareapq8037_firmwaresd439sdx12sw5100_firmwarewcn3660qca9379qcm2290Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2017-18309
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.1||HIGH
EPSS-0.05% / 15.45%
||
7 Day CHG~0.00%
Published-26 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A micro-core of QMP transportation may cause a macro-core to read from or write to arbitrary memory in Snapdragon Mobile in version SD 845, SD 850.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850_firmwaresd_845sd_850sd_845_firmwareSnapdragon Mobile
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2021-30325
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 13.72%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 10:40
Updated-03 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible out of bound access of DCI resources due to lack of validation process and resource allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaresa6150p_firmwareqcs610ipq4028_firmwareqcn5550qca8337ar9380ipq8173_firmwareqcn5124qca4024_firmwarewcn3950_firmwareipq8078aipq5028_firmwaresa8150p_firmwareqca6595au_firmwaresa6155qcn5064csra6620_firmwareqcs605_firmwarecsra6640_firmwarewcn3998wcn3950qcn6024_firmwareipq8076amdm9206_firmwarewcn3660bsd460_firmwareqca6428qca6574au_firmwareqcn5164_firmwareipq8071wcd9375_firmwareqca8081_firmwarewcn3998_firmwaresa6155_firmwareqca6438_firmwareqca9986ipq8070_firmwareqca9367_firmwareipq8065ipq8078a_firmwarewcn3999qrb5165_firmwareipq5028qca7500ipq8072_firmwareipq4029_firmwareqrb5165m_firmwaresa8155_firmwareipq6010sd662_firmwareipq8068qcs405wcd9340qcn6132sd765gqualcomm215_firmwareqca6436wcn6851sa6155pqcs603_firmwareqca9888_firmwareqcn6122wcd9341ipq8068_firmwareqca6696_firmwaresd870_firmwareqca9988_firmwareqcn5154_firmwaresa8150pqca9992_firmwaresd865_5g_firmwarewcn3988qca6438sa8195p_firmwareqcn5121qcn5022_firmwareqca9898ipq4028wcn3610qca6428_firmwareipq5018_firmwareqca9985_firmwarewcn3991ipq4018_firmwareqca8337_firmwaresda429w_firmwarewcd9380_firmwareipq8072aqca7500_firmwareqca9980_firmwarewcd9330ipq8076a_firmwareipq8078qca6564ausdx55m_firmwareipq8173qcn5164qca9558qca6574csr8811_firmwarewcd9380qualcomm215qcn5054_firmwareqcs410qcn5024ipq4019_firmwareqca8072_firmwareqca9985qcn9012_firmwarewcd9335_firmwareqcn5052_firmwarewcn3980ipq6018_firmwareqcs605wcd9340_firmwarewsa8815wcn6850pmp8074_firmwareqca9986_firmwareqca6426_firmwarewcn3660b_firmwareqca9984ipq6028ipq8064qcn9024pmp8074wcn3980_firmwareqcn5550_firmwarewcd9330_firmwaresdx55mipq8064_firmwareqcn5064_firmwarear8031_firmwareipq8078_firmwareqcn5054qrb5165wcn6851_firmwareqcs603ipq8070qcn5502qca9994qca9980qcn9024_firmwareipq8174_firmwareqca6564a_firmwareqca9880sd870qcn5121_firmwaresd210_firmwareqcs610_firmwaresa6145pipq6018qca9886_firmwarear8031apq8096auqcs405_firmwaresa8145pqca6391_firmwareqca4024wcd9370_firmwaresdx55qcn5021_firmwaresa8155pcsra6640qca9531_firmwarear8035_firmwareqcn5024_firmwarewcn3991_firmwaremdm9150_firmwareqcn9070sa8145p_firmwareqca9563_firmwarecsra6620qcn9072qca9880_firmwareqca9992sd765g_firmwareqca6390_firmwareipq6000wcd9370ipq8072qcn5152_firmwareqca6564qca6426wcn3990_firmwareqrb5165n_firmwareqcn9000_firmwareqca9984_firmwareqca9377ipq5018wcd9385_firmwaresdxr2_5g_firmwareqca9563ipq8074asd662qcn5124_firmwaresa8155qcn5122_firmwaresdx55_firmwareqca6595auqcn6023_firmwarewcn3999_firmwaresm7250p_firmwarewcn3610_firmwareqca6436_firmwareqrb5165nipq5010qca6564au_firmwaresa6155p_firmwaresm6225ipq8174qca9990sdxr2_5gqcn5052qca9367wcn3988_firmwareqcn9074sd205sa6145p_firmwaresa8195pwsa8810_firmwaresd765_firmwarewcd9335qca8081qcn6023ipq8071aipq8071a_firmwarewcd9385qca6390qca9898_firmwarewcd9375ar8035csr8811ipq4019qcn9100_firmwaresda429wsd210wcn3620_firmwareipq5010_firmwareipq8074a_firmwarewsa8815_firmwarewcn6850_firmwarewcn3620qca6564aqca9988qca8072wcn3990qcn9000sd865_5gar9380_firmwareqcn9012qca9558_firmwareqcn6122_firmwareipq8065_firmwaresd665_firmwareqcn5154qca8075_firmwareipq4018qca6574aipq6005_firmwaremdm9206qca9889qcn6132_firmwareqca9888ipq8074qca9994_firmwareipq8070a_firmwareipq8076_firmwareqca6574_firmwareqca9886qcn5502_firmwaresd665ipq8076sd765qca6574a_firmwareqcn5021qcn5152sd768g_firmwareqrb5165msd460qca6391ipq6005qcn9100qcn9070_firmwareipq6028_firmwareipq8072a_firmwaresm6225_firmwareqca9531ipq8074_firmwareqca6574auqca9889_firmwaresa8155p_firmwareqcn5122sd205_firmwarewcd9341_firmwarewsa8810mdm9150qcn5022qca6564_firmwaresd768gipq6010_firmwareqca6696sa6150pqca8075qcn9022_firmwareapq8096au_firmwareqcn6024qcn9022qca9990_firmwareipq8070aqcn9072_firmwaresm7250pipq6000_firmwareipq8071_firmwareqcn9074_firmwareqcs410_firmwareipq4029Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2017-15861
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.60%
||
7 Day CHG~0.00%
Published-23 Feb, 2018 | 23:00
Updated-16 Sep, 2024 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function wma_roam_synch_event_handler, vdev_id is received from firmware and used to access an array without validation.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2024-53014
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.81%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 10:07
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Validation of Array Index in Audio

Memory corruption may occur while validating ports and channels in Audio driver.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm429w_firmwaresw5100pqcm8550_firmwaresd865_5gqcs410_firmwarewcn6650sa6150p_firmwaresm8735qca6595qcs610_firmwaresnapdragon_8\+_gen_1wcd9335wcd9370qca8081_firmwaresnapdragon_730gsnapdragon_429_firmwareqca6696qam8620p_firmwarewcn7880_firmwarewcd9340_firmwaresa8530pwcd9341_firmwaresxr2330p_firmwarewcd9395_firmwarewcn7881_firmwareqcn6024wcn7750wcn6450qcc710_firmwareqca6426snapdragon_auto_4gwcn6740_firmwaresnapdragon_720g_firmwarefastconnect_6700snapdragon_695_5gsa4150psnapdragon_888_5gwsa8832_firmwareqca8337qca6426_firmwarewcd9395snapdragon_4_gen_2_firmwareqca6574au_firmwaresm6370qca6564_firmwareqam8295psnapdragon_x12_lte_firmwarewcd9341qca6574auwcd9390sa8620p_firmwarewsa8810_firmwaresd730_firmwarewsa8845h_firmwaresnapdragon_429csra6640sa9000p_firmwaresnapdragon_690_5gsnapdragon_778g\+_5g_firmwaresnapdragon_865\+_5gsrv1hsm8650q_firmwaresnapdragon_765_5gwcn3660b_firmwaresd730snapdragon_8\+_gen_2fastconnect_6800_firmwareqcs5430wcn7860snapdragon_865\+_5g_firmwareqcn6024_firmwaresnapdragon_x65_5gqcm5430qcm5430_firmwarevideo_collaboration_vc1_platform_firmwaresnapdragon_888\+_5g_firmwaresa4155psa8770pqcm6125_firmwarec-v2x_9150ssg2115pqcc710snapdragon_x50_5gsnapdragon_xr2_5g_firmwaresa8540psnapdragon_730qsm8250_firmwaresnapdragon_765g_5g_firmware315_5g_iot_modem_firmwaresnapdragon_660_firmwaresnapdragon_4_gen_2fastconnect_6900robotics_rb2snapdragon_w5\+_gen_1_wearable_firmwaresnapdragon_8_gen_2_firmwaresnapdragon_x72_5gvideo_collaboration_vc1_platformqep8111sm8635sa7255pqfw7114wcd9385_firmware315_5g_iot_modemqam8255p_firmwaresnapdragon_778g_5gsnapdragon_678_firmwaresa8155_firmwarewcd9360sdx61qcs4490snapdragon_732g_firmwaresnapdragon_662_firmwaresnapdragon_x50_5g_firmwarewsa8845sa6155pqcm6125qca6564au_firmwarewsa8810qam8650pvideo_collaboration_vc5_platform_firmwaresnapdragon_855_firmwaresa9000psrv1h_firmwareqsm8250snapdragon_678qca6595ausxr2250p_firmwaresm7315_firmwaresnapdragon_865_5g_firmwarewcd9326_firmwaresa6155p_firmwaresnapdragon_730g_firmwaresnapdragon_ar1_gen_1wsa8840srv1m_firmwareqcs8550_firmwareqfw7124_firmwareqca6436_firmwaresm8750psnapdragon_x35_5g_firmwareqcn9012wcd9371_firmwareqcs4490_firmwarewcn3910_firmwaresnapdragon_7c\+_gen_3_compute_firmwaresnapdragon_675_firmwaresm4125_firmwaresm8635psnapdragon_680_4gqmp1000qca6420wcn3910wcd9370_firmwareqca9367robotics_rb2_firmwaresnapdragon_8_gen_2snapdragon_480\+_5g_firmwaresnapdragon_765_5g_firmwarewcn3660bqca6574asa7255p_firmwarewcn3620_firmwareqca6174asnapdragon_695_5g_firmwaresa8195psnapdragon_750g_5g_firmwarewcd9340qcs8250_firmwareqcm2290talynplusqcm6490215sa8540p_firmwaresm8550p_firmwaresnapdragon_x55_5g_firmwareqcm8550sxr2250pwcn3988sm6370_firmwareqcn9024sdm429wsa8775pqca6574sxr2230p_firmwaresd675_firmwareqca6430_firmwareqcn9011sa8775p_firmwaresnapdragon_439_firmwareqamsrv1hsmart_audio_400qcn9024_firmwarewsa8845hwcd9326sa6150psm8650qqcm2290_firmwareqcs410sa8155p_firmwareqca6564asa8155psnapdragon_855\+wsa8830snapdragon_870_5g_firmwaresm8550psnapdragon_x65_5g_firmwaresa6145pqcn9074_firmwaresm7675_firmwaresa8255p_firmwaresnapdragon_888\+_5gsnapdragon_x75_5gsnapdragon_720gar8035sm7635_firmwareqamsrv1m_firmwareqca6564wcn7750_firmwareqrb5165m_firmwaresa8650p_firmwarewcn3620wcn6450_firmwaresa6155qcm4325snapdragon_860snapdragon_x72_5g_firmwaresrv1l_firmwareqcn6224snapdragon_782gqca6698aqwcn3950_firmwaressg2125p_firmwaresm7635qrb5165nsa7775p_firmwaresa8530p_firmwaresm6250fastconnect_6200wcn3680bsm7325p_firmwaresa8145p_firmwarewcd9360_firmwarewcd9378sm8635p_firmwaresa8150p_firmwaresnapdragon_768g_5gfastconnect_6700_firmwarevideo_collaboration_vc3_platform_firmwarewcn3990snapdragon_778g_5g_firmwaresnapdragon_780g_5gqcs6490qcs8250snapdragon_778g\+_5gfastconnect_6200_firmwarear8031_firmwarewsa8830_firmwareqcn6224_firmwareqca6678aq_firmwarewsa8845_firmwaresd660_firmwarewsa8832sdx61_firmwarewcd9378_firmwaresrv1lsxr2130_firmwaresm7675psrv1mqca6678aqar8035_firmwarewcn7860_firmwareqrb5165msnapdragon_680_4g_firmwaresa4150p_firmwaresd888_firmwaresnapdragon_439qca6564auqcs6125_firmwaresm4635snapdragon_460qcn9074wsa8815_firmwaresnapdragon_865_5gsa8195p_firmwareqca8337_firmwaresnapdragon_auto_4g_firmwareqcm4290snapdragon_480_5g_firmwaresnapdragon_4_gen_1_firmwaresnapdragon_x12_ltesnapdragon_685_4gar8031qca9377_firmwaresnapdragon_x62_5gsnapdragon_xr2\+_gen_1qcm6490_firmwaresg8275p_firmwaresm7250p_firmwarewcn3680_firmwaresm4635_firmwaresa2150p_firmwaresm4125qcm4490_firmwarevision_intelligence_400_firmwarewcn3950qcs6125flight_rb5_5gsnapdragon_690_5g_firmwaresm8750qca6797aq_firmwaresnapdragon_7c\+_gen_3_computetalynplus_firmwaresmart_audio_400_firmwaresnapdragon_460_firmwaresnapdragon_855\+_firmwaresa8295p_firmwaresd_675_firmwaresa4155p_firmwaresnapdragon_auto_5g_firmwaresm7250psm6250_firmwaresa8155snapdragon_768g_5g_firmwareqca6584ausd888qcn6274_firmwarewcn6755_firmwareqcn9011_firmwaresa2150psw5100_firmwarewcn6740wcn6650_firmwaresnapdragon_732gfastconnect_6800qfw7114_firmwaresnapdragon_662qcs7230qca6595_firmwarefastconnect_7800_firmwarewcd9371sm8635_firmwarefastconnect_6900_firmwarerobotics_rb5_firmwarewcd9380sa6145p_firmwareqam8255psxr2230psa6155_firmwareqmp1000_firmwaresnapdragon_xr2_5gwcn7880sa8150psxr2330pwcn6755snapdragon_888_5g_firmware215_firmwaresnapdragon_765g_5gsnapdragon_8\+_gen_2_firmwaresxr1230pwcn7881sm6650sw5100video_collaboration_vc3_platformaqt1000qcm2150_firmwarec-v2x_9150_firmwareqca6688aqqam8295p_firmwaresd855snapdragon_8_gen_1_firmwarewcn3990_firmwaresm7315snapdragon_750g_5gqca6698aq_firmwareqcs2290qca6564a_firmwarewcd9385qcs2290_firmwaresnapdragon_xr2\+_gen_1_firmwarewcn3615qca9367_firmwarewcn3680snapdragon_8_gen_1sa8255pqcs7230_firmwareqcs4290sxr1230p_firmwarewcd9390_firmwaresnapdragon_x62_5g_firmwaresnapdragon_8_gen_3qep8111_firmwareqca6430sg8275psnapdragon_782g_firmwaresnapdragon_855sdx55_firmwaresnapdragon_x55_5gsm8750_firmwarewcn3615_firmwareflight_rb5_5g_firmwaressg2125psxr2130snapdragon_4_gen_1qcm4490snapdragon_870_5gcsra6640_firmwareqamsrv1mrobotics_rb5snapdragon_480\+_5gsm7325psnapdragon_685_4g_firmwarewcn7861qca6174a_firmwareqam8650p_firmwarevideo_collaboration_vc5_platformwcn7861_firmwareqca6420_firmwareaqt1000_firmwareqcs6490_firmwaresm6650_firmwaresnapdragon_480_5gqam8620pwcd9335_firmwareqrb5165n_firmwareqca6436wcn3980_firmwaresd855_firmwarewsa8835wsa8840_firmwareqca6391_firmwareqca6584au_firmwareqcn6274qfw7124qca6595au_firmwaresw5100p_firmwareqca6696_firmwareqcs4290_firmwarewcd9380_firmwareqca6574_firmwarecsra6620qca8081sd660mdm9628wsa8815sg4150pqam8775pqca9377snapdragon_ar2_gen_1_firmwaresnapdragon_auto_5gsd_8_gen1_5gqca6797aqsnapdragon_730_firmwaremdm9628_firmwaresnapdragon_860_firmwareqcm4325_firmwaresnapdragon_x35_5gsa8620psnapdragon_660qca6574a_firmwaresdx55qcm4290_firmwaresnapdragon_8\+_gen_1_firmwaresd675wcd9375_firmwaresnapdragon_8_gen_3_firmwaresa7775pqca6391snapdragon_ar1_gen_1_firmwaresnapdragon_x75_5g_firmwaresd_8_gen1_5g_firmwareqcn9012_firmwareqcs5430_firmwaresg4150p_firmwaresnapdragon_780g_5g_firmwaresa8770p_firmwarecsra6620_firmwaresa8295pqcs8550snapdragon_675sm8735_firmwarefastconnect_7800sa8650pqam8775p_firmwaresd865_5g_firmwaresm8750p_firmwarewcd9375qca6688aq_firmwaresnapdragon_ar2_gen_1wcn3988_firmwareqamsrv1h_firmwaresm7675sa8145psd_675vision_intelligence_400wsa8835_firmwaressg2115p_firmwarewcn3980sm7675p_firmwareqcm2150wcn3680b_firmwaresnapdragon_w5\+_gen_1_wearableqcs610Snapdragon
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2024-53009
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 1.66%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 12:48
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Validation of Array Index in Automotive Autonomy

Memory corruption while operating the mailbox in Automotive.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qdx1010_firmwareqcm8550_firmwarerobotics_rb3sa6150p_firmwaresd865_5gqca6595sm8735wcd9370qca8081_firmwaresnapdragon_670_mobileqca6696qam8620p_firmwarewcn7880_firmwarewcd9340_firmwaresa8530pwcd9341_firmwaresxr2330p_firmwarewcd9395_firmwarewcn7881_firmwarewcn7750qcc710_firmwareqca6426fastconnect_6700snapdragon_x50_5g_modem-rf_firmwarewsa8832_firmwareqca8337qdu1110qca6426_firmwarewcd9395sc8180xp-aaabqca6574au_firmwaresnapdragon_x72_5g_modem-rfqam8295pwcd9341qca6574auwcd9390snapdragon_888\+_5g_mobile_firmwaresa8620p_firmwarewsa8810_firmwarewsa8845h_firmwaresc8180xp-acafsa9000p_firmwaresrv1hsnapdragon_850_mobile_computeqcs9100sdx80mfastconnect_6800_firmwareqcs5430wcn7860qcm5430qcm5430_firmwaresa8770psnapdragon_678_mobile_firmwaressg2115pqcc710snapdragon_x32_5g_modem-rf_firmwaresnapdragon_xr2_5g_firmwaresa8540pqsm8350_firmwarefastconnect_6900qru1032_firmwareqep8111sa7255pqfw7114wcd9385_firmwareqca6421qca6310qam8255p_firmwaresa8155_firmwaresnapdragon_x65_5g_modem-rfqca6335wsa8845sa6155pqca6421_firmwaresc8180x-adqca6564au_firmwarewsa8810qam8650pqdu1000_firmwaresa9000psrv1h_firmwaresnapdragon_888_5g_mobile_firmwareqca6595ausnapdragon_888_5g_mobilesxr2250p_firmwareqdu1010wcd9326_firmwaresa6155p_firmwaresnapdragon_845_mobile_firmwarewsa8840snapdragon_ar1_gen_1srv1m_firmwaresnapdragon_x35_5g_modem-rf_firmwareqcs8550_firmwareqca6698auqdu1210_firmwaresnapdragon_8_gen_2_mobile_firmwaresnapdragon_x55_5g_modem-rfqfw7124_firmwareqca6436_firmwaresm8750pqcn9012snapdragon_x55_5g_modem-rf_firmwaresnapdragon_x62_5g_modem-rf_firmwareqmp1000snapdragon_8_gen_2_mobileqca6420wcd9370_firmwareqdu1110_firmwareqdu1000sa7255p_firmwaresnapdragon_x72_5g_modem-rf_firmwareqca6574asnapdragon_8\+_gen_2_mobileqca6174asa8195pwcd9340qdu1210snapdragon_auto_5g_modem-rf_gen_2qca6335_firmwareqcm6490sa8540p_firmwaresxr2250psm8550p_firmwareqcm8550wcn3988snapdragon_765_5g_mobile_firmwareqcn9274vision_intelligence_300_firmwaresa8775pqca6574sxr2230p_firmwaresd675_firmwaresnapdragon_855_mobile_firmwareqca6698au_firmwareqca6430_firmwareqcn9011sa8775p_firmwareqamsrv1hsdx57mwsa8845hwcd9326sa6150psa8155p_firmwareqca6564asa8155psnapdragon_765g_5g_mobile_firmwarewsa8830sm8550psa6145psnapdragon_768g_5g_mobile_firmwaresa8255p_firmwarear8035qamsrv1m_firmwarewcn7750_firmwaresa8650p_firmwaresa6155srv1l_firmwareqcs9100_firmwaresnapdragon_865\+_5g_mobile_firmwareqcn6224qcs615ssg2125p_firmwarewcn3950_firmwareqca6698aqsa7775p_firmwaresa8530p_firmwarefastconnect_6200sd670sa8145p_firmwaresc8180x-acaf_firmwarewcd9378qdx1011sa8150p_firmwarefastconnect_6700_firmwarevideo_collaboration_vc3_platform_firmwarewcn3990robotics_rb3_firmwaresnapdragon_x75_5g_modem-rf_firmwaresd670_firmwaresnapdragon_8_gen_3_mobilesnapdragon_855_mobileqcs6490sc8180xp-acaf_firmwarefastconnect_6200_firmwarewsa8830_firmwareqcn6224_firmwareqca6431qca6678aq_firmwarewsa8845_firmwarewsa8832wcd9378_firmwaresrv1lsdx57m_firmwaresxr2130_firmwaresrv1mqca6678aqsnapdragon_860_mobile_firmwaresnapdragon_x35_5g_modem-rfar8035_firmwaresc8180xp-aaab_firmwarewcn7860_firmwaresc8380xpsnapdragon_x62_5g_modem-rfqca6564ausm4635sc8180xp-adsc8280xp-abbbwsa8815_firmwaresa8195p_firmwareqca8337_firmwaresg8275p_firmwareqca9377_firmwareqcm6490_firmwaresm7250p_firmwaresm4635_firmwarevision_intelligence_400_firmwareqru1032wcn3950snapdragon_870_5g_mobile_firmwaresm8750snapdragon_auto_5g_modem-rf_gen_2_firmwareqca6797aq_firmwaresa8295p_firmwaresnapdragon_870_5g_mobilesd_675_firmwaresnapdragon_678_mobilesc8180x-acafsm7250psa8155sd_8cx_firmwaresc8180x-ad_firmwareqca6584auqcn6274_firmwareqcn9011_firmwareqru1062_firmwaresnapdragon_850_mobile_compute_firmwaresnapdragon_675_mobile_firmwaresnapdragon_768g_5g_mobilesc8380xp_firmwareqru1062qca6310_firmwaresnapdragon_845_mobilesnapdragon_8_gen_3_mobile_firmwarefastconnect_6800qfw7114_firmwareqca6595_firmwarefastconnect_7800_firmwaresnapdragon_675_mobilesnapdragon_865_5g_mobile_firmwarefastconnect_6900_firmwarewcd9380sa6145p_firmwareqam8255psxr2230psa6155_firmwareqmp1000_firmwaresnapdragon_xr2_5gwcn7880sa8150psxr2330psnapdragon_x24_lte_modemsc8180x-aaabsxr1230psc8180x-aaab_firmwarewcn7881video_collaboration_vc3_platformaqt1000qca6688aqqam8295p_firmwaresd855qca6431_firmwarewcn3990_firmwareqca6698aq_firmwareqca6564a_firmwarewcd9385snapdragon_888\+_5g_mobileqsm8350snapdragon_8_gen_1_mobilesa8255psxr1230p_firmwarewcd9390_firmwaresnapdragon_865\+_5g_mobileqep8111_firmwareqcs615_firmwareqca6430snapdragon_855\+_mobilesg8275psnapdragon_765_5g_mobileqdx1011_firmwaresnapdragon_860_mobilesc8180xp-ad_firmwaresm8750_firmwaresdx55_firmwaressg2125pqru1052sxr2130snapdragon_x65_5g_modem-rf_firmwareqamsrv1mqca6174a_firmwarewcn7861_firmwarewcn7861snapdragon_x50_5g_modem-rfqam8650p_firmwaresnapdragon_670_mobile_firmwareqca6420_firmwareaqt1000_firmwareqcs6490_firmwareqam8620pwcn3980_firmwaresd855_firmwareqca6436qca6584au_firmwareqcn6274snapdragon_x24_lte_modem_firmwarewsa8835qca6391_firmwarewsa8840_firmwareqfw7124qca6595au_firmwareqdu1010_firmwareqcs8300_firmwareqca6696_firmwareqcs8300wcd9380_firmwareqca6574_firmwareqca8081wsa8815sd_8_gen1_5gsnapdragon_ar2_gen_1_firmwareqam8775pqca9377qca6797aqsnapdragon_x75_5g_modem-rfsa8620pqca6574a_firmwaresdx55snapdragon_865_5g_mobilesnapdragon_855\+_mobile_firmwaresd675wcd9375_firmwaresd_8_gen1_5g_firmwaresa7775pqca6391snapdragon_ar1_gen_1_firmwareqcn9274_firmwareqcn9012_firmwareqcs5430_firmwaresnapdragon_x32_5g_modem-rfqru1052_firmwaresa8770p_firmwaresa8295pqcs8550sc8280xp-abbb_firmwaresm8735_firmwarefastconnect_7800sa8650pqam8775p_firmwaresd865_5g_firmwaresm8750p_firmwarewcd9375snapdragon_8\+_gen_2_mobile_firmwareqca6688aq_firmwarevision_intelligence_300snapdragon_ar2_gen_1snapdragon_765g_5g_mobilewcn3988_firmwareqamsrv1h_firmwaresa8145psd_675vision_intelligence_400sdx80m_firmwarewsa8835_firmwaressg2115p_firmwaresd_8cxwcn3980qdx1010snapdragon_8_gen_1_mobile_firmwareSnapdragon
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2022-33256
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.09% / 26.37%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 04:43
Updated-05 Mar, 2025 | 21:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper validation of array index in Multi-mode call processor

Memory corruption due to improper validation of array index in Multi-mode call processor.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3991_firmwarewsa8830qca8337qca6431_firmwaresnapdragon_4_gen_1_firmwarewcd9360_firmwaresdx65sd765g_firmwareqca6595au_firmwareqca6390_firmwaresd690_5gwcd9370qca6426wcn3998wcd9385_firmwaresdxr2_5g_firmwareqcn6024_firmwaresd_8_gen1_5g_firmwaresm7315_firmwarewcn7850qca6574au_firmwaresdx55_firmwareqca6595auqca8081_firmwarewcd9375_firmwarewcn3998_firmwaresm7250p_firmwarewcd9360qca6436_firmwaresd778gsa515m_firmwareqcs6490wcn7851sdxr2_5gwcn3988_firmwareqca6421sd778g_firmwarewsa8810_firmwaresd765gsd765_firmwareqca6436wcn6851qca8081wcn7851_firmwarewcd9385wcd9341qca6431qca6696_firmwareqcs6490_firmwaresd750gsd870_firmwaresdx70m_firmwareqca6390ar8035sd750g_firmwarewcd9375wsa8830_firmwaresd855_firmwaresd865_5g_firmwaresnapdragon_4_gen_1qcm6490sd888_5g_firmwarewcn3988wcn6850_firmwarewcn7850_firmwarewsa8815_firmwarewsa8835_firmwareqcx315sm8475wcn6750_firmwarewcn3991qca8337_firmwarewcd9380_firmwaresd780gsd865_5gsdx55m_firmwarewcn6856_firmwaresd888wsa8835qcx315_firmwarewcd9380sd888_5gqca6574asd690_5g_firmwarewcn6855_firmwaresm7325pwcn6750sa515msd855wsa8815sm7325p_firmwarewcn6850sdx57m_firmwaresd765qca6426_firmwareqca6574a_firmwaresd695sd768g_firmwareqcn9024sm7315qca6391sdx55mqca6421_firmwarewcn6740_firmwaresdx65_firmwareqcm6490_firmwaresd480_firmwarewcn6851_firmwareqca6574auqcn9024_firmwaresdx57mwcd9341_firmwaresd480sd870wsa8810wcn6855wcn6856sd695_firmwaresd768gwcn6740qca6696qca6391_firmwaresd780g_firmwarewcd9370_firmwaresdx55sd888_firmwareqcn6024sdx70msm7250par8035_firmwareSnapdragon
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2024-49834
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.81%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 16:51
Updated-05 Feb, 2025 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Validation of Array Index in Camera

Memory corruption while power-up or power-down sequence of the camera sensor.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fastconnect_7800_firmwaresa7255psnapdragon_ar2_gen_1qcm6490_firmwaresdm429wqamsrv1msnapdragon_778g\+_5g_mobilewcn7860qcs5430wcn7881_firmwareqcs8550_firmwareqcm6490wcn7881sa7775p_firmwaresa8775pssg2125p_firmwareqam8775psa8650p_firmwareqcs615qca6391sd888sm8750wcn3660bwcn3950_firmwareqcn9274_firmwaresdm429w_firmwarewcn6650sa8255pwcd9370_firmwaresnapdragon_480_5g_mobilevideo_collaboration_vc3_platform_firmwaresmart_audio_400snapdragon_w5\+_gen_1_wearablesnapdragon_888_5g_mobilesw5100sxr2230pwcn3950wsa8845_firmwareqcm8550_firmwaresnapdragon_8\+_gen_2_mobilesw5100p_firmwarewcn6755_firmwaresxr2230p_firmwaresm7635_firmwaresd_8_gen1_5g_firmwarewsa8845hssg2115p_firmwaresnapdragon_4_gen_1_mobileqcm8550wcd9341sa8650psa8770p_firmwaretalynpluswcn3988qca6698aq_firmwarewcn7880_firmwarewcd9395_firmwareqamsrv1m_firmwaresa8775p_firmwaresm6370_firmwaresm7635talynplus_firmwarewsa8835_firmwarefastconnect_6900wcn3988_firmwareqcm4490wcd9335wcd9375_firmwareqcs410_firmwaresnapdragon_7c\+_gen_3_compute_firmwarewcd9385_firmwareqam8650p_firmwarewsa8810qcn9274snapdragon_8_gen_3_mobile_firmwarecsra6640qam8255p_firmwaresnapdragon_782g_mobilesnapdragon_888\+_5g_mobilewcd9375sa8620p_firmwaresm6650snapdragon_888_5g_mobile_firmwaresnapdragon_w5\+_gen_1_wearable_firmwaresa7255p_firmwareqca6595_firmwaresg8275pfastconnect_6200_firmwareqamsrv1hqcs410wcn6740wcd9380video_collaboration_vc3_platformsnapdragon_480\+_5g_mobile_firmwaresnapdragon_480\+_5g_mobileqamsrv1h_firmwarewsa8832_firmwaresnapdragon_778g_5g_mobilesnapdragon_4_gen_2_mobilewcn7861_firmwaresw5100psnapdragon_780g_5g_mobile_firmwarewsa8830_firmwarewcn6755snapdragon_8_gen_2_mobile_firmwareqca6595au_firmwareqcs6490_firmwareqrb5165mqrb5165n_firmwarewcd9385sa8255p_firmwarewsa8840_firmwareqca6595aucsra6620wcn3660b_firmwareqam8255psxr2250p_firmwaresm4635wsa8840srv1hsm8550p_firmwareqcn9011_firmwareqcs610qca6595sm7675wsa8845h_firmwarewcn3620_firmwareqam8650pvideo_collaboration_vc1_platform_firmwareqcn9012flight_rb5_5g_platform_firmwarewsa8845snapdragon_ar2_gen_1_firmwarewcn6650_firmwareqcs8300sxr1230p_firmwaresxr2330pcsra6620_firmwarewcd9380_firmwareqca6391_firmwaresrv1mqcn9012_firmwareqcs5430_firmwaresm7325p_firmwareqam8775p_firmwaresm8635psnapdragon_ar1_gen_1wcn3980sm8635p_firmwareqcs4490qcm5430qcs9100wcd9370wcd9378snapdragon_782g_mobile_firmwaresm7675_firmwareqcs4490_firmwaresnapdragon_429_mobile_firmwaresm8750psa9000psnapdragon_4_gen_2_mobile_firmwareqcn9011wsa8835sm8750p_firmwaressg2125pqca6678aqfastconnect_7800qca6797aq_firmwaresnapdragon_480_5g_mobile_firmwaresnapdragon_8_gen_1_mobilewcd9341_firmwaresnapdragon_695_5g_mobilesnapdragon_8_gen_2_mobilewcn7880sm4635_firmwaresnapdragon_888\+_5g_mobile_firmwarewcd9378_firmwarerobotics_rb2_firmwarewcd9335_firmwareqca6797aqqcm4490_firmwaresm7675pqcs8550sw5100_firmwaresxr2250pqcm5430_firmwaresm6650_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_429_mobilefastconnect_6700csra6640_firmwaresm7325psnapdragon_8_gen_1_mobile_firmwaresd_8_gen1_5gsm7675p_firmwaresnapdragon_ar1_gen_1_firmwarewsa8810_firmwareqcs9100_firmwaresnapdragon_778g_5g_mobile_firmwaresrv1m_firmwarewsa8832fastconnect_6700_firmwarewcd9390_firmwaresm8635qcs615_firmwaresnapdragon_695_5g_mobile_firmwarerobotics_rb5qcs610_firmwaressg2115psm8635_firmwaresnapdragon_8_gen_3_mobilewsa8815qrb5165nsnapdragon_780g_5g_mobilesxr1230pqrb5165m_firmwarewcn7861sa8620psm8750_firmwaresm6370wsa8830wsa8815_firmwaresmart_audio_400_firmwaresnapdragon_8\+_gen_2_mobile_firmwaresnapdragon_8\+_gen_1_mobile_firmwaresa8770pwcn7860_firmwarefastconnect_6200robotics_rb5_firmwaresg8275p_firmwaresrv1h_firmwarewcn3620sm7315snapdragon_778g\+_5g_mobile_firmwarewcn3980_firmwareqca6678aq_firmwareflight_rb5_5g_platformqca6698aqqcs8300_firmwarevideo_collaboration_vc1_platformsnapdragon_4_gen_1_mobile_firmwarefastconnect_6900_firmwareqcs6490sm7315_firmwaresd888_firmwaresa9000p_firmwaresm8550psnapdragon_8\+_gen_1_mobilewcd9390sa7775pwcd9395sxr2330p_firmwarewcn6740_firmwarerobotics_rb2Snapdragon
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2024-49843
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.81%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 16:51
Updated-05 Feb, 2025 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Validation of Array Index in Graphics_Linux

Memory corruption while processing IOCTL from user space to handle GPU AHB bus error.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fastconnect_7800_firmwaresm4635wsa8840wcn7860sm7675wsa8845h_firmwarewcn7881_firmwarevideo_collaboration_vc1_platform_firmwarewsa8845qcm6125wcn7881wcn6650_firmwarewcd9380_firmwaresxr2330pwcn6450qca6391_firmwarewcn3950_firmwareqca6391sm8750sm8635pwcn6650video_collaboration_vc5_platformwcn3980wcd9370_firmwaresm8635p_firmwaresnapdragon_480_5g_mobilewcn3950snapdragon_w5\+_gen_1_wearablesw5100wsa8845_firmwarewcd9370qcs7230_firmwarewcd9378sw5100p_firmwaresm7675_firmwarewcn6755_firmwarevideo_collaboration_vc5_platform_firmwaresm7635_firmwaresm8750pwsa8835sm8750p_firmwarewsa8845hsnapdragon_480_5g_mobile_firmwarefastconnect_7800wcn6450_firmwaresnapdragon_4_gen_1_mobileqcs8250_firmwaresnapdragon_695_5g_mobilewcn7880_firmwarewcn3988wcn7880wcd9395_firmwaresm4635_firmwareqcm6125_firmwarewcd9378_firmwareqcs6125sm7635qcs7230sm7675psw5100_firmwarewcn3988_firmwaresm6650_firmwareqcs8250wcd9375_firmwaresm7675p_firmwarewsa8810_firmwarewcd9385_firmwarewsa8810wsa8832wcd9390_firmwaresm8635snapdragon_695_5g_mobile_firmwaresnapdragon_8_gen_3_mobile_firmwarewcd9375sm8635_firmwaresnapdragon_8_gen_3_mobilesm6650wsa8815qcs6125_firmwaresnapdragon_w5\+_gen_1_wearable_firmwarefastconnect_6200_firmwarewcn7861sm8750_firmwarewcd9380wsa8830snapdragon_480\+_5g_mobile_firmwaresnapdragon_480\+_5g_mobilewsa8815_firmwarewsa8832_firmwarewcn7861_firmwarewcn7860_firmwaresw5100pfastconnect_6200wsa8830_firmwarewcn6755wcn3980_firmwarevideo_collaboration_vc1_platformsnapdragon_4_gen_1_mobile_firmwarewcd9390wcd9385wsa8840_firmwarewcd9395wsa8835_firmwaresxr2330p_firmwareSnapdragon
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2024-49832
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.81%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 16:51
Updated-05 Feb, 2025 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Validation of Array Index in Camera

Memory corruption in Camera due to unusually high number of nodes passed to AXI port.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fastconnect_7800_firmwarewsa8840fastconnect_6900sdm429wwcn7860snapdragon_429_mobilewsa8845h_firmwaresnapdragon_8_gen_1_mobile_firmwarewcn3620_firmwarewcn7881_firmwarewsa8845wsa8832wcn7881wcd9390_firmwarewcd9380_firmwaresnapdragon_8_gen_3_mobile_firmwaresm8750wcn3660bsnapdragon_8_gen_3_mobilesdm429w_firmwarewcn7861video_collaboration_vc3_platform_firmwarewsa8845_firmwaresm8750_firmwarewcd9380video_collaboration_vc3_platformwsa8830snapdragon_429_mobile_firmwaresm8750pwsa8832_firmwarewcn7860_firmwarewcn7861_firmwarewsa8835sm8750p_firmwarewsa8845hwsa8830_firmwarewcn3620fastconnect_7800snapdragon_8_gen_1_mobilefastconnect_6900_firmwareqcs6490wcn7880_firmwareqcs6490_firmwarewcn7880wcd9395_firmwarewcd9390wsa8840_firmwarewcd9395wcn3660b_firmwarewsa8835_firmwareSnapdragon
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2024-49833
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.81%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 16:51
Updated-05 Feb, 2025 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Validation of Array Index in Camera

Memory corruption can occur in the camera when an invalid CID is used.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fastconnect_7800_firmwaresa7255psnapdragon_ar2_gen_1wcn7860qamsrv1mwcn7881_firmwareqcs8550_firmwarewcn7881sa7775p_firmwaresa8775pssg2125p_firmwareqam8775psa8650p_firmwarewcn3950_firmwaresm8750wcn6650sa8255pwcd9370_firmwarewcn3950video_collaboration_vc3_platform_firmwaresxr2230pwsa8845_firmwareqcm8550_firmwaresnapdragon_8\+_gen_2_mobilewcn6755_firmwaresxr2230p_firmwaresm7635_firmwaresd_8_gen1_5g_firmwarewsa8845hssg2115p_firmwarewcn6450_firmwareqcm8550sa8650psa8770p_firmwaretalynpluswcn3988qca6698aq_firmwarewcn7880_firmwarewcd9395_firmwareqamsrv1m_firmwaresa8775p_firmwaresm7635talynplus_firmwarewsa8835_firmwarefastconnect_6900wcn3988_firmwareqcm4490wcd9375_firmwarewcd9385_firmwareqam8650p_firmwarewsa8810snapdragon_8_gen_3_mobile_firmwareqam8255p_firmwarewcd9375sa8620p_firmwaresm6650sa7255p_firmwareqca6595_firmwaresg8275pqamsrv1hwcn6740wcd9380video_collaboration_vc3_platformqamsrv1h_firmwarewsa8832_firmwarewcn7861_firmwaresnapdragon_4_gen_2_mobilewsa8830_firmwarewcn6755snapdragon_8_gen_2_mobile_firmwareqca6595au_firmwareqcs6490_firmwarewcd9385sa8255p_firmwarewsa8840_firmwareqca6595auqam8255psxr2250p_firmwarewsa8840srv1hsm8550p_firmwaresm7675qca6595wsa8845h_firmwareqam8650pwsa8845snapdragon_ar2_gen_1_firmwarewcn6650_firmwaresxr1230p_firmwaresxr2330pwcd9380_firmwarewcn6450srv1mqam8775p_firmwaresm8635psnapdragon_ar1_gen_1sm8635p_firmwareqcs4490wcd9370wcd9378sm7675_firmwareqcs4490_firmwaresm8750psa9000psnapdragon_4_gen_2_mobile_firmwarewsa8835sm8750p_firmwaressg2125pqca6678aqfastconnect_7800qca6797aq_firmwaresnapdragon_8_gen_1_mobilesnapdragon_8_gen_2_mobilewcn7880wcd9378_firmwareqca6797aqqcm4490_firmwaresm7675pqcs8550sxr2250psm6650_firmwarefastconnect_6700snapdragon_8_gen_1_mobile_firmwaresd_8_gen1_5gsm7675p_firmwaresnapdragon_ar1_gen_1_firmwarewsa8810_firmwaresrv1m_firmwarewsa8832fastconnect_6700_firmwarewcd9390_firmwaresm8635ssg2115psm8635_firmwaresnapdragon_8_gen_3_mobilewsa8815sxr1230pwcn7861sa8620psm8750_firmwarewsa8830wsa8815_firmwaresnapdragon_8\+_gen_2_mobile_firmwaresnapdragon_8\+_gen_1_mobile_firmwaresa8770pwcn7860_firmwaresg8275p_firmwaresrv1h_firmwareqca6678aq_firmwareqca6698aqfastconnect_6900_firmwareqcs6490sa9000p_firmwaresm8550psnapdragon_8\+_gen_1_mobilewcd9390sa7775pwcd9395wcn6740_firmwaresxr2330p_firmwareSnapdragon
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2024-49836
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.81%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 10:07
Updated-05 Mar, 2025 | 04:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Validation of Array Index in Camera

Memory corruption may occur during the synchronization of the camera`s frame processing pipeline.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-Snapdragon
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2024-45574
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.59%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 08:32
Updated-09 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Validation of Array Index in Camera Driver

Memory corruption during array access in Camera kernel due to invalid index from invalid command data.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-snapdragon_429_mobile_firmwarewcn3620_firmwaresdm429wwcn3620sdm429w_firmwarewcn3660b_firmwaresnapdragon_429_mobilewcn3660bSnapdragon
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2024-45569
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.09% / 27.01%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 16:51
Updated-28 Feb, 2025 | 04:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Validation of Array Index in WLAN Host Communication

Memory corruption while parsing the ML IE due to invalid frame content.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fastconnect_7800_firmwareipq6000_firmwareqcm6490_firmwareqcn6224_firmwareipq8076acsr8811_firmwaresa7775p_firmwaresa8775pqca6574au_firmwareqcn6132_firmwareqam8775psa8195pqcs615qca6584ausnapdragon_x65_5g_modem-rf_firmwareqca9889_firmwareqcn5152sa8255psxr2230pipq6028qcn5022_firmwareqcc710_firmwaresa8540p_firmwaresnapdragon_8\+_gen_2_mobilesxr2230p_firmwaresm7635_firmwareipq9574_firmwareqca6574ipq9048qcn5164_firmwareipq8070aqxm8083qcm8550sa8650psa8770p_firmwareqca6698aq_firmwareqcn5024_firmwareqcf8000_firmwaresa8775p_firmwareqamsrv1m_firmwareqca9888qca8075immersive_home_216qca6688aqqcn5122_firmwareqcn6412qcn9100sa8530p_firmwareipq8173ipq8071aqcn6402qcf8001ipq8174_firmwareqcn5164qca8082_firmwaresnapdragon_8_gen_3_mobile_firmwareqam8255p_firmwarewcd9375ipq9570_firmwaresm6650qca8085sa6155pvideo_collaboration_vc3_platformqcn5052ipq5010_firmwareqamsrv1h_firmwareipq5028qcn5052_firmwarewsa8830_firmwareqca8081qcn9022immersive_home_316_firmwaresdx65m_firmwarewcd9385wsa8840_firmwareqfw7124_firmwareipq6028_firmwaresxr2250p_firmwarewsa8840qcn6402_firmwareipq8078a_firmwareqfw7124ipq6000qca6696immersive_home_3210_firmwaresa8155p_firmwareqca4024ipq9048_firmwareqca6595qca8337ipq8071a_firmwareqca8337_firmwareqcn9012qam8650pipq9570qcs8300sxr2330pqcf8000sfp_firmwaresrv1mqcn9012_firmwareqcs5430_firmwareqcn9070_firmwareqcf8000qam8775p_firmwaresm8635p_firmwareqcn5154_firmwareipq8074aqcm5430qcs9100wcd9378sm7675_firmwaresa8295p_firmwareqca8085_firmwaresm8750psa9000pwsa8835sm8750p_firmwareqcn9024qca8081_firmwareqcn9074qca6797aq_firmwareqca0000_firmwarefastconnect_7800wcd9340snapdragon_8_gen_2_mobileipq8174qcn6112_firmwarewcd9378_firmwareqca6574auqca8084_firmwareqcn9024_firmwaresm6650_firmwaresnapdragon_auto_5g_modem-rf_gen_2qca6584au_firmwareqca6777aqfastconnect_6700immersive_home_326qca6696_firmwaresnapdragon_x72_5g_modem-rf_firmwareqcs9100_firmwaresrv1m_firmwarewsa8832fastconnect_6700_firmwareipq5302wcd9390_firmwareqcn6274qcs615_firmwaresm8635immersive_home_216_firmwareipq5028_firmwareqca6554a_firmwareipq5332qca8082sm8635_firmwareqca6787aqipq6018_firmwareipq8072a_firmwareqcn9000_firmwareipq5300_firmwareqcf8000sfpsdx55_firmwareqca6574a_firmwaresa8620pqca9888_firmwareqca8075_firmwareqcn6023sm8750_firmwareqxm8083_firmwareipq5332_firmwareipq6010srv1lipq8078_firmwareqca6554asa8530psrv1h_firmwareqca9889qcn5124ipq8070a_firmwareipq9554_firmwareqcs8300_firmwareqcs6490sa8540psa9000p_firmwaresm8550psa7775pqcn6432_firmwaresxr2330p_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwarewsa8835_firmwareqca8386_firmwaresa7255pwcn7860qamsrv1mqcs5430qam8295p_firmwareqca6787aq_firmwarewcn7881_firmwareqcn9074_firmwareqcn9100_firmwareqcs8550_firmwaresdx65mqcm6490ipq5312wcn7881qcn5154ipq9554sa8650p_firmwareqcn6274_firmwaresm8750snapdragon_x65_5g_modem-rfqca8084qcn9274_firmwarecsr8811qca6688aq_firmwareqcn9000wcn6650ipq8173_firmwarewsa8845_firmwareqcn6412_firmwarevideo_collaboration_vc3_platform_firmwareqca6574_firmwareqcm8550_firmwarewcn6755_firmwarear8035srv1l_firmwarewsa8845hipq9008_firmwarewcn6450_firmwaresa6155p_firmwareqcn6122_firmwareqcn6112wcn7880_firmwareipq9008wcd9395_firmwareqcn5122sm7635fastconnect_6900ipq9574qcn9160qca6574aqcn6432wcd9375_firmwarewcd9385_firmwareqam8650p_firmwareqcn9274qcn6422immersive_home_318_firmwareipq8078asa8295psa8620p_firmwareqcn5152_firmwaresa7255p_firmwareqca6595_firmwareqamsrv1hsdx55immersive_home_214snapdragon_x75_5g_modem-rf_firmwarewcd9380ipq5302_firmwareimmersive_home_326_firmwaresa8155pwcn7861_firmwarewsa8832_firmwareimmersive_home_214_firmwarewcn6755qca6564auimmersive_home_318snapdragon_8_gen_2_mobile_firmwareqcs6490_firmwareqca6595au_firmwareipq8072aqca0000qcn6224sa8255p_firmwareqca6595auqam8255psrv1hipq5010qam8620psm8550p_firmwarear8035_firmwaresa8195p_firmwaresm7675wsa8845h_firmwareimmersive_home_3210wsa8845wcn6650_firmwarewcd9380_firmwarewcn6450qcn5124_firmwaresm8635pipq8076wcd9370wcd9340_firmwareimmersive_home_316qca8386qca6678aqsnapdragon_x75_5g_modem-rfqca6564au_firmwareqam8295pqcn6122qcn6132wcn7880qam8620p_firmwareqcn6024qca6797aqqca4024_firmwaresm7675pqcn5022qcs8550sxr2250pqcm5430_firmwareqcn5024sm7675p_firmwareipq6010_firmwareqcn6422_firmwareqcn6024_firmwareipq6018ipq8078ipq5300ipq8076_firmwareqcc710ipq5312_firmwareqcf8001_firmwaresnapdragon_8_gen_3_mobilesnapdragon_x72_5g_modem-rfqcn9160_firmwarewcn7861ipq8074a_firmwarewsa8830qcn6023_firmwaresnapdragon_8\+_gen_2_mobile_firmwarewcn7860_firmwaresa8770pqca6777aq_firmwareqcn9070qca6678aq_firmwareqca6698aqfastconnect_6900_firmwareqcn9022_firmwareqcn9072_firmwareipq8076a_firmwareqfw7114wcd9390wcd9395qfw7114_firmwareqcn9072wcd9370_firmwareSnapdragon
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2024-33032
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 6.10%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 10:04
Updated-08 Nov, 2024 | 04:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Validation of Array Index in Camera_Linux

Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-snapdragon_8_gen_1_mobile_platformtalynplus_firmwarewsa8830sa6150p_firmwaresa8145p_firmwareqcs610qca8337snapdragon_870_5g_mobile_platform_firmwaresnapdragon_865_5g_mobile_platformwcn3950_firmwaresa8150p_firmwarevideo_collaboration_vc3_platformwcd9370qca6426sa8530pwcd9385_firmwareqam8295pwcn3950talynplusfastconnect_6200wcn3660bqam8295p_firmwaresa9000p_firmwaresnapdragon_x55_5g_modem-rf_systemwcn3680b_firmwaresdx55_firmwaresnapdragon_4_gen_2_mobile_platformqca6574au_firmwarewcd9375_firmwaresm7250p_firmwarewcn3610_firmwareqca6436_firmwaresnapdragon_w5\+_gen_1_wearable_platform_firmwaresa6155p_firmwaresnapdragon_870_5g_mobile_platformwcn3988_firmwaresnapdragon_765g_5g_mobile_platformqcn9074sa6145p_firmwarec-v2x_9150snapdragon_8\+_gen_1_mobile_platformfastconnect_6700_firmwaresa8195pwsa8810_firmwaresw5100qca6436sa6155psnapdragon_765_5g_mobile_platform_firmwaresnapdragon_690_5g_mobile_platformwcd9385wcd9341sxr2130_firmwareqca6696_firmwarewcd9375sa8150pwsa8830_firmwaresnapdragon_768g_5g_mobile_platform_firmwaresd865_5g_firmwarewsa8815_firmwarewcn3988wsa8835_firmwaresa8195p_firmwaresnapdragon_865_5g_mobile_platform_firmwarefastconnect_6800_firmwaresa8295p_firmwaresnapdragon_750g_5g_mobile_platform_firmwarewcn3610wcd9380_firmwareqca8337_firmwaresw5100psd865_5gsnapdragon_w5\+_gen_1_wearable_platformfastconnect_6800sa8530p_firmwarewsa8835sa8540p_firmwarewcd9380snapdragon_wear_4100\+_platform_firmwarefastconnect_6700qcs410sxr2130snapdragon_4_gen_2_mobile_platform_firmwaresnapdragon_wear_4100\+_platformvideo_collaboration_vc3_platform_firmwarec-v2x_9150_firmwarewcn3980sa9000pwsa8815snapdragon_865\+_5g_mobile_platformsnapdragon_xr2_5g_platform_firmwareqca6426_firmwarewcn3660b_firmwarefastconnect_6200_firmwarewcn3980_firmwaresnapdragon_x55_5g_modem-rf_system_firmwareqca6391sa8295pfastconnect_7800snapdragon_865\+_5g_mobile_platform_firmwaresnapdragon_690_5g_mobile_platform_firmwaresnapdragon_xr2_5g_platformqcs4490_firmwarewsa8832_firmwarefastconnect_6900fastconnect_6900_firmwarevideo_collaboration_vc1_platform_firmwareqca6574ausa8155p_firmwarewcd9341_firmwarefastconnect_7800_firmwarewsa8810wsa8832snapdragon_765g_5g_mobile_platform_firmwaresw5100p_firmwaresa8540psnapdragon_8_gen_1_mobile_platform_firmwareqcs610_firmwareqsm8250sa6145pwcn3680bqcs4490sa8145psnapdragon_750g_5g_mobile_platformqca6696qca6391_firmwarewcd9370_firmwaresdx55sa6150psnapdragon_768g_5g_mobile_platformsa8155psnapdragon_765_5g_mobile_platformvideo_collaboration_vc1_platformsm7250psnapdragon_8\+_gen_1_mobile_platform_firmwaresw5100_firmwareqcn9074_firmwareqcs410_firmwareqsm8250_firmwareSnapdragonqualcomm_video_collaboration_vc1_platform_firmwaresa6155p_firmwareqca8337_firmwaretalynplus_firmwaresa6150p_firmwaresnapdragon_690_5g_mobile_platform_firmwaresa8145p_firmwarewcd9380_firmwareqcs4490_firmwarewsa8832_firmwarewsa8835_firmwarefastconnect_6900_firmwaresa8530p_firmwarewcn3988_firmwaresa6145p_firmwaresa8155p_firmwarefastconnect_6700_firmwarewcn3950_firmwaresa8540p_firmwarewsa8815_firmwarewsa8810_firmwaresa8150p_firmwarefastconnect_7800_firmwarewcd9341_firmwaresw5100p_firmwareqcs610_firmwaresnapdragon_4_gen_2_mobile_platform_firmwaresnapdragon_8_gen_1_mobile_platform_firmwaresxr2130_firmwarec-v2x_9150_firmwareqca6696_firmwarequalcomm_video_collaboration_vc3_platform_firmwareqca6391_firmwarewcd9385_firmwarewcd9370_firmwarewcn3680b_firmwarewsa8830_firmwareqam8295p_firmwaresd865_5g_firmwaresm7250p_firmwareqca6426_firmwaresnapdragon_xr2_5g_platform_firmwaresa9000p_firmwarewcn3660b_firmwarefastconnect_6200_firmwareqca6574au_firmwaresa8195p_firmwaresdx55_firmwaresnapdragon_865_5g_mobile_platform_firmwaresw5100_firmwareqcn9074_firmwarefastconnect_6800_firmwareqcs410_firmwaresa8295p_firmwaresnapdragon_x55_5g_modem-rf_system_firmwarewcd9375_firmwarewcn3610_firmwareqca6436_firmwarewcn3980_firmwaresnapdragon_750g_5g_mobile_platform_firmwareqsm8250_firmware
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2020-3639
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.33% / 55.32%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 10:00
Updated-04 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'When a non standard SIP sigcomp message is received from the network, then there may be chances of using more UDVM cycle or memory overflow' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8017, APQ8037, APQ8053, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MSM8108, MSM8208, MSM8209, MSM8608, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCM4290, QCM6125, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QM215, QSM8350, SA415M, SA6145P, SA6150P, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180X+SDX55, SC8180XP, SDA429W, SDA640, SDA660, SDA670, SDA845, SDA855, SDM1000, SDM429, SDM429W, SDM439, SDM450, SDM455, SDM630, SDM632, SDM636, SDM640, SDM660, SDM670, SDM710, SDM712, SDM845, SDM850, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM7250, SM7250P, SM8150, SM8150P, SM8350, SM8350P, SXR1120, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sm7250mdm9640_firmwaresa6150p_firmwaresm6250p_firmwareqcs610sm6125sdm712_firmwaresdm640sdm450_firmwaresdm632sm7250_firmwaremdm9628_firmwaremdm9650qcs4290mdm9250sa8150p_firmwareapq8009_firmwaresdm712msm8917sdm670sm8350qcs605_firmwareqcs6125_firmwaresm6115sm7150psda845_firmwaremsm8108sa415mmsm8108_firmwaresm4250sc8180xpmdm9628sm4125sda855qsm8350_firmwareqsm8350apq8037sa8155msm8905_firmwaresda660sdx55_firmwaresdm1000sm7250p_firmwaresxr1130apq8053_firmwaresda845sa6155p_firmwaremsm8208sda640sdm450sdm636_firmwareqcs6125sa8155_firmwaresdm630mdm9607_firmwaresa415m_firmwaresa6145p_firmwareqm215sc7180_firmwaresm4250_firmwaresm6250sa8195papq8017_firmwaresdm710_firmwaresxr1120sa6155pqcs603_firmwaremsm8937msm8209_firmwaremsm8905sm8350p_firmwaremdm9250_firmwareqcs4290_firmwaresm8150_firmwaremsm8909sm7150p_firmwaresc7180sc8180xp_firmwaresa8150psm6250_firmwaremsm8953_firmwaresm6150_firmwaresda429wmsm8917_firmwaresm8150sdm850sa8195p_firmwaresdm640_firmwareapq8017msm8208_firmwaresxr1120_firmwaresm6125_firmwaresm8150pqcm6125_firmwaremsm8608mdm9640sm6115_firmwaresda429w_firmwaresdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdx24sdx55m_firmwaresdm439sm6150psm6115p_firmwaresdm429msm8940_firmwaresm7150_firmwaresm6150msm8996ausdm429w_firmwaresm7150sm6250pqcs410sda640_firmwaresc8180xsdx50m_firmwaresm8350psdm670_firmwaresdx24_firmwaresdm636sda670qcs605sm6115psm4125_firmwaresdm455_firmwaremsm8937_firmwaremdm9650_firmwaresdm429_firmwaresxr1130_firmwaremsm8209sda855_firmwareapq8009msm8909_firmwaresdx55msm6150p_firmwaresdm455sm7125sdm850_firmwaresm4250p_firmwaremsm8920msm8953qcm4290sdx50msm8350_firmwareqcs603sdm660msm8920_firmwaresc8180x_firmwaresa8155p_firmwaresdm710mdm9607sda670_firmwareqcm6125qcm4290_firmwareqcs610_firmwaresa6145psm4250psdm439_firmwaresdm630_firmwaresda660_firmwaremsm8608_firmwareqm215_firmwaresm7125_firmwaresa6150psdx55msm8940apq8053sa8155psm8150p_firmwareapq8037_firmwaresdm1000_firmwaresm7250pqcs410_firmwaresdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2020-3665
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.16% / 36.99%
||
7 Day CHG~0.00%
Published-22 Jun, 2020 | 07:10
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A possible buffer overflow would occur while processing command from firmware due to the group_id obtained from the firmware being out of range in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, MSM8996, MSM8996AU, QCA6174A, QCA9377, QCA9379, SDM439, SDM636, SDM660, SDX20, SDX24, SM8150

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaremdm9640_firmwaresdm636_firmwaremsm8996au_firmwaresdx20sdm660sdx24sdm439mdm9607_firmwaremdm9650msm8909w_firmwaremdm9607msm8996auapq8009_firmwaremsm8909wmdm9207c_firmwaremsm8996_firmwaremdm9206mdm9207cqca6174a_firmwareqca6174aqca9379_firmwaresm8150_firmwaresdx24_firmwareapq8096ausdm439_firmwaresdm636qca9377mdm9615mdm9206_firmwareapq8053apq8096au_firmwaremdm9615_firmwaremdm9650_firmwaresm8150sdx20_firmwaremsm8996apq8009qca9379apq8053_firmwaresdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2020-3654
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.13%
||
7 Day CHG~0.00%
Published-02 Nov, 2020 | 06:21
Updated-04 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Buffer overflow occurs while processing SIP message packet due to lack of check of index validation before copying into it' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in Agatti, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MSM8905, MSM8909W, MSM8917, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6390, QCA6574AU, QCM2150, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-kamorta_firmwareqcm2150_firmwaresdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632sdm439sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwareagatti_firmwaremsm8996ausdm429w_firmwaresm7150qca6390_firmwaremsm8917sdm670sxr2130qcs605_firmwaresdm670_firmwaresdm636bitraapq8098qcs605bitra_firmwaresdm429_firmwaremsm8905_firmwareqca6574au_firmwaresda660sxr1130_firmwaresxr1130msm8909wapq8053_firmwareagattinicobarsa6155p_firmwaremsm8953sdm450sdm636_firmwareapq8098_firmwaremsm8998_firmwareqcm2150sdm660sdm630sm8250_firmwareqca6574ausa8155p_firmwareqm215sdm710sdm710_firmwaresa6155pmsm8905sm8150_firmwaresxr2130_firmwareapq8096ausdm439_firmwarerennellsdm630_firmwaresda660_firmwarerennell_firmwareqca6390qm215_firmwaremsm8953_firmwaremsm8940saipan_firmwaresm6150_firmwareapq8053msm8917_firmwareapq8096au_firmwaremsm8998sm8150sa8155psm8250kamortasaipannicobar_firmwaresdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2022-33281
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.29%
||
7 Day CHG~0.00%
Published-02 May, 2023 | 05:08
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper validation of array index in computer vision.

Memory corruption due to improper validation of array index in computer vision while testing EVA kernel without sending any frames.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn685x-5_firmwarewcn685x-1_firmwarewcd9380_firmwarewsa8830wcn685x-1sm8450wcn785x-5wcn685x-5wcn785x-1_firmwarewsa8830_firmwarewsa8835wsa8835_firmwarewcd9380sm8450_firmwarewcn785x-5_firmwarewcn785x-1Snapdragon
CWE ID-CWE-129
Improper Validation of Array Index
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found