CVE-2018-5875 | ByteOS Network

Vulnerability Details :

CVE-2018-5875

Assigner-qualcomm

Assigner Org ID-2cfc7d3e-20d3-47ac-8db7-1b7285aff15f

Published At-06 Jul, 2018 | 17:00

Updated At-17 Sep, 2024 | 02:36

While parsing an mp4 file, an integer overflow leading to a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.

EPSS History

Score

Latest Score

-

N/A

Percentile

Latest Percentile

-

N/A

▼Common Vulnerabilities and Exposures (CVE)

Assigner:qualcomm

Assigner Org ID:2cfc7d3e-20d3-47ac-8db7-1b7285aff15f

Published At:06 Jul, 2018 | 17:00

Updated At:17 Sep, 2024 | 02:36

▼CVE Numbering Authority (CNA)

While parsing an mp4 file, an integer overflow leading to a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.

Affected Products

Vendor

Qualcomm Technologies, Inc.

Product

Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear

Versions

Affected

MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDX20

Problem Types

Type	CWE ID	Description
text	N/A	Integer Overflow to Buffer Overflow in Multimedia

Type: text

CWE ID: N/A

Description: Integer Overflow to Buffer Overflow in Multimedia

References

Hyperlink	Resource
https://www.qualcomm.com/company/product-security/bulletins	x_refsource_CONFIRM

Hyperlink: https://www.qualcomm.com/company/product-security/bulletins

Resource:

x_refsource_CONFIRM

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://www.qualcomm.com/company/product-security/bulletins	x_refsource_CONFIRM x_transferred

Hyperlink: https://www.qualcomm.com/company/product-security/bulletins

Resource:

x_refsource_CONFIRM

x_transferred

▼National Vulnerability Database (NVD)

Source:product-security@qualcomm.com

Published At:06 Jul, 2018 | 17:29

Updated At:05 Sep, 2018 | 15:08

While parsing an mp4 file, an integer overflow leading to a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	8.8	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary	2.0	6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P

Type: Primary

Version: 3.0

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 6.8

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:P/I:P/A:P

CPE Matches

Qualcomm Technologies, Inc.

>>mdm9206_firmware>>-

cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>mdm9607_firmware>>-

cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>mdm9650_firmware>>-

cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>msm8909w_firmware>>-

cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>msm8996au_firmware>>-

cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_210_firmware>>-

cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_212_firmware>>-

cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_205_firmware>>-

cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_425_firmware>>-

cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_430_firmware>>-

cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_450_firmware>>-

cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_600_firmware>>-

cpe:2.3:o:qualcomm:sd_600_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_600:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_615_firmware>>-

cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_616_firmware>>-

cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_415_firmware>>-

cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_617_firmware>>-

cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_625_firmware>>-

cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_650_firmware>>-

cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_652_firmware>>-

cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_820_firmware>>-

cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_820a_firmware>>-

cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_835_firmware>>-

cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_845_firmware>>-

cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sdx20_firmware>>-

cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sdx20>>-

cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-119	Primary	nvd@nist.gov
CWE-190	Primary	nvd@nist.gov

CWE ID: CWE-119

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-190

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://www.qualcomm.com/company/product-security/bulletins	product-security@qualcomm.com	Vendor Advisory

Hyperlink: https://www.qualcomm.com/company/product-security/bulletins

Source: product-security@qualcomm.com

Resource:

Vendor Advisory

Similar CVEs

2986Records found

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.30% / 52.99%

||

7 Day CHG~0.00%

Published-06 Nov, 2019 | 17:11

Updated-04 Aug, 2024 | 22:24

Dereference on uninitialized buffer can happen when parsing FLV clip with corrupted codec specific data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20

Vendor-Qualcomm Technologies, Inc.

Product-sd_850 sd_632 sd_820a sd_675 msm8996au_firmware sd_439 sd_670_firmware sd_429 sdm439 sd_636 msm8909w_firmware msm8996au sd_820 sd_450_firmware sd_845_firmware sd_820a_firmware qcs605_firmware sd_675_firmware mdm9206 sd_425_firmware sd_665 sd_625_firmware sd_450 sd_845 mdm9206_firmware qcs605 sd_632_firmware sd_835_firmware sd_835 qca6574au_firmware sda660 sd_210_firmware sd_600 msm8909w sd_665_firmware sd_205_firmware sd_212 sd_712 sd_855 sd_730_firmware qualcomm_215 sdx20 sd_425 sdm660 sdm630 mdm9607_firmware sd_710_firmware qcs405 sd_625 qca6574au sd_210 mdm9607 sd_636_firmware sd_820_firmware sd_439_firmware qualcomm_215_firmware sd_429_firmware sd_730 sd_212_firmware sd_850_firmware sdm439_firmware qcs405_firmware sd_712_firmware sdm630_firmware sda660_firmware sd_670 sd_710 sdx20_firmware sd_600_firmware sd_205 sdm660_firmware sd_855_firmware Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE ID-CWE-908

Use of Uninitialized Resource

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-5.5||MEDIUM

EPSS-0.09% / 24.84%

||

7 Day CHG~0.00%

Published-12 Dec, 2019 | 08:30

Updated-04 Aug, 2024 | 22:31

Driver may access an invalid address while processing IO control due to lack of check of address validation in Snapdragon Connectivity in QCA6390

Vendor-Qualcomm Technologies, Inc.

Product-qca6390 qca6390_firmware Snapdragon Connectivity

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 13.07%

||

7 Day CHG~0.00%

Published-12 Dec, 2019 | 08:30

Updated-04 Aug, 2024 | 22:24

Possible integer overflow while multiplying two integers of 32 bit in QDCM API of get display modes as there is no check on the maximum mode count in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Vendor-Qualcomm Technologies, Inc.

Product-sdm632_firmware msm8996au_firmware sdm845 sdm450_firmware sdm632 sdm439 sdm429 msm8940_firmware sm7150_firmware sm6150 msm8909w_firmware msm8996au sm7150 msm8917 sdm670 sxr2130 qcs605_firmware mdm9206 sdm670_firmware sdm636 sda845_firmware apq8098 mdm9206_firmware qcs605 msm8937_firmware sdm429_firmware sda660 sxr1130_firmware sxr1130 msm8909w msm8909_firmware apq8053_firmware sda845 nicobar msm8920 msm8953 sdm450 sdm636_firmware apq8098_firmware sdx20 msm8998_firmware sdm660 msm8920_firmware sdm630 mdm9607_firmware sm8250_firmware qcs405 sdm710 qm215 mdm9607 apq8017_firmware sdm710_firmware msm8937 mdm9207c_firmware mdm9207c sm8150_firmware msm8909 sxr2130_firmware apq8096au sdm439_firmware qcs405_firmware sdm630_firmware sda660_firmware qm215_firmware msm8953_firmware msm8940 sm6150_firmware apq8053 apq8096au_firmware msm8917_firmware sm8250 msm8998 sm8150 sdx20_firmware apq8017 nicobar_firmware sdm660_firmware sdm845_firmware Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CWE ID-CWE-190

Integer Overflow or Wraparound

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.36% / 57.85%

||

7 Day CHG~0.00%

Published-18 Dec, 2019 | 05:25

Updated-04 Aug, 2024 | 22:24

Improper check in video driver while processing data from video firmware can lead to integer overflow and then buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130

Vendor-Qualcomm Technologies, Inc.

Product-mdm9640_firmware sdm632_firmware msm8996au_firmware sdm845 sdm450_firmware sdm632 sdx24 sdm439 mdm9650 sdm429 msm8940_firmware sm7150_firmware sm6150 msm8909w_firmware msm8996au sm7150 apq8009_firmware msm8917 sdm670 qcs605_firmware mdm9206 sdm670_firmware sdx24_firmware sdm636 sda845_firmware apq8098 mdm9206_firmware qcs605 msm8937_firmware mdm9650_firmware sdm429_firmware msm8905_firmware sda660 sdx55_firmware sxr1130_firmware sxr1130 msm8909w apq8009 apq8053_firmware sda845 nicobar sa6155p_firmware msm8920 msm8953 sdm450 sdm636_firmware sdm845_firmware apq8098_firmware sdx20 msm8998_firmware sdm660 msm8920_firmware sdm630 mdm9607_firmware qcs405 sdm710 qm215 mdm9607 apq8017_firmware sdm710_firmware sa6155p msm8937 mdm9207c_firmware msm8905 mdm9207c sm8150_firmware apq8096au sdm439_firmware qcs405_firmware sdm630_firmware sda660_firmware qm215_firmware sdx55 msm8953_firmware msm8940 sm6150_firmware apq8053 apq8096au_firmware msm8917_firmware msm8998 sm8150 sdx20_firmware apq8017 nicobar_firmware sdm660_firmware mdm9640 Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CWE ID-CWE-190

Integer Overflow or Wraparound

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 13.70%

||

7 Day CHG~0.00%

Published-12 Dec, 2019 | 08:30

Updated-04 Aug, 2024 | 22:24

Lack of check of data truncation on user supplied data in kernel leads to buffer overflow in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24

Vendor-Qualcomm Technologies, Inc.

Product-sd_850 mdm9150_firmware sd_632 mdm9640_firmware sd_820a sd_675 msm8996au_firmware sd_439 sd_670_firmware sd_429 sdx24 sdm439 mdm9650 sd_636 msm8909w_firmware msm8996au sd_450_firmware sd_845_firmware sd_820a_firmware qcs605_firmware sd_675_firmware mdm9206 sd_425_firmware sd_665 sdx24_firmware sd_625_firmware sd_450 sd_845 mdm9206_firmware qcs605 mdm9640 sd_632_firmware sd_835_firmware mdm9650_firmware sd_835 sda660 sd_210_firmware msm8909w sd_665_firmware sd_205_firmware sd_212 sd_712 sd_855 sd_730_firmware sdx20 sd_425 sdm660 sdm630 mdm9607_firmware sd_710_firmware qcs405 sd_625 sd_210 mdm9607 sd_636_firmware sd_439_firmware mdm9150 sd_429_firmware sd_730 sd_212_firmware sd_850_firmware sdm439_firmware qcs405_firmware sd_712_firmware sdm630_firmware sda660_firmware sd_670 sd_710 sdx20_firmware sd_205 sdm660_firmware sd_855_firmware Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CWE ID-CWE-190

Integer Overflow or Wraparound

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.1||HIGH

EPSS-0.04% / 13.07%

||

7 Day CHG~0.00%

Published-16 Apr, 2020 | 10:46

Updated-04 Aug, 2024 | 22:32

Possible integer overflow can happen in host driver while processing user controlled string due to improper validation on data received. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCN7605, QCS605, Rennell, SC8180X, SDA845, SDM710, SDX24, SDX55, SM7150, SM8150, SM8250, SXR2130

Vendor-Qualcomm Technologies, Inc.

Product-sm8150_firmware sdx24_firmware sxr2130_firmware sda845_firmware qcs605_firmware rennell qcn7605 rennell_firmware sdx24 sm8250_firmware qcs605 sc8180x_firmware sdx55 sm7150_firmware sm8250 sdm710 sm8150 sdm710_firmware sdx55_firmware sm7150 qcn7605_firmware sxr2130 sc8180x sda845 Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

CWE ID-CWE-190

Integer Overflow or Wraparound

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 11.65%

||

7 Day CHG~0.00%

Published-08 Sep, 2020 | 09:31

Updated-04 Aug, 2024 | 22:32

u'Possibility of integer overflow in keymaster 4 while allocating memory due to multiplication of large numcerts value and size of keymaster bob which can lead to memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Vendor-Qualcomm Technologies, Inc.

Product-mdm9150_firmware kamorta_firmware qcm2150_firmware qcs610 sdm429w msm8996au_firmware sdm632_firmware sdm845 sdm450_firmware sdm632 sdx24 sdm439 qcs404_firmware mdm9650 sdm429 msm8940_firmware sm7150_firmware sm6150 msm8909w_firmware msm8996au sdm429w_firmware sm7150 apq8009_firmware msm8917 sdm670 sxr2130 qcs605_firmware sc8180x mdm9206 sdm670_firmware qcs404 sdx24_firmware sdm636 sda845_firmware sa415m apq8098 mdm9205 mdm9206_firmware sa515m qcs605 msm8937_firmware mdm9650_firmware sdm429_firmware msm8905_firmware sda660 sdx55_firmware sxr1130_firmware sxr1130 msm8909w apq8009 msm8909_firmware apq8053_firmware sda845 nicobar sdm850_firmware sa6155p_firmware msm8920 msm8953 sdm450 sdm636_firmware sa515m_firmware apq8098_firmware msm8998_firmware qcm2150 msm8920_firmware sdm630 mdm9607_firmware sm8250_firmware sdm660 sc8180x_firmware sa415m_firmware qcs405 sdm710 qm215 sc7180_firmware mdm9607 apq8017_firmware sdm710_firmware sa6155p qcs610_firmware mdm9150 msm8937 msm8996_firmware msm8905 sm8150_firmware msm8909 sxr2130_firmware apq8096au sdm439_firmware qcs405_firmware rennell sc7180 sdm630_firmware mdm9205_firmware sda660_firmware rennell_firmware qm215_firmware sdx55 msm8953_firmware msm8940 sm6150_firmware apq8053 apq8096au_firmware msm8917_firmware sm8250 msm8998 sm8150 sdm850 kamorta apq8017 msm8996 nicobar_firmware sdm660_firmware sdm845_firmware Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

CWE ID-CWE-787

Out-of-bounds Write

CWE ID-CWE-190

Integer Overflow or Wraparound

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.05% / 15.39%

||

7 Day CHG~0.00%

Published-23 Feb, 2018 | 23:00

Updated-16 Sep, 2024 | 16:37

In all Qualcomm products with Android releases from CAF using the Linux kernel, the num_failure_info value from firmware is not properly validated in wma_rx_aggr_failure_event_handler() so that an integer overflow vulnerability in a buffer size calculation may potentially lead to a buffer overflow.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-190

Integer Overflow or Wraparound

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.10% / 28.54%

||

7 Day CHG~0.00%

Published-14 Jun, 2019 | 17:02

Updated-05 Aug, 2024 | 05:47

Buffer overflow in WLAN function due to improper check of buffer size before copying in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS605, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 855, SDM630, SDM660, SDX20, SDX24

Vendor-Qualcomm Technologies, Inc.

Product-sd_712 mdm9150_firmware sd_855 sd_730_firmware mdm9640_firmware sd_820a sd_675 msm8996au_firmware sdx20 sd_670_firmware sdm660 sdx24 sdm630 mdm9607_firmware sd_710_firmware sd_636 mdm9650 sd_625 mdm9607 msm8996au sd_636_firmware sd_820a_firmware mdm9150 qcs605_firmware sd_675_firmware mdm9206 sd_730 sdx24_firmware sd_625_firmware sd_855_firmware sd_712_firmware sdm630_firmware mdm9206_firmware qcs605 sd_670 mdm9650_firmware sd_710 sdx20_firmware sdm660_firmware mdm9640 Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.30% / 52.67%

||

7 Day CHG~0.00%

Published-06 Jul, 2018 | 17:00

Updated-16 Sep, 2024 | 22:26

While sending the response to a RIL_REQUEST_GET_SMSC_ADDRESS message, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.

Vendor-Qualcomm Technologies, Inc.

Product-mdm9206 mdm9635m_firmware sd_212_firmware sd_625_firmware mdm9635m sd_616 mdm9206_firmware sd_615 mdm9607_firmware mdm9650 sd_625 sd_615_firmware sd_210 mdm9607 sd_835_firmware mdm9650_firmware sd_212 sd_835 sd_205 sd_210_firmware sd_415_firmware sd_616_firmware sd_205_firmware sd_415 Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 11.31%

||

7 Day CHG~0.00%

Published-28 Nov, 2018 | 15:00

Updated-05 Aug, 2024 | 05:47

In the device programmer target-side code for firehose, a string may not be properly NULL terminated can lead to a incorrect buffer size in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600, SD 820, SD 820A, SD 835, SDA660, SDX20.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.06% / 19.84%

||

7 Day CHG~0.00%

Published-06 Jul, 2018 | 17:00

Updated-16 Sep, 2024 | 22:14

While processing a message from firmware in htt_t2h_msg_handler_fast() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a buffer overwrite can occur.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 12.16%

||

7 Day CHG~0.00%

Published-06 Jul, 2018 | 19:00

Updated-16 Sep, 2024 | 22:26

Possible buffer overflow in msm_adsp_stream_callback_put due to lack of input validation of user-provided data that leads to integer overflow in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-190

Integer Overflow or Wraparound

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.10% / 27.00%

||

7 Day CHG~0.00%

Published-28 Nov, 2018 | 15:00

Updated-05 Aug, 2024 | 05:47

Potential buffer overflow in Video due to lack of input validation in input and output values in Snapdragon Automobile, Snapdragon Mobile in MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660

Vendor-Qualcomm Technologies, Inc.

Product-sd_850 sd_820a sd_850_firmware sd_625_firmware sd_450 msm8996au_firmware sda660_firmware sd_845 sd_625 sd_820_firmware sd_835_firmware msm8996au sd_820 sd_835 sd_450_firmware sda660 sd_845_firmware sd_820a_firmware Snapdragon Automobile, Snapdragon Mobile

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.30% / 52.79%

||

7 Day CHG~0.00%

Published-06 Jul, 2018 | 17:00

Updated-17 Sep, 2024 | 02:05

While loading dynamic fonts, a buffer overflow may occur if the number of segments in the font file is out of range in Snapdragon Mobile and Snapdragon Wear.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 11.62%

||

7 Day CHG~0.00%

Published-06 Jul, 2018 | 17:00

Updated-17 Sep, 2024 | 01:06

Integer overflow can occur in msm_pcm_adsp_stream_cmd_put() function if the user supplied data "param_length" goes beyond certain limit in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-190

Integer Overflow or Wraparound

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.02% / 5.95%

||

7 Day CHG~0.00%

Published-03 Feb, 2025 | 16:51

Updated-05 Feb, 2025 | 16:02

Use of Out-of-range Pointer Offset in WLAN Windows Host

Memory corruption while Invoking IOCTL calls from user-space to validate FIPS encryption or decryption functionality.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-823

Use of Out-of-range Pointer Offset

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 12.16%

||

7 Day CHG~0.00%

Published-06 Jul, 2018 | 17:00

Updated-16 Sep, 2024 | 16:58

While processing a compressed kernel image, a buffer overflow can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.13% / 32.01%

||

7 Day CHG~0.00%

Published-28 Nov, 2018 | 15:00

Updated-05 Aug, 2024 | 05:47

Possible buffer overflow in DRM Trusted application due to lack of check function return values in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX24, SXR1130.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.10% / 27.00%

||

7 Day CHG~0.00%

Published-28 Nov, 2018 | 15:00

Updated-05 Aug, 2024 | 05:47

Possible buffer overflow in OEM crypto function due to improper input validation in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU, SD 425, SD 430, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX24, SXR1130.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-8.8||HIGH

EPSS-0.08% / 23.12%

||

7 Day CHG~0.00%

Published-18 Jan, 2019 | 22:00

Updated-05 Aug, 2024 | 05:47

Improper validation of buffer length checks in the lwm2m device management protocol can leads to a buffer overflow in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-8.4||HIGH

EPSS-0.06% / 18.84%

||

7 Day CHG~0.00%

Published-04 Apr, 2023 | 04:46

Updated-03 Aug, 2024 | 12:21

Integer overflow or wraparound in WLAN

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

Vendor-Qualcomm Technologies, Inc.

Product-qca9377_firmware sm7325-ae_firmware mdm9640_firmware sm6250p_firmware 8994_firmware ipq4028_firmware sm4250-aam_firmware qca8337 ar9380 ipq8173_firmware qcn5124 mdm9645 wcn3950_firmware sc8180x\+sdx55 qca6595au_firmware sa6155 mdm8215 home_hub_100_platform sd_455_firmware apq8076 qcs6125_firmware msm8108 sm4375 wcn3998 wcd9371_firmware msm8108_firmware wcn3950 qcn6024_firmware sm4125 immersive_home_316_platform_firmware qsw8573_firmware sm6375_firmware wcn3660b qsm8350_firmware qsm8350 sd460_firmware sm7315_firmware snapdragon_636_mobile_platform wcn3998_firmware qca8081_firmware qca6420 qcn9002 qca9986 snapdragon_auto_5g_modem-rf_firmware ipq8070_firmware qca9367_firmware ipq8065 ipq8078a_firmware sdm450 sd_8cx_gen2 sa8155_firmware qca4004_firmware ipq8068 qca6430 snapdragon_630_mobile_platform qts110 wcd9306_firmware 8905_firmware wcd9340 qca6698aq_firmware msm8209_firmware wcn685x-1_firmware mdm9250_firmware qca9888_firmware qcn6122 sm8150_firmware snapdragon_wear_2500_platform qca6696_firmware wcd9371 qca1062 qcn5154_firmware mdm8215_firmware sm4350_firmware sd_8cx sa8150p qca4004 qca9992_firmware sd660 sd865_5g_firmware sm7225_firmware sdm850 sd660_firmware qcn5022_firmware wcn6750_firmware qcn7606_firmware sm6125_firmware immersive_home_216_platform_firmware qca6428_firmware sm6375 qca9985_firmware sm6115_firmware ipq4018_firmware ssg2125p qca9980_firmware sdm429w ipq8078 qca8084 qcn9001_firmware ipq8173 9205_lte_modem sd670_firmware qca6574 apq8053-ac csr8811_firmware wcd9380 qcs410 qcn5024 qca9379_firmware sxr1230p qca9985 qcn9012_firmware sd626 qcn9274_firmware ipq6018_firmware qcm4325_firmware wcd9340_firmware wsa8815 sm6150-ac_firmware pmp8074_firmware qcn6112 qca6584_firmware sdm429_firmware snapdragon_630_mobile_platform_firmware sm4250-aam mdm9215_firmware ipq6028 ipq8064 sd835 pmp8074 ipq9574_firmware qca1990 wcn3980_firmware sd730 sa8295p 9205_lte_modem_firmware qca2062_firmware sm6350 wcn6740_firmware qca6678aq snapdragon_x65_5g_modem-rf_system apq8064au_firmware ipq8078_firmware qcn5054 qcs603 qca9994 sm6350_firmware wcn785x-1_firmware qca9980 sd670 qcn9024_firmware ipq8174_firmware qcm4290_firmware qcn7605_firmware sw5100p_firmware qcs610_firmware sa6145p qca9886_firmware ar8031 immersive_home_214_platform sd820_firmware qca6391_firmware sa4150p_firmware qca4024 wcd9370_firmware sdx55 qcn5021_firmware sm8250 csra6640 ssg2115p_firmware snapdragon_x20_lte_modem wcn3660 qca9379 qcn7606 qsm8250_firmware sdm845_firmware wsa8830 sxr2230p_firmware qca1062_firmware sdm712_firmware snapdragon_x24_lte_modem_firmware csrb31024 mdm9628_firmware flight_rb5_5g_platform mdm9650 flight_rb5_5g_platform_firmware qca8082 qca9992 qcs4290 snapdragon_x20_lte_modem_firmware mdm9250 apq8053-lite qca6420_firmware qca2064_firmware snapdragon_auto_4g_modem_firmware mdm9310_firmware 8994 sd675_firmware qca6564 sm6115 qca6426 wcn3990_firmware qrb5165n_firmware qca9984_firmware qca9377 wcd9385_firmware wcd9326_firmware wcn3615_firmware ipq8074a sm7325-af qcn6102_firmware apq8094 qcn9011_firmware sa8155 snapdragon_x55_5g_modem-rf_system qca6584 qcn5122_firmware sda\/sdm845_firmware sdx55_firmware snapdragon_208_processor_firmware qcn6023_firmware wcn3615 sm7250p_firmware 8953 wcn3610_firmware qrb5165n wcd9306 qca6584au sd778g snapdragon_x65_5g_modem-rf_system_firmware apq8053-aa_firmware sm6225 snapdragon_208_processor ipq8174 qcn5052 qca9367 apq8092 snapdragon_wear_3100_platform sm8250_firmware 8976 qcn6112_firmware sm8250-ac wcn3988_firmware 315_5g_iot_modem qcn9074 qm215 qca6421 qca8085 sd778g_firmware sm7250-aa sa8195p sxr1120 sdm710_firmware sm4375_firmware wcd9326 wcd9335 qcn6023 8917 apq8053-aa qcs4290_firmware qca8085_firmware sxr2130_firmware qcs6490_firmware sm7150-ab qca6390 qca9898_firmware wcd9375 aqt1000 sc8180x\+sdx55_firmware sm6250_firmware sm6150_firmware apq8092_firmware ipq5010_firmware ipq8074a_firmware sm8150 wsa8815_firmware snapdragon_636_mobile_platform_firmware apq8017 sxr1120_firmware qcm6125_firmware snapdragon_x5_lte_modem 8937 sdm845 sd865_5g 8953pro qca6595 8937_firmware ipq8065_firmware sxr1230p_firmware snapdragon_835_mobile_platform qcn5154 qca8075_firmware sxr2130 snapdragon_wear_4100\+_platform snapdragon_820__automotive_platform_firmware wcn685x-5_firmware qcn6132_firmware qcn9003_firmware sdm670_firmware qca9888 qca6310_firmware sm7325 apq8094_firmware ipq8070a_firmware mdm9615 qcs400 qca6574_firmware qca9886 sm7325p_firmware sxr2230p snapdragon_xr2_5g_platform_firmware qca6175a qca6574a_firmware 8953pro_firmware qrb5165m sm7315 snapdragon_x55_5g_modem-rf_system_firmware mdm9310 qcn6102 snapdragon_auto_4g_modem snapdragon_632_mobile_platform_firmware csrb31024_firmware qcm6490_firmware wsa8832_firmware snapdragon_xr1_platform qcn9070_firmware wcn685x-5 ipq6028_firmware ipq8072a_firmware qca9889_firmware qcn5122 mdm9645_firmware sdx20m_firmware sm7250-aa_firmware sm8150-ac_firmware qcn5022 sm8350-ac qca6564_firmware qca1064_firmware wcn6740 sm6150-ac snapdragon_x50_5g_modem-rf_system qca8075 qcn6024 qcn9022 mdm9615_firmware qcn9002_firmware ipq6000_firmware qcs410_firmware snapdragon_wear_1300_platform qca6175a_firmware sdm660_firmware qts110_firmware sm7325_firmware sd_8cx_gen3_firmware qca2066 sa6150p_firmware qcs610 315_5g_iot_modem_firmware qca6431_firmware wcd9360_firmware qca4024_firmware snapdragon_wear_2100_platform_firmware immersive_home_318_platform_firmware ipq8078a ipq5028_firmware sa8150p_firmware qcs2290 qca6335 qca2062 sdm670 sdm712 sm8350 csra6620_firmware qcs605_firmware sd_675_firmware csra6640_firmware apq5053-aa_firmware wcn685x-1 qcs400_firmware sm7350-ab_firmware qca6554a_firmware qam8295p sd_8cx_gen2_firmware ipq8076a mdm9628 qca8386_firmware sd_8_gen1_5g_firmware qca8084_firmware sm7150-ac qca6428 sm7325-ae qca6574au_firmware qcn5164_firmware 8976_firmware sa6155_firmware sm6225-ad wcd9375_firmware msm8909w wcd9360 snapdragon_xr2\+_gen_1_platform sdx20m qca6438_firmware 8909 qca6678aq_firmware wcn3999 sm6225-ad_firmware qrb5165m_firmware ipq5028 qrb5165_firmware ipq4029_firmware qca6698aq qcs6125 apq8016_firmware ipq6010 sd662_firmware sm7250-ab_firmware qcn6132 sd626_firmware qca1990_firmware sw5100 home_hub_100_platform_firmware qca6436 8953_firmware sa6155p qcs603_firmware wcn3660_firmware wcd9341 ipq8068_firmware qca2066_firmware pm8937_firmware qca6431 ipq9008_firmware snapdragon_x12_lte_modem wcn3910_firmware sm8250-ac_firmware wsa8830_firmware sd855_firmware 8940 wcn3988 qca6438 sa8195p_firmware qca9898 sa8295p_firmware ipq4028 wcn3610 mdm9640 msm8608 qca8337_firmware wcd9380_firmware ipq8072a sw5100p msm8996au_firmware wcd9330 snapdragon_820__automotive_platform ipq8076a_firmware snapdragon_w5\+_gen_1_wearable_platform qca6564au ipq9008 qcn5164 sdm429 qet4101_firmware 8920_firmware snapdragon_wear_4100\+_platform_firmware qcn5054_firmware apq8053-ac_firmware sm7150-aa_firmware qca8072_firmware qca6174 qca6430_firmware qcn5052_firmware wcd9335_firmware wcn3980 qca6335_firmware sm7225 qsw8573 8996 qcs605 sd7c wcn3910 qca6320 mdm9650_firmware qca9986_firmware qca6426_firmware wcn3660b_firmware wcn3680 qca9984 qcn9024 snapdragon_xr2\+_gen_1_platform_firmware wcd9330_firmware ipq8064_firmware sm7150-aa snapdragon_x50_5g_modem-rf_system_firmware qca6421_firmware sm7125 snapdragon_xr2_5g_platform ar8031_firmware wcn3680_firmware sm7150-ab_firmware qrb5165 sm8350_firmware ipq8070 sdm660 sdm710 qca6564a_firmware apq8053-lite_firmware snapdragon_x24_lte_modem wsa8832 qsm8250 ipq6018 sdm439_firmware qca6595_firmware sa8145p immersive_home_214_platform_firmware qca2064 qm215_firmware sm4350-ac_firmware sd888_firmware sa8155p sd675 qet4101 ar8035_firmware qcm2290 snapdragon_632_mobile_platform qcn5024_firmware snapdragon_wear_2100_platform qcn9070 sa8145p_firmware sm6125 qcs2290_firmware sdm450_firmware wcn785x-5 sd7c_firmware csra6620 qcn9072 sm7250-ac_firmware qca8386 8996_firmware qca6390_firmware ipq8069_firmware ipq6000 qca6174_firmware sd730_firmware 8920 wcd9370 snapdragon_835_mobile_platform_firmware ssg2115p qcn5152_firmware qca6584au_firmware apq8076_firmware qcn9000_firmware sm8450 sm8250-ab sd_8cx_firmware qcn7605 immersive_home_216_platform immersive_home_316_platform immersive_home_318_platform qca2065 sd662 qcn5124_firmware qam8295p_firmware apq8037 qca1064 qcn6100_firmware qca8082_firmware qca6320_firmware wcn3680b_firmware 8917_firmware qca6595au sm7325-af_firmware wcn3999_firmware qca6436_firmware sm4350-ac snapdragon_w5\+_gen_1_wearable_platform_firmware ipq5010 qca6564au_firmware sa6155p_firmware qca6310 qcn9274 pm8937 qcn9001 qca9990 qcs6490 snapdragon_x5_lte_modem_firmware sa6145p_firmware sm6250 apq8017_firmware wsa8810_firmware sm8450_firmware snapdragon_ar2_gen_1_platform_firmware sg4150p qca8081 ipq8071a qca6174a_firmware ipq8071a_firmware snapdragon_wear_1300_platform_firmware wcd9385 qca2065_firmware snapdragon_x12_lte_modem_firmware sd_8cx_gen3 ar8035 csr8811 sda\/sdm845 apq8064au 8909_firmware qcn9100_firmware wcn3620_firmware sd820 qcm6490 wsa8835_firmware wcn3620 sm7350-ab qca6564a sa4150p sg4150p_firmware wcn785x-1 qcm4325 qca8072 qcm2290_firmware apq5053-aa 8992_firmware wcn3990 qcn9000 sd_675 qca6554a ar9380_firmware sm8350-ac_firmware sdm439 sm8150-ac qcn9012 sd888 sm6150 msm8909w_firmware qcn6122_firmware msm8996au sdm429w_firmware wsa8835 snapdragon_auto_5g_modem-rf sd_8_gen1_5g sm6250p ssg2125p_firmware ipq4018 qca6574a qca9889 qca6174a sm7325p ipq8074 wcn6750 qca9994_firmware qcn9003 ipq8076_firmware sm7150-ac_firmware sm7250-ab 8992 sd855 sm4125_firmware ipq8076 8940_firmware qcn5021 ipq8069 qcn5152 msm8209 wcn785x-5_firmware sd460 qca6391 sm8250-ab_firmware aqt1000_firmware sdm850_firmware qcn9100 qcm4290 mdm9215 qcn9011 sd_455 sm6225_firmware ipq8074_firmware qca6574au sa8155p_firmware ipq9574 wcd9341_firmware qcm6125 wsa8810 8905 sm7250-ac snapdragon_ar2_gen_1_platform wcn3680b sd835_firmware ipq6010_firmware snapdragon_wear_2500_platform_firmware qca6696 sm4350 apq8016 msm8608_firmware sm7125_firmware sa6150p qcn9022_firmware qca9990_firmware apq8037_firmware ipq8070a qcn6100 qcn9072_firmware sm7250p snapdragon_wear_3100_platform_firmware sw5100_firmware qcn9074_firmware ipq4029 snapdragon_xr1_platform_firmware Snapdragon

CWE ID-CWE-190

Integer Overflow or Wraparound

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.3||HIGH

EPSS-0.10% / 28.11%

||

7 Day CHG~0.00%

Published-03 Apr, 2018 | 17:00

Updated-16 Sep, 2024 | 22:35

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the function wma_tbttoffset_update_event_handler(), a parameter received from firmware is used to allocate memory for a local buffer and is not properly validated. This can potentially result in an integer overflow subsequently leading to a heap overwrite.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-190

Integer Overflow or Wraparound

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.07% / 20.13%

||

7 Day CHG~0.00%

Published-06 Jul, 2018 | 19:00

Updated-17 Sep, 2024 | 02:22

In the audio debugfs in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, out of bounds access can occur.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.08% / 23.21%

||

7 Day CHG~0.00%

Published-06 Jul, 2018 | 17:00

Updated-16 Sep, 2024 | 17:22

In __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potentially occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.02% / 3.93%

||

7 Day CHG~0.00%

Published-03 Apr, 2018 | 17:00

Updated-16 Sep, 2024 | 16:58

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, improper buffer length validation in extscan hotlist event can lead to potential buffer overflow.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-8.4||HIGH

EPSS-0.06% / 18.07%

||

7 Day CHG~0.00%

Published-07 Mar, 2023 | 04:43

Updated-03 Aug, 2024 | 12:21

Integer overflow to buffer overflow in WLAN

Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.

Vendor-Qualcomm Technologies, Inc.

Product-sd_8cx_gen3_firmware qca2066 sa6150p_firmware qcs610 qca8337 ipq8173_firmware qca6431_firmware wcd9360_firmware sdx65 qcn5124 qca4024_firmware wcn3950_firmware sc8180x\+sdx55 ipq8078a sa8150p_firmware qca6595au_firmware sa6155 qca2062 csra6620_firmware sd_675_firmware csra6640_firmware qcs6125_firmware sa415m wcn3998 qca6554a_firmware wcd9371_firmware qam8295p wcn3950 qcn6024_firmware sd_8cx_gen2_firmware ipq8076a qca8386_firmware sd_8_gen1_5g_firmware qca8084_firmware qsm8350_firmware qsm8350 sm7315_firmware wcn7850 qca6574au_firmware qcn5164_firmware ipq8071 wcd9375_firmware qca8081_firmware wcn3998_firmware sa6155_firmware qca6420 wcd9360 ipq8070_firmware ipq8078a_firmware qca6678aq_firmware wcn3999 sd_8cx_gen2 qrb5165_firmware qrb5165m_firmware ipq8072_firmware qca6698aq qcs6125 sa8155_firmware ipq6010 qcs405 qca6430 sdx65m wcd9340 qcn6132 sd765g qca6436 wcn6851 sa6155p wcn7851_firmware qca6698aq_firmware qca9888_firmware qcn6122 wcd9341 qca2066_firmware qca6431 qca6696_firmware wcd9371 sd870_firmware sd750g qca1062 ipq9008_firmware qcn5154_firmware sxr2150p_firmware sd_8cx sa8150p wsa8830_firmware sd855_firmware sd865_5g_firmware snapdragon_4_gen_1 wcn3988 wcn7850_firmware sa8195p_firmware sm8475 qcn5022_firmware qcn7606_firmware wcn6750_firmware sa8295p_firmware ipq5018_firmware wcn3991 qca8337_firmware wcd9380_firmware ssg2125p ipq8072a ipq8076a_firmware ipq8078 qca8084 sdx55m_firmware ipq8173 qca6564au wcn6856_firmware ipq9008 qcn5164 qca6574 csr8811_firmware wcd9380 qcn5054_firmware qcs410 qcn5024 sd690_5g_firmware sdx50m_firmware sxr1230p qca8072_firmware qcn9012_firmware qca6430_firmware qcn9274_firmware qcn5052_firmware wcd9335_firmware wcn3980 ipq6018_firmware wcd9340_firmware wsa8815 wcn6850 pmp8074_firmware qcn6112 qca6426_firmware sd695 ipq6028 qca9984 qcn9024 pmp8074 ipq9574_firmware wcn3980_firmware sd730 sdx55m sa8295p qca6421_firmware qca2062_firmware wcn6740_firmware qca6678aq sd678_firmware ar8031_firmware ipq8078_firmware qcn5054 qrb5165 wcn6851_firmware ipq8070 qcn9024_firmware ipq8174_firmware sd480 sd870 wsa8832 wcn6855 qcn7605_firmware qcs610_firmware qsm8250 sa6145p ipq6018 sd695_firmware ar8031 qca6595_firmware qcs405_firmware sa8145p qca6391_firmware sa4150p_firmware qca4024 wcd9370_firmware qca2064 sd780g_firmware sdx55 sd888_firmware qcn5021_firmware sa8155p csra6640 sd675 ssg2115p_firmware sxr2150p ar8035_firmware qsm8250_firmware qcn7606 qcn5024_firmware wcn3991_firmware wsa8830 sd678 qcn9070 sxr2230p_firmware sa8145p_firmware qca1062_firmware csrb31024 snapdragon_4_gen_1_firmware csra6620 qca8082 qcn9072 qca8386 sd765g_firmware qca6420_firmware qca6390_firmware qca2064_firmware sd690_5g sd730_firmware wcd9370 sd675_firmware ssg2115p ipq8072 qcn5152_firmware qca6426 qca6584au_firmware wcn3990_firmware qrb5165n_firmware qcn9000_firmware qca9984_firmware ipq5018 sd_8cx_firmware wcd9385_firmware sdxr2_5g_firmware qcn7605 ipq8074a qca2065 qcn5124_firmware qam8295p_firmware qcn6102_firmware qcn9011_firmware qca1064 sa8155 qcn6100_firmware qca8082_firmware qcn5122_firmware sdx55_firmware qca6595au qcn6023_firmware wcn3999_firmware sm7250p_firmware qca6436_firmware qrb5165n qca6564au_firmware qca6584au sd778g sa6155p_firmware qcn9274 ipq8174 wcn7851 sa515m_firmware qcs6490 sdxr2_5g qcn5052 qcn6112_firmware sa415m_firmware wcn3988_firmware qcn9074 sa6145p_firmware qca6421 qca8085 sd778g_firmware sa8195p wsa8810_firmware sd765_firmware wcd9335 qca8081 qcn6023 ipq8071a sdx65m_firmware ipq8071a_firmware wcd9385 qca8085_firmware qcs6490_firmware qca2065_firmware sd_8cx_gen3 qca6390 wcd9375 sd750g_firmware aqt1000 ar8035 csr8811 sc8180x\+sdx55_firmware qcn9100_firmware ipq8074a_firmware sd888_5g_firmware wsa8815_firmware qcm6490 wcn6850_firmware wsa8835_firmware qcx315 sa4150p qcm6125_firmware qca8072 wcn3990 qcn9000 sd_675 sd780g qca6554a sd865_5g qca6595 qcn9012 sd888 qcn6122_firmware qcx315_firmware sxr1230p_firmware wsa8835 sd665_firmware sd888_5g qcn5154 qca8075_firmware ssg2125p_firmware qca6574a wcn6855_firmware qca9889 sm7325p qcn6132_firmware qca9888 ipq8074 wcn6750 ipq8070a_firmware ipq8076_firmware sa515m qca6574_firmware sd855 sm7325p_firmware sd665 sxr2230p ipq8076 sd765 qca6574a_firmware qcn5021 sd768g_firmware qcn5152 qrb5165m sm7315 qca6391 aqt1000_firmware qcn6102 qcn9100 sdx65_firmware csrb31024_firmware qcm6490_firmware wsa8832_firmware sdx50m qcn9070_firmware sd480_firmware ipq6028_firmware ipq8072a_firmware qcn9011 ipq8074_firmware qca6574au qca9889_firmware sa8155p_firmware qcn5122 ipq9574 wcd9341_firmware qcm6125 wsa8810 wcn6856 qcn5022 sd768g ipq6010_firmware qca1064_firmware wcn6740 qca6696 sa6150p qca8075 qcn9022_firmware qcn6024 qcn9022 ipq8070a qcn6100 qcn9072_firmware sm7250p ipq8071_firmware qcn9074_firmware qcs410_firmware Snapdragon

CWE ID-CWE-680

Integer Overflow to Buffer Overflow

CWE ID-CWE-190

Integer Overflow or Wraparound

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-8||HIGH

EPSS-0.13% / 32.95%

||

7 Day CHG~0.00%

Published-06 Jul, 2018 | 19:00

Updated-16 Sep, 2024 | 19:30

While parsing over-the-air information elements in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, the use of an out-of-range pointer offset can occur.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.3||HIGH

EPSS-0.10% / 28.11%

||

7 Day CHG~0.00%

Published-03 Apr, 2018 | 17:00

Updated-16 Sep, 2024 | 22:09

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, compromised WLAN FW can potentially cause a buffer overwrite.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.07% / 21.93%

||

7 Day CHG~0.00%

Published-06 Jul, 2018 | 17:00

Updated-17 Sep, 2024 | 04:19

While processing the HTT_T2H_MSG_TYPE_MGMT_TX_COMPL_IND message, a buffer overflow can potentially occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.02% / 4.83%

||

7 Day CHG~0.00%

Published-17 May, 2018 | 22:00

Updated-17 Sep, 2024 | 02:10

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overflow vulnerability exists in WLAN while processing an extscan hotlist event.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.06% / 19.84%

||

7 Day CHG~0.00%

Published-06 Jul, 2018 | 19:00

Updated-17 Sep, 2024 | 01:21

In __wlan_hdd_cfg80211_vendor_scan() in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, when SCAN_SSIDS and QCA_WLAN_VENDOR_ATTR_SCAN_FREQUENCIES are parsed, a buffer overwrite can potentially occur.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 13.31%

||

7 Day CHG~0.00%

Published-12 Jun, 2018 | 20:00

Updated-17 Sep, 2024 | 03:12

In the function wma_pdev_div_info_evt_handler() in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, there is no upper bound check on the value event->num_chains_valid received from firmware which can lead to a buffer overwrite of the fixed size chain_rssi_result structure.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 11.31%

||

7 Day CHG~0.00%

Published-28 Nov, 2018 | 15:00

Updated-05 Aug, 2024 | 05:47

While loading a service image, an untrusted pointer dereference can occur in Snapdragon Mobile in versions SD 835, SDA660, SDX24.

Vendor-Qualcomm Technologies, Inc.

Product-sd_835_firmware sdx24_firmware sd_835 sda660 sda660_firmware sdx24 Snapdragon Mobile

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 12.15%

||

7 Day CHG~0.00%

Published-18 Jan, 2019 | 22:00

Updated-05 Aug, 2024 | 05:47

Lack of checking input size can lead to buffer overflow In WideVine in snapdragon automobile and snapdragon mobile in versions MSM8996AU, SD 425, SD 430, SD 450, SD 625, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX24, SXR1130

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.02% / 4.83%

||

7 Day CHG~0.00%

Published-15 Jun, 2018 | 20:00

Updated-16 Sep, 2024 | 20:32

If userspace provides a too-large WPA RSN IE length in wlan_hdd_cfg80211_set_ie(), a buffer overflow occurs in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.02% / 3.50%

||

7 Day CHG~0.00%

Published-03 Apr, 2018 | 17:00

Updated-16 Sep, 2024 | 22:30

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in function wma_extscan_start_stop_event_handler(), vdev_id comes from the variable event from firmware and is not properly validated potentially leading to a buffer overwrite.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 13.31%

||

7 Day CHG~0.00%

Published-12 Jun, 2018 | 20:00

Updated-17 Sep, 2024 | 03:02

An arbitrary address write can occur if a compromised WLAN firmware sends incorrect data to WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.07% / 21.62%

||

7 Day CHG~0.00%

Published-06 Jul, 2018 | 17:00

Updated-16 Sep, 2024 | 16:39

If the seq_len is greater then CSR_MAX_RSC_LEN, a buffer overflow in __wlan_hdd_cfg80211_add_key() may occur when copying keyRSC in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.02% / 4.39%

||

7 Day CHG~0.00%

Published-19 Sep, 2018 | 14:00

Updated-05 Aug, 2024 | 04:50

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while relocating kernel images with a specially crafted boot image, an out of bounds access can occur.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 13.31%

||

7 Day CHG~0.00%

Published-12 Jun, 2018 | 20:00

Updated-16 Sep, 2024 | 16:49

In the WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a buffer overwrite can occur if the vdev_id received from firmware is larger than max_bssid.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.17% / 38.56%

||

7 Day CHG~0.00%

Published-06 Jun, 2018 | 21:00

Updated-16 Sep, 2024 | 20:52

Type mismatch for ie_len can cause the WLAN driver to allocate less memory on the heap due to implicit casting leading to a heap buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.22% / 44.58%

||

7 Day CHG~0.00%

Published-11 Apr, 2018 | 15:00

Updated-16 Sep, 2024 | 22:02

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9650, MDM9655, SD 835, SD 845, SD 850, the vswr capture size is larger than the maximum size of a diag logPacket, which can lead to a buffer overflow when the sample buffer is copied to the logPacket buffer.

Vendor-Qualcomm Technologies, Inc.

Product-sd_850 sd_835_firmware mdm9655_firmware mdm9650_firmware sd_850_firmware mdm9655 sd_835 sd_845_firmware sd_845 mdm9650 Snapdragon Mobile

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.02% / 4.83%

||

7 Day CHG~0.00%

Published-17 May, 2018 | 22:00

Updated-17 Sep, 2024 | 04:09

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overflow vulnerability exists in WLAN while processing the HTT_T2H_MSG_TYPE_PEER_MAP or HTT_T2H_MSG_TYPE_PEER_UNMAP messages.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.11% / 28.93%

||

7 Day CHG~0.00%

Published-06 Jun, 2018 | 21:00

Updated-17 Sep, 2024 | 04:03

While sending a probe request indication in lim_send_sme_probe_req_ind() in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a buffer overflow can occur.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.18% / 40.07%

||

7 Day CHG~0.00%

Published-06 Jul, 2018 | 19:00

Updated-17 Sep, 2024 | 03:54

An integer overflow to buffer overflow vulnerability exists in the ADSPRPC heap manager in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-190

Integer Overflow or Wraparound

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-5.5||MEDIUM

EPSS-0.12% / 31.24%

||

7 Day CHG~0.00%

Published-06 Jun, 2018 | 21:00

Updated-16 Sep, 2024 | 21:56

Buffer over -read can occur while processing a FILS authentication frame in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 13.31%

||

7 Day CHG~0.00%

Published-12 Jun, 2018 | 20:00

Updated-16 Sep, 2024 | 20:12

While processing a DSP buffer in an audio driver's event handler, an index of a buffer is not checked before accessing the buffer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.06% / 17.38%

||

7 Day CHG~0.00%

Published-12 Jun, 2018 | 20:00

Updated-16 Sep, 2024 | 17:23

Buffer overflow can occur due to improper input validation in multiple WMA event handler functions in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE ID-CWE-20

Improper Input Validation

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.5||HIGH

EPSS-0.24% / 47.46%

||

7 Day CHG~0.00%

Published-06 Jul, 2018 | 17:00

Updated-16 Sep, 2024 | 18:34

While processing fragments, when the fragment count becomes very large, an integer overflow leading to a buffer overflow can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-190

Integer Overflow or Wraparound