CVE-2018-5881 | ByteOS Network

Vulnerability Details :

CVE-2018-5881

Assigner-qualcomm

Assigner Org ID-2cfc7d3e-20d3-47ac-8db7-1b7285aff15f

Published At-18 Jan, 2019 | 22:00

Updated At-05 Aug, 2024 | 05:47

Improper validation of buffer length checks in the lwm2m device management protocol can leads to a buffer overflow in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660

EPSS History

Score

Latest Score

-

N/A

Percentile

Latest Percentile

-

N/A

▼Common Vulnerabilities and Exposures (CVE)

Assigner:qualcomm

Assigner Org ID:2cfc7d3e-20d3-47ac-8db7-1b7285aff15f

Published At:18 Jan, 2019 | 22:00

Updated At:05 Aug, 2024 | 05:47

▼CVE Numbering Authority (CNA)

Improper validation of buffer length checks in the lwm2m device management protocol can leads to a buffer overflow in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660

Affected Products

Vendor

Qualcomm Technologies, Inc.

Product

Snapdragon Mobile, Snapdragon Wear

Versions

Affected

MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660

Problem Types

Type	CWE ID	Description
text	N/A	Improper Restriction of Operations within the Bounds of a Memory Buffer in Data

Type: text

CWE ID: N/A

Description: Improper Restriction of Operations within the Bounds of a Memory Buffer in Data

References

Hyperlink	Resource
https://www.qualcomm.com/company/product-security/bulletins	x_refsource_CONFIRM

Hyperlink: https://www.qualcomm.com/company/product-security/bulletins

Resource:

x_refsource_CONFIRM

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://www.qualcomm.com/company/product-security/bulletins	x_refsource_CONFIRM x_transferred

Hyperlink: https://www.qualcomm.com/company/product-security/bulletins

Resource:

x_refsource_CONFIRM

x_transferred

▼National Vulnerability Database (NVD)

Source:product-security@qualcomm.com

Published At:18 Jan, 2019 | 22:29

Updated At:24 Jan, 2019 | 19:02

Improper validation of buffer length checks in the lwm2m device management protocol can leads to a buffer overflow in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	8.8	HIGH	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	8.3	HIGH	AV:A/AC:L/Au:N/C:C/I:C/A:C

Type: Primary

Version: 3.0

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 8.3

Base severity: HIGH

Vector:

AV:A/AC:L/Au:N/C:C/I:C/A:C

CPE Matches

Qualcomm Technologies, Inc.

>>mdm9206_firmware>>-

cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>mdm9607_firmware>>-

cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_210_firmware>>-

cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_212_firmware>>-

cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_205_firmware>>-

cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_425_firmware>>-

cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_427_firmware>>-

cpe:2.3:o:qualcomm:sd_427_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_427:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_430_firmware>>-

cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_435_firmware>>-

cpe:2.3:o:qualcomm:sd_435_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_435:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_450_firmware>>-

cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_625_firmware>>-

cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_636_firmware>>-

cpe:2.3:o:qualcomm:sd_636_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_636:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_835_firmware>>-

cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sda660_firmware>>-

cpe:2.3:o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sda660:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sdm630_firmware>>-

cpe:2.3:o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sdm630:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sdm660_firmware>>-

cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sdm660:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-119	Primary	nvd@nist.gov

CWE ID: CWE-119

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://www.qualcomm.com/company/product-security/bulletins	product-security@qualcomm.com	Vendor Advisory

Hyperlink: https://www.qualcomm.com/company/product-security/bulletins

Source: product-security@qualcomm.com

Resource:

Vendor Advisory

Similar CVEs

464Records found

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.22% / 44.32%

||

7 Day CHG~0.00%

Published-18 Apr, 2018 | 14:00

Updated-17 Sep, 2024 | 02:05

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, incorrect offset check in wv_dash_core_refresh_keys() may lead to a buffer overread.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.06% / 19.68%

||

7 Day CHG~0.00%

Published-13 Jun, 2017 | 20:00

Updated-20 Apr, 2025 | 01:37

In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE application.

Vendor-Google LLC Qualcomm Technologies, Inc.

Product-android All Qualcomm products

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.23% / 46.18%

||

7 Day CHG~0.00%

Published-18 Apr, 2018 | 14:00

Updated-17 Sep, 2024 | 00:06

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, and SDX20, in pre-auth request, Host driver uses FT IEs sent by the supplicant. A buffer overflow may occur if FT IEs sent by the supplicant are larger than the expected value.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.15% / 36.50%

||

7 Day CHG~0.00%

Published-18 Aug, 2017 | 18:00

Updated-20 Apr, 2025 | 01:37

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall.

Vendor-Google LLC Qualcomm Technologies, Inc.

Product-android All Qualcomm products

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.23% / 46.18%

||

7 Day CHG~0.00%

Published-18 Apr, 2018 | 14:00

Updated-16 Sep, 2024 | 16:28

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, lack of input Validation in QURTK_write() can cause potential buffer overflow.

Vendor-Qualcomm Technologies, Inc.

Product-sd_850 mdm9635m_firmware mdm9640_firmware sd_820a mdm9650 sd_615_firmware msm8909w_firmware sd_820 mdm9645 sd_650 sd_450_firmware sd_845_firmware sd_410 sd_820a_firmware mdm9206 sd_652 sd_425_firmware sd_800_firmware sd_625_firmware sd_450 mdm9635m mdm9615 sd_845 mdm9206_firmware mdm9640 sd_835_firmware mdm9650_firmware sd_835 sd_210_firmware sd_415_firmware sd_652_firmware sd_600 msm8909w sd_616_firmware sd_205_firmware sd_415 sd_650_firmware sd_212 fsm9055 sd_412 sd_808_firmware sd_400 sdx20 sd_616 sd_425 sd_430_firmware mdm9607_firmware sd_615 mdm9655_firmware sd_625 sd_210 mdm9607 sd_820_firmware mdm9645_firmware mdm9625_firmware sd_808 sd_800 fsm9055_firmware sd_617 sd_400_firmware sd_212_firmware sd_850_firmware mdm9655 sd_412_firmware mdm9625 sd_430 sd_810 mdm9615_firmware sdx20_firmware sd_410_firmware sd_600_firmware sd_205 sd_810_firmware sd_617_firmware Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear, Small Cell SoC

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.19% / 40.91%

||

7 Day CHG~0.00%

Published-18 Aug, 2017 | 18:00

Updated-20 Apr, 2025 | 01:37

In all Qualcomm products with Android releases from CAF using the Linux kernel, a string can fail to be null-terminated in SIP leading to a buffer overflow.

Vendor-Google LLC Qualcomm Technologies, Inc.

Product-android All Qualcomm products

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.22% / 44.32%

||

7 Day CHG~0.00%

Published-18 Apr, 2018 | 14:00

Updated-17 Sep, 2024 | 01:31

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, while processing the rmp secure command, memory corruption may result if the response buffer is smaller than the expected size.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.22% / 44.32%

||

7 Day CHG~0.00%

Published-18 Apr, 2018 | 14:00

Updated-16 Sep, 2024 | 20:03

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 410/12, SD 617, SD 650/52, SD 800, SD 808, and SD 810, lack of validation of the return value prior to using for buffer allocation in QSEE application, TQS, may result in memory overwrite.

Vendor-Qualcomm Technologies, Inc.

Product-sd_652 sd_800_firmware sd_412 sd_808_firmware sd_412_firmware sd_810 sd_650 sd_410_firmware sd_808 sd_800 sd_652_firmware sd_410 sd_617 sd_810_firmware sd_650_firmware sd_617_firmware Snapdragon Mobile

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.23% / 46.18%

||

7 Day CHG~0.00%

Published-18 Apr, 2018 | 14:00

Updated-17 Sep, 2024 | 03:14

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, and SD 810, TOCTOU condition could lead to a buffer overflow in function playready_reader_bind().

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.22% / 44.32%

||

7 Day CHG~0.00%

Published-18 Apr, 2018 | 14:00

Updated-16 Sep, 2024 | 18:49

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, and SD 800, lack of input validation while processing TZ_PR_CMD_SAVE_KEY command could lead to a buffer overread.

Vendor-Qualcomm Technologies, Inc.

Product-sd_212_firmware sd_800_firmware sd_412 sd_412_firmware sd_400 sd_210 msm8909w_firmware sd_410_firmware sd_205 sd_800 sd_210_firmware sd_410 msm8909w sd_400_firmware sd_205_firmware sd_212 Snapdragon Mobile, Snapdragon Wear

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE ID-CWE-20

Improper Input Validation

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.15% / 36.50%

||

7 Day CHG~0.00%

Published-18 Aug, 2017 | 18:00

Updated-20 Apr, 2025 | 01:37

In all Qualcomm products with Android releases from CAF using the Linux kernel, an incorrect length is used to clear a memory buffer resulting in adjacent memory getting corrupted.

Vendor-Google LLC Qualcomm Technologies, Inc.

Product-android All Qualcomm products

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.15% / 36.50%

||

7 Day CHG~0.00%

Published-18 Aug, 2017 | 18:00

Updated-20 Apr, 2025 | 01:37

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read may occur in the processing of a downlink 3G NAS message.

Vendor-Google LLC Qualcomm Technologies, Inc.

Product-android All Qualcomm products

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.25% / 47.77%

||

7 Day CHG~0.00%

Published-18 Aug, 2017 | 18:00

Updated-20 Apr, 2025 | 01:37

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a procedure involving a remote UIM client.

Vendor-Google LLC Qualcomm Technologies, Inc.

Product-android Snapdragon Mobile

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.08% / 24.82%

||

7 Day CHG~0.00%

Published-06 May, 2024 | 14:32

Updated-11 Aug, 2025 | 15:06

Use of Out-of-range Pointer Offset in Video

Memory corruption when the payload received from firmware is not as per the expected protocol size.

Vendor-Qualcomm Technologies, Inc.

Product-qdx1010_firmware qcm8550_firmware qcs410_firmware sa6150p_firmware sd865_5g sw5100p qcs8155_firmware qca6595 qcs610_firmware wcd9335 wcd9370 qca8081_firmware snapdragon_7c_gen_2_compute_firmware qca6696 wcd9340_firmware sa8530p wcd9341_firmware wcd9395_firmware qcn6024 qcc710_firmware qca6426 snapdragon_8\+_gen_1_mobile wcn6740_firmware fastconnect_6700 wcn3610 snapdragon_780g_5g_mobile snapdragon_750g_5g_mobile snapdragon_685_4g_mobile sa4150p snapdragon_782g_mobile_firmware snapdragon_x50_5g_modem-rf_firmware snapdragon_wear_4100\+_firmware wsa8832_firmware qca8337 qdu1110 qca6426_firmware wcd9395 snapdragon_auto_4g_modem qca6574au_firmware snapdragon_690_5g_mobile_firmware snapdragon_x72_5g_modem-rf qca6564_firmware sm6370 qam8295p wcd9341 qca6574au wcd9390 snapdragon_x12_lte_modem snapdragon_888\+_5g_mobile_firmware sa8620p_firmware wsa8810_firmware sd730_firmware wsa8845h_firmware csra6640 snapdragon_778g_5g_mobile_firmware sa9000p_firmware srv1h wcn3660b_firmware sd730 fsm20055 snapdragon_690_5g_mobile fastconnect_6800_firmware qcs5430 fsm10055 qcn6024_firmware qcm5430 qcm5430_firmware video_collaboration_vc1_platform_firmware sa4155p sa8770p qcm6125_firmware c-v2x_9150 snapdragon_678_mobile_firmware ssg2115p qcc710 snapdragon_xr2_5g_firmware sa8540p qsm8250_firmware qsm8350_firmware snapdragon_wear_4100\+315_5g_iot_modem_firmware fastconnect_6900 snapdragon_w5\+_gen_1_wearable_firmware video_collaboration_vc1_platform qru1032_firmware qep8111 sa7255p fsm10056_firmware qfw7114 snapdragon_730_mobile_firmware wcd9385_firmware qca6421 315_5g_iot_modem qam8255p_firmware sa8155_firmware wcd9360 snapdragon_x65_5g_modem-rf qcs4490 snapdragon_730_mobile snapdragon_680_4g_mobile wsa8845 sa6155p qca6421_firmware qcm6125 qca6564au_firmware wsa8810 qam8650p video_collaboration_vc5_platform_firmware sa9000p qdu1000_firmware qsm8250 srv1h_firmware snapdragon_888_5g_mobile_firmware qca6595au snapdragon_888_5g_mobile sxr2250p_firmware sm7315_firmware qdu1010 snapdragon_662_mobile_firmware sa6155p_firmware snapdragon_685_4g_mobile_firmware wcd9326_firmware wsa8840 srv1m_firmware qcs8550_firmware snapdragon_730g_mobile snapdragon_782g_mobile snapdragon_x35_5g_modem-rf_firmware qdu1210_firmware snapdragon_8_gen_2_mobile_firmware snapdragon_x55_5g_modem-rf qfw7124_firmware snapdragon_4_gen_2_mobile_firmware qca6436_firmware qcn9012 wcd9371_firmware snapdragon_695_5g_mobile_firmware qcs4490_firmware snapdragon_x55_5g_modem-rf_firmware snapdragon_7c\+_gen_3_compute_firmware wcn3910_firmware sm4125_firmware snapdragon_460_mobile snapdragon_8_gen_2_mobile qca6420 wcn3910 wcd9370_firmware qca9367 qdu1110_firmware qdu1000 wcn3660b qca6574a snapdragon_x72_5g_modem-rf_firmware sa7255p_firmware snapdragon_8\+_gen_2_mobile qca6174a sa8195p wcd9340 qcs8250_firmware qcm2290 qdu1210 talynplus snapdragon_auto_5g_modem-rf_gen_2 qcm6490 sa8540p_firmware sm8550p_firmware sxr2250p qcm8550 wcn3988 snapdragon_765_5g_mobile_firmware sm6370_firmware fsm20055_firmware snapdragon_662_mobile qcn9024 sa8775p qca6574 215_mobile sxr2230p_firmware sd675_firmware snapdragon_855_mobile_firmware qca6430_firmware qcn9011 sa8775p_firmware qamsrv1h smart_audio_400 qcn9024_firmware wsa8845h sa6150p wcd9326 qcs410 qcm2290_firmware sa8155p_firmware qca6564a sa8155p snapdragon_765g_5g_mobile_firmware wsa8830 sm8550p sa6145p qcn9074_firmware snapdragon_768g_5g_mobile_firmware snapdragon_7c_gen_2_compute sa8255p_firmware ar8035 qamsrv1m_firmware snapdragon_4_gen_2_mobile snapdragon_7c_compute_firmware qca6564 qrb5165m_firmware sa8650p_firmware sa6155 qcm4325 qcn6224 snapdragon_865\+_5g_mobile_firmware qca6698aq wcn3950_firmware ssg2125p_firmware sm6250 qrb5165n sa8530p_firmware snapdragon_480\+_5g_mobile fastconnect_6200 wcn3680b sm7325p_firmware sa8145p_firmware wcd9360_firmware snapdragon_480_5g_mobile_firmware snapdragon_660_mobile_firmware qcs8155 qdx1011 sa8150p_firmware fastconnect_6700_firmware video_collaboration_vc3_platform_firmware wcn3990 snapdragon_x75_5g_modem-rf_firmware snapdragon_8_gen_3_mobile snapdragon_855_mobile qcs6490 qcs8250 snapdragon_695_5g_mobile snapdragon_778g_5g_mobile fastconnect_6200_firmware ar8031_firmware wsa8830_firmware snapdragon_460_mobile_firmware qcn6224_firmware qca6431 qca6678aq_firmware wsa8845_firmware sd660_firmware wsa8832 snapdragon_auto_4g_modem_firmware snapdragon_480_5g_mobile snapdragon_750g_5g_mobile_firmware sxr2130_firmware srv1m qca6678aq snapdragon_860_mobile_firmware snapdragon_x35_5g_modem-rf ar8035_firmware snapdragon_778g\+_5g_mobile qrb5165m sa4150p_firmware fsm20056 sd888_firmware qca6564au qcs6125_firmware qcn9074 wsa8815_firmware sa8195p_firmware qca8337_firmware snapdragon_x12_lte_modem_firmware qcm4290 ar8031 sg8275p_firmware qca9377_firmware qcm6490_firmware snapdragon_xr2\+_gen_1 sm7250p_firmware sm4125 qcm4490_firmware qru1032 wcn3950 qcs6125 flight_rb5_5g snapdragon_870_5g_mobile_firmware snapdragon_730g_mobile_firmware qca6797aq_firmware snapdragon_auto_5g_modem-rf_gen_2_firmware snapdragon_7c\+_gen_3_compute talynplus_firmware snapdragon_732g_mobile snapdragon_778g\+_5g_mobile_firmware sa8295p_firmware smart_audio_400_firmware sd_675_firmware snapdragon_870_5g_mobile snapdragon_678_mobile sa4155p_firmware snapdragon_720g_mobile sm7250p sm6250_firmware sa8155 snapdragon_7c_compute qca6584au sd888 qcn6274_firmware qcn9011_firmware fsm10055_firmware qru1062_firmware fsm10056 snapdragon_675_mobile_firmware sw5100_firmware wcn6740 snapdragon_768g_5g_mobile snapdragon_780g_5g_mobile_firmware fsm20056_firmware qru1062 snapdragon_8_gen_3_mobile_firmware fastconnect_6800 qfw7114_firmware qcs7230 qca6595_firmware fastconnect_7800_firmware snapdragon_675_mobile snapdragon_865_5g_mobile_firmware wcd9371 fastconnect_6900_firmware robotics_rb5_firmware wcd9380 sa6145p_firmware qam8255p sa6155_firmware sxr2230p snapdragon_xr2_5g sa8150p snapdragon_auto_5g_modem-rf_firmware sxr1230p sw5100 video_collaboration_vc3_platform aqt1000 snapdragon_4_gen_1_mobile_firmware 215_mobile_firmware c-v2x_9150_firmware qam8295p_firmware sd855 qca6431_firmware wcn3990_firmware sm7315 snapdragon_660_mobile qca6698aq_firmware qcs2290 qca6564a_firmware wcd9385 snapdragon_888\+_5g_mobile qcs2290_firmware qsm8350 snapdragon_xr2\+_gen_1_firmware wcn3615 qca9367_firmware snapdragon_8_gen_1_mobile snapdragon_680_4g_mobile_firmware wcn3610_firmware sa8255p qcs7230_firmware qcs4290 sxr1230p_firmware wcd9390_firmware snapdragon_865\+_5g_mobile qep8111_firmware qca6430 snapdragon_855\+_mobile sg8275p snapdragon_765_5g_mobile qdx1011_firmware snapdragon_860_mobile sdx55_firmware snapdragon_auto_5g_modem-rf wcn3615_firmware flight_rb5_5g_firmware ssg2125p qru1052 sxr2130 qcm4490 snapdragon_x65_5g_modem-rf_firmware csra6640_firmware snapdragon_480\+_5g_mobile_firmware qamsrv1m robotics_rb5 qca6174a_firmware sm7325p snapdragon_732g_mobile_firmware qam8650p_firmware video_collaboration_vc5_platform snapdragon_x50_5g_modem-rf qca6420_firmware aqt1000_firmware qcs6490_firmware sd855_firmware wcd9335_firmware qrb5165n_firmware qca6436 wcn3980_firmware qca6584au_firmware wsa8835 wsa8840_firmware qca6391_firmware qcn6274 qfw7124 qca6595au_firmware qdu1010_firmware qcs610 sw5100p_firmware qca6696_firmware qcs4290_firmware wcd9380_firmware qca6574_firmware csra6620 sd660 qca8081 mdm9628 wsa8815 sg4150p qam8775p qca9377 snapdragon_ar2_gen_1_firmware sd_8_gen1_5g qca6797aq mdm9628_firmware snapdragon_x75_5g_modem-rf qcm4325_firmware snapdragon_439_mobile_firmware sa8620p qca6574a_firmware sdx55 snapdragon_4_gen_1_mobile qcm4290_firmware snapdragon_720g_mobile_firmware snapdragon_865_5g_mobile snapdragon_855\+_mobile_firmware sd675 sd_8_gen1_5g_firmware wcd9375_firmware qca6391 qcn9012_firmware qcs5430_firmware snapdragon_439_mobile sg4150p_firmware qru1052_firmware sa8770p_firmware csra6620_firmware sa8295p qcs8550 fastconnect_7800 sa8650p qam8775p_firmware sd865_5g_firmware snapdragon_8\+_gen_2_mobile_firmware wcd9375 snapdragon_ar2_gen_1 snapdragon_765g_5g_mobile wcn3988_firmware qamsrv1h_firmware sa8145p sd_675 snapdragon_8\+_gen_1_mobile_firmware wsa8835_firmware ssg2115p_firmware wcn3980 qdx1010 wcn3680b_firmware snapdragon_w5\+_gen_1_wearable snapdragon_8_gen_1_mobile_firmware Snapdragon snapdragon

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE ID-CWE-823

Use of Out-of-range Pointer Offset

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.22% / 44.32%

||

7 Day CHG~0.00%

Published-18 Apr, 2018 | 14:00

Updated-16 Sep, 2024 | 23:32

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, lack of input validation in OEMCrypto_GenerateSignature() can cause buffer over read.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE ID-CWE-20

Improper Input Validation

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.21% / 42.80%

||

7 Day CHG~0.00%

Published-18 Apr, 2018 | 14:00

Updated-17 Sep, 2024 | 00:31

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 410/12, SD 617, SD 650/52, SD 800, SD 808, and SD 810, in TQS QSEE application, while parsing "Set Certificates" command an integer overflow may result in buffer overflow.

Vendor-Qualcomm Technologies, Inc.

Product-sd_652 sd_800_firmware sd_412 sd_808_firmware sd_412_firmware sd_810 sd_650 sd_410_firmware sd_808 sd_800 sd_652_firmware sd_410 sd_617 sd_810_firmware sd_650_firmware sd_617_firmware Snapdragon Mobile

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE ID-CWE-190

Integer Overflow or Wraparound

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-8.4||HIGH

EPSS-0.03% / 8.18%

||

7 Day CHG~0.00%

Published-05 Aug, 2024 | 14:21

Updated-11 Aug, 2025 | 15:06

Improper Restriction of Operations within the Bounds of a Memory Buffer in Hypervisor

Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager.

Vendor-Qualcomm Technologies, Inc.

Product-qdx1010_firmware snapdragon_8_gen_3_mobile_platform_firmware qcm8550_firmware vision_intelligence_300_platform sd865_5g snapdragon_678_mobile_platform_\(sm6150-ac\)qca6595 snapdragon_8cx_compute_platform_\(sc8180xpaf\)_firmware wcd9370 qca8081_firmware snapdragon_765_5g_mobile_platform_\(sm7250-aa\)snapdragon_x50_5g_modem-rf_system qam8620p_firmware qca6696 wcd9340_firmware snapdragon_8c_compute_platform_\(sc8180xp-ad\)_firmware wcd9341_firmware wcd9395_firmware snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-af\)qcc710_firmware qca6426 fastconnect_6700 wsa8832_firmware snapdragon_870_5g_mobile_platform_\(sm8250-ac\)snapdragon_x35_5g_modem-rf_system_firmware qca8337 qdu1110 qca6426_firmware wcd9395 snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-ab\)qca6574au_firmware snapdragon_768g_5g_mobile_platform_\(sm7250-ac\)_firmware qam8295p wcd9341 snapdragon_x72_5g_modem-rf_system_firmware qca6574au wcd9390 sa8620p_firmware snapdragon_8cx_compute_platform_\(sc8180xp-ac\)_firmware wsa8810_firmware wsa8845h_firmware sa9000p_firmware srv1h fastconnect_6800_firmware qcs5430 snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-ac\)snapdragon_8c_compute_platform_\(sc8180x-ad\)qcm5430 qcm5430_firmware sa8770p ssg2115p qcc710 snapdragon_850_mobile_compute_platform sa8540p snapdragon_x72_5g_modem-rf_system qsm8350_firmware snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-af\)_firmware robotics_rb3_platform fastconnect_6900 snapdragon_768g_5g_mobile_platform_\(sm7250-ac\)snapdragon_8c_compute_platform_\(sc8180xp-ad\)qru1032_firmware qep8111 sa7255p qfw7114 wcd9385_firmware qca6421 snapdragon_x55_5g_modem-rf_system qca6310 qam8255p_firmware sa8155_firmware snapdragon_888\+_5g_mobile_platform_\(sm8350-ac\)snapdragon_888_5g_mobile_platform_firmware qca6335 snapdragon_ar2_gen_1_platform_firmware snapdragon_8_gen_1_mobile_platform_firmware snapdragon_8\+_gen_2_mobile_platform_firmware wsa8845 sa6155p qca6421_firmware snapdragon_888\+_5g_mobile_platform_\(sm8350-ac\)_firmware qca6564au_firmware wsa8810 qam8650p qdu1000_firmware sa9000p srv1h_firmware snapdragon_8\+_gen_2_mobile_platform qca6595au sxr2250p_firmware qdu1010 wcd9326_firmware sa6155p_firmware wsa8840 srv1m_firmware qcs8550_firmware qdu1210_firmware snapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)_firmware snapdragon_855\+__mobile_platform_\(sm8150-ac\)_firmware qfw7124_firmware qca6436_firmware snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-ab\)_firmware snapdragon_8_gen_2_mobile_platform qca6420 snapdragon_8_gen_3_mobile_platform snapdragon_860_mobile_platform_\(sm8150-ac\)snapdragon_8cx_gen_3_compute_platform_\(sc8280xp-bb\)_firmware wcd9370_firmware snapdragon_845_mobile_platform snapdragon_x55_5g_modem-rf_system_firmware qdu1110_firmware qdu1000 snapdragon_8cx_compute_platform_\(sc8180x-ab\)sa7255p_firmware qca6574a qca6174a wcd9340 qdu1210 snapdragon_auto_5g_modem-rf_gen_2 qca6335_firmware qcm6490 sa8540p_firmware sm8550p_firmware sxr2250p qcm8550 sa8775p qca6574 snapdragon_x75_5g_modem-rf_system sxr2230p_firmware sd675_firmware qca6430_firmware sa8775p_firmware qamsrv1h sdx57m wsa8845h wcd9326 snapdragon_8cx_compute_platform_\(sc8180x-aa\)sa8155p_firmware qca6564a sa8155p wsa8830 snapdragon_675_mobile_platform sm8550p sa6145p snapdragon_870_5g_mobile_platform_\(sm8250-ac\)_firmware vision_intelligence_400_platform_firmware sa8255p_firmware ar8035 qamsrv1m_firmware sa6155 sa8650p_firmware srv1l_firmware qcn6224 qca6698aq wcn3950_firmware sa7775p_firmware ssg2125p_firmware snapdragon_8_gen_1_mobile_platform fastconnect_6200 sd670 qdx1011 sa8150p_firmware fastconnect_6700_firmware video_collaboration_vc3_platform_firmware wcn3990 sd670_firmware qcs6490 fastconnect_6200_firmware wsa8830_firmware qcn6224_firmware qca6431 qca6678aq_firmware snapdragon_850_mobile_compute_platform_firmware wsa8845_firmware wsa8832 sdx57m_firmware srv1l sxr2130_firmware srv1m qca6678aq snapdragon_675_mobile_platform_firmware ar8035_firmware snapdragon_888_5g_mobile_platform sc8380xp snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-aa\)_firmware qca6564au wsa8815_firmware qca8337_firmware sg8275p_firmware snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-ac\)_firmware qca9377_firmware qcm6490_firmware sm7250p_firmware snapdragon_855_mobile_platform qru1032 snapdragon_8cx_gen_3_compute_platform_\(sc8280xp-ab\)_firmware wcn3950 robotics_rb3_platform_firmware snapdragon_855\+__mobile_platform_\(sm8150-ac\)snapdragon_xr2_5g_platform snapdragon_x65_5g_modem-rf_system_firmware qca6797aq_firmware snapdragon_auto_5g_modem-rf_gen_2_firmware snapdragon_670_mobile_platform_firmware sa8295p_firmware sd_675_firmware snapdragon_8cx_compute_platform_\(sc8180x-ab\)_firmware sm7250p sa8155 sd_8cx_firmware snapdragon_845_mobile_platform_firmware qca6584au qcn6274_firmware qru1062_firmware snapdragon_765g_5g_mobile_platform_\(sm7250-ab\)_firmware sc8380xp_firmware qru1062 qca6310_firmware fastconnect_6800 qfw7114_firmware qca6595_firmware fastconnect_7800_firmware snapdragon_8cx_gen_3_compute_platform_\(sc8280xp-ab\)fastconnect_6900_firmware snapdragon_8cx_compute_platform_\(sc8180xpaf\)wcd9380 sa6145p_firmware qam8255p sa6155_firmware sxr2230p snapdragon_x62_5g_modem-rf_system snapdragon_xr2_5g_platform_firmware sa8150p snapdragon_8cx_compute_platform_\(sc8180x-aa\)_firmware vision_intelligence_300_platform_firmware snapdragon_x24_lte_modem snapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)snapdragon_x35_5g_modem-rf_system snapdragon_765g_5g_mobile_platform_\(sm7250-ab\)sxr1230p snapdragon_678_mobile_platform_\(sm6150-ac\)_firmware video_collaboration_vc3_platform aqt1000 snapdragon_865_5g_mobile_platform_firmware qam8295p_firmware sd855 qca6431_firmware wcn3990_firmware qca6698aq_firmware qca6564a_firmware wcd9385 qsm8350 sa8255p sxr1230p_firmware wcd9390_firmware qep8111_firmware qca6430 sg8275p snapdragon_8cx_compute_platform_\(sc8180xp-ac\)sdx55_firmware qdx1011_firmware snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-aa\)ssg2125p qru1052 sxr2130 qamsrv1m qca6174a_firmware qam8650p_firmware snapdragon_855_mobile_platform_firmware qca6420_firmware aqt1000_firmware qcs6490_firmware snapdragon_x65_5g_modem-rf_system qam8620p sd855_firmware wcn3980_firmware qca6436 qca6584au_firmware qcn6274 snapdragon_x24_lte_modem_firmware wsa8835 qca6391_firmware wsa8840_firmware qfw7124 qca6595au_firmware qdu1010_firmware snapdragon_ar2_gen_1_platform qca6696_firmware snapdragon_865_5g_mobile_platform wcd9380_firmware snapdragon_765_5g_mobile_platform_\(sm7250-aa\)_firmware qca6574_firmware qca8081 wsa8815 sd_8_gen1_5g snapdragon_8c_compute_platform_\(sc8180x-ad\)_firmware qam8775p qca9377 qca6797aq snapdragon_860_mobile_platform_\(sm8150-ac\)_firmware vision_intelligence_400_platform sa8620p qca6574a_firmware sdx55 sd675 sd_8_gen1_5g_firmware wcd9375_firmware sa7775p qca6391 snapdragon_x62_5g_modem-rf_system_firmware qcs5430_firmware qru1052_firmware snapdragon_670_mobile_platform sa8770p_firmware sa8295p snapdragon_8_gen_2_mobile_platform_firmware snapdragon_x50_5g_modem-rf_system_firmware qcs8550 fastconnect_7800 sa8650p qam8775p_firmware sd865_5g_firmware wcd9375 qamsrv1h_firmware snapdragon_8cx_gen_3_compute_platform_\(sc8280xp-bb\)sd_675 sd_8cx wsa8835_firmware ssg2115p_firmware snapdragon_x75_5g_modem-rf_system_firmware wcn3980 qdx1010 Snapdragon qam8255p_firmware qca9377_firmware snapdragon_850_mobile_compute_platform_firmware sxr2230p_firmware snapdragon_x24_lte_modem_firmware sg8275p_firmware qca6431_firmware qcn6224_firmware wcn3950_firmware srv1l_firmware snapdragon_888_5g_mobile_platform_firmware sa8150p_firmware qca6420_firmware qca6595au_firmware sd_675_firmware sd675_firmware qcm5430_firmware qca6584au_firmware qep8111_firmware wcn3990_firmware qualcomm_video_collaboration_vc3_platform_firmware sd_8cx_firmware wcd9385_firmware wcd9326_firmware qamsrv1h_firmware sd_8_gen1_5g_firmware qsm8350_firmware qam8295p_firmware sa9000p_firmware qca6574au_firmware sdx55_firmware wcd9375_firmware qca8081_firmware sa6155_firmware wsa8845h_firmware sm7250p_firmware qca6436_firmware qca6564au_firmware sa8620p_firmware sa6155p_firmware snapdragon_x65_5g_modem-rf_system_firmware qcm8550_firmware qca6678aq_firmware sa8775p_firmware wsa8840_firmware sa8155_firmware robotics_rb3_platform_firmware qcs8550_firmware sc8380xp_firmware vision_intelligence_300_platform_firmware qru1062_firmware sa6145p_firmware sa7775p_firmware fastconnect_6700_firmware wsa8810_firmware snapdragon_ar2_gen_1_platform_firmware sa8255p_firmware wcd9395_firmware qdu1000_firmware qca6698aq_firmware qca6174a_firmware sa8770p_firmware snapdragon_auto_5g_modem-rf_gen_2_firmware qam8775p_firmware sxr2130_firmware qca6696_firmware qcs6490_firmware qru1052_firmware snapdragon_855_mobile_platform_firmware qcc710_firmware vision_intelligence_400_platform_firmware wsa8830_firmware sd855_firmware sd865_5g_firmware wsa8815_firmware wsa8835_firmware snapdragon_865_5g_mobile_platform_firmware fastconnect_6800_firmware sa8295p_firmware sxr2250p_firmware snapdragon_8_gen_2_mobile_platform_firmware snapdragon_675_mobile_platform_firmware qca8337_firmware wcd9380_firmware qdu1010_firmware snapdragon_670_mobile_platform_firmware sd670_firmware sxr1230p_firmware qdu1110_firmware sa8540p_firmware snapdragon_x72_5g_modem-rf_system_firmware ssg2125p_firmware qca6310_firmware qca6430_firmware qfw7114_firmware qca6335_firmware qca6574_firmware wcd9340_firmware sdx57m_firmware qru1032_firmware snapdragon_xr2_5g_platform_firmware wsa8845_firmware qca6426_firmware qca6574a_firmware fastconnect_6200_firmware snapdragon_x62_5g_modem-rf_system_firmware wcn3980_firmware snapdragon_x55_5g_modem-rf_system_firmware snapdragon_x50_5g_modem-rf_system_firmware qca6421_firmware aqt1000_firmware snapdragon_x35_5g_modem-rf_system_firmware snapdragon_845_mobile_platform_firmware qcn6274_firmware qcm6490_firmware sa8650p_firmware wsa8832_firmware snapdragon_x75_5g_modem-rf_system_firmware fastconnect_6900_firmware srv1h_firmware qca6797aq_firmware sa8155p_firmware qdx1011_firmware qca6564a_firmware sa7255p_firmware wcd9341_firmware fastconnect_7800_firmware qdx1010_firmware snapdragon_8_gen_1_mobile_platform_firmware qamsrv1m_firmware srv1m_firmware qam8650p_firmware qca6595_firmware qcs5430_firmware qca6391_firmware wcd9370_firmware sm8550p_firmware snapdragon_8_gen_3_mobile_platform_firmware wcd9390_firmware ssg2115p_firmware qam8620p_firmware qfw7124_firmware qdu1210_firmware ar8035_firmware

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE ID-CWE-787

Out-of-bounds Write

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.22% / 44.32%

||

7 Day CHG~0.00%

Published-18 Apr, 2018 | 14:00

Updated-16 Sep, 2024 | 17:49

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 808, and SD 810, if cchFriendlyName is greater than TZ_PR_MAX_NAME_LEN in function playready_leavedomain_generate_challenge(), a buffer overread occurs.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.23% / 46.18%

||

7 Day CHG~0.00%

Published-18 Apr, 2018 | 14:00

Updated-17 Sep, 2024 | 04:13

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, and SD 835, lack of length checking in wv_dash_core_load_keys_v8() could lead to a buffer overflow vulnerability.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.23% / 46.18%

||

7 Day CHG~0.00%

Published-18 Apr, 2018 | 14:00

Updated-17 Sep, 2024 | 01:56

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, MDM9635M, SD 400, and SD 800, while computing the length of memory allocated for a Diag event, if the buffer length is very small or greater than the maximum, an integer overflow may occur, which later results in a buffer overflow.

Vendor-Qualcomm Technologies, Inc.

Product-mdm9635m_firmware sd_800_firmware mdm9625_firmware mdm9635m sd_800 sd_400 mdm9625 sd_400_firmware Snapdragon Mobile

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE ID-CWE-190

Integer Overflow or Wraparound

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.19% / 40.91%

||

7 Day CHG~0.00%

Published-18 Aug, 2017 | 18:00

Updated-20 Apr, 2025 | 01:37

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when processing a QMI message.

Vendor-Google LLC Qualcomm Technologies, Inc.

Product-android All Qualcomm products

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.22% / 44.32%

||

7 Day CHG~0.00%

Published-18 Apr, 2018 | 14:00

Updated-16 Sep, 2024 | 18:49

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile IPQ4019, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 808, SD 810, SD 820, and SD 820A, A non-secure region check is done while registering QSEE buffer address which is passed by HLOS but not while logging in the QSEE buffer, so corruption of dynamically protected secure region can occur if the non-secure buffer is changed between the time it's checked and when it's used.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.15% / 36.50%

||

7 Day CHG~0.00%

Published-18 Aug, 2017 | 18:00

Updated-20 Apr, 2025 | 01:37

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GERAN where a buffer can be overflown while taking power measurements.

Vendor-Google LLC Qualcomm Technologies, Inc.

Product-android All Qualcomm products

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.22% / 44.32%

||

7 Day CHG~0.00%

Published-18 Apr, 2018 | 14:00

Updated-17 Sep, 2024 | 00:45

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, while provising the Playready module, a buffer overread may occur if the message passed is large.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.19% / 41.15%

||

7 Day CHG~0.00%

Published-18 Apr, 2018 | 14:00

Updated-16 Sep, 2024 | 17:19

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, lack of buffer length validation in pvr_cmd_handler leads to unauthorized access to secure memory.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.22% / 44.32%

||

7 Day CHG~0.00%

Published-18 Apr, 2018 | 14:00

Updated-17 Sep, 2024 | 01:41

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, in a DRM function, a buffer over-read can occur.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.22% / 44.32%

||

7 Day CHG~0.00%

Published-18 Apr, 2018 | 14:00

Updated-16 Sep, 2024 | 22:20

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 808, and SD 810, in a PlayReady API function, a buffer over-read can occur.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.31% / 53.80%

||

7 Day CHG~0.00%

Published-18 Apr, 2018 | 14:00

Updated-17 Sep, 2024 | 01:01

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, and SD 835, lack of validation of the buffer size could lead to a buffer overread.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.22% / 44.32%

||

7 Day CHG~0.00%

Published-18 Apr, 2018 | 14:00

Updated-17 Sep, 2024 | 02:37

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, lack of input validation in playready_set_domainid could lead to a buffer overread.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.22% / 44.32%

||

7 Day CHG~0.00%

Published-18 Apr, 2018 | 14:00

Updated-16 Sep, 2024 | 19:24

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 808, and SD 810, during XML encoding of a message in the Playready module, a buffer overread may occur if the message passed is large.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.23% / 46.18%

||

7 Day CHG~0.00%

Published-18 Apr, 2018 | 14:00

Updated-17 Sep, 2024 | 00:02

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 800, SD 808, and SD 810, in HHO scenarios, during the ACQ procedure, there are possible instances where the search database is incorrectly updated resulting in memory corruption due to buffer overflow.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.22% / 44.32%

||

7 Day CHG~0.00%

Published-18 Apr, 2018 | 14:00

Updated-16 Sep, 2024 | 17:18

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, and SD 820A, a buffer overread in Playready may occur due to lack of input validation of the buffer size provided by HLOS.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.18% / 40.06%

||

7 Day CHG~0.00%

Published-18 Apr, 2018 | 14:00

Updated-16 Sep, 2024 | 19:00

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 600, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, and SD 810, in widevine_dash_cmd_handler(), rsp buffers are passed off to widevine commands. These rsp buffers have values in them, such as buffer lengths, that need to be validated to ensure that no buffer overflow/over-reads happen. However, rsp buffers are not always in locked memory, meaning a time-of-check, time-of-use issue can occur where we check that the value is valid, but then a race condition occurs where this memory is swapped out with a different, possibly out of range, value.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE ID-CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.22% / 44.32%

||

7 Day CHG~0.00%

Published-18 Apr, 2018 | 14:00

Updated-17 Sep, 2024 | 02:53

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, out of bounds memory access vulnerability may occur in the content protection manager due to improper validation of incoming messages.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.23% / 46.18%

||

7 Day CHG~0.00%

Published-18 Apr, 2018 | 14:00

Updated-16 Sep, 2024 | 16:13

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, lack of input validation OEMCrypto_GetRandom can cause potential buffer overflow.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.23% / 46.18%

||

7 Day CHG~0.00%

Published-18 Apr, 2018 | 14:00

Updated-16 Sep, 2024 | 22:56

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 800, SD 808, and SD 810, when making a high speed Dual Carrier Downlink Data call in a multicell environment, a buffer overflow may occur.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.19% / 40.91%

||

7 Day CHG~0.00%

Published-18 Aug, 2017 | 18:00

Updated-20 Apr, 2025 | 01:37

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when performing WCDMA radio tuning.

Vendor-Google LLC Qualcomm Technologies, Inc.

Product-android All Qualcomm products

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.38% / 58.58%

||

7 Day CHG~0.00%

Published-18 Apr, 2018 | 14:00

Updated-17 Sep, 2024 | 03:23

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 808, and SD 810, in ADSP's QDI Root-PD driver, untrusted arguments from User PD may cause integer overflow resulting in buffer overflow.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.06% / 19.68%

||

7 Day CHG~0.00%

Published-13 Jun, 2017 | 20:00

Updated-20 Apr, 2025 | 01:37

In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the PlayReady API.

Vendor-Google LLC Qualcomm Technologies, Inc.

Product-android All Qualcomm products

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.38% / 58.58%

||

7 Day CHG~0.00%

Published-18 Apr, 2018 | 14:00

Updated-16 Sep, 2024 | 22:40

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, possible buffer overflow when processing 1X circuit service message.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.38% / 58.58%

||

7 Day CHG~0.00%

Published-18 Apr, 2018 | 14:00

Updated-17 Sep, 2024 | 02:02

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 400, SD 800, SD 820, and SD 820A, lack of input validation in QSEE can cause potential buffer overflow.

Vendor-Qualcomm Technologies, Inc.

Product-sd_820_firmware sd_800_firmware sd_820a_firmware sd_820a sd_820 mdm9625_firmware sd_800 sd_400 mdm9625 sd_400_firmware Snapdragon Automobile, Snapdragon Mobile

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.15% / 36.05%

||

7 Day CHG~0.00%

Published-18 Aug, 2017 | 18:00

Updated-20 Apr, 2025 | 01:37

In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an ELF file.

Vendor-Google LLC Qualcomm Technologies, Inc.

Product-android All Qualcomm products

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE ID-CWE-190

Integer Overflow or Wraparound

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.22% / 44.32%

||

7 Day CHG~0.00%

Published-18 Apr, 2018 | 14:00

Updated-16 Sep, 2024 | 20:47

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, lack of input validation in playready_licacq_process_response() can lead to memory over read.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE ID-CWE-20

Improper Input Validation

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.22% / 44.32%

||

7 Day CHG~0.00%

Published-18 Apr, 2018 | 14:00

Updated-17 Sep, 2024 | 03:34

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, in a WideVine API function, a buffer over-read can occur.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.23% / 46.18%

||

7 Day CHG~0.00%

Published-18 Apr, 2018 | 14:00

Updated-17 Sep, 2024 | 02:46

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, MDM9635M, MDM9650, MDM9655, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 808, SD 810, and SDX20, in a QTEE syscall handler, HLOS can cause a buffer overflow to occur.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Android (associated with Google Inc. or Open Handset Alliance)

Matching Score-6

Assigner-Android (associated with Google Inc. or Open Handset Alliance)

CVSS Score-7.8||HIGH

EPSS-0.06% / 19.68%

||

7 Day CHG~0.00%

Published-16 May, 2017 | 14:00

Updated-20 Apr, 2025 | 01:37

In TrustZone a buffer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel while loading an ELF file.

Vendor-Google LLC Qualcomm Technologies, Inc.

Product-android All Qualcomm Products

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.18% / 40.02%

||

7 Day CHG~0.00%

Published-18 Aug, 2017 | 18:00

Updated-20 Apr, 2025 | 01:37

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing.

Vendor-Google LLC Qualcomm Technologies, Inc.

Product-android Snapdragon Mobile, Snapdragon Wear

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.15% / 36.50%

||

7 Day CHG~0.00%

Published-18 Aug, 2017 | 18:00

Updated-20 Apr, 2025 | 01:37

In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths is missing in malware protection.

Vendor-Google LLC Qualcomm Technologies, Inc.

Product-android All Qualcomm products

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.22% / 44.32%

||

7 Day CHG~0.00%

Published-18 Apr, 2018 | 14:00

Updated-17 Sep, 2024 | 02:51

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, the response pointer passed from user space to SDMX_process is not checked before it is used. If the given response buffer length is smaller than 16 bytes, the response values will be written to a memory outside the buffer, possibly in the secure memory area.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-6

Assigner-Qualcomm, Inc.

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.22% / 44.32%

||

7 Day CHG~0.00%

Published-18 Apr, 2018 | 14:00

Updated-16 Sep, 2024 | 23:56

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 410/12, SD 617, SD 650/52, SD 800, SD 808, and SD 810, missing of return value check in memscpy can cause memory corruption in TQS App.

Vendor-Qualcomm Technologies, Inc.

Product-sd_652 sd_800_firmware sd_412 sd_808_firmware sd_412_firmware sd_810 sd_650 sd_410_firmware sd_808 sd_800 sd_652_firmware sd_410 sd_617 sd_810_firmware sd_650_firmware sd_617_firmware Snapdragon Mobile

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer