Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-10542

Summary
Assigner-qualcomm
Assigner Org ID-2cfc7d3e-20d3-47ac-8db7-1b7285aff15f
Published At-06 Nov, 2019 | 17:11
Updated At-04 Aug, 2024 | 22:24
Rejected At-
Credits

Buffer over-read may occur when downloading a corrupted firmware file that has chunk length in header which doesn`t match the contents in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 845 / SD 850, SDX20

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:qualcomm
Assigner Org ID:2cfc7d3e-20d3-47ac-8db7-1b7285aff15f
Published At:06 Nov, 2019 | 17:11
Updated At:04 Aug, 2024 | 22:24
Rejected At:
â–¼CVE Numbering Authority (CNA)

Buffer over-read may occur when downloading a corrupted firmware file that has chunk length in header which doesn`t match the contents in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 845 / SD 850, SDX20

Affected Products
Vendor
Qualcomm Technologies, Inc.Qualcomm, Inc.
Product
Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
Versions
Affected
  • MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 845 / SD 850, SDX20
Problem Types
TypeCWE IDDescription
textN/ABuffer Copy Without Checking Size of Input in WLAN HOST
Type: text
CWE ID: N/A
Description: Buffer Copy Without Checking Size of Input in WLAN HOST
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://source.android.com/security/bulletin/
x_refsource_CONFIRM
Hyperlink: https://source.android.com/security/bulletin/
Resource:
x_refsource_CONFIRM
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://source.android.com/security/bulletin/
x_refsource_CONFIRM
x_transferred
Hyperlink: https://source.android.com/security/bulletin/
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@qualcomm.com
Published At:06 Nov, 2019 | 17:15
Updated At:08 Nov, 2019 | 14:35

Buffer over-read may occur when downloading a corrupted firmware file that has chunk length in header which doesn`t match the contents in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 845 / SD 850, SDX20

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Qualcomm Technologies, Inc.
qualcomm
>>mdm9150>>-
cpe:2.3:h:qualcomm:mdm9150:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9150_firmware>>-
cpe:2.3:o:qualcomm:mdm9150_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9206>>-
cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9206_firmware>>-
cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9607>>-
cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9607_firmware>>-
cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9615>>-
cpe:2.3:h:qualcomm:mdm9615:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9615_firmware>>-
cpe:2.3:o:qualcomm:mdm9615_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9640>>-
cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9640_firmware>>-
cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9650>>-
cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9650_firmware>>-
cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>msm8996au>>-
cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>msm8996au_firmware>>-
cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6174a>>-
cpe:2.3:h:qualcomm:qca6174a:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6174a_firmware>>-
cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6574au_firmware>>-
cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6574au>>-
cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca9377_firmware>>-
cpe:2.3:o:qualcomm:qca9377_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca9377>>-
cpe:2.3:h:qualcomm:qca9377:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca9379_firmware>>-
cpe:2.3:o:qualcomm:qca9379_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca9379>>-
cpe:2.3:h:qualcomm:qca9379:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_210_firmware>>-
cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_210>>-
cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_212_firmware>>-
cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_212>>-
cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_205_firmware>>-
cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_205>>-
cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_425_firmware>>-
cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_425>>-
cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_427_firmware>>-
cpe:2.3:o:qualcomm:sd_427_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_427>>-
cpe:2.3:h:qualcomm:sd_427:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_430_firmware>>-
cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_430>>-
cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_435_firmware>>-
cpe:2.3:o:qualcomm:sd_435_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_435>>-
cpe:2.3:h:qualcomm:sd_435:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_450_firmware>>-
cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_450>>-
cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_600_firmware>>-
cpe:2.3:o:qualcomm:sd_600_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_600>>-
cpe:2.3:h:qualcomm:sd_600:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_625_firmware>>-
cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_625>>-
cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_712_firmware>>-
cpe:2.3:o:qualcomm:sd_712_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_712>>-
cpe:2.3:h:qualcomm:sd_712:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_710_firmware>>-
cpe:2.3:o:qualcomm:sd_710_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_710>>-
cpe:2.3:h:qualcomm:sd_710:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_670_firmware>>-
cpe:2.3:o:qualcomm:sd_670_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_670>>-
cpe:2.3:h:qualcomm:sd_670:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_820_firmware>>-
cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_820>>-
cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Primarynvd@nist.gov
CWE ID: CWE-125
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://source.android.com/security/bulletin/product-security@qualcomm.com
Patch
Vendor Advisory
Hyperlink: https://source.android.com/security/bulletin/
Source: product-security@qualcomm.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

977Records found
CVE-2019-14132
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.33% / 55.48%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 10:46
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer over-write when this 0-byte buffer is typecasted to some other structure and hence memory corruption in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in QCS605, SA6155P, SM8150

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa6155p_firmwaresm8150_firmwaresm8150sa6155pqcs605qcs605_firmwareSnapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-14098
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.38%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 08:56
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer overflow in data offload handler due to lack of check of keydata length when copying data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096, APQ8096AU, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996AU, Nicobar, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, QCA9886, QCS405, QCS605, Rennell, SA6155P, SC8180X, SDA660, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwareapq8096_firmwaremdm9640_firmwareqca4531_firmwaremsm8996au_firmwaresdm845apq8096sdx24mdm9650sm7150_firmwaresm6150qca6574msm8996ausm7150apq8009_firmwaresdm670sxr2130qcs605_firmwaresc8180xmdm9206qca6564qca9379_firmwareqca6174asdm670_firmwaresdx24_firmwareqca6584au_firmwareipq8074sdm636qca9377qca4531ipq6018_firmwaremdm9206_firmwareqca6574_firmwareqca9886qcs605qca6584_firmwaremdm9650_firmwareqca6584qca6574au_firmwaresda660sxr1130_firmwareapq8064_firmwaresxr1130apq8009apq8053_firmwarenicobarqca6584ausa6155p_firmwaresdm636_firmwareapq8064sdm845_firmwaresdx20sdm660sdm630mdm9607_firmwaresc8180x_firmwareqcs405ipq8074_firmwareqca6574ausdm710mdm9607apq8017_firmwaresdm710_firmwaresa6155pmdm9207c_firmwareipq6018mdm9207cqca6174a_firmwareqca9886_firmwareqca6564_firmwaresm8150_firmwaresxr2130_firmwareapq8096auqcs405_firmwarerennellsdm630_firmwaresda660_firmwarerennell_firmwareapq8053sm6150_firmwareapq8096au_firmwaresm8150sdx20_firmwareapq8017nicobar_firmwareqca9379sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-14131
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.33% / 55.48%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 10:46
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound write can occur in radio measurement request if STA receives multiple invalid rrm measurement request from AP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053, APQ8096AU, MSM8998, Nicobar, QCA6574AU, QCS605, Rennell, SA6155P, Saipan, SC8180X, SDM660, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa6155p_firmwaresdm845sdx20msm8998_firmwaresdm660sdx24sm8250_firmwaresc8180x_firmwaresm7150_firmwareqca6574ausdm710sm6150sdm710_firmwaresm7150sa6155psxr2130qcs605_firmwaresc8180xsm8150_firmwaresdx24_firmwaresxr2130_firmwareapq8096aurennellrennell_firmwareqcs605sdx55apq8053apq8096au_firmwaresaipan_firmwaresm6150_firmwaresm8250msm8998sm8150sdx20_firmwareqca6574au_firmwaresdx55_firmwarenicobar_firmwaresaipanapq8053_firmwaresdm660_firmwarenicobarsdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-14083
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.40% / 59.83%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 08:56
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

While parsing Service Descriptor Extended Attribute received as part of SDF frame, there is a possibility that incorrect length is specified in the attribute length field of extended SSI which can lead to integer underflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, APQ8096, APQ8098, IPQ6018, IPQ8074, MSM8996AU, MSM8998, Nicobar, QCA6174A, QCA6390, QCA6574AU, QCA8081, QCA9377, QCA9379, QCN7605, QCS404, QCS405, QCS605, Rennell, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwareapq8096_firmwaremsm8996au_firmwaresdm845apq8096sdx24qcs404_firmwaresm7150_firmwaresm6150msm8996ausm7150qca6390_firmwareapq8009_firmwaresdm670sxr2130qcs605_firmwaresc8180xqca9379_firmwareqca6174asdm670_firmwareqcs404sdx24_firmwareipq8074sdm636sda845_firmwareqca9377apq8098qcn7605ipq6018_firmwareqcs605qca6574au_firmwaresda660sxr1130_firmwareqca8081_firmwaresxr1130apq8009apq8053_firmwaresda845nicobarsdm850_firmwaresdm636_firmwareapq8098_firmwaresdx20msm8998_firmwaresdm660sdm630sc8180x_firmwareqcs405ipq8074_firmwareqca6574ausdm710sdm710_firmwareqcn7605_firmwareqca8081ipq6018qca6174a_firmwaresm8150_firmwaresxr2130_firmwareqcs405_firmwarerennellsdm630_firmwaresda660_firmwarerennell_firmwareqca6390apq8053sm6150_firmwaremsm8998sm8150sdx20_firmwaresdm850nicobar_firmwareqca9379sdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2019-14112
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.38%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 10:46
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Potential buffer overflow while processing CBF frames due to lack of check of buffer length before copy in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in APQ8098, IPQ6018, IPQ8074, MSM8998, Nicobar, QCA8081, QCN7605, QCS404, QCS605, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm850_firmwaresdm636_firmwareapq8098_firmwaresdm845msm8998_firmwaresdm660sdm630qcs404_firmwaresc8180x_firmwaresm7150_firmwareipq8074_firmwaresdm710sc7180_firmwaresm6150sdm710_firmwaresm7150qcn7605_firmwaresdm670qca8081sxr2130qcs605_firmwaresc8180xipq6018sdm670_firmwareqcs404sm8150_firmwaresxr2130_firmwareipq8074sdm636sda845_firmwarerennellsc7180sdm630_firmwareapq8098qcn7605sda660_firmwarerennell_firmwareipq6018_firmwareqcs605sm6150_firmwaremsm8998sm8150sdm850sda660sxr1130_firmwareqca8081_firmwarenicobar_firmwaresxr1130sdm660_firmwaresda845nicobarsdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-14097
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.38%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 08:56
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer overflow in WLAN Parser due to lack of length check when copying data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9607, MDM9640, MDM9650, MSM8996AU, MSM8998, Nicobar, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCN7605, QCS405, QCS605, Rennell, SA6155P, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwareapq8096_firmwaremdm9640_firmwaremsm8996au_firmwaresdm845apq8096mdm9650sm7150_firmwaresm6150qca6574msm8996ausm7150sdm670sxr2130qcs605_firmwaresc8180xqca9379_firmwareqca6174asdm670_firmwareqca6584au_firmwareipq8074sdm636sda845_firmwareqca9377apq8098qcn7605ipq6018_firmwareqca6574_firmwareqcs605qca6584_firmwaremdm9650_firmwareqca6584qca6574au_firmwaresda660sxr1130_firmwareqca8081_firmwaresxr1130sda845nicobarsdm850_firmwareqca6584ausa6155p_firmwaresdm636_firmwaresdm845_firmwareapq8098_firmwaremsm8998_firmwaresdm660sdm630mdm9607_firmwaresm8250_firmwaresc8180x_firmwareqcs405ipq8074_firmwareqca6574ausdm710mdm9607sdm710_firmwareqcn7605_firmwaresa6155pqca8081ipq6018qca6174a_firmwaresm8150_firmwaresxr2130_firmwareapq8096auqcs405_firmwarerennellsdm630_firmwaresda660_firmwarerennell_firmwaresm6150_firmwareapq8096au_firmwaresm8250msm8998sm8150sdm850nicobar_firmwareqca9379sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-14086
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.33% / 55.48%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 08:56
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible integer overflow while checking the length of frame which is a 32 bit integer and is added to another 32 bit integer which can lead to unexpected result during the check in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8098, MDM9607, MSM8998, QCA6584, QCN7605, QCS605, SDA660, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm850_firmwaresdm636_firmwareapq8098_firmwaresdm845msm8998_firmwaresdm660sdm630mdm9607_firmwaresm7150_firmwaresdm710sm6150mdm9607sdm710_firmwaresm7150qcn7605_firmwaresdm670qcs605_firmwaresdm670_firmwaresm8150_firmwaresdm636sdm630_firmwareapq8098qcn7605sda660_firmwareqcs605sm6150_firmwareqca6584_firmwaremsm8998sm8150sdm850qca6584sda660sxr1130_firmwaresxr1130sdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-14127
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.38%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 10:46
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer overflow while playing mkv clip due to lack of validation of atom size buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632sdm439sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996ausdm429w_firmwaresm7150apq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwaremdm9206sdm670_firmwaresdm636apq8098mdm9206_firmwareqcs605msm8937_firmwaresdm429_firmwaremsm8905_firmwaresda660sxr1130_firmwareapq8064_firmwaresxr1130msm8909wapq8009apq8053_firmwarenicobarsa6155p_firmwaremsm8920msm8953sdm450sdm636_firmwareapq8064apq8098_firmwaresdx20msm8998_firmwaresdm660msm8920_firmwaresdm630mdm9607_firmwaresm8250_firmwaresdm710qm215mdm9607apq8017_firmwaresdm710_firmwaresa6155pmsm8937mdm9207c_firmwaremsm8905mdm9207csm8150_firmwaresxr2130_firmwareapq8096ausdm439_firmwarerennellsdm630_firmwaresda660_firmwarerennell_firmwareqm215_firmwaremsm8953_firmwaremsm8940saipan_firmwaresm6150_firmwareapq8053msm8917_firmwareapq8096au_firmwaremsm8998sm8150sdx20_firmwaresm8250apq8017saipannicobar_firmwaresdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-14005
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.38%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 06:30
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow occur while playing the clip which is nonstandard due to lack of check of size duration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632sdm439sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996ausdm429w_firmwaresm7150apq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwaremdm9206sdm670_firmwaresdm636sda845_firmwareapq8098mdm9206_firmwaremsm8939qcs605msm8937_firmwaresdm429_firmwaremsm8905_firmwareapq8064_firmwaremsm8909wapq8009msm8909_firmwareapq8053_firmwaresda845nicobarsa6155p_firmwaremsm8920msm8953sdm450sdm636_firmwareapq8064apq8098_firmwaresdx20sdm660msm8920_firmwaresdm630mdm9607_firmwaresm8250_firmwaresdm710qm215mdm9607apq8017_firmwaresdm710_firmwaremsm8939_firmwaresa6155pmsm8937mdm9207c_firmwaremsm8996_firmwaremsm8905mdm9207csm8150_firmwaremsm8909sxr2130_firmwareapq8096ausdm439_firmwarerennellsdm630_firmwarerennell_firmwareqm215_firmwaremsm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaresm8250sm8150sdx20_firmwareapq8017msm8996nicobar_firmwaresdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-3663
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.14% / 34.20%
||
7 Day CHG~0.00%
Published-22 Jun, 2020 | 07:10
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer over-write may occur during fetching track decoder specific information if cb size exceeds buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-kamorta_firmwaresdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632sdm439sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996ausdm429w_firmwaresm7150apq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwaremdm9206sdm670_firmwaresdm636apq8098mdm9206_firmwareqcs605msm8937_firmwaresdm429_firmwaremsm8905_firmwareqca6574au_firmwaresda660sxr1130_firmwaresxr1130msm8909wapq8009apq8053_firmwaremsm8920msm8953sdm450sdm636_firmwareapq8098_firmwaresdx20msm8998_firmwaresdm660msm8920_firmwaresdm630mdm9607_firmwaresm8250_firmwareqcs405qca6574ausdm710qm215mdm9607apq8017_firmwaresdm710_firmwaremsm8937mdm9207c_firmwaremsm8996_firmwaremsm8905mdm9207csm8150_firmwaresxr2130_firmwareapq8096ausdm439_firmwareqcs405_firmwarerennellsdm630_firmwaresda660_firmwarerennell_firmwareqm215_firmwaremsm8953_firmwaremsm8940saipan_firmwaresm6150_firmwareapq8053msm8917_firmwareapq8096au_firmwaremsm8998sm8150sdx20_firmwaresm8250kamortaapq8017msm8996saipansdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-14031
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 61.86%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 08:56
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow can occur while parsing RSN IE containing list of PMK ID`s which are more than the buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9886, QCN7605, QCS405, QCS605, SA6155P, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwareapq8096_firmwaremdm9640_firmwareqca4531_firmwaremsm8996au_firmwaresdm845apq8096sdx24mdm9650sm7150_firmwaresm6150qca6574msm8996ausm7150apq8009_firmwaresdm670sxr2130qcs605_firmwaresc8180xmdm9206qca6564qca9379_firmwareqca6174asdm670_firmwaresdx24_firmwareqca6584au_firmwareipq8074sdm636sda845_firmwareqca9377qca4531apq8098qcn7605ipq6018_firmwaremdm9206_firmwareqca6574_firmwareqca9886qcs605qca6584_firmwaremdm9650_firmwareqca6584qca6574au_firmwaresda660sxr1130_firmwareapq8064_firmwareqca8081_firmwaresxr1130apq8009apq8053_firmwaresda845nicobarsdm850_firmwareqca6584ausa6155p_firmwaresdm636_firmwareapq8064sdm845_firmwareapq8098_firmwaresdx20msm8998_firmwaresdm660sdm630mdm9607_firmwaresm8250_firmwaresc8180x_firmwareqcs405ipq8074_firmwareqca6574ausdm710mdm9607apq8017_firmwaresdm710_firmwareqcn7605_firmwaresa6155pqca8081mdm9207c_firmwaremsm8996_firmwareipq6018mdm9207cqca6174a_firmwareqca9886_firmwareqca6564_firmwaresm8150_firmwaresxr2130_firmwareapq8096auqcs405_firmwaresdm630_firmwaresda660_firmwareapq8053sm6150_firmwareapq8096au_firmwaresm8250msm8998sm8150sdx20_firmwaresdm850apq8017msm8996nicobar_firmwareqca9379sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-14016
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.33% / 55.48%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 06:30
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow occurs while playing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632sdm439sdm429msm8940_firmwaresm6150msm8909w_firmwaremsm8996ausdm429w_firmwareapq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwaremdm9206sdm670_firmwaresda845_firmwareapq8098mdm9206_firmwaremsm8939qcs605msm8937_firmwaresdm429_firmwaremsm8905_firmwaresda660sxr1130_firmwareapq8064_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwaresda845nicobarsa6155p_firmwaremsm8920msm8953sdm450apq8064apq8098_firmwaresdx20sdm660msm8920_firmwaremdm9607_firmwaresm8250_firmwaresdm710qm215mdm9607apq8017_firmwaresdm710_firmwaremsm8939_firmwaresa6155pmsm8937mdm9207c_firmwaremsm8996_firmwaremsm8905mdm9207csm8150_firmwaremsm8909sxr2130_firmwareapq8096ausdm439_firmwaresda660_firmwareqm215_firmwaremsm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaresm8250sm8150sdx20_firmwareapq8017msm8996nicobar_firmwaresdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-14013
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.40% / 59.83%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 06:30
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

While parsing invalid super index table, elements within super index table may exceed total chunk size and invalid data is read into the table in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcm2150_firmwaresdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632sdm439sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996ausdm429w_firmwaresm7150apq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwaremdm9206sdm670_firmwaresdm636sda845_firmwareapq8098mdm9206_firmwaremsm8939qcs605msm8937_firmwaresdm429_firmwaremsm8905_firmwaresda660sxr1130_firmwareapq8064_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwaresda845nicobarsa6155p_firmwaremsm8920msm8953sdm450sdm636_firmwareapq8064apq8098_firmwaresdx20qcm2150msm8920_firmwaresdm630mdm9607_firmwaresm8250_firmwaresdm660qcs405sdm710qm215mdm9607apq8017_firmwaresdm710_firmwaremsm8939_firmwaresa6155pmsm8937mdm9207c_firmwaremsm8996_firmwaremsm8905mdm9207csm8150_firmwaremsm8909sxr2130_firmwareapq8096ausdm439_firmwareqcs405_firmwarerennellsdm630_firmwaresda660_firmwarerennell_firmwareqm215_firmwaremsm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaresm8250sm8150sdx20_firmwareapq8017msm8996nicobar_firmwaresdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-14004
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.38%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 06:30
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow occurs while processing invalid MKV clip, which has invalid EBML size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632sdm439sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996ausdm429w_firmwaresm7150apq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwaremdm9206sdm670_firmwaresdm636sda845_firmwareapq8098mdm9206_firmwaremsm8939qcs605msm8937_firmwaresdm429_firmwaremsm8905_firmwaresda660sxr1130_firmwareapq8064_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwaresda845nicobarsa6155p_firmwaremsm8920msm8953sdm450sdm636_firmwareapq8064apq8098_firmwaresdx20msm8998_firmwaresdm660msm8920_firmwaresdm630mdm9607_firmwaresm8250_firmwaresdm710qm215mdm9607apq8017_firmwaresdm710_firmwaremsm8939_firmwaresa6155pmsm8937mdm9207c_firmwaremsm8996_firmwaremsm8905mdm9207csm8150_firmwaremsm8909sxr2130_firmwareapq8096ausdm439_firmwarerennellsdm630_firmwaresda660_firmwarerennell_firmwareqm215_firmwaremsm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaresm8250msm8998sm8150sdx20_firmwareapq8017msm8996nicobar_firmwaresdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-14062
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.38%
||
7 Day CHG~0.00%
Published-22 Jun, 2020 | 07:10
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflows while decoding setup message from Network due to lack of check of IE message length received from network in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SA415M, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwarekamorta_firmwaremdm9635m_firmwaremdm9640_firmwareapq8096_firmwareqcm2150_firmwaresdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632apq8096sdx24sdm439mdm9650sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996aumdm9645sdm429w_firmwaresm7150apq8009_firmwaremsm8917sdm670qcs605_firmwareapq8076sc8180xmdm9206sdm670_firmwaresdx24_firmwareapq8076_firmwaresdm636sda845_firmwaresa415mmdm9635mapq8098mdm9205mdm9206_firmwareqcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaremsm8905_firmwaresda660sxr1130_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwaresda845nicobarsdm850_firmwaremsm8920msm8953sdm450sdm636_firmwaresdm845_firmwareapq8098_firmwaresdx20msm8998_firmwareqcm2150msm8920_firmwaresdm630mdm9607_firmwaresdm660mdm9655_firmwaresc8180x_firmwaresa415m_firmwaresdm710qm215sc7180_firmwaremdm9607mdm9645_firmwareapq8017_firmwaremdm9625_firmwaresdm710_firmwaremdm9150msm8937mdm9207c_firmwaremsm8905mdm9207csm8150_firmwaremsm8909mdm9655apq8096ausdm439_firmwarerennellsc7180sdm630_firmwaremdm9205_firmwaresda660_firmwaremdm9625rennell_firmwareqm215_firmwaremsm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaremsm8998sm8150sdx20_firmwaresdm850kamortaapq8017nicobar_firmwaresdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-14017
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 61.86%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 06:30
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow can occur while parsing invalid MKV clip which is not standard and have invalid vorbis codec data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632sdm439sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996ausdm429w_firmwaresm7150apq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwaremdm9206sdm670_firmwaresdm636sda845_firmwareapq8098mdm9206_firmwaremsm8939qcs605msm8937_firmwaresdm429_firmwaremsm8905_firmwaresda660sxr1130_firmwareapq8064_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwaresda845nicobarsa6155p_firmwaremsm8920msm8953sdm450sdm636_firmwareapq8064apq8098_firmwaresdx20msm8998_firmwaresdm660msm8920_firmwaresdm630mdm9607_firmwaresm8250_firmwaresdm710qm215mdm9607apq8017_firmwaresdm710_firmwaremsm8939_firmwaresa6155pmsm8937mdm9207c_firmwaremsm8996_firmwaremsm8905mdm9207csm8150_firmwaremsm8909sxr2130_firmwareapq8096ausdm439_firmwarerennellsdm630_firmwaresda660_firmwarerennell_firmwareqm215_firmwaremsm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaresm8250msm8998sm8150sdx20_firmwareapq8017msm8996nicobar_firmwaresdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-33082
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.19% / 41.35%
||
7 Day CHG~0.00%
Published-05 Dec, 2023 | 03:04
Updated-02 Aug, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in WLAN Host

Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO IE.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcn5024_firmwareqcn9070ipq4028_firmwareqca8337qfw7124ar9380wcn785x-5ipq8173_firmwareqca9563_firmwareflight_rb5_5g_platformflight_rb5_5g_platform_firmwareqcn6224_firmwareqcn5124qca4024_firmwareqca8082qcn9072qca8386qca9880_firmwareqca9992immersive_home_318_platform_firmwareipq8078aipq5028_firmwareipq6000qcn5152_firmwareqca0000_firmwarewcn685x-1qrb5165n_firmwareqcn9000_firmwareqca9984_firmwareipq9554wcd9385_firmwareimmersive_home_216_platformipq8076aimmersive_home_316_platformimmersive_home_316_platform_firmwareqca8386_firmwareqca9563qcn6024_firmwareqca8084_firmwareimmersive_home_318_platformipq8074aqcn5124_firmwareqcn9011_firmwareqca8082_firmwareqcn5164_firmwareqcn5122_firmwaresdx55_firmwareqca8081_firmwareqcn6023_firmwareqfw7114qrb5165nipq5010qca9986ipq8070_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareipq8065ipq8078a_firmwareqcn9274ipq8174qca9990qrb5165m_firmwareipq5028qca7500ipq4029_firmwareqcn5052qca0000ipq6010ipq8068qcn6112_firmwareqcn9074qca8085sdx65mwcd9340qcn6132qcn6224qcn9013snapdragon_x75_5g_modem-rf_systemqca8081qcf8000ipq8071aqcn6023sdx65m_firmwareipq8071a_firmwarewcn685x-1_firmwareimmersive_home_3210_platformqca8085_firmwareqca9888_firmwareipq8068_firmwareqcn6122wcd9385ipq9008_firmwareqca9988_firmwareipq9570qcn5154_firmwarear8035csr8811qca9898_firmwareipq4019qcc710_firmwareqcn9100_firmwarerobotics_rb5_platformqca9992_firmwareipq5010_firmwareipq8074a_firmwareqca9898qcn5022_firmwareipq4028immersive_home_216_platform_firmwareqca9988wcn785x-1qca8072qca9985_firmwarerobotics_rb5_platform_firmwareipq4018_firmwareqca8337_firmwarewcd9380_firmwareqcn9000ipq8072aqca7500_firmwareqca9980_firmwareqcf8000_firmwareipq8076a_firmwarear9380_firmwareipq8078qca8084ipq8173ipq9008qcn9012qcn5164qca9558qca9558_firmwareimmersive_home_326_platform_firmwareqcn6122_firmwareipq8065_firmwarecsr8811_firmwareqcn6274wcd9380ipq9554_firmwareqcn5054_firmwareqcn5154qca8075_firmwareipq4018ipq4019_firmwareqcn5024wcn685x-5_firmwareqca9889qcn6132_firmwareqca9888qca8072_firmwareqca9985qca9994_firmwareqcn5052_firmwareqcn9012_firmwareqcn9274_firmwareipq8070a_firmwareqfw7114_firmwarewcn3980ipq6018_firmwareipq8076_firmwareqca9886qcn5502_firmwarewcd9340_firmwarepmp8074_firmwareqcn6112ipq8076qca9986_firmwareqca9984ipq6028ipq8064qcn5021pmp8074qcn5152ipq9574_firmwarewcn785x-5_firmwareqcn9024qrb5165mimmersive_home_3210_platform_firmwareqca6391wcn3980_firmwareipq8064_firmwareqcn9100qcn6274_firmwaresnapdragon_x65_5g_modem-rf_systemipq8078_firmwareipq9570_firmwareqcn5054qcn9070_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewcn685x-5ipq8070ipq6028_firmwareipq8072a_firmwareqcn5502qca9994qcn9011qca9531wcn785x-1_firmwareqca9889_firmwareipq9574qca9980qcn5122ipq8174_firmwareqcn9024_firmwareqca9880immersive_home_326_platformipq6018qcn5022qcn9013_firmwareqca9886_firmwareqcc710ipq6010_firmwareimmersive_home_214_platformqca6391_firmwareimmersive_home_214_platform_firmwareqca4024sdx55qca8075qcn5021_firmwareqcn9022_firmwareqcn6024qcn9022qca9990_firmwareipq8070aqcn9072_firmwareqca9531_firmwareipq6000_firmwareqcn9074_firmwareqfw7124_firmwareipq4029ar8035_firmwareSnapdragon
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-14014
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.38%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 06:30
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer overflow when byte array receives incorrect input from reading source as array is not null terminated in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in Nicobar, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm670_firmwaresm8150_firmwaresxr2130_firmwaresdm845sm8250_firmwaresm6150_firmwaresm8250sdm710sm6150sm8150sdm710_firmwarenicobar_firmwaresdm670sxr2130nicobarsdm845_firmwareSnapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-14080
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.37% / 58.30%
||
7 Day CHG~0.00%
Published-22 Jun, 2020 | 07:10
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound write can happen due to lack of check of array index value while parsing SDP attribute for SAR in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, Kamorta, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCM2150, QCS605, QM215, Rennell, SA415M, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-kamorta_firmwareqcm2150_firmwaremdm9640_firmwaresdm632_firmwaremsm8996au_firmwaresdm845sdm450_firmwaresdm632sdx24sdm439mdm9650sdm429msm8940_firmwaresm7150_firmwaresm6150msm8996ausm7150msm8917sdm670qcs605_firmwaresc8180xsdm670_firmwaresdx24_firmwaresdm636sda845_firmwaresa415mqcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaremsm8905_firmwaresda660sxr1130_firmwaresxr1130msm8909_firmwareapq8053_firmwaresda845nicobarsdm850_firmwaremsm8920msm8953sdm450sdm636_firmwaresdm845_firmwareqcm2150msm8920_firmwaresdm630mdm9607_firmwaresdm660sc8180x_firmwaresa415m_firmwaresdm710qm215sc7180_firmwaremdm9607sdm710_firmwaremsm8937msm8905sm8150_firmwaremsm8909apq8096ausdm439_firmwarerennellsc7180sdm630_firmwaresda660_firmwarerennell_firmwareqm215_firmwaremsm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaresm8150sdm850kamortanicobar_firmwaresdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-129
Improper Validation of Array Index
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-14073
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.31% / 53.63%
||
7 Day CHG~0.00%
Published-22 Jun, 2020 | 07:10
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Copying RTCP messages into the output buffer without checking the destination buffer size which could lead to a remote stack overflow when processing large data or non-standard feedback messages in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SA415M, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwarekamorta_firmwaremdm9635m_firmwaremdm9640_firmwareapq8096_firmwareqcm2150_firmwaresdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632apq8096sdx24sdm439mdm9650sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996aumdm9645sdm429w_firmwaresm7150apq8009_firmwaremsm8917sdm670qcs605_firmwareapq8076sc8180xmdm9206sdm670_firmwaresdx24_firmwareapq8076_firmwaresdm636sda845_firmwaresa415mmdm9635mapq8098mdm9615mdm9206_firmwareqcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaremsm8905_firmwaresda660sxr1130_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwaresda845nicobarsdm850_firmwaremsm8920msm8953sdm450sdm636_firmwaresdm845_firmwareapq8098_firmwaresdx20msm8998_firmwareqcm2150msm8920_firmwaresdm630mdm9607_firmwaresdm660mdm9655_firmwaresc8180x_firmwaresa415m_firmwaresdm710qm215sc7180_firmwaremdm9607mdm9645_firmwareapq8017_firmwaresdm710_firmwaremdm9150msm8937mdm9207c_firmwaremsm8905mdm9207csm8150_firmwaremsm8909mdm9655apq8096ausdm439_firmwarerennellsc7180sdm630_firmwaresda660_firmwarerennell_firmwareqm215_firmwaremsm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaremdm9615_firmwaremsm8998sm8150sdx20_firmwaresdm850kamortaapq8017nicobar_firmwaresdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-33083
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.20% / 41.98%
||
7 Day CHG~0.00%
Published-05 Dec, 2023 | 03:04
Updated-02 Dec, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in WLAN Host

Memory corruption in WLAN Host while processing RRM beacon on the AP.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcn5024_firmwareqcn9070ipq4028_firmwareqca8337qfw7124ar9380wcn785x-5ipq8173_firmwareqca9563_firmwareqcf8001flight_rb5_5g_platformflight_rb5_5g_platform_firmwareqcn6224_firmwareqcn5124qca4024_firmwareqca8082qcn9072qca8386qca9880_firmwareqca9992immersive_home_318_platform_firmwareipq8078aipq5028_firmwareipq6000qcn5152_firmwareqca0000_firmwarewcn685x-1qrb5165n_firmwareqcn9000_firmwareqca9984_firmwarewcd9385_firmwareimmersive_home_216_platformipq8076aimmersive_home_316_platformimmersive_home_316_platform_firmwareqca8386_firmwareqca9563qcn6024_firmwareqca8084_firmwareimmersive_home_318_platformipq8074aqcn5124_firmwareqcn9011_firmwareqca8082_firmwareqcn5164_firmwareqcn5122_firmwaresdx55_firmwareqca8081_firmwareqcn6023_firmwareqfw7114qrb5165nipq5010qca9986ipq8070_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareipq8065ipq8078a_firmwareqcn9274ipq8174qca9990qrb5165m_firmwareipq5028qca7500ipq4029_firmwareqcn5052qca0000qcf8001_firmwareipq6010ipq8068qcn6112_firmwareqcn9074qca8085sdx65mwcd9340qcn6132qcn6224qcn9013snapdragon_x75_5g_modem-rf_systemqca8081qcf8000ipq8071aqcn6023sdx65m_firmwareipq8071a_firmwarewcn685x-1_firmwareimmersive_home_3210_platformqca8085_firmwareqca9888_firmwareipq8068_firmwareqcn6122wcd9385ipq9008_firmwareqca9988_firmwareipq9570qcn5154_firmwarear8035csr8811qca9898_firmwareipq4019qcc710_firmwareqcn9100_firmwarerobotics_rb5_platformqca9992_firmwareipq5010_firmwareipq8074a_firmwareqca9898qcn5022_firmwareipq4028immersive_home_216_platform_firmwareqca9988wcn785x-1qca8072qca9985_firmwarerobotics_rb5_platform_firmwareipq4018_firmwareqca8337_firmwarewcd9380_firmwareqcn9000ipq8072aqca7500_firmwareqca9980_firmwareqcf8000_firmwareipq8076a_firmwarear9380_firmwareipq8078qca8084ipq8173ipq9008qcn9012qcn5164qca9558qca9558_firmwareimmersive_home_326_platform_firmwareqcn6122_firmwareipq8065_firmwarecsr8811_firmwareqcn6274wcd9380qcn5054_firmwareqcn5154qca8075_firmwareipq4018ipq4019_firmwareqcn5024wcn685x-5_firmwareqca9889qcn6132_firmwareqca9888qca8072_firmwareqca9985qca9994_firmwareqcn5052_firmwareqcn9012_firmwareqcn9274_firmwareipq8070a_firmwareqfw7114_firmwarewcn3980ipq6018_firmwareipq8076_firmwareqca9886qcn5502_firmwarewcd9340_firmwarepmp8074_firmwareqcn6112ipq8076qca9986_firmwareqca9984ipq6028ipq8064qcn5021pmp8074qcn5152ipq9574_firmwarewcn785x-5_firmwareqcn9024qrb5165mimmersive_home_3210_platform_firmwareqca6391wcn3980_firmwareipq8064_firmwareqcn9100qcn6274_firmwaresnapdragon_x65_5g_modem-rf_systemipq8078_firmwareipq9570_firmwareqcn5054qcn9070_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewcn685x-5ipq8070ipq6028_firmwareipq8072a_firmwareqcn5502qca9994qcn9011qca9531wcn785x-1_firmwareqca9889_firmwareipq9574qca9980qcn5122ipq8174_firmwareqcn9024_firmwareqca9880immersive_home_326_platformipq6018qcn5022qcn9013_firmwareqca9886_firmwareqcc710ipq6010_firmwareimmersive_home_214_platformqca6391_firmwareimmersive_home_214_platform_firmwareqca4024sdx55qca8075qcn5021_firmwareqcn9022_firmwareqcn6024qcn9022qca9990_firmwareipq8070aqcn9072_firmwareqca9531_firmwareipq6000_firmwareqcn9074_firmwareqfw7124_firmwareipq4029ar8035_firmwareSnapdragon
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-3639
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.33% / 55.48%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 10:00
Updated-04 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'When a non standard SIP sigcomp message is received from the network, then there may be chances of using more UDVM cycle or memory overflow' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8017, APQ8037, APQ8053, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MSM8108, MSM8208, MSM8209, MSM8608, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCM4290, QCM6125, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QM215, QSM8350, SA415M, SA6145P, SA6150P, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180X+SDX55, SC8180XP, SDA429W, SDA640, SDA660, SDA670, SDA845, SDA855, SDM1000, SDM429, SDM429W, SDM439, SDM450, SDM455, SDM630, SDM632, SDM636, SDM640, SDM660, SDM670, SDM710, SDM712, SDM845, SDM850, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM7250, SM7250P, SM8150, SM8150P, SM8350, SM8350P, SXR1120, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sm7250mdm9640_firmwaresa6150p_firmwaresm6250p_firmwareqcs610sm6125sdm712_firmwaresdm640sdm450_firmwaresdm632sm7250_firmwaremdm9628_firmwaremdm9650qcs4290mdm9250sa8150p_firmwareapq8009_firmwaresdm712msm8917sdm670sm8350qcs605_firmwareqcs6125_firmwaresm6115sm7150psda845_firmwaremsm8108sa415mmsm8108_firmwaresm4250sc8180xpmdm9628sm4125sda855qsm8350_firmwareqsm8350apq8037sa8155msm8905_firmwaresda660sdx55_firmwaresdm1000sm7250p_firmwaresxr1130apq8053_firmwaresda845sa6155p_firmwaremsm8208sda640sdm450sdm636_firmwareqcs6125sa8155_firmwaresdm630mdm9607_firmwaresa415m_firmwaresa6145p_firmwareqm215sc7180_firmwaresm4250_firmwaresm6250sa8195papq8017_firmwaresdm710_firmwaresxr1120sa6155pqcs603_firmwaremsm8937msm8209_firmwaremsm8905sm8350p_firmwaremdm9250_firmwareqcs4290_firmwaresm8150_firmwaremsm8909sm7150p_firmwaresc7180sc8180xp_firmwaresa8150psm6250_firmwaremsm8953_firmwaresm6150_firmwaresda429wmsm8917_firmwaresm8150sdm850sa8195p_firmwaresdm640_firmwareapq8017msm8208_firmwaresxr1120_firmwaresm6125_firmwaresm8150pqcm6125_firmwaremsm8608mdm9640sm6115_firmwaresda429w_firmwaresdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdx24sdx55m_firmwaresdm439sm6150psm6115p_firmwaresdm429msm8940_firmwaresm7150_firmwaresm6150msm8996ausdm429w_firmwaresm7150sm6250pqcs410sda640_firmwaresc8180xsdx50m_firmwaresm8350psdm670_firmwaresdx24_firmwaresdm636sda670qcs605sm6115psm4125_firmwaresdm455_firmwaremsm8937_firmwaremdm9650_firmwaresdm429_firmwaresxr1130_firmwaremsm8209sda855_firmwareapq8009msm8909_firmwaresdx55msm6150p_firmwaresdm455sm7125sdm850_firmwaresm4250p_firmwaremsm8920msm8953qcm4290sdx50msm8350_firmwareqcs603sdm660msm8920_firmwaresc8180x_firmwaresa8155p_firmwaresdm710mdm9607sda670_firmwareqcm6125qcm4290_firmwareqcs610_firmwaresa6145psm4250psdm439_firmwaresdm630_firmwaresda660_firmwaremsm8608_firmwareqm215_firmwaresm7125_firmwaresa6150psdx55msm8940apq8053sa8155psm8150p_firmwareapq8037_firmwaresdm1000_firmwaresm7250pqcs410_firmwaresdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2020-3614
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.31% / 53.63%
||
7 Day CHG~0.00%
Published-22 Jun, 2020 | 07:10
Updated-04 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer overflow while copying the frame to local buffer due to lack of check of length before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6174A, QCA6574AU, QCA6584AU, QCA9377, QCA9379, QCA9886, QCM2150, QCS405, QCS605, QM215, Rennell, SC7180, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwareapq8096_firmwaremdm9640_firmwareqcm2150_firmwaresdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632apq8096sdx24sdm439mdm9650sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996ausdm429w_firmwaresm7150apq8009_firmwaremsm8917sdm670qcs605_firmwareapq8076sc8180xmdm9206qca9379_firmwareqca6174asdm670_firmwaresdx24_firmwareqca6584au_firmwareapq8076_firmwareipq8074sdm636qca9377apq8098ipq6018_firmwaremdm9206_firmwareqcs605qca9886msm8937_firmwaremdm9650_firmwaresdm429_firmwaremsm8905_firmwareqca6574au_firmwaresxr1130_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwarenicobarqca6584aumsm8920msm8953sdm450sdm636_firmwaresdm845_firmwareapq8098_firmwaresdx20msm8998_firmwareqcm2150msm8920_firmwaresdm630mdm9607_firmwaresdm660sc8180x_firmwareqcs405ipq8074_firmwareqca6574ausdm710qm215sc7180_firmwaremdm9607apq8017_firmwaresdm710_firmwaremsm8937mdm9207c_firmwaremsm8905ipq6018mdm9207cqca6174a_firmwareqca9886_firmwaresm8150_firmwaremsm8909apq8096ausdm439_firmwareqcs405_firmwarerennellsc7180sdm630_firmwarerennell_firmwareqm215_firmwaremsm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaremsm8998sm8150sdx20_firmwareapq8017nicobar_firmwareqca9379sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-3660
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.32% / 54.34%
||
7 Day CHG~0.00%
Published-22 Jun, 2020 | 07:10
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632sdm439sdm429sm7150_firmwaresm6150msm8909w_firmwaremsm8996ausdm429w_firmwaresm7150apq8009_firmwaremsm8917sxr2130qcs605_firmwaremdm9206sdm636apq8098mdm9206_firmwareqcs605sdm429_firmwaremsm8905_firmwareqca6574au_firmwaresda660msm8909wapq8009apq8053_firmwaremsm8953sdm450sdm636_firmwareapq8098_firmwaresdx20msm8998_firmwaresdm660sdm630mdm9607_firmwaresm8250_firmwareqcs405qca6574auqm215mdm9607apq8017_firmwaremdm9207c_firmwaremsm8996_firmwaremsm8905mdm9207csm8150_firmwaresxr2130_firmwareapq8096ausdm439_firmwareqcs405_firmwarerennellsdm630_firmwaresda660_firmwarerennell_firmwareqm215_firmwaremsm8953_firmwareapq8053apq8096au_firmwaresaipan_firmwaresm6150_firmwaremsm8917_firmwaresm8250msm8998sm8150sdx20_firmwareapq8017msm8996saipansdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-129
Improper Validation of Array Index
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-18696
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 35.24%
||
7 Day CHG~0.00%
Published-07 Apr, 2020 | 13:52
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (Exynos7420, Exynos8890, or MSM8996 chipsets) software. RKP allows memory corruption. The Samsung ID is SVE-2016-7897 (January 2017).

Action-Not Available
Vendor-n/aGoogle LLCQualcomm Technologies, Inc.Samsung
Product-exynos_7420androidmsm8996exynos_8890n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-33025
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.21% / 43.13%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 05:38
Updated-17 Apr, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy without Checking Size of Input in Data Modem

Memory corruption in Data Modem when a non-standard SDP body, during a VOLTE call.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca8337_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqcm4490_firmwarewcd9380_firmwarewsa8830qcs4490_firmwaresnapdragon_x70_modem-rf_system_firmwaresnapdragon_x65_5g_modem-rf_systemqca8337wsa8832_firmwarefastconnect_6900fastconnect_6900_firmwaresnapdragon_680_4g_mobile_platform_firmwarewcn3988_firmwarewsa8835fastconnect_6700_firmwareqcn9024_firmwarewcn3950_firmwarewsa8810_firmwarewcd9380sm4450_firmwarewsa8810wsa8832fastconnect_6700snapdragon_x70_modem-rf_systemqca8081snapdragon_680_4g_mobile_platformwcd9370qcm4490qcs4490wcn3950qcn6024_firmwarear8035wcd9375wcd9370_firmwarewsa8815qcn6024snapdragon_685_4g_mobile_platformwsa8830_firmwarewcn3988sm4450wsa8815_firmwarewsa8835_firmwaresnapdragon_685_4g_mobile_platform_firmwareqcn9024wcd9375_firmwareqca8081_firmwarear8035_firmwareSnapdragon
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2017-17766
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 39.78%
||
7 Day CHG~0.00%
Published-30 Mar, 2018 | 21:00
Updated-16 Sep, 2024 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wma_peer_info_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-03, the value of num_peers received from firmware is not properly validated so that an integer overflow vulnerability in the size of a buffer allocation may potentially lead to a buffer overflow.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-3615
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.34% / 56.01%
||
7 Day CHG~0.00%
Published-02 Jun, 2020 | 15:05
Updated-04 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Valid deauth/disassoc frames is dropped in case if RMF is enabled and some rouge peer keep on sending rogue deauth/disassoc frames due to improper enum values used to check the frame subtype in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8009, APQ8053, APQ8096AU, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS605, SC8180X, SDM630, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM8150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaremdm9150_firmwaresdm636_firmwaremsm8996au_firmwaresdm845sdx20sdm660sdx24sdm630mdm9607_firmwaremdm9650sc8180x_firmwareqca6574aumdm9607msm8996auapq8009_firmwareqcn7605_firmwaremdm9150qcs605_firmwaremdm9207c_firmwaresc8180xmdm9206mdm9207cqca6174a_firmwareqca6174aqca9379_firmwaresm8150_firmwaresdx24_firmwareapq8096ausdm636qca9377sdm630_firmwareqcn7605mdm9206_firmwareqcs605sdx55apq8053apq8096au_firmwaremdm9650_firmwaresm8150sdx20_firmwareqca6574au_firmwaresdx55_firmwaresxr1130_firmwaresxr1130apq8009qca9379apq8053_firmwaresdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-617
Reachable Assertion
CVE-2017-18147
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.16% / 36.95%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 17:00
Updated-17 Sep, 2024 | 04:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in MMCP, a downlink message is not being properly validated.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-20
Improper Input Validation
CVE-2023-33028
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 28.51%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 05:00
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy without Checking Size of Input in WLAN Firmware

Memory corruption in WLAN Firmware while doing a memory copy of pmk cache.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcm8550_firmwaresd865_5gipq9574qcn9000_firmwareqcn6102_firmwareqca6595qcn9022ipq6028_firmwareimmersive_home_214_platformqca8081_firmwarewcd9370qcn9001qca8072qca6696wcd9340_firmwareipq5028_firmwarewcd9395_firmwareqcn6024qcn9003_firmwareqca6390ar9380qcc2073_firmwareqcc710_firmwareipq8076qca6426wcn6740_firmwareipq6018_firmwareqca9984_firmwareqcn6023qcn5124_firmwarewsa8832_firmwareimmersive_home_216_platformqca8337qca9994_firmwareqca6426_firmwarewcd9395ipq6000qca6574au_firmwareipq8078aipq8078a_firmwarewcn785x-5qam8295pqca6574auwcd9390wsa8810_firmwarewsa8845h_firmwareqcn9100_firmwareqca2064_firmwareqcn5122qca6554aqcn6024_firmwareqca9886_firmwareqcn9000ssg2115pqcc710qcn6132_firmwareqca2062_firmwareqsm8350_firmwareqcn5054sm8450_firmwareipq5332_firmwareqcn5052qca9980qfw7114wcd9385_firmwaresnapdragon_x55_5g_modem-rf_systemipq9574_firmwareqam8255p_firmwareipq8064ipq8074a_firmwareipq8076aqcn5164snapdragon_888_5g_mobile_platform_firmwaresnapdragon_ar2_gen_1_platform_firmwareqcs4490immersive_home_3210_platform_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwarewsa8845qcn6100_firmwareqca6564au_firmwarecsr8811_firmwarewsa8810qca8075qam8650pqca8085snapdragon_8\+_gen_2_mobile_platformsm8350-acqcn6100qca6595auwsa8840qcs8550_firmwareqca6390_firmwareqca9986_firmwareqfw7124_firmwareqca6436_firmwareqcn9012ipq8070a_firmwareqcn9070qcs4490_firmwaresnapdragon_8_gen_2_mobile_platformqcf8001qca8084sm8250-ac_firmwaresdx65mwcd9370_firmwaresnapdragon_x55_5g_modem-rf_system_firmwareqcc2076qca6574aipq9570wcd9340qcm6490immersive_home_316_platform_firmwareqcn6122_firmwareqcn5154_firmwaresm8550p_firmwareimmersive_home_3210_platformqcm8550qcn5122_firmwareqcn9274qcn9024ipq8076a_firmwareqca6574snapdragon_x75_5g_modem-rf_systemipq9570_firmwaresxr2230p_firmwarear9380_firmwareqca2066_firmwareqcn9024_firmwarewsa8845hqca8082qca8072_firmwarewsa8830sm8550pqcn9074_firmwareipq8174qcn6122sa8255p_firmwareipq8174_firmwarewcn785x-1_firmwareqcc2073ar8035ipq8072aqca2065qca9985qcn6224ipq8071asc8280xp-absm8475_firmwareqcn6112qca6698aqwcn3950_firmwaressg2125p_firmwarewcn685x-1video_collaboration_vc3_platform_firmwareqcn6023_firmwareqcn5164_firmwareqcn9002ipq8078immersive_home_326_platform_firmwareqcs6490ipq9554_firmwaresc8280xp-bb_firmwareqcn9072wsa8830_firmwareqcn6224_firmwareqca6678aq_firmwareqca8386_firmwarewsa8845_firmwarewsa8832qca8082_firmwareqcc2076_firmwaresxr2130_firmwareqca6678aqar8035_firmwareqcn5022_firmwaresm8475qca9992snapdragon_888_5g_mobile_platformsm8250-ab_firmwareqca4024_firmwareqca0000_firmwaresd888_firmwareipq9008ipq9554qca6564auqca9992_firmwareqca9990ipq9008_firmwareqcn9074immersive_home_214_platform_firmwarewsa8815_firmwaresm8250-abqca8337_firmwareqcn5054_firmwareqca9888ipq5332qcn9013sg8275p_firmwareipq8173qcm6490_firmwareipq8072a_firmwaresm8350-ac_firmwareipq6010_firmwareqcm4490_firmwarewcn785x-5_firmwarewcn3950snapdragon_xr2_5g_platformqcn6112_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqca6797aq_firmwareipq5028qca9986qcf8001_firmwareqcn9070_firmwaresnapdragon_780g_5g_mobile_platformqca8085_firmwaresa8295p_firmwareqca9984ipq5010_firmwareqcn9022_firmwareqca9886qcn6132ipq6018qcn6102snapdragon_780g_5g_mobile_platform_firmwareqca6584ausd888qcn6274_firmwarewcn685x-5wcn6740ipq8065qfw7114_firmwareqca4024sc8280xp-ab_firmwareqca6595_firmwaresm8250-acqcn9001_firmwareimmersive_home_216_platform_firmwareipq8070awcd9380qam8255psxr2230pqca9990_firmwaresnapdragon_xr2_5g_platform_firmwareqcn9003qca8075_firmwareqcn5052_firmwaresnapdragon_auto_5g_modem-rf_firmwareqca2064sxr1230pqca2065_firmwareipq6010sdx65m_firmwarevideo_collaboration_vc3_platformsnapdragon_865_5g_mobile_platform_firmwareqca9980_firmwareqca9985_firmwareqam8295p_firmwareqca6698aq_firmwarewcd9385qca9994qsm8350sc8280xp-bbqca8084_firmwaresa8255psxr1230p_firmwarewcd9390_firmwareimmersive_home_318_platform_firmwarewcn6750qcn5024sg8275pwcn6750_firmwaresdx55_firmwareipq8071a_firmwaresnapdragon_auto_5g_modem-rfssg2125pqca6554a_firmwaresxr2130ipq6028qcm4490qcn9100immersive_home_326_platformqam8650p_firmwareqcn9013_firmwareqca2062qcs6490_firmwaresm8450snapdragon_x65_5g_modem-rf_systemipq8076_firmwareqca6584au_firmwareqcn5152_firmwareqcn6274qca6436qfw7124wsa8835wsa8840_firmwareqca6391_firmwareqca6595au_firmwareqca0000snapdragon_ar2_gen_1_platformipq8068qca6696_firmwaresnapdragon_865_5g_mobile_platformwcd9380_firmwareqca6574_firmwareqca8081wsa8815sd_8_gen1_5gqcn5124qam8775pipq8064_firmwareqca6797aqqcn5152ipq8065_firmwareqca6574a_firmwaresdx55qcn9072_firmwareqca9888_firmwareipq8074aimmersive_home_318_platformqca9889qcn5024_firmwaresd_8_gen1_5g_firmwareqcn9002_firmwarewcd9375_firmwareqca8386qca6391ipq5010qcn9274_firmwarewcn785x-1ipq8173_firmwareqcn9012_firmwaresnapdragon_8_gen_2_mobile_platform_firmwaresa8295pqcs8550ipq8068_firmwareipq6000_firmwareqam8775p_firmwaresd865_5g_firmwarewcd9375ipq8078_firmwarewcn685x-5_firmwareqca9889_firmwareqcn5154immersive_home_316_platformwsa8835_firmwareqca2066ssg2115p_firmwarecsr8811qcn5022snapdragon_x75_5g_modem-rf_system_firmwarewcn685x-1_firmwareSnapdragon
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-14045
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.38%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 08:56
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer overflow while processing clientlog and serverlog due to lack of validation of data received in logs in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8096AU, QCS605, SDM439, SM8150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-apq8096au_firmwaresm8150_firmwaresm8150apq8096ausdm439_firmwaresxr1130_firmwaresxr1130sdm439qcs605qcs605_firmwareSnapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-14052
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.33% / 55.48%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Accessing an uninitialized data structure could result in partially copying of contents and thus incorrect processing' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QCS610, QM215, SA415M, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwaremdm9635m_firmwareqcm2150_firmwaremdm9640_firmwareqcs610sdm632_firmwaremsm8996au_firmwaresdm845sdm450_firmwaresdm632sdx24sdm439mdm9650sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996aumdm9645sm7150apq8009_firmwaremsm8917sdm670qcs605_firmwaresc8180xmdm9206sdm670_firmwaresdx24_firmwaresdm636sda845_firmwaresa415mmdm9635mapq8098mdm9615mdm9206_firmwareqcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaremsm8905_firmwaresda660sxr1130_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwaresda845nicobarsdm850_firmwaremsm8920msm8953sdm450sdm636_firmwaresdm845_firmwareapq8098_firmwaresdx20msm8998_firmwareqcm2150msm8920_firmwaresdm630mdm9607_firmwaresdm660mdm9655_firmwaresc8180x_firmwaresa415m_firmwaresdm710qm215mdm9607mdm9645_firmwareapq8017_firmwaremdm9625_firmwaresdm710_firmwareqcs610_firmwaremdm9150msm8937msm8905sm8150_firmwaremsm8909mdm9655apq8096ausdm439_firmwaresdm630_firmwaresda660_firmwaremdm9625qm215_firmwaremsm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaremdm9615_firmwaremsm8998sm8150sdx20_firmwaresdm850apq8017nicobar_firmwaresdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2023-33045
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.21% / 43.34%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 05:26
Updated-02 Aug, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy Without Checking Size of Input in WLAN Firmware

Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qam8255p_firmwareqca8337qfw7124ipq8173_firmwareqam8775pqcf8001qcn5124qca4024_firmwarewsa8840immersive_home_318_platform_firmwareipq8078aipq5028_firmwareqca6595au_firmwarewcn685x-1qca6554a_firmwareipq8076aqca8386_firmwareqcn6024_firmwareimmersive_home_316_platform_firmwaresd_8_gen1_5g_firmwareqca8084_firmwareqca6574au_firmwareqcn5164_firmwareqca8081_firmwareipq8078a_firmwareipq5028wsa8840_firmwareqca6698aqqca0000qcf8001_firmwareipq6010sc8380xp_firmwaresdx65mwcd9340qcn6132qcn9013qca6436qcf8000qca6698aq_firmwarewcn685x-1_firmwareqca9888_firmwareqam8775p_firmwareqcn6122qca6696_firmwareipq9008_firmwareqcn5154_firmwareqca6797aqqcc710_firmwaresm8250-ac_firmwarewsa8830_firmwaresd865_5g_firmwareqcn5022_firmwareimmersive_home_216_platform_firmwareqca8337_firmwarewcd9380_firmwaressg2125pipq8072aipq8076a_firmwareipq8078qca6564auqca8084ipq8173qcm8550ipq9008qcn5164qca6574csr8811_firmwarewcd9380ipq9554_firmwareqcn5024sxr1230pqcn9012_firmwareqcn5052_firmwareqcn9274_firmwareqfw7114_firmwarewsa8845qcc2073_firmwareipq6018_firmwarewcd9340_firmwarewsa8815qcn6112qca6426_firmwaresc8380xpipq6028qcn9024ipq9574_firmwareimmersive_home_3210_platform_firmwarewcn6740_firmwaresnapdragon_xr2_5g_platformsnapdragon_x65_5g_modem-rf_systemipq8078_firmwaresnapdragon_x75_5g_modem-rf_system_firmwareqca6797aq_firmwarewcn785x-1_firmwareqcn9024_firmwareipq8174_firmwaresnapdragon_8\+_gen_2_mobile_platformwsa8832ipq5332immersive_home_326_platformipq6018qcc710immersive_home_214_platformqca6595_firmwarewcd9395qca6391_firmwareimmersive_home_214_platform_firmwareqca4024sm8550p_firmwaresdx55sm8250ssg2115p_firmwareqfw7124_firmwareqam8255par8035_firmwareqcn5024_firmwarewsa8830qcn9070sxr2230p_firmwareqam8650pwcn785x-5qcn6224_firmwareqca8082qcn9072qca8386qca6390_firmwareipq6000ssg2115pqcn5152_firmwareqca0000_firmwareqca6426qca6584au_firmwareqcn9000_firmwaresm8450snapdragon_8_gen_2_mobile_platformsm8250-abipq9554wcd9385_firmwareimmersive_home_216_platformimmersive_home_316_platformimmersive_home_318_platformipq8074aqcn5124_firmwareqca8082_firmwareqcn5122_firmwaresdx55_firmwareqca6595auqcn6023_firmwarewsa8845h_firmwareqfw7114qca6436_firmwareipq5010qca6564au_firmwareqca6584ausnapdragon_x65_5g_modem-rf_system_firmwareqcm8550_firmwareqcn9274ipq8174qcn5052sm8250_firmwareqcn6112_firmwaresm8250-acqcn9074qca8085wsa8810_firmwareqcn6224sm8450_firmwarewsa8845hsnapdragon_ar2_gen_1_platform_firmwaresnapdragon_x75_5g_modem-rf_systemwcd9395_firmwareqca8081ipq8071aqcn6023sdx65m_firmwareipq8071a_firmwareimmersive_home_3210_platformqca8085_firmwarewcd9385ipq9570qca6390ar8035csr8811wcd9390qcn9100_firmwareipq5010_firmwareipq8074a_firmwarewsa8815_firmwarewsa8835_firmwaresnapdragon_8_gen_2_mobile_platform_firmwarewcn785x-1qcn9000qcf8000_firmwareqca6554asd865_5gqca6595qcn9012immersive_home_326_platform_firmwareqcn6122_firmwarewsa8835sxr1230p_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwaresd_8_gen1_5gqcn6274qcn5154qca8075_firmwaressg2125p_firmwareqca6574awcn685x-5_firmwareqca9889qcn6132_firmwareqca9888qcc2076_firmwareipq8070a_firmwareipq8076_firmwareqca6574_firmwaresxr2230pipq8076wsa8845_firmwaresnapdragon_xr2_5g_platform_firmwareqca6574a_firmwareqcn5152wcn785x-5_firmwaresm8250-ab_firmwareqca6391qcn9100qcn6274_firmwarewsa8832_firmwareipq9570_firmwareqcn9070_firmwarewcn685x-5ipq6028_firmwareipq8072a_firmwareqca6574auqca9889_firmwareipq9574qcn5122wsa8810ipq5332_firmwaresm8550psnapdragon_ar2_gen_1_platformqcn5022qcn9013_firmwareqam8650p_firmwareipq6010_firmwarewcn6740qca6696qca8075qcn9022_firmwarewcd9390_firmwareqcn6024qcn9022qcc2076ipq8070aqcn9072_firmwareipq6000_firmwareqcn9074_firmwareqcc2073Snapdragonqcn5024_firmwareqam8255p_firmwareqca8337_firmwarewcd9380_firmwaresxr2230p_firmwareqcf8000_firmwareipq8076a_firmwareipq8173_firmwaresnapdragon_870_5g_mobile_platform_firmwarear8035_firmwareqcn6224_firmwareqca4024_firmwareimmersive_home_326_platform_firmwareqcn6122_firmwaresxr1230p_firmwareimmersive_home_318_platform_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwarecsr8811_firmwareipq5028_firmwareqca6595au_firmwareipq9554_firmwareqca8075_firmwaressg2125p_firmwareqcn5152_firmwareqca0000_firmwareqcn6132_firmwareqca6584au_firmwareqcn9000_firmwareqcn9012_firmwareqcn5052_firmwareqcn9274_firmwareqcc2076_firmwareipq8070a_firmwareqca6554a_firmwareqfw7114_firmwarewcd9385_firmwareqcn6024_firmwareqca8386_firmwareqcc2073_firmwareimmersive_home_316_platform_firmwareipq6018_firmwaresd_8_gen1_5g_firmwareipq8076_firmwareqca6574_firmwareqca8084_firmwarewcd9340_firmwareqcn5124_firmwarewsa8845_firmwaresnapdragon_xr2_5g_platform_firmwareqca6426_firmwareqca8082_firmwareqca6574a_firmwareqca6574au_firmwareqcn5122_firmwareqcn5164_firmwaresdx55_firmwarewsa8845h_firmwareqca8081_firmwareqcn6023_firmwareipq9574_firmwareimmersive_home_3210_platform_firmwareqca6436_firmwarewcn6740_firmwareqca6564au_firmwaresnapdragon_865\+_5g_mobile_platform_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqcm8550_firmwareipq8078a_firmwareqcn6274_firmwarewsa8840_firmwareipq8078_firmwareipq9570_firmwareqcn9070_firmwaresnapdragon_x75_5g_modem-rf_system_firmwareqcf8001_firmwarewsa8832_firmwarefastconnect_6900_firmwareipq6028_firmwaresc8380xp_firmwareipq8072a_firmwareqcn6112_firmwareqca6797aq_firmwareqca9889_firmwareqcn9024_firmwareipq8174_firmwarewsa8810_firmwarefastconnect_7800_firmwaresnapdragon_ar2_gen_1_platform_firmwarewcd9395_firmwareipq5332_firmwaresnapdragon_8_gen_1_mobile_platform_firmwareqca6698aq_firmwaresdx65m_firmwareqcn9013_firmwareipq8071a_firmwareqam8650p_firmwareqca8085_firmwareqam8775p_firmwareqca9888_firmwareipq6010_firmwareqca6696_firmwareqca6595_firmwareipq9008_firmwareqca6391_firmwareqcn5154_firmwareimmersive_home_214_platform_firmwaresm8550p_firmwareqcc710_firmwareqcn9100_firmwareqcn9022_firmwarewsa8830_firmwarewcd9390_firmwaresd865_5g_firmwareipq5010_firmwareipq8074a_firmwarewsa8815_firmwarewsa8835_firmwareqcn9072_firmwareipq6000_firmwaresnapdragon_865_5g_mobile_platform_firmwaressg2115p_firmwareqcn9074_firmwarefastconnect_6800_firmwareqcn5022_firmwareqfw7124_firmwareimmersive_home_216_platform_firmwaresnapdragon_8_gen_2_mobile_platform_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-14006
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.38%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 06:30
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow occur while playing the clip which is nonstandard due to lack of offset length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632sdm439sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996ausdm429w_firmwaresm7150apq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwaremdm9206sdm670_firmwaresdm636sda845_firmwareapq8098mdm9206_firmwaremsm8939qcs605msm8937_firmwaresdm429_firmwaremsm8905_firmwaresda660apq8064_firmwaremsm8909wapq8009msm8909_firmwareapq8053_firmwaresda845nicobarsa6155p_firmwaremsm8920msm8953sdm450sdm636_firmwareapq8064apq8098_firmwaresdx20sdm660msm8920_firmwaresdm630mdm9607_firmwaresm8250_firmwaresdm710qm215mdm9607apq8017_firmwaresdm710_firmwaremsm8939_firmwaresa6155pmsm8937mdm9207c_firmwaremsm8996_firmwaremsm8905mdm9207csm8150_firmwaremsm8909sxr2130_firmwareapq8096ausdm439_firmwarerennellsdm630_firmwaresda660_firmwarerennell_firmwareqm215_firmwaremsm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaresm8250sm8150sdx20_firmwareapq8017msm8996nicobar_firmwaresdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15836
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.3||HIGH
EPSS-0.11% / 29.58%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 17:00
Updated-17 Sep, 2024 | 04:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, if the firmware sends a service ready event to the host with a large number in the num_hw_modes or num_phy, then it could result in an integer overflow which may potentially lead to a buffer overflow.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-15813
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 39.17%
||
7 Day CHG~0.00%
Published-05 Dec, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overflow can occur while reading firmware logs.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-14881
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.20% / 41.71%
||
7 Day CHG~0.00%
Published-30 Mar, 2018 | 21:00
Updated-16 Sep, 2024 | 22:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

While calling the IPA IOCTL handler for IPA_IOC_ADD_HDR_PROC_CTX in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-13, a use-after-free condition may potentially occur.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-416
Use After Free
CVE-2017-14877
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.20% / 41.71%
||
7 Day CHG~0.00%
Published-30 Mar, 2018 | 21:00
Updated-16 Sep, 2024 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

While the IPA driver in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-08-31 is processing IOCTL commands there is no mutex lock of allocated memory. If one thread sends an ioctl cmd IPA_IOC_QUERY_RT_TBL_INDEX while another sends an ioctl cmd IPA_IOC_DEL_RT_RULE, a use-after-free condition may occur.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-416
Use After Free
CVE-2017-11076
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-8.8||HIGH
EPSS-0.21% / 42.93%
||
7 Day CHG~0.00%
Published-26 Nov, 2024 | 08:55
Updated-09 Jan, 2025 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use of Out-of-range Pointer Offset in Video

On some hardware revisions where VP9 decoding is hardware-accelerated, the frame size is not programmed correctly into the decoder hardware which can lead to an invalid memory access by the decoder.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_615sd_820sdm632_firmwaremsm8909w_firmwaresd_210_firmwaresd_625sd_616_firmwaresdm632sd_810sdm636_firmwaresdm710_firmwaresd_450sd_820asd_425sd_210sdm439_firmwaresd_625_firmwaresd_415_firmwaresd_205msm8996au_firmwaresdm660_firmwaresnapdragon_high_med_2016_firmwaresd_435_firmwaresd_427_firmwaresdm710sd_820_firmwaresd_835sdm429sd_616sd_810_firmwaresdm630sd_845sd_435sd_212_firmwaresnapdragon_high_med_2016sdm429_firmwaresd_820a_firmwaresd_835_firmwaresd_450_firmwaresd_427sdm660sd_205_firmwaremsm8996ausd_212sd_425_firmwaresdm630_firmwaremsm8909wsdm439sd_415sdm636sd_430sd_615_firmwaresd_430_firmwaresd_845_firmwareSnapdragon
CWE ID-CWE-823
Use of Out-of-range Pointer Offset
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11079
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.16% / 37.43%
||
7 Day CHG~0.00%
Published-10 Jan, 2018 | 22:00
Updated-16 Sep, 2024 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing sparse image, uninitialized heap memory can potentially be flashed due to the lack of validation of sparse image block header size.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2002-0833
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.71% / 89.13%
||
7 Day CHG~0.00%
Published-07 Aug, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a multi-part message with a long boundary string.

Action-Not Available
Vendor-n/aQualcomm Technologies, Inc.
Product-eudoran/a
CVE-2019-10572
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.84%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 05:25
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper check in video driver while processing data from video firmware can lead to integer overflow and then buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9640_firmwaresdm632_firmwaremsm8996au_firmwaresdm845sdm450_firmwaresdm632sdx24sdm439mdm9650sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996ausm7150apq8009_firmwaremsm8917sdm670qcs605_firmwaremdm9206sdm670_firmwaresdx24_firmwaresdm636sda845_firmwareapq8098mdm9206_firmwareqcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaremsm8905_firmwaresda660sdx55_firmwaresxr1130_firmwaresxr1130msm8909wapq8009apq8053_firmwaresda845nicobarsa6155p_firmwaremsm8920msm8953sdm450sdm636_firmwaresdm845_firmwareapq8098_firmwaresdx20msm8998_firmwaresdm660msm8920_firmwaresdm630mdm9607_firmwareqcs405sdm710qm215mdm9607apq8017_firmwaresdm710_firmwaresa6155pmsm8937mdm9207c_firmwaremsm8905mdm9207csm8150_firmwareapq8096ausdm439_firmwareqcs405_firmwaresdm630_firmwaresda660_firmwareqm215_firmwaresdx55msm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaremsm8998sm8150sdx20_firmwareapq8017nicobar_firmwaresdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-10593
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.38%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 08:56
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow can occur when processing non standard SDP video Image attribute parameter in a VILTE\VOLTE call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwareapq8096_firmwaremdm9640_firmwareqcm2150_firmwaresdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632apq8096sdx24sdm439mdm9650sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996aumdm9645sdm429w_firmwaresm7150apq8009_firmwaremsm8917sdm670qcs605_firmwareapq8076sc8180xmdm9206sdm670_firmwaresdx24_firmwareapq8076_firmwaresdm636sda845_firmwareapq8098mdm9206_firmwareqcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaremsm8905_firmwaresda660sdx55_firmwaresxr1130_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwaresda845nicobarsdm850_firmwaremsm8920msm8953sdm450sdm636_firmwaresdm845_firmwareapq8098_firmwaresdx20msm8998_firmwareqcm2150msm8920_firmwaresdm630mdm9607_firmwaresdm660mdm9655_firmwaresc8180x_firmwaresdm710qm215mdm9607mdm9645_firmwareapq8017_firmwaresdm710_firmwaremdm9150msm8937msm8905sm8150_firmwaremsm8909mdm9655apq8096ausdm439_firmwarerennellsdm630_firmwaresda660_firmwarerennell_firmwareqm215_firmwaresdx55msm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaremsm8998sm8150sdx20_firmwaresdm850apq8017nicobar_firmwaresdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-10612
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.38%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 08:56
Updated-04 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UTCB object has a function pointer called by the reaper to deallocate its memory resources and this address can potentially be corrupted by stack overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, MDM9650, QCS605, SA6155P, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm850_firmwaresa6155p_firmwaresdm845sm8250_firmwaremdm9650sc8180x_firmwaresm7150_firmwaresdm710sm6150sdm710_firmwaresm7150sa6155psdm670sxr2130sc8180xqcs605_firmwaresdm670_firmwaresm8150_firmwaresxr2130_firmwaresda845_firmwaremdm9205_firmwaremdm9205qcs605sdx55sm6150_firmwaresm8250mdm9650_firmwaresm8150sdm850sxr1130_firmwaresdx55_firmwaresxr1130sda845sdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-10587
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.38%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 08:56
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible Stack overflow can occur when processing a large SDP body or non standard SDP body without right delimiters in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwaremdm9635m_firmwareapq8096_firmwaremdm9640_firmwareqcm2150_firmwaresdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632apq8096sdx24sdm439mdm9650sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996aumdm9645sdm429w_firmwaresm7150apq8009_firmwaremsm8917sdm670qcs605_firmwaresc8180xmdm9206sdm670_firmwaresdx24_firmwaresdm636sda845_firmwaremdm9635mapq8098mdm9615mdm9206_firmwareqcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaremsm8905_firmwaresda660sdx55_firmwaresxr1130_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwaresda845nicobarsdm850_firmwaremsm8920msm8953sdm450sdm636_firmwaresdm845_firmwareapq8098_firmwaresdx20msm8998_firmwareqcm2150msm8920_firmwaresdm630mdm9607_firmwaresdm660mdm9655_firmwaresc8180x_firmwaresdm710qm215mdm9607mdm9645_firmwareapq8017_firmwaremdm9625_firmwaresdm710_firmwaremdm9150msm8937msm8905sm8150_firmwaremsm8909mdm9655apq8096ausdm439_firmwarerennellsdm630_firmwaresda660_firmwaremdm9625rennell_firmwareqm215_firmwaresdx55msm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaremdm9615_firmwaremsm8998sm8150sdx20_firmwaresdm850apq8017nicobar_firmwaresdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-22088
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.89% / 75.00%
||
7 Day CHG+0.11%
Published-06 Jan, 2023 | 04:42
Updated-09 Apr, 2025 | 19:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer Overflow to Buffer Overflow in Bluetooth HOST

Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa6150p_firmwaresm6250p_firmwareqcs610qca6431_firmwarewcn3950_firmwaresa8150p_firmwareqcs2290qca6595au_firmwaresa6155qca6335csra6620_firmwareapq8076sd_675_firmwarecsra6640_firmwareqcs6125_firmwaremsm8108sm4375wcn3998msm8108_firmwarewcn3950sm4125sd720gsd_8_gen1_5g_firmwarewcn3660bsd460_firmwaresm7315_firmwarewcn7850qca6574au_firmwarewcd9375_firmwarewcn3998_firmwaresa6155_firmwaremsm8909wapq8009w_firmwareqca6420sd680_firmwareqrb5165_firmwareqrb5165m_firmwareqcs6125apq8056_firmwaresa8155_firmwaresd662_firmwareqcs405qca6430wcd9340sd626_firmwarequalcomm215_firmwaresd765gsw5100qca6436sd680wcn6851sa6155pwcn7851_firmwareapq8052msm8209_firmwarewcd9341qca6431qca6696_firmwaresd750gsd870_firmwarewcn3910_firmwaresxr2150p_firmwaresa8150pwsa8830_firmwaresd855_firmwaresd660sd865_5g_firmwarewcn3988sd660_firmwarewcn7850_firmwaresa8195p_firmwaremsm8208_firmwaresm8475qcn7606_firmwarewcn6750_firmwarewcn3610msm8608wcn3991wcd9380_firmwaresdm429wmsm8996au_firmwaresw5100psd625_firmwareqca6564ausdx55m_firmwarewcn6856_firmwaremsm8976_firmwareqca6574wcd9380qualcomm215qcs410sd690_5g_firmwaresdx50m_firmwareqca6430_firmwareqcn9012_firmwaresd626wcd9335_firmwarewcn3980qca6335_firmwarewcd9340_firmwarewsa8815wcn6850wcn3910msm8956_firmwareqca6320qca6426_firmwarewcn3660b_firmwarewcn3680sd695sd835wcn3980_firmwaresd730sdx55mqcc5100_firmwareqca6421_firmwarewcn6740_firmwaresd678_firmwarear8031_firmwarewcn3680_firmwareqrb5165wcn6851_firmwareqca6564a_firmwareapq8009wmsm8976sg_firmwareqcm4290_firmwaresd480sd870wcn6855sw5100p_firmwaresd210_firmwareqcs610_firmwaresa6145psd695_firmwaresdxr1apq8096auar8031qcs405_firmwaresa8145pqca6391_firmwaresd780g_firmwarewcd9370_firmwaresdx55sd888_firmwaresa8155pcsra6640sd675sxr2150pqcm2290qcn7606wcn3991_firmwarewsa8830sd678sa8145p_firmwareqcs2290_firmwarecsra6620qcs4290sd765g_firmwareqca6420_firmwareqca6390_firmwareapq8009_firmwaresd690_5gsd730_firmwarewcd9370sd675_firmwaresd625qca6426qca6584au_firmwareapq8076_firmwareqrb5165n_firmwarewcn3990_firmwaresdw2500_firmwarewcd9385_firmwaresdxr2_5g_firmwarewcd9326_firmwarewcn3615_firmwaresd662qcn9011_firmwaresa8155qca6320_firmwarewcn3680b_firmwaresdx55_firmwareqca6595auwcn3615sm7250p_firmwarewcn3610_firmwareqca6436_firmwareqrb5165nqca6564au_firmwareqca6584ausa6155p_firmwareqca6310msm8208sd778gwcn7851qcs6490sd429sdxr2_5gmsm8976sgwcn3988_firmwareqcn9074sa6145p_firmwaresd205qca6421sd429_firmwaresd778g_firmwaresm6250sa8195pwsa8810_firmwaresm4375_firmwaresd765_firmwarewcd9326wcd9335qcs4290_firmwarewcd9385qcs6490_firmwareqca6390wcd9375sd750g_firmwareaqt1000msm8956msm8976sm6250_firmwaremsm8952apq8056sd210wcn3620_firmwareqcm6490sd888_5g_firmwarewcn6850_firmwarewcn3620wsa8815_firmwarewsa8835_firmwareqca6564aqcm6125_firmwareqcm2290_firmwarewcn3990sd_675sd780gsd865_5gqcc5100qcn9012sd888msm8952_firmwaremsm8909w_firmwarewsa8835msm8996ausdm429w_firmwaresd665_firmwaresd888_5gsm6250pqca6574awcn6855_firmwaresm7325pqca6310_firmwarewcn6750apq8052_firmwareqca6574_firmwaresd855sm4125_firmwaresm7325p_firmwaresd665sd765qca6574a_firmwaresd768g_firmwaremsm8209qrb5165msm7315apq8009qca6391sd460sdxr1_firmwareaqt1000_firmwareqcm4290qcm6490_firmwaresdx50msd480_firmwareqcn9011qca6574ausa8155p_firmwaresd205_firmwarewcd9341_firmwareqcm6125wsa8810wcn6856wcn3680bsd835_firmwaresd768gwcn6740qca6696sd845_firmwaremsm8608_firmwaresa6150psdw2500apq8096au_firmwaresd845sm7250psd720g_firmwaresw5100_firmwareqcn9074_firmwareqcs410_firmwareSnapdragon
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-10611
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 61.86%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 06:30
Updated-04 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow can occur while processing clip due to lack of check of object size before parsing in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, Nicobar, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm429wsdm632_firmwaresdm845sdm450_firmwaresdm632sdm439sdm429msm8940_firmwaresm6150msm8909w_firmwaresdm429w_firmwareapq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwaremdm9206sdm670_firmwaresda845_firmwareapq8098mdm9206_firmwaremsm8939qcs605msm8937_firmwaresdm429_firmwaremsm8905_firmwaresda660sxr1130_firmwareapq8064_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwaresda845nicobarsa6155p_firmwaremsm8920msm8953sdm450apq8064apq8098_firmwaresdx20sdm660msm8920_firmwaremdm9607_firmwaresm8250_firmwaresdm710qm215mdm9607apq8017_firmwaresdm710_firmwaremsm8939_firmwaresa6155pmsm8937mdm9207c_firmwaremsm8996_firmwaremsm8905mdm9207csm8150_firmwaremsm8909sxr2130_firmwareapq8096ausdm439_firmwaresda660_firmwareqm215_firmwaremsm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaresm8250sm8150sdx20_firmwareapq8017msm8996nicobar_firmwaresdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2019-10614
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.29% / 52.34%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 05:25
Updated-04 Aug, 2024 | 22:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of boundary access is possible as there is no validation of data accessed against the received size of the packet in case of malicious firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS405, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9640_firmwaresdm632_firmwaremsm8996au_firmwaresdm845sdm450_firmwaresdm632sdx24sdm439mdm9650sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996ausm7150apq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwaremdm9206sdm670_firmwaresdx24_firmwaresdm636sda845_firmwareapq8098qcn7605mdm9206_firmwareqcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaresda660sdx55_firmwaresxr1130_firmwaresxr1130msm8909wapq8009apq8053_firmwaresda845nicobarsa6155p_firmwaremsm8920msm8953sdm450sdm636_firmwaresdm845_firmwareapq8098_firmwaresdx20msm8998_firmwaresdm660msm8920_firmwaresdm630mdm9607_firmwaresm8250_firmwareqcs405sdm710qm215mdm9607apq8017_firmwaresdm710_firmwareqcn7605_firmwaresa6155pmsm8937mdm9207c_firmwaremdm9207csm8150_firmwaresxr2130_firmwareapq8096ausdm439_firmwareqcs405_firmwaresdm630_firmwaresda660_firmwareqm215_firmwaresdx55msm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaresm8250msm8998sm8150sdx20_firmwareapq8017nicobar_firmwaresdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-10581
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 59.32%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 06:30
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NULL is assigned to local instance of audio device pointer after free instead of global static pointer and can lead to use after free issue in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, MDM9206, MDM9207C, MDM9607, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8998, Nicobar, QCS605, Rennell, SA6155P, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-msm8920sa6155p_firmwaresdm636_firmwaresdm845msm8998_firmwaresdm660msm8920_firmwaresdm630mdm9607_firmwaresdx24sm8250_firmwaremsm8940_firmwaresm7150_firmwaresdm710msm8909w_firmwaremdm9607sm6150sdm710_firmwareapq8009sm7150apq8009_firmwaremsm8917sa6155psdm670sxr2130msm8937mdm9207c_firmwareqcs605_firmwaremdm9206mdm9207csdm670_firmwaresm8150_firmwaresdx24_firmwaresxr2130_firmwaresdm636rennellsdm630_firmwarerennell_firmwaremdm9206_firmwareqcs605sdx55msm8940apq8053sm6150_firmwaresm8250msm8917_firmwaremsm8937_firmwaremsm8998sm8150sdx55_firmwarenicobar_firmwaremsm8909wapq8053_firmwaresdm660_firmwarenicobarsdm845_firmwareSnapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-416
Use After Free
CVE-2019-10589
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.33% / 55.48%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 10:46
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lack of length check of response buffer can lead to buffer over-flow while GP command response buffer handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8017, APQ8053, APQ8098, MDM9206, MDM9607, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, QM215, SDA660, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-msm8920msm8953sdm450sdm636_firmwaresdm632_firmwareapq8098_firmwaresdm450_firmwaremsm8998_firmwaresdm632sdm660msm8920_firmwaresdm439mdm9607_firmwaresdm630sdm429msm8940_firmwareqm215mdm9607apq8017_firmwaremsm8917msm8937mdm9206sdm439_firmwaresdm636sdm630_firmwareapq8098sda660_firmwaremdm9206_firmwareqm215_firmwaremsm8940apq8053msm8953_firmwaremsm8917_firmwaremsm8937_firmwaremsm8998sdm429_firmwaresda660apq8017apq8053_firmwaresdm660_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 19
  • 20
  • Next
Details not found