Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-10608

Summary
Assigner-qualcomm
Assigner Org ID-2cfc7d3e-20d3-47ac-8db7-1b7285aff15f
Published At-16 Apr, 2020 | 10:46
Updated At-04 Aug, 2024 | 22:24
Rejected At-
Credits

Information disclosure issue occurs as there is no binding between the secure keypad session and the secure display session that allows user to take control of the REE to stop the secure keypad session and read the keypad input. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, MSM8905, MSM8909

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:qualcomm
Assigner Org ID:2cfc7d3e-20d3-47ac-8db7-1b7285aff15f
Published At:16 Apr, 2020 | 10:46
Updated At:04 Aug, 2024 | 22:24
Rejected At:
▼CVE Numbering Authority (CNA)

Information disclosure issue occurs as there is no binding between the secure keypad session and the secure display session that allows user to take control of the REE to stop the secure keypad session and read the keypad input. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, MSM8905, MSM8909

Affected Products
Vendor
Qualcomm Technologies, Inc.Qualcomm, Inc.
Product
Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
Versions
Affected
  • APQ8009, MSM8905, MSM8909
Problem Types
TypeCWE IDDescription
textN/AInformation Exposure Issue in Content Protection
Type: text
CWE ID: N/A
Description: Information Exposure Issue in Content Protection
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin
x_refsource_CONFIRM
Hyperlink: https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@qualcomm.com
Published At:16 Apr, 2020 | 11:15
Updated At:24 Aug, 2020 | 17:37

Information disclosure issue occurs as there is no binding between the secure keypad session and the secure display session that allows user to take control of the REE to stop the secure keypad session and read the keypad input. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, MSM8905, MSM8909

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
Qualcomm Technologies, Inc.
qualcomm
>>apq8009>>-
cpe:2.3:h:qualcomm:apq8009:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>apq8009_firmware>>-
cpe:2.3:o:qualcomm:apq8009_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>msm8905>>-
cpe:2.3:h:qualcomm:msm8905:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>msm8905_firmware>>-
cpe:2.3:o:qualcomm:msm8905_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>msm8909>>-
cpe:2.3:h:qualcomm:msm8909:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>msm8909_firmware>>-
cpe:2.3:o:qualcomm:msm8909_firmware:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletinproduct-security@qualcomm.com
Vendor Advisory
Hyperlink: https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin
Source: product-security@qualcomm.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

110Records found
CVE-2022-33220
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.02% / 3.09%
||
7 Day CHG~0.00%
Published-05 Sep, 2023 | 06:23
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer over-read in Automotive multimedia

Information disclosure in Automotive multimedia due to buffer over-read.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wsa8830wcd9380_firmwaresa6150p_firmwaresa8145p_firmwaresw5100psd865_5gqcc5100sdx55m_firmwarewcn6856_firmwarewsa8835sd_8_gen1_5gwcd9380sa8150p_firmwaresd888_5gqca6420_firmwareqca6595au_firmwareqca6390_firmwarewcn6855_firmwareqca6426qca6430_firmwarewcn3980wcn3998wcd9385_firmwareqam8295psdxr2_5g_firmwaresd_8_gen1_5g_firmwaresd855wsa8815wcn6850qam8295p_firmwareqca6426_firmwarewcn7850qca6574au_firmwareqca6595auwcn3998_firmwarewcn3980_firmwareqca6391sdx55mqca6420qca6436_firmwaresa8295pqcc5100_firmwareaqt1000_firmwaresa6155p_firmwarewcn7851sdxr2_5gwcn6851_firmwarewcn3988_firmwareqca6430qca6574ausa6145p_firmwaresa8155p_firmwaresa8195pwsa8810_firmwarewcd9341_firmwaresw5100wsa8810sd870qca6436wcn6851wcn6855sa6155psw5100p_firmwarewcn7851_firmwarewcn6856sa6145pwcd9385wcd9341qca6696_firmwaresa8145psd870_firmwareqca6696qca6391_firmwareqca6390aqt1000sa8150psa6150psa8155pwsa8830_firmwaresd855_firmwaresd865_5g_firmwarewcn3988sd888_5g_firmwarewcn6850_firmwarewcn7850_firmwarewsa8815_firmwarewsa8835_firmwaresa8195p_firmwaresw5100_firmwaresa8295p_firmwareSnapdragon
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-2243
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 13.91%
||
7 Day CHG~0.00%
Published-22 Jul, 2019 | 13:47
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer overflow at the end of iterating loop while getting the version info and lead to information disclosure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850sd_632sd_820asd_675msm8996au_firmwaresd_439sd_670_firmwaresd_429sdm439mdm9650sd_636sd_615_firmwaremsm8909w_firmwaremsm8996ausd_820sd_450_firmwaresd_845_firmwaresd_820a_firmwareqcs605_firmwaresd_675_firmwaremdm9206sd_425_firmwaresd_665sd_625_firmwaresd_450sd_845mdm9206_firmwareqcs605sd_632_firmwaresd_835_firmwaremdm9650_firmwaresd_835sda660sd_210_firmwaresd_415_firmwaremsm8909wsd_665_firmwaresd_616_firmwaresd_205_firmwaresd_415sd_212sd_427_firmwaresd_712sd_855sd_730_firmwaresd_616sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435sd_615sd_710_firmwaresdm630sd_625sd_210mdm9607sd_636_firmwaresd_820_firmwaresd_439_firmwaresd_429_firmwaresd_730sd_212_firmwaresd_850_firmwaresdm439_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaresd_427sd_430sd_670sd_435_firmwaresd_710sd_205sdm660_firmwaresd_855_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-2275
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 13.91%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 17:11
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

While deserializing any key blob during key operations, buffer overflow could occur exposing partial key information if any key operations are invoked(Depends on CVE-2018-13907) in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS404, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9150_firmwaresd_632sd_820amsm8996au_firmwaresd_439sd_670_firmwaresd_429sdm439qcs404_firmwaremdm9650sd_636snapdragon_high_med_2016_firmwaremsm8909w_firmwaremsm8996ausd_820sd_650sd_450_firmwaresd_845_firmwaresd_410sd_820a_firmwareqcs605_firmwaremdm9206sd_652sd_425_firmwareqcs404sd_625_firmwaresd_450sd_8cx_firmwaremdm9205mdm9206_firmwaresd_845qcs605sd_632_firmwaresd_835_firmwaremdm9650_firmwaresd_835sda660sxr1130_firmwaresd_210_firmwaresd_652_firmwaresxr1130msm8909wsd_205_firmwaresd_212sd_650_firmwaresd_427_firmwaresd_712sd_855sd_412qualcomm_215sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435sd_710_firmwaresdm630sd_625sd_820_firmwaresd_210mdm9607sd_636_firmwaresd_439_firmwarequalcomm_215_firmwaremdm9150sd_429_firmwaresnapdragon_high_med_2016sd_212_firmwaresd_850_firmwaresdm439_firmwaresd_412_firmwaresd_712_firmwaresdm630_firmwaremdm9205_firmwaresda660_firmwaresd_8cxsd_430sd_427sd_670sd_435_firmwaresd_710sd_410_firmwaresd_205sdm660_firmwaresd_855_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-2343
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.73%
||
7 Day CHG~0.00%
Published-25 Jul, 2019 | 16:33
Updated-04 Aug, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound read and information disclosure in firmware due to insufficient checking of an embedded structure that can be sent from a kernel driver in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850sd_632sd_820asd_675msm8996au_firmwaresd_439sd_670_firmwaresd_429sdm439sd_636snapdragon_high_med_2016_firmwaremsm8909w_firmwaremsm8996ausd_820sd_450_firmwaresd_845_firmwaresd_820a_firmwareqcs605_firmwaresd_675_firmwaresd_425_firmwaresd_665sd_625_firmwaresd_450sd_8cx_firmwaresd_845qcs605sd_632_firmwaresd_835_firmwaresd_835sda660sxr1130_firmwaresd_210_firmwaresxr1130msm8909wsd_665_firmwaresd_205_firmwaresd_212sd_427_firmwaresd_712sd_855sd_730_firmwarequalcomm_215sd_425sdm660sd_430_firmwaresd_710_firmwaresd_435sdm630sd_625sd_210sd_820_firmwaresd_636_firmwaresd_439_firmwarequalcomm_215_firmwaresd_429_firmwaresd_730snapdragon_high_med_2016sd_212_firmwaresd_850_firmwaresdm439_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaresd_8cxsd_427sd_430sd_670sd_435_firmwaresd_710sd_205sdm660_firmwaresd_855_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-2295
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 27.52%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 14:38
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Information disclosure due to lack of address range check done on the SysDBG buffers in SDI code. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, MDM9205, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCS404, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, Snapdragon_High_Med_2016, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm632_firmwaresdm845sdm450_firmwaresdm632sdm439qcs404_firmwaresdm429msm8940_firmwaresnapdragon_high_med_2016_firmwareapq8009_firmwaremsm8917sdm670qcs605_firmwaresdm670_firmwareqcs404sdm636sda845_firmwaremdm9205qcs605msm8937_firmwaresdm429_firmwaremsm8905_firmwaresda660sxr1130_firmwaresxr1130apq8009msm8909_firmwareapq8053_firmwaresda845nicobarsdm850_firmwaremsm8920msm8953sdm450sdm636_firmwaremsm8998_firmwaresdm660msm8920_firmwaresdm630qcs405sdm710qm215apq8017_firmwaresdm710_firmwaremsm8937msm8905snapdragon_high_med_2016msm8909sdm439_firmwareqcs405_firmwaresdm630_firmwaremdm9205_firmwaresda660_firmwareqm215_firmwaremsm8940apq8053msm8953_firmwaremsm8917_firmwaremsm8998sdm850apq8017nicobar_firmwaresdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-20775
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.40%
||
7 Day CHG~0.00%
Published-17 Apr, 2020 | 13:38
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on LG mobile devices with Android OS 9.0 (Qualcomm SDM450, SDM845, SM6150, and SM8150 chipsets) software. Weak encryption leads to local information disclosure. The LG ID is LVE-SMP-190010 (August 2019).

Action-Not Available
Vendor-n/aQualcomm Technologies, Inc.Google LLC
Product-sm6150sm8150androidsdm450sdm845n/a
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2023-33037
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.1||HIGH
EPSS-0.03% / 7.62%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 05:38
Updated-17 Jun, 2025 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cryptographic Issues in Automotive

Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qam8255p_firmwaresnapdragon_8_gen_1_mobile_platformwsa8830sa6150p_firmwaresa8145p_firmwaresxr2230p_firmwareqca8337qam8650pqca6431_firmwareqam8775psnapdragon_870_5g_mobile_platform_firmwaresnapdragon_865_5g_mobile_platformsnapdragon_888_5g_mobile_platformwcn3950_firmwaresnapdragon_888_5g_mobile_platform_firmwaresa8150p_firmwaresm4450_firmwareqca6595au_firmwarewcd9370ssg2115pqca6426wcd9385_firmwareqam8295pwcn3950qcn6024_firmwarefastconnect_6200sd_8_gen1_5g_firmwareqsm8350_firmwareqsm8350qam8295p_firmwaresa9000p_firmwaresnapdragon_x55_5g_modem-rf_systemqca6574au_firmwareqca6595auqca8081_firmwarewcd9375_firmwaresm7250p_firmwareqca6436_firmwaresnapdragon_680_4g_mobile_platform_firmwaresa6155p_firmwaresnapdragon_x65_5g_modem-rf_system_firmwaresnapdragon_870_5g_mobile_platformqca6698aqsa4155p_firmwareqcs8550_firmwaresnapdragon_765g_5g_mobile_platformwcn3988_firmwaresa6145p_firmwareqca6421snapdragon_8\+_gen_1_mobile_platformfastconnect_6700_firmwaresa8195pwsa8810_firmwareqca6436snapdragon_ar2_gen_1_platform_firmwaresa8255p_firmwaresa6155psg4150pqca8081snapdragon_765_5g_mobile_platform_firmwareqca6698aq_firmwareqcm4490snapdragon_888\+_5g_mobile_platformwcd9385sxr2130_firmwareqam8775p_firmwaresa8255pqca6431qca6696_firmwareqca6797aqar8035wcd9375sa8150psnapdragon_685_4g_mobile_platformsnapdragon_768g_5g_mobile_platform_firmwarewsa8830_firmwaresd865_5g_firmwarewcn3988wsa8815_firmwarewsa8835_firmwaresnapdragon_685_4g_mobile_platform_firmwaresa8195p_firmwaresnapdragon_865_5g_mobile_platform_firmwarefastconnect_6800_firmwaresa8295p_firmwaresa4150psg4150p_firmwareqcm4325qca8337_firmwarewcd9380_firmwaressg2125psd865_5gfastconnect_6800qca6595wsa8835qca6574sxr1230p_firmwaresa8540p_firmwaresd_8_gen1_5gwcd9380fastconnect_6700ssg2125p_firmwaresxr2130qca6574asxr1230pqcm4325_firmwaresa9000pqca6574_firmwarewsa8815sxr2230psnapdragon_865\+_5g_mobile_platformsnapdragon_xr2_5g_platform_firmwareqca6426_firmwaresm4450qca6574a_firmwarefastconnect_6200_firmwareqcn9024snapdragon_x55_5g_modem-rf_system_firmwareqca6391snapdragon_8cx_gen_3_compute_platform_firmwaresa8295pqca6421_firmwarefastconnect_7800snapdragon_865\+_5g_mobile_platform_firmwareqcm4490_firmwareqcs4490_firmwaresnapdragon_xr2_5g_platformsnapdragon_x65_5g_modem-rf_systemwsa8832_firmwarefastconnect_6900fastconnect_6900_firmwareqca6797aq_firmwareqca6574ausa8155p_firmwareqcn9024_firmwarefastconnect_7800_firmwarewsa8810snapdragon_765g_5g_mobile_platform_firmwarewsa8832sa8540psnapdragon_8cx_gen_3_compute_platformsnapdragon_680_4g_mobile_platformsnapdragon_8_gen_1_mobile_platform_firmwaresnapdragon_ar2_gen_1_platformsa6145pqam8650p_firmwareqcs4490qca6595_firmwaresa8145pqca6696snapdragon_888\+_5g_mobile_platform_firmwareqca6391_firmwareqcs8550sa4150p_firmwarewcd9370_firmwaresa6150psnapdragon_768g_5g_mobile_platformsa8155pqcn6024snapdragon_765_5g_mobile_platformsm7250psnapdragon_8\+_gen_1_mobile_platform_firmwaressg2115p_firmwareqam8255psa4155par8035_firmwareSnapdragon
CWE ID-CWE-310
Not Available
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2025-21431
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.44%
||
7 Day CHG~0.00%
Published-07 Apr, 2025 | 10:15
Updated-19 Aug, 2025 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Time-of-check Time-of-use (TOCTOU) Race Condition in Automotive OS Platform

Information disclosure may be there when a guest VM is connected.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa7775psa8620psrv1h_firmwaresa7255pqca6595au_firmwaresa8540p_firmwareqamsrv1m_firmwaresa6145p_firmwaresa8255psa6155p_firmwaresa8195pqca6698aqsa8295psa8145p_firmwaresa8155_firmwaresa8295p_firmwaresa8150psa8775psa6150p_firmwareqam8295p_firmwareqam8620pqca6574au_firmwaresa8145pqamsrv1msa6155_firmwaresa8540psa8770psa6150psrv1m_firmwareqca6696qamsrv1h_firmwareqca6574ausa8775p_firmwareqca6595_firmwareqca6688aq_firmwareqam8295psa6155srv1l_firmwareqca6696_firmwaresa8770p_firmwaresa6155psa8155qca6595auqca6574a_firmwaresrv1hqca6688aqsa6145pqca6574aqamsrv1hqca6595qam8775pqam8255pqam8650p_firmwaresa8255p_firmwareqam8620p_firmwaresa9000psa7255p_firmwaresa8620p_firmwaresrv1lsa8650psa8155p_firmwaresa9000p_firmwaresa8155pqam8775p_firmwaresa8650p_firmwareqam8255p_firmwaresa7775p_firmwareqca6698aq_firmwaresa8150p_firmwaresrv1mqam8650psa8195p_firmwareSnapdragon
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2025-21472
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.82%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 07:25
Updated-18 Aug, 2025 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Leftover Debug Code in Secure Element

Information disclosure while capturing logs as eSE debug messages are logged.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fastconnect_6900_firmwareqcs8550sa8530p_firmwarewsa8835_firmwarefastconnect_6900fastconnect_7800_firmwareqca9367wsa8830fastconnect_7800qca9377_firmwaresnapdragon_8_gen_1_mobile_platform_firmwaresa9000p_firmwaresa8530pwcd9380wcd9380_firmwarewsa8830_firmwareqcs8550_firmwareqca9367_firmwarewsa8835sa8540psa8540p_firmwaresa9000pqca9377snapdragon_8_gen_1_mobile_platformSnapdragon
CWE ID-CWE-489
Active Debug Code
CVE-2023-33111
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 13.84%
||
7 Day CHG~0.00%
Published-01 Apr, 2024 | 15:05
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Validation of Array Index in Audio

Information disclosure when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibration command.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcs410_firmwaresa6150p_firmwaresd865_5gqcs610_firmwaresxr2130_firmwaresrv1mqca8081_firmwarewcd9370ar8035_firmwareqca6696snapdragon_778g\+_5g_mobilewcd9340_firmwarewcd9341_firmwaresd888_firmwareqcc710_firmwareqca6426wcn6740_firmwarefastconnect_6700wcn3610snapdragon_780g_5g_mobileqcn9074snapdragon_782g_mobile_firmwarewsa8815_firmwaresnapdragon_wear_4100\+_firmwaresa8195p_firmwareqca8337_firmwareqca8337qca6426_firmwareqca9377_firmwareqca6574au_firmwareqam8295pwcd9341qca6574ausa8620p_firmwaresnapdragon_888\+_5g_mobile_firmwarewcn3950wsa8810_firmwaresnapdragon_870_5g_mobile_firmwaresnapdragon_778g_5g_mobile_firmwaresa9000p_firmwaresrv1hsnapdragon_auto_5g_modem-rf_gen_2_firmwaresnapdragon_7c\+_gen_3_computewcn3660b_firmwarefastconnect_6800_firmwaresnapdragon_778g\+_5g_mobile_firmwaresa8295p_firmwaresnapdragon_870_5g_mobilevideo_collaboration_vc1_platform_firmwaresa8770pc-v2x_9150qca6584auqcn6274_firmwaresd888qcc710snapdragon_xr2_5g_firmwarewcn6740snapdragon_780g_5g_mobile_firmwarefastconnect_6800qfw7114_firmwaresnapdragon_wear_4100\+fastconnect_7800_firmwarefastconnect_6900video_collaboration_vc1_platformsnapdragon_865_5g_mobile_firmwaresa7255pqfw7114wcd9385_firmwarefastconnect_6900_firmwareqam8255p_firmwarewcd9380sa6145p_firmwareqam8255psnapdragon_xr2_5gsa8150psa6155pwsa8810qam8650psa9000psrv1h_firmwaresnapdragon_888_5g_mobile_firmwarevideo_collaboration_vc3_platformsnapdragon_888_5g_mobilesm7315_firmwarec-v2x_9150_firmwaresa6155p_firmwareqam8295p_firmwaresrv1m_firmwaresnapdragon_782g_mobilesm7315snapdragon_x55_5g_modem-rfqfw7124_firmwareqca6698aq_firmwareqca6436_firmwaresnapdragon_888\+_5g_mobilewcd9385qca9367_firmwaresnapdragon_x55_5g_modem-rf_firmwaresnapdragon_7c\+_gen_3_compute_firmwarewcn3610_firmwaresa8255psnapdragon_865\+_5g_mobilewcd9370_firmwareqca9367sa7255p_firmwarewcn3660bsxr2130sa8195pwcd9340qamsrv1msnapdragon_auto_5g_modem-rf_gen_2sm7325pqam8650p_firmwareqca6584au_firmwarewcn3980_firmwareqcn6274qca6436qfw7124sa8775pwsa8835qca6391_firmwaresa8775p_firmwareqamsrv1hqca6696_firmwarewcd9380_firmwaresa6150pqcs410sa8155p_firmwareqca8081wsa8815sa8155pwsa8830qam8775pqca9377sa6145psnapdragon_x75_5g_modem-rfqcn9074_firmwaresa8620psa8255p_firmwarear8035qamsrv1m_firmwaresa8650p_firmwaresnapdragon_865_5g_mobilewcd9375_firmwareqca6391qcn6224snapdragon_865\+_5g_mobile_firmwareqca6698aqwcn3950_firmwaresa8770p_firmwaresa8295pfastconnect_7800sa8145p_firmwaresa8650pqam8775p_firmwaresd865_5g_firmwaresm7325p_firmwarewcn3680bwcd9375sa8150p_firmwarefastconnect_6700_firmwareqamsrv1h_firmwarevideo_collaboration_vc3_platform_firmwaresa8145psnapdragon_x75_5g_modem-rf_firmwarewsa8835_firmwarewcn3980snapdragon_778g_5g_mobilewsa8830_firmwarewcn3680b_firmwareqcn6224_firmwareqcs610Snapdragon
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2023-33078
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 6.82%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 10:48
Updated-10 Jan, 2025 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in DSP Services

Information Disclosure while processing IOCTL request in FastRPC.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-snapdragon_7c\+_gen_3_compute_firmwarefastconnect_6900_firmwaresnapdragon_7c\+_gen_3_computewcd9380_firmwarewcd9385_firmwarewsa8830wsa8845_firmwarefastconnect_7800fastconnect_6900sc8380xp_firmwarewsa8845hwsa8830_firmwarewsa8845h_firmwaresnapdragon_8cx_gen_3_compute_firmwarewsa8840fastconnect_7800_firmwarefastconnect_6700wsa8835_firmwarewsa8835wcd9385wsa8840_firmwarewcd9380snapdragon_8cx_gen_3_computefastconnect_6700_firmwaresc8380xpwsa8845Snapdragon
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-14007
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.73%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 10:46
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Due to the use of non-time-constant comparison functions there is issue in timing side channels which can be used as a potential side channel for SUI corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS404, QCS405, QCS605, QM215, Rennell, SA6155P, SC7180, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwareapq8096_firmwaresdm632_firmwaremsm8996au_firmwaresdm845sdm450_firmwaresdm632apq8096sdx24sdm439qcs404_firmwaremdm9650sdm429msm8940_firmwaresm7150_firmwaresm6150msm8996ausm7150apq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwaremdm9206sdm670_firmwareqcs404sdx24_firmwaresdm636sda845_firmwareapq8098mdm9205mdm9206_firmwareqcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaremsm8905_firmwaresda660sdx55_firmwaresxr1130_firmwaresxr1130apq8009msm8909_firmwareapq8053_firmwaresda845nicobarsdm850_firmwaresa6155p_firmwaremsm8920msm8953sdm450sdm636_firmwareapq8098_firmwaremsm8998_firmwaresdm660msm8920_firmwaresdm630mdm9607_firmwareqcs405sdm710qm215sc7180_firmwaremdm9607apq8017_firmwaresdm710_firmwaresa6155pmdm9150msm8937msm8996_firmwaremsm8905sm8150_firmwaremsm8909sxr2130_firmwareapq8096ausdm439_firmwareqcs405_firmwarerennellsc7180sdm630_firmwaremdm9205_firmwaresda660_firmwarerennell_firmwareqm215_firmwaresdx55msm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaremsm8998sm8150sdm850apq8017msm8996nicobar_firmwaresdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-203
Observable Discrepancy
CVE-2019-14092
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.73%
||
7 Day CHG~0.00%
Published-22 Jun, 2020 | 07:10
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

System Services exports services without permission protect and can lead to information exposure in Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9207C, MDM9607, Rennell, Saipan, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9206mdm9207csm8150_firmwaresxr2130_firmwarerennellrennell_firmwaremdm9206_firmwaremdm9607_firmwaresm8250_firmwaresaipan_firmwaresm8250mdm9607sm8150saipansxr2130mdm9207c_firmwareSnapdragon Industrial IOT, Snapdragon Mobile
CVE-2019-14115
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.73%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Information disclosure issue occurs as in current logic as secure touch is released without clearing the display session which can result in user reading the secure input while touch is in non-secure domain as secure display is active' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwarekamorta_firmwareqcm2150_firmwareqcs610sdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632sdx24sdm439qcs404_firmwaremdm9650sdm429msm8940_firmwaresm7150_firmwaresm6150msm8996ausdm429w_firmwaresm7150apq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwareapq8076sc8180xmdm9206sdm670_firmwareqcs404sdx24_firmwareapq8076_firmwaresdm636sda845_firmwaresa415mapq8098mdm9205mdm9206_firmwaresa515mqcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaremsm8905_firmwaresda660sdx55_firmwaresxr1130_firmwaresxr1130apq8009msm8909_firmwareapq8053_firmwaresda845nicobarsdm850_firmwaresa6155p_firmwaremsm8920msm8953sdm450sdm636_firmwaresa515m_firmwareapq8098_firmwaremsm8998_firmwareqcm2150msm8920_firmwaresdm630mdm9607_firmwaresm8250_firmwaresdm660sc8180x_firmwaresa415m_firmwareqcs405sdm710qm215sc7180_firmwaremdm9607apq8017_firmwaresdm710_firmwaresa6155pqcs610_firmwaremdm9150msm8937msm8996_firmwaremsm8905sm8150_firmwaremsm8909sxr2130_firmwareapq8096ausdm439_firmwareqcs405_firmwarerennellsc7180sdm630_firmwaremdm9205_firmwaresda660_firmwarerennell_firmwareqm215_firmwaresdx55msm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaresm8250msm8998sm8150sdm850kamortaapq8017msm8996nicobar_firmwaresdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-459
Incomplete Cleanup
CVE-2019-14067
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.73%
||
7 Day CHG~0.00%
Published-02 Jun, 2020 | 15:05
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Using non-time-constant functions like memcmp to compare sensitive data can lead to information leakage through timing side channel issue. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS404, QCS405, QCS605, QM215, Rennell, SA415M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwarekamorta_firmwareapq8096_firmwareqcm2150_firmwaresdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632apq8096sdx24sdm439qcs404_firmwaremdm9650sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996ausdm429w_firmwaresm7150apq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwaresc8180xmdm9206sdm670_firmwareqcs404sdx24_firmwaresdm636sda845_firmwaresa415mapq8098mdm9205mdm9206_firmwareqcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaresda660sdx55_firmwaresxr1130_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwaresda845nicobarsdm850_firmwaresa6155p_firmwaremsm8920msm8953sdm450sdm636_firmwareapq8098_firmwaremsm8998_firmwareqcm2150msm8920_firmwaresdm630mdm9607_firmwaresdm660sc8180x_firmwaresa415m_firmwareqcs405sdm710qm215sc7180_firmwaremdm9607apq8017_firmwaresdm710_firmwaresa6155pmdm9150msm8937msm8996_firmwaresm8150_firmwaremsm8909sxr2130_firmwareapq8096ausdm439_firmwareqcs405_firmwarerennellsc7180sdm630_firmwaremdm9205_firmwaresda660_firmwarerennell_firmwareqm215_firmwaresdx55msm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaremsm8998sm8150sdm850kamortaapq8017msm8996nicobar_firmwaresdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-203
Observable Discrepancy
CVE-2019-10618
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 25.80%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 08:30
Updated-04 Aug, 2024 | 22:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Driver may access an invalid address while processing IO control due to lack of check of address validation in Snapdragon Connectivity in QCA6390

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca6390qca6390_firmwareSnapdragon Connectivity
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-10483
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.73%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 10:46
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Side channel issue in QTEE due to usage of non-time-constant comparison function such as memcmp or strcmp in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8016, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, IPQ8074, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA8081, QCS404, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwareapq8096_firmwaremdm9640_firmwaresdm632_firmwaremsm8996au_firmwaresdm845sdm450_firmwaresdm632apq8096sdm439qcs404_firmwaremdm9650sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996ausm7150apq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwareapq8076mdm9206sdm670_firmwareqcs404apq8076_firmwareipq8074sdm636sda845_firmwareapq8098mdm9205mdm9206_firmwareqcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaremsm8905_firmwaresda660sdx55_firmwaresxr1130_firmwareqca8081_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwaresda845sdm850_firmwaremsm8920msm8953sdm450sdm636_firmwaresdm845_firmwareapq8098_firmwaresdx20msm8998_firmwaresdm660apq8016_firmwaresdm630mdm9607_firmwaremsm8920_firmwaremdm9655_firmwareipq8074_firmwaresdm710qm215mdm9607apq8017_firmwaresdm710_firmwareqca8081mdm9150msm8937mdm9207c_firmwaremsm8996_firmwaremsm8905mdm9207csm8150_firmwaremsm8909sxr2130_firmwaremdm9655apq8096ausdm439_firmwaresdm630_firmwaremdm9205_firmwaresda660_firmwareapq8016qm215_firmwaresdx55msm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaremsm8998sm8150sdx20_firmwaresdm850apq8017msm8996sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-203
Observable Discrepancy
CVE-2019-10523
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.73%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 10:46
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Target specific data is being sent to remote server and leads to information exposure in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCA6574AU, QCS605, Rennell, SDA660, SDM429W, SDM439, SDM450, SDM710, SDM845, SM7150, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-msm8920msm8953sdm450sdm429wmsm8996au_firmwaresdm845sdm450_firmwaremsm8920_firmwaresdm439sm8250_firmwaremsm8940_firmwaresm7150_firmwareqca6574ausdm710msm8909w_firmwaremsm8996ausdm429w_firmwaresdm710_firmwareapq8009sm7150apq8009_firmwaremsm8917sxr2130msm8937qcs605_firmwaresm8150_firmwaresxr2130_firmwareapq8096ausdm439_firmwarerennellsda660_firmwarerennell_firmwareqcs605msm8940apq8053apq8096au_firmwaremsm8953_firmwaresm8250msm8917_firmwaremsm8937_firmwaresm8150qca6574au_firmwaresda660msm8909wapq8053_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-10626
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.20%
||
7 Day CHG~0.00%
Published-22 Jun, 2020 | 07:10
Updated-04 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Payload size is not validated before reading memory that may cause issue of accessing invalid pointer or some garbage data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Rennell, Saipan, SC8180X, SDA660, SDA845, SDM429W, SDM439, SDM670, SDM710, SDX20, SDX24, SDX55, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9640_firmwaresdm429wmsm8996au_firmwaresdx24sdm439mdm9650msm8909w_firmwaremsm8996ausdm429w_firmwareapq8009_firmwaresdm670sxr2130qcs605_firmwareipq4019_firmwaresc8180xmdm9206sdm670_firmwaresdx24_firmwareipq8074sda845_firmwareapq8098ipq6018_firmwaremdm9206_firmwareqcs605mdm9650_firmwareipq8064sda660sdx55_firmwaresxr1130_firmwaresxr1130msm8909wapq8009apq8053_firmwareipq8064_firmwaresda845apq8098_firmwaresdx20mdm9607_firmwaresm8250_firmwaresc8180x_firmwareqcs405ipq8074_firmwaresdm710mdm9607apq8017_firmwaresdm710_firmwaremdm9207c_firmwareipq6018mdm9207csm8150_firmwaresxr2130_firmwareapq8096ausdm439_firmwareqcs405_firmwarerennellsda660_firmwarerennell_firmwareipq4019sdx55apq8053apq8096au_firmwaresaipan_firmwaresm8250sm8150sdx20_firmwareapq8017saipanmdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CVE-2018-5864
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.29%
||
7 Day CHG~0.00%
Published-06 Jul, 2018 | 19:00
Updated-16 Sep, 2024 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

While processing a WMI_APFIND event in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a buffer over-read and information leak can potentially occur.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-5836
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.29%
||
7 Day CHG~0.00%
Published-06 Jul, 2018 | 17:00
Updated-16 Sep, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wma_nan_rsp_event_handler() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, the data_len value is received from firmware and not properly validated which could potentially lead to an out-of-bounds access.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-5895
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.33%
||
7 Day CHG~0.00%
Published-06 Jul, 2018 | 17:00
Updated-16 Sep, 2024 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer over-read may happen in wma_process_utf_event() due to improper buffer length validation before writing into param_buf->num_wow_packet_buffer in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-43051
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.77%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 10:07
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Authorization in SPS-HLOS

Information disclosure while deriving keys for a session for any Widevine use case.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qdx1010_firmwareqcm8550_firmwaresa6150p_firmwaresw5100psd865_5gsxr1120wcn6650qca6595wcd9335snapdragon_8\+_gen_1wcd9370qca8081_firmwaresnapdragon_730gqca6696qam8620p_firmwarewcd9340_firmwaresa8530pwcd9341_firmwaresxr2330p_firmwarewcd9395_firmwarewcn7881_firmwareqcn6024wcn6450qcc710_firmwareqca6426snapdragon_auto_4gwcn6740_firmwaresnapdragon_720g_firmwarefastconnect_6700snapdragon_695_5gsa4150psnapdragon_888_5gwsa8832_firmwareqca8337qdu1110qca6426_firmwarewcd9395snapdragon_4_gen_2_firmwareqca6574au_firmwareqcn7606_firmwaresm6370qam8295pwcd9341qca6574auwcd9390sa8620p_firmwarewsa8810_firmwaresd730_firmwarewsa8845h_firmwarecsra6640sa9000p_firmwaresnapdragon_690_5gsnapdragon_778g\+_5g_firmwaresnapdragon_865\+_5gsrv1hsm8650q_firmwaresnapdragon_765_5gqcs9100sd730snapdragon_8\+_gen_2fastconnect_6800_firmwareqcs5430snapdragon_865\+_5g_firmwareqcn6024_firmwaresnapdragon_x65_5gqcm5430qcm5430_firmwarevideo_collaboration_vc1_platform_firmwaresa4155psnapdragon_888\+_5g_firmwaresa8770pqcm6125_firmwarec-v2x_9150ssg2115pqcc710snapdragon_x50_5gsnapdragon_xr2_5g_firmwaresnapdragon_xr1_firmwaresa8540psxr1120_firmwaresnapdragon_710qsm8250_firmwaresnapdragon_730qsm8350_firmwaresnapdragon_765g_5g_firmwaresnapdragon_4_gen_2fastconnect_6900robotics_rb2snapdragon_8_gen_2_firmwarevideo_collaboration_vc1_platformsnapdragon_x72_5gqru1032_firmwareqep8111sa7255psm8635qfw7114wcd9385_firmwareqca6421qam8255p_firmwaresnapdragon_778g_5gsnapdragon_670snapdragon_678_firmwaresa8155_firmwaresdx61qcs4490snapdragon_732g_firmwaresnapdragon_662_firmwaresnapdragon_x50_5g_firmwarewsa8845sa6155pqca6421_firmwareqcm6125wsa8810qam8650pvideo_collaboration_vc5_platform_firmwaresa9000psnapdragon_855_firmwareqdu1000_firmwareqsm8250srv1h_firmwaresnapdragon_670_firmwaresnapdragon_678qca6595ausxr2250p_firmwaresnapdragon_865_5g_firmwareqdu1010sm7315_firmwarewcd9326_firmwaresa6155p_firmwaresnapdragon_730g_firmwaresnapdragon_ar1_gen_1wsa8840srv1m_firmwareqcs8550_firmwareqdu1210_firmwareqfw7124_firmwareqca6436_firmwaresnapdragon_x35_5g_firmwareqcn9012qcs4490_firmwarewcn3910_firmwaresnapdragon_7c\+_gen_3_compute_firmwaresnapdragon_675_firmwaresm4125_firmwaresm8635psnapdragon_680_4gqca6420wcn3910wcd9370_firmwarerobotics_rb2_firmwaresnapdragon_8_gen_2snapdragon_480\+_5g_firmwaresnapdragon_765_5g_firmwareqdu1110_firmwareqdu1000sa7255p_firmwareqca6574aqca6174asnapdragon_695_5g_firmwaresa8195psnapdragon_750g_5g_firmwarewcd9340qcs8250_firmwareqcm2290qdu1210talynplussnapdragon_auto_5g_modem-rf_gen_2qcm6490sa8540p_firmwaresm8550p_firmwaresnapdragon_x55_5g_firmwareqcm8550sxr2250pwcn3988sm6370_firmwareqcn9274qcn9024sa8775pqca6574sxr2230p_firmwareqca6430_firmwareqcn9011sa8775p_firmwareqamsrv1hsmart_audio_400qcn9024_firmwarewsa8845hsa6150pwcd9326sm8650qqcm2290_firmwaresa8155p_firmwaresnapdragon_855\+sa8155pwsa8830snapdragon_870_5g_firmwaresm8550psa6145psnapdragon_x65_5g_firmwareqcn9074_firmwaresm7675_firmwaresa8255p_firmwaresnapdragon_888\+_5gsnapdragon_x75_5gsnapdragon_720gar8035sm7635_firmwareqamsrv1m_firmwaresa6155qrb5165m_firmwaresa8650p_firmwarewcn6450_firmwareqcm4325snapdragon_860snapdragon_8cx_gen_3_computesnapdragon_x72_5g_firmwaresrv1l_firmwareqcs9100_firmwareqcn6224snapdragon_782gqca6698aqwcn3950_firmwaresa7775p_firmwaressg2125p_firmwareqrb5165nsm6250sa8530p_firmwaresm7635fastconnect_6200sd670sm7325p_firmwaresa8145p_firmwaresd460wcd9378sm8635p_firmwareqdx1011sa8150p_firmwarefastconnect_6700_firmwaresnapdragon_768g_5gvideo_collaboration_vc3_platform_firmwarewcn3990snapdragon_778g_5g_firmwaresnapdragon_780g_5gsd670_firmwareqcs6490qcs8250snapdragon_778g\+_5gfastconnect_6200_firmwarear8031_firmwarewsa8830_firmwareqcn6224_firmwareqca6431qca6678aq_firmwarewsa8845_firmwarewsa8832sdx61_firmwarewcd9378_firmwaresrv1lsxr2130_firmwaresrv1msm7675pqca6678aqar8035_firmwareqrb5165msnapdragon_680_4g_firmwaresc8380xpsa4150p_firmwaresd888_firmwareqcs6125_firmwaresm4635snapdragon_460qcn9074wsa8815_firmwaresnapdragon_865_5gsa8195p_firmwareqca8337_firmwaresnapdragon_auto_4g_firmwaresnapdragon_665_firmwareqcm4290snapdragon_480_5g_firmwaresnapdragon_4_gen_1_firmwarear8031sg8275p_firmwaresnapdragon_xr2\+_gen_1snapdragon_x62_5gqcm6490_firmwaresnapdragon_685_4gsnapdragon_665snapdragon_w5\+_gen_1sm7250p_firmwaresm4635_firmwarewcn3999sa2150p_firmwaresm4125qcm4490_firmwareqru1032wcn3950qcs6125flight_rb5_5gsnapdragon_690_5g_firmwareqca6797aq_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresnapdragon_7c\+_gen_3_computetalynplus_firmwaresa8295p_firmwaresmart_audio_400_firmwaresnapdragon_855\+_firmwaresnapdragon_460_firmwaresa4155p_firmwaresm7250psm6250_firmwaresa8155snapdragon_768g_5g_firmwaresnapdragon_710_firmwareqca6584ausd888qcn6274_firmwarewcn6755_firmwareqcn9011_firmwareqru1062_firmwaresd460_firmwaresa2150psw5100_firmwarewcn6740wcn6650_firmwaresc8380xp_firmwareqru1062snapdragon_732gfastconnect_6800qfw7114_firmwaresnapdragon_662qcs7230qca6595_firmwarefastconnect_7800_firmwaresm8635_firmwarefastconnect_6900_firmwarerobotics_rb5_firmwarewcd9380sa6145p_firmwareqam8255psa6155_firmwaresxr2230psnapdragon_xr2_5gsa8150psxr2330pwcn6755snapdragon_888_5g_firmwaresnapdragon_8\+_gen_2_firmwaresnapdragon_765g_5gsnapdragon_auto_5g_modem-rf_firmwaresxr1230psd662_firmwarewcn7881sm6650sw5100video_collaboration_vc3_platformaqt1000c-v2x_9150_firmwareqca6688aqqam8295p_firmwaresd855qca6431_firmwaresnapdragon_8_gen_1_firmwaresnapdragon_8cx_gen_3_compute_firmwarewcn3990_firmwaresm7315snapdragon_750g_5gqca6698aq_firmwareqcs2290wcd9385qcn7606qsm8350qcs2290_firmwaresnapdragon_xr2\+_gen_1_firmwarewcn3999_firmwaresd662snapdragon_8_gen_1sa8255pqcs7230_firmwareqcs4290sxr1230p_firmwarewcd9390_firmwaresnapdragon_x62_5g_firmwaresnapdragon_8_gen_3qep8111_firmwareqca6430sg8275psnapdragon_782g_firmwaresnapdragon_855sdx55_firmwareqdx1011_firmwaresnapdragon_x55_5gsnapdragon_auto_5g_modem-rfflight_rb5_5g_firmwaressg2125pqru1052sxr2130qcm4490snapdragon_4_gen_1snapdragon_870_5gcsra6640_firmwareqamsrv1mrobotics_rb5snapdragon_480\+_5gqca6174a_firmwaresnapdragon_685_4g_firmwarewcn7861sm7325pqam8650p_firmwarevideo_collaboration_vc5_platformwcn7861_firmwareqca6420_firmwareaqt1000_firmwareqcs6490_firmwaresm6650_firmwaresnapdragon_480_5gqam8620psd855_firmwareqrb5165n_firmwareqca6436wcd9335_firmwarewcn3980_firmwarewsa8835wsa8840_firmwareqca6391_firmwareqca6584au_firmwareqcn6274qfw7124qdu1010_firmwareqca6595au_firmwaresw5100p_firmwareqca6696_firmwareqcs4290_firmwarewcd9380_firmwareqca6574_firmwarecsra6620qca8081wsa8815sg4150psd_8_gen1_5gqam8775psnapdragon_ar2_gen_1_firmwareqca6797aqsnapdragon_860_firmwaresnapdragon_x35_5gsnapdragon_730_firmwareqcm4325_firmwaresa8620pqca6574a_firmwaresdx55qcm4290_firmwaresnapdragon_8\+_gen_1_firmwaresd_8_gen1_5g_firmwaresnapdragon_8_gen_3_firmwaresa7775pqca6391snapdragon_ar1_gen_1_firmwaresnapdragon_w5\+_gen_1_firmwaresnapdragon_x75_5g_firmwarewcd9375_firmwareqcn9274_firmwareqcn9012_firmwareqcs5430_firmwaresg4150p_firmwareqru1052_firmwaresnapdragon_780g_5g_firmwarecsra6620_firmwaresa8770p_firmwaresa8295pqcs8550snapdragon_675fastconnect_7800sa8650pqam8775p_firmwaresd865_5g_firmwaresnapdragon_xr1wcd9375qca6688aq_firmwaresnapdragon_ar2_gen_1wcn3988_firmwareqamsrv1h_firmwaresm7675sa8145pwsa8835_firmwaressg2115p_firmwarewcn3980sm7675p_firmwareqdx1010Snapdragon
CWE ID-CWE-285
Improper Authorization
CVE-2018-3579
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.17%
||
7 Day CHG~0.00%
Published-12 Jun, 2018 | 20:00
Updated-16 Sep, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, event->num_entries_in_page is a value received from firmware that is not properly validated which can lead to a buffer over-read

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-22075
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.06% / 18.89%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 04:43
Updated-03 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information Exposure in Graphics

Information Disclosure in Graphics during GPU context switch.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaresa6150p_firmwareqcs610qca8337sdx65wcn3950_firmwaresa8150p_firmwareqcs2290qca6595au_firmwaresa6155qca6335msm8917csra6620_firmwareqcs605_firmwareapq8076sd_675_firmwarecsra6640_firmwareqcs6125_firmwaresd632msm8108wcn3998msm8108_firmwareqam8295pwcn3950sm4125sd720gmdm9628mdm9206_firmwaresd_8_gen1_5g_firmwarewcn3660bsd710_firmwaresd460_firmwaresm7315_firmwarewcn7850qca6574au_firmwarewcd9375_firmwareqca8081_firmwarewcn3998_firmwaresa6155_firmwaremsm8909wapq8009w_firmwareqca6420sdx20msd680_firmwareqca9367_firmwareqrb5165_firmwaresa4155p_firmwareqcs6125sa8155_firmwareapq8056_firmwaresd662_firmwareqcs405qca6430wcd9340sd626_firmwaresd765gqualcomm215_firmwaresw5100sd680qca6436wcn6851sa6155pwcn7851_firmwaremsm8209_firmwaremdm9250_firmwarewcd9341qca6696_firmwaresd870_firmwaresd750gwcn3910_firmwaresxr2150p_firmwaresa8150pwsa8830_firmwaresd855_firmwaresd660sd865_5g_firmwaresnapdragon_4_gen_1wcn3988sd660_firmwarewcn7850_firmwaresa8195p_firmwaresm8475msm8208_firmwareqcn7606_firmwarewcn6750_firmwaresa8295p_firmwarewcn3610pq8052_firmwaremsm8608wcn3991qca8337_firmwaresda429w_firmwarewcd9380_firmwaresdm429wsw5100pmsm8996au_firmwarewcd9330sd625_firmwareqca6564ausdx55m_firmwarewcn6856_firmwaremsm8976_firmwareqca6574sd632_firmwaresd670_firmwarewcd9380qualcomm215qcs410sd690_5g_firmwaresdx50m_firmwaresdx24_firmwaresd626qca6430_firmwarewcd9335_firmwaresd439_firmwarewcn3980qca6335_firmwareqcs605wcd9340_firmwarewsa8815pq8052wcn6850wcn3910msm8956_firmwareqca6320mdm9650_firmwareqca6426_firmwarewcn3660b_firmwarewcn3680sd695sd835wcn3980_firmwaresd730wcd9330_firmwaresdx55mqcc5100_firmwaresa8295pwcn6740_firmwaresd821_firmwaresd678_firmwareapq8064au_firmwarear8031_firmwarewcn3680_firmwareqrb5165wcn6851_firmwaresd670sd_636_firmwareqca6564a_firmwareapq8009wmsm8976sg_firmwareqcm4290_firmwaresd480sd870wcn6855sw5100p_firmwaresd210_firmwareqcs610_firmwareqsm8250sa6145psd695_firmwaresdxr1ar8031apq8096auqcs405_firmwaresa8145psdm630_firmwaresd820_firmwareqca6391_firmwaresa4150p_firmwarewcd9370_firmwaresd780g_firmwaresdx55sd888_firmwaresa8155pcsra6640sd675sd439qcs8155_firmwaresa4155psxr2150par8035_firmwareqsm8250_firmwareqcn7606qcm2290wcn3991_firmwaremdm9150_firmwarewsa8830sd678sa8145p_firmwareqcs2290_firmwaremdm9628_firmwaresnapdragon_4_gen_1_firmwaremdm9650sd_636csra6620qcs4290mdm9250sd765g_firmwareqca6420_firmwareqca6390_firmwareapq8009_firmwaresd690_5gsd730_firmwarewcd9370sd675_firmwaresd625qca6564qca6426qca6584au_firmwarewcn3990_firmwareqrb5165n_firmwareapq8076_firmwareqca9377sdw2500_firmwarewcd9385_firmwaresdxr2_5g_firmwarewcd9326_firmwarewcn3615_firmwaresd662qam8295p_firmwaresa8155qca6320_firmwarewcn3680b_firmwaresdx55_firmwarewcn3615qca6595ausm7250p_firmwarewcn3610_firmwareqca6436_firmwareqrb5165nqca6564au_firmwareqca6584ausd778gsa6155p_firmwaremsm8208qca6310qcs8155wcn7851sd429sa515m_firmwareqcs6490sdxr2_5gqca9367sdm630mdm9607_firmwaresd821msm8976sgwcn3988_firmwareqcn9074sd205sd429_firmwaresa6145p_firmwaresd778g_firmwaresm6250sa8195papq8017_firmwarewsa8810_firmwaresd765_firmwarewcd9326wcd9335qca8081qca6174a_firmwareqcs4290_firmwarewcd9385qcs6490_firmwareqca6390wcd9375sd750g_firmwareaqt1000msm8956msm8976sm6250_firmwarear8035apq8064aumsm8952apq8056msm8917_firmwaresda429wsd210wcn3620_firmwaresdx20_firmwarewsa8815_firmwaresd888_5g_firmwaresd820qcm6490wcn6850_firmwarewsa8835_firmwarewcn3620apq8017qcx315qca6564asa4150pqcm6125_firmwareqcm2290_firmwarewcn3990sd_675sd780gsd865_5gqcc5100sdx24sd888msm8952_firmwaremsm8909w_firmwareqcx315_firmwarewsa8835msm8996ausdm429w_firmwaresd665_firmwaresd888_5gqca6574amdm9206wcn6855_firmwareqca6174asm7325pqca6310_firmwarewcn6750sa515mqca6574_firmwaresd855sm4125_firmwaresm7325p_firmwaresd665sd765qca6574a_firmwaresd768g_firmwaremsm8209sm7315apq8009sd460qca6391sdxr1_firmwareaqt1000_firmwaresdx65_firmwareqcm4290qcm6490_firmwaresdx50msdx20sd480_firmwareqca6574ausd710sa8155p_firmwaremdm9607sd205_firmwarewcd9341_firmwaresdx20m_firmwareqcm6125wsa8810mdm9150wcn6856wcn3680bsd835_firmwareqca6564_firmwaresd768gwcn6740qca6696sd845_firmwaremsm8608_firmwaresdw2500sa6150papq8096au_firmwaresd845sm7250psd720g_firmwaresw5100_firmwareqcn9074_firmwareqcs410_firmwareSnapdragon
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-22076
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.1||HIGH
EPSS-0.07% / 22.16%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 07:38
Updated-03 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cryptographic issue in Core

information disclosure due to cryptographic issue in Core during RPMB read request.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaresnapdragon_850_mobile_compute_platform_firmwaresm7325-ae_firmwaremdm9640_firmwaresm6250p_firmwareqca8337ipq8173_firmwareqam8775pqcn5124wcn3950_firmwaresc8180x\+sdx55sm4450_firmwareqca6595au_firmwaresa6155snapdragon_427_mobile_platformsd_455_firmwarehome_hub_100_platformqcs6125_firmwaremsm8108sm4375wcn3998sc8180xp-adwcd9371_firmwaremsm8108_firmwarewcn3950qcn6024_firmwaresm4125immersive_home_316_platform_firmwaresm6375_firmwarewcn3660bqsm8350_firmwareqsm8350sd460_firmwaresm7315_firmwaresm4250-aasnapdragon_636_mobile_platformwcn3998_firmwareqca8081_firmwareqca6420qcn9002snapdragon_auto_5g_modem-rf_firmwareipq8070_firmwareqca9367_firmwareipq8078a_firmwaremdm8207sdm450ipq8072_firmwaresc8180xp-aa_firmwaresa8155_firmwarerobotics_rb3_platform_firmwareqca4004_firmwareqca6430snapdragon_630_mobile_platformqts110wcd9306_firmwarewcd9340qca6698aq_firmwaremsm8209_firmwarewcn685x-1_firmwaremdm9250_firmwareqca9888_firmwareqcn6122sm8150_firmwareqca6696_firmwarewcd9371sc8180x-abqcn5154_firmwaresm4350_firmwaresd_8cxsa8150psnapdragon_430_mobile_platformqca4004sd660sd865_5g_firmwaresm7225_firmwaresd660_firmwareqcn5121sm8475qcn5022_firmwarewcn6750_firmwareqcn7606_firmwaresm6125_firmwareimmersive_home_216_platform_firmwaresnapdragon_675_mobile_platform_firmwareqca6428_firmwaresm6375wcn3991ssg2125psdm429wipq8078qca8084qcn9001_firmwareipq81739205_lte_modemsd670_firmwareqca6574apq8053-accsr8811_firmwaresnapdragon_7c\+_gen_3_computewcd9380qcs410snapdragon_210_processorqcn5024snapdragon_430_mobile_platform_firmwareqca9379_firmwaresxr1230pc-v2x_9150_firmwaresc8180xp-ad_firmwareqcn9012_firmwaresd626qcn9274_firmwareipq6018_firmwareqcm4325_firmwarewcd9340_firmwarewsa8815sm6150-ac_firmwarepmp8074_firmwareqcn6112sdm429_firmwaresnapdragon_630_mobile_platform_firmwareqcs8250ipq6028sd835snapdragon_821_mobile_platformpmp8074ipq9574_firmwarewcn3980_firmwaresd730sc7180-ac_firmwaresa8295p9205_lte_modem_firmwaresm6350sm8475_firmwarewcn6740_firmwareqcn5064_firmwareqcs4490_firmwaresnapdragon_x65_5g_modem-rf_systemapq8064au_firmwareipq8078_firmwareqca6234qcn5054sm6350_firmwarewcn785x-1_firmwaresd670smart_audio_200_platform_firmwareqcn9024_firmwareipq8174_firmwaresdx57mqcm4290_firmwaresw5100p_firmwareqcs610_firmwaresa6145par8031immersive_home_214_platformmdm8207_firmwaresc8280xp-bbsd820_firmwareqca6391_firmwaresa4150p_firmwareqca4024wcd9370_firmwaresdx55qcn5021_firmwaresm8250csra6640ssg2115p_firmwaresnapdragon_1200_wearable_platformwcn3660qca9379qam8255psa4155pqca6234_firmwareqcn7606qsm8250_firmwarewsa88309207_lte_modemsdm712_firmwaresnapdragon_850_mobile_compute_platformsnapdragon_x24_lte_modem_firmwareqam8650pcsrb31024mdm9628_firmwaremdm9650qca8082qcs4290mdm9250qca6420_firmwaresc7180-acsnapdragon_auto_4g_modem_firmwaresd675_firmwareipq8072qca6564qca6426sc8280xp-abwcn3990_firmwareqrb5165n_firmwareqca9984_firmwareqca9377wcd9385_firmwarewcd9326_firmwarewcn3615_firmwareipq8074asm7325-afqcn6102_firmwareqcn9011_firmwaresa8155snapdragon_x55_5g_modem-rf_systemmsm8905_firmwaresnapdragon_835_mobile_pc_platform_firmwareqcn5122_firmwaresdx55_firmwaresnapdragon_208_processor_firmwarewcn3615qcn6023_firmwaresm7250p_firmwarewcn3610_firmwareqrb5165nwcd9306qca6584ausnapdragon_x65_5g_modem-rf_system_firmwareapq8053-aa_firmwaresm6225snapdragon_208_processoripq8174qcn50529206_lte_modemqca9367sm8250_firmwareqcn6112_firmwaresm8250-acwcn3988_firmware315_5g_iot_modemqcn9074qm215qca6421qca8085sm7250-aasa8195psxr1120sdm710_firmwareqca6694sm4375_firmwarewcd9326wcd9335qcm4490qcn6023apq8053-aaqcs4290_firmwareqca8085_firmwaresxr2130_firmwareqcs6490_firmwaresm7150-abqca6390wcd9375aqt1000snapdragon_210_processor_firmwaresc8180x\+sdx55_firmwaresm6250_firmwaresnapdragon_662_mobile_platformsm8150ipq5010_firmwareipq8074a_firmwarewsa8815_firmwaresnapdragon_636_mobile_platform_firmwareapq8017sxr1120_firmwareqcm6125_firmwaresnapdragon_x5_lte_modemsnapdragon_1100_wearable_platformsd865_5g8953proqca6595sxr1230p_firmwaresa8540p_firmwareqcn5154qca8075_firmwaresc8180xp-acsnapdragon_wear_4100\+_platformsmart_audio_400_platformipq6005_firmwaresxr2130wcn685x-5_firmwareqcn6132_firmwareqcn9003_firmwaresdm670_firmwareqca9888qca6310_firmwaresm7325ipq8070a_firmwaresa9000pqca6574_firmwaresm7325p_firmwaresnapdragon_xr2_5g_platform_firmwareqca6574a_firmware8953pro_firmwareqrb5165msm7315snapdragon_x55_5g_modem-rf_system_firmwaresc8280xp-ab_firmwareqcn6102snapdragon_auto_4g_modemsnapdragon_632_mobile_platform_firmwarecsrb31024_firmwareqcm6490_firmwarewsa8832_firmwaresnapdragon_xr1_platformqcn9070_firmwarewcn685x-5ipq6028_firmwareipq8072a_firmwaresc8180xp-af_firmwareqca9889_firmwareqcn5122qcs8250_firmwaresm7250-aa_firmwaresc8180x-aa_firmwaresm8150-ac_firmwareqcn5022sc8180x-aasm8350-acqca6564_firmwaresc8180x-af_firmwarewcn6740sm6150-acsnapdragon_x50_5g_modem-rf_systemqca8075qcn6024qcn9022qcn9002_firmwareipq6000_firmwareqcs410_firmwaresnapdragon_wear_1300_platformsdm660_firmwareqts110_firmwaresm7325_firmwareqam8255p_firmwaresa6150p_firmwareqcs610qcn5550315_5g_iot_modem_firmwaresc8180x-ab_firmwareqca6431_firmwarewcd9360_firmwaresnapdragon_820_automotive_platform_firmwareqca4024_firmwaresnapdragon_212_mobile_platformimmersive_home_318_platform_firmwareipq8078aipq5028_firmwaresa8150p_firmwareqcs2290snapdragon_x70_modem-rf_systemqca6335sdm712qcn5064sdm670sm8350csra6620_firmwaresd_675_firmwarecsra6640_firmwareapq5053-aa_firmwarewcn685x-1sm7350-ab_firmwareqam8295pipq8076amdm9628qca8386_firmwaresd_8_gen1_5g_firmwareqca8084_firmwaresm7150-acqca6428sm7325-aeqca6574au_firmwareqcn5164_firmwareipq8071wcd9375_firmwaresa6155_firmwaresm6225-adwcd9360snapdragon_xr2\+_gen_1_platformqca6438_firmwaresnapdragon_427_mobile_platform_firmwaresc8180xp-afsmart_audio_400_platform_firmwarewcn3999sm6225-ad_firmwareqrb5165_firmwareipq5028qrb5165m_firmwareqca6698aqqcs6125sa4155p_firmwareipq6010sd662_firmwaresm7250-ab_firmwarerobotics_rb3_platformqcn6132sd626_firmwaresnapdragon_820_mobile_platformsw5100home_hub_100_platform_firmwarefsm10056_firmwareqca6436sa6155pmsm8905wcn3660_firmwarewcd9341qam8775p_firmwaresa8255ppm8937_firmwareqca6431sc8180xp-ab_firmwareipq9008_firmwaresnapdragon_x12_lte_modemqca6797aqwcn3910_firmwaresm8250-ac_firmwarewsa8830_firmwaresd855_firmwaresnapdragon_7c\+_gen_3_compute_firmwarewcn3988qca6438sm4250-aa_firmwaresa8195p_firmwaresa8295p_firmwarewcn3610mdm9640msm8608qca8337_firmwarewcd9380_firmwareipq8072asw5100pmsm8996au_firmwarewcd9330ipq8076a_firmwaresnapdragon_w5\+_gen_1_wearable_platformqca6564auipq9008qcn5164sdm429sc8180xp-aasnapdragon_wear_4100\+_platform_firmwareqcn5054_firmwareapq8053-ac_firmwaresm7150-aa_firmwareqca8072_firmwaresc8180x-ac_firmwareqca6430_firmwareqcn5052_firmwarewcd9335_firmwarewcn3980qca6335_firmwaresm7225wcn3910qca6320mdm9650_firmwareqca6426_firmwaresm4450snapdragon_435_mobile_platformwcn3660b_firmwareqca9984wcn3680sc8180x-adqcn9024qcn5550_firmwaresnapdragon_xr2\+_gen_1_platform_firmwarewcd9330_firmwaresnapdragon_x50_5g_modem-rf_system_firmwaresm7150-aasnapdragon_820_automotive_platformqca6421_firmwaresm7125smart_audio_200_platformsd821_firmwaresnapdragon_xr2_5g_platformar8031_firmwarewcn3680_firmwaresm7150-ab_firmwareqrb5165sm8350_firmwareipq8070sdm6609206_lte_modem_firmwareqca6797aq_firmwaresdm710qca6564a_firmwaresnapdragon_x24_lte_modemqcn5121_firmwaresc8180xp-ac_firmwarewsa8832sa8540pqsm8250ipq60189207_lte_modem_firmwareqcs4490sdm439_firmwareqca6595_firmwaresa8145pimmersive_home_214_platform_firmwareqm215_firmwaresm4350-ac_firmwaresd888_firmwaresa8155psd675qcs8155_firmwarear8035_firmwareqcm2290snapdragon_632_mobile_platformsnapdragon_625_mobile_platform_firmwareqcn5024_firmwarewcn3991_firmwaresnapdragon_662_mobile_platform_firmwareqcn9070sa8145p_firmwaresm6125qcs2290_firmwarefsm10056sdm450_firmwarewcn785x-5csra6620qcn9072sm7250-ac_firmwareqca8386sc8280xp-bb_firmwareqca6390_firmwareipq6000sd730_firmwarewcd9370ssg2115pqcn5152_firmwareqca6584au_firmwareqcn9000_firmwaresm8450sm8250-absd_8cx_firmwareimmersive_home_216_platformimmersive_home_316_platformsnapdragon_1200_wearable_platform_firmwareimmersive_home_318_platformsd662qcn5124_firmwareqam8295p_firmwareapq8037qcn6100_firmwaresnapdragon_435_mobile_platform_firmwareqca8082_firmwareqca6320_firmwaresa9000p_firmwarewcn3680b_firmwaresnapdragon_212_mobile_platform_firmwareqca6595ausm7325-af_firmwarewcn3999_firmwaresnapdragon_425_mobile_platformqca6436_firmwaresm4350-acsnapdragon_w5\+_gen_1_wearable_platform_firmwareipq5010qca6564au_firmwaresa6155p_firmwareqca6310snapdragon_821_mobile_platform_firmwareqcn9274pm8937qcs8155snapdragon_x70_modem-rf_system_firmwareqcn9001qcs6490snapdragon_x5_lte_modem_firmwaresnapdragon_625_mobile_platformsd821vision_intelligence_300_platform_firmwaresa6145p_firmwaresm6250c-v2x_9150apq8017_firmwarewsa8810_firmwarevision_intelligence_400_platformsm8450_firmwaresc7180-adsnapdragon_ar2_gen_1_platform_firmwaresa8255p_firmwaresg4150pqca8081ipq8071aqca6174a_firmwareipq8071a_firmwaresnapdragon_wear_1300_platform_firmwarewcd9385snapdragon_x12_lte_modem_firmwaresc8180x-acar8035csr8811apq8064auqca6694_firmwareqcn9100_firmwarevision_intelligence_400_platform_firmwarewcn3620_firmwaresd820qcm6490wsa8835_firmwarewcn3620sm7350-abqca6564asa4150psg4150p_firmwarewcn785x-1qcm4325qca8072qcm2290_firmwaresnapdragon_845_mobile_platformapq5053-aawcn3990qcn9000sd_675sm8350-ac_firmwaresdm439snapdragon_835_mobile_pc_platformqcn9012sm8150-acsd888qcn6122_firmwarewsa8835msm8996ausdm429w_firmwaresc7180-ad_firmwaresnapdragon_auto_5g_modem-rfsd_8_gen1_5gsm6250pssg2125p_firmwaresnapdragon_425_mobile_platform_firmwareqca6574aqca9889qca6174asm7325psc8180x-afipq8074wcn6750qcn9003ipq8076_firmwaresm7150-ac_firmwaresm7250-absd855sm4125_firmwareipq8076sdx57m_firmwareqcn5021qcn5152msm8209wcn785x-5_firmwarevision_intelligence_300_platformsd460qca6391sm8250-ab_firmwareipq6005aqt1000_firmwareqcn9100qcm4490_firmwaresnapdragon_845_mobile_platform_firmwareqcm4290qcn9011sd_455sm6225_firmwareipq8074_firmwareqca6574ausa8155p_firmwareipq9574wcd9341_firmwareqcm6125wsa8810sm7250-acsnapdragon_ar2_gen_1_platformwcn3680bsd835_firmwareqam8650p_firmwaresnapdragon_675_mobile_platformipq6010_firmwareqca6696sm4350msm8608_firmwaresm7125_firmwaresa6150psnapdragon_1100_wearable_platform_firmwareqcn9022_firmwaresc8180xp-abapq8037_firmwareipq8070aqcn6100qcn9072_firmwaresnapdragon_820_mobile_platform_firmwaresm7250psc8180x-ad_firmwareipq8071_firmwareqcn9074_firmwaresw5100_firmwaresnapdragon_xr1_platform_firmwareSnapdragon
CWE ID-CWE-310
Not Available
CVE-2018-13901
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.98%
||
7 Day CHG~0.00%
Published-14 Jun, 2019 | 17:02
Updated-05 Aug, 2024 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Due to missing permissions in Android Manifest file, Sensitive information disclosure issue can happen in PCI RCS app in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCS605, SD 210/SD 212/SD 205, SD 615/16/SD 415, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_712sd_850sd_855sd_730_firmwaresd_820asd_675msm8996au_firmwaresd_415sd_616sd_670_firmwaresdm660sdm630mdm9607_firmwaresd_615mdm9650sd_636sd_650_firmwaresd_710_firmwareqca6574ausd_615_firmwaremsm8909w_firmwaremdm9607msm8996ausd_210sd_636_firmwaresd_650sd_820_firmwaresd_820sd_845_firmwaresd_820a_firmwareqcs605_firmwaresd_675_firmwaremdm9206sd_652sd_730sd_212_firmwaresd_850_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaresd_845mdm9206_firmwareqcs605sd_670sd_835_firmwaremdm9650_firmwaresd_710sd_835sd_205qca6574au_firmwaresda660sd_210_firmwaresd_415_firmwaresd_652_firmwaremsm8909wsd_616_firmwaresd_205_firmwaresdm660_firmwaresd_212sd_855_firmwareSnapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CVE-2018-11922
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.64%
||
7 Day CHG+0.01%
Published-26 Nov, 2024 | 08:55
Updated-09 Jan, 2025 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Configurations in Android Build

Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-215sda660sd_210_firmwaresd_439sd_625sd_450mdm9640sd_425sd_210sd_429_firmwaresdm439_firmwaresd_625_firmwaresd_205sd_439_firmwaresd_429mdm9650_firmwaresd_427_firmwaresd_435_firmwaremdm9206sd_632sdx20mdm9650mdm9206_firmwaresd_845sd_435sd_212_firmwaresd_850sd_450_firmwaresd_427mdm9640_firmwaresd_850_firmwaresd_632_firmwaresd_205_firmwaresd_212sd_425_firmwaresda660_firmwaresdm439mdm9607mdm9607_firmware215_firmwaresd_430sdx20_firmwaresd_430_firmwaresd_845_firmwareSnapdragon
CVE-2018-11942
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.20%
||
7 Day CHG~0.00%
Published-14 Jun, 2019 | 17:02
Updated-05 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Failure to initialize the reserved memory which is sent to the firmware might lead to exposure of 1 byte of uninitialized kernel SKB memory to FW in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9150_firmwaremdm9640_firmwaresd_820asd_675msm8996au_firmwaresd_670_firmwaresdx24mdm9650sd_636msm8996ausd_450_firmwaresd_845_firmwaresd_820a_firmwareqcs605_firmwareipq4019_firmwaresd_675_firmwaremdm9206sd_425_firmwaresdx24_firmwaresd_625_firmwareipq8074sd_450sd_845mdm9206_firmwareqcs605mdm9640sd_835_firmwaremdm9650_firmwaresd_835ipq8064sda660ipq8064_firmwaresd_427_firmwaresd_712sd_855sd_730_firmwaresdx20sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435sd_710_firmwaresdm630qcs405sd_625ipq8074_firmwaremdm9607sd_636_firmwaremdm9150sd_730sd_850_firmwareqcs405_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaresd_427ipq4019sd_430sd_670sd_435_firmwaresd_710sdx20_firmwaresdm660_firmwaresd_855_firmwareSnapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-11947
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.20%
||
7 Day CHG~0.00%
Published-14 Jun, 2019 | 17:02
Updated-05 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The txrx stats req might be double freed in the pdev detach when the host driver is unloading in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8064, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCA9558, QCA9880, QCA9886, QCA9980, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaresd_850mdm9150_firmwaremdm9640_firmwaresd_820asd_675qca9980_firmwaremsm8996au_firmwaresd_670_firmwaresdx24mdm9650sd_636qca9558qca9558_firmwaremsm8996auqca9880_firmwaresd_450_firmwaresd_845_firmwaresd_820a_firmwareqcs605_firmwaresd_675_firmwaremdm9206sd_425_firmwareqca9379_firmwareqca6174asdx24_firmwaresd_625_firmwaresd_450qca9377sd_845mdm9206_firmwareqcs605qca9886sd_835_firmwaremdm9650_firmwaresd_835qca6574au_firmwaresda660sd_210_firmwareipq8064sd_205_firmwareipq8064_firmwaresd_212sd_427_firmwaresd_712sd_855sd_730_firmwaresdx20sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435sd_710_firmwaresdm630qcs405sd_625qca6574ausd_210mdm9607qca9980sd_636_firmwareqca9880mdm9150qca6174a_firmwaresd_730sd_212_firmwareqca9886_firmwaresd_850_firmwaresd_855_firmwareqcs405_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaresd_430sd_427sd_670sd_435_firmwaresdx20_firmwaresd_710sd_205qca9379sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-415
Double Free
CVE-2018-12006
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.17%
||
7 Day CHG~0.00%
Published-11 Feb, 2019 | 15:00
Updated-05 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Users with no extra privileges can potentially access leaked data due to uninitialized padding present in display function.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-12011
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.17%
||
7 Day CHG~0.00%
Published-11 Feb, 2019 | 15:00
Updated-05 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Uninitialized data for socket address leads to information exposure.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2017-9693
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 10.49%
||
7 Day CHG~0.00%
Published-30 Mar, 2018 | 21:00
Updated-17 Sep, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The length of attribute value for STA_EXT_CAPABILITY in __wlan_hdd_change_station in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-06-06 being less than the actual lenth of StaParams.extn_capability results in a read for extra bytes when a memcpy is done from params->ext_capab to StaParams.extn_capability using the sizeof(StaParams.extn_capability).

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-35070
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.11%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 10:11
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RPM secure Stream can access any secure resource due to improper SMMU configuration and can lead to information disclosure in Snapdragon Industrial IOT, Snapdragon Mobile

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcs6125_firmwarewcn3980qcs6125wcn3950wcd9375wcd9370_firmwarewsa8815sd665sd665_firmwarewcn3950_firmwarewsa8815_firmwarewsa8810_firmwareqcm6125wsa8810wcd9375_firmwarewcn3980_firmwarewcd9370qcm6125_firmwareSnapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-35079
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 5.27%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 09:50
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation of permissions for third party application accessing Telephony service API can lead to information disclosure in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3991_firmwarewcn3991wsa8830wcd9380_firmwarewcn3990sd780gsd865_5gsdx55m_firmwarewcn6856_firmwarewsa8810wsa8835qcs4290wcn3950_firmwarewcd9380sd765g_firmwaresd888_5gqca6420_firmwareqca6390_firmwarequalcomm215sd690_5gwcd9370qcs605_firmwaresd690_5g_firmwarewcn6855_firmwaresm7325pqca6426wcn3990_firmwareqca6430_firmwarewcn3980wcn6750wcn3998wcd9385_firmwaresdxr2_5g_firmwarewcn3950wcd9326_firmwarewcn3615_firmwareqcs605wcn3660bsd855wsa8815sm7325p_firmwaresd662wcn6850sd460_firmwaresd765qca6426_firmwarewcn3660b_firmwarewcn3680sd695wcn3680b_firmwaresdx55_firmwaresd768g_firmwarewcd9375_firmwarewcn3615wcn3998_firmwarewcn3980_firmwaresm7250p_firmwaresd460qca6391qca6420apq8053_firmwareqca6436_firmwaresdx55maqt1000_firmwaresd680_firmwaresd778gwcn6740_firmwaremsm8953qcm4290wcn3680_firmwaresdxr2_5gsd480_firmwareqcs603wcn6851_firmwaresd662_firmwarewcn3988_firmwareqca6430sd778g_firmwarewsa8810_firmwarequalcomm215_firmwaresd765gwcd9341_firmwareqcm4290_firmwaresd765_firmwaresd480qca6436sd680wcd9326wcn6851sd870wcn6855qcs603_firmwarewcn6856wcn3680bqcs4290_firmwarewcd9385wcd9341sd695_firmwaresd768gsd750gsd870_firmwarewcn6740qca6391_firmwareqca6390wcd9375sd750g_firmwareaqt1000wcd9370_firmwaresd780g_firmwaresdx55msm8953_firmwareapq8053wsa8830_firmwaresd855_firmwaresd865_5g_firmwarewcn3988sd888_5g_firmwarewcn6850_firmwarewsa8815_firmwarewsa8835_firmwaresm7250pwcn6750_firmwareSnapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2017-17769
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.33%
||
7 Day CHG~0.00%
Published-30 Mar, 2018 | 21:00
Updated-16 Sep, 2024 | 22:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Information leakage in Android for MSM, Firefox OS for MSM, and QRD Android can occur in the audio driver.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-18322
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.46%
||
7 Day CHG~0.00%
Published-03 Jan, 2019 | 15:00
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cryptographic key material leaked in WCDMA debug messages in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_427_firmwaremdm9635m_firmwaremdm9640_firmwaresd_412sd_415sd_616sd_425sd_430_firmwaremdm9607_firmwaresd_435mdm9655_firmwaremdm9650sd_615sd_650_firmwaresd_625sd_615_firmwaresnapdragon_high_med_2016_firmwaremsm8909w_firmwaremdm9607sd_210mdm9645mdm9645_firmwaresd_650mdm9625_firmwaresd_820_firmwaresd_820sd_450_firmwaresd_800sd_410mdm9206sd_652sd_425_firmwaresnapdragon_high_med_2016sd_212_firmwaresd_800_firmwaresd_625_firmwaresd_450mdm9655sd_412_firmwaremdm9635mmdm9615mdm9625mdm9206_firmwaresd_427sd_430sd_810sd_435_firmwaremdm9615_firmwaremdm9650_firmwaresd_835_firmwaresd_410_firmwaresd_835sd_205sd_210_firmwaresd_415_firmwaresd_652_firmwaremsm8909wsd_810_firmwaresd_616_firmwaresd_205_firmwaresd_212mdm9640Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-18306
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.03% / 6.11%
||
7 Day CHG~0.00%
Published-26 Nov, 2024 | 13:56
Updated-09 Jan, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information Exposure in Camera Driver

Information disclosure due to uninitialized variable.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_820asd_845sd_625_firmwaresd_820sd_625sd_850sd_820a_firmwaresd_835_firmwaresd_450_firmwaresd_820_firmwaresd_835sd_450sd_850_firmwaresd_845_firmwareSnapdragonsd_820a_firmwaresd_835_firmwaresd_850_firmwaresd_450_firmwaresd_845_firmwaresd_625_firmwaresd_820_firmware
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2017-18332
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.46%
||
7 Day CHG~0.00%
Published-18 Jan, 2019 | 22:00
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Security keys are logged when any WCDMA call is configured or reconfigured in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_712sd_850mdm9635m_firmwaremdm9640_firmwaresd_820amsm8996au_firmwaresdx20sd_670_firmwaresd_425sd_430_firmwaremdm9607_firmwaresd_710_firmwaremdm9655_firmwaremdm9650sd_650_firmwaresd_625msm8909w_firmwaremdm9607msm8996aumdm9645mdm9645_firmwaresd_210sd_650sd_820_firmwaresd_820sd_450_firmwaresd_845_firmwaresd_820a_firmwaresd_652sd_425_firmwaresd_212_firmwaresd_850_firmwaresd_625_firmwaresd_450mdm9655sd_712_firmwaremdm9635msda660_firmwaresd_845sd_430sd_670sd_835_firmwaremdm9650_firmwaresd_710sdx20_firmwaresd_835sd_205sda660sxr1130_firmwaresd_210_firmwaresd_652_firmwaresxr1130msm8909wsd_205_firmwaresd_212mdm9640Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-18327
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.46%
||
7 Day CHG~0.00%
Published-03 Jan, 2019 | 15:00
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Security keys are logged when any WCDMA call is configured or reconfigured in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_712sd_850mdm9635m_firmwaremdm9640_firmwaresd_820amsm8996au_firmwaresdx20sd_670_firmwaresd_425sd_430_firmwaremdm9607_firmwaresd_710_firmwaremdm9655_firmwaremdm9650sd_650_firmwaresd_625msm8909w_firmwaremdm9607msm8996aumdm9645mdm9645_firmwaresd_210sd_650sd_820_firmwaresd_820sd_450_firmwaresd_845_firmwaresd_820a_firmwaresd_652sd_425_firmwaresd_212_firmwaresd_850_firmwaresd_625_firmwaresd_450mdm9655sd_712_firmwaremdm9635msda660_firmwaresd_845sd_430sd_670sd_835_firmwaremdm9650_firmwaresd_710sdx20_firmwaresd_835sd_205sda660sxr1130_firmwaresd_210_firmwaresd_652_firmwaresxr1130msm8909wsd_205_firmwaresd_212mdm9640Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-310
Not Available
CVE-2017-18281
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.45%
||
7 Day CHG~0.00%
Published-29 Oct, 2018 | 18:00
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A bool variable in Video function, which gets typecasted to int before being read could result in an out of bound read access in all Android releases from CAF using the linux kernel

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-18307
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.03% / 6.11%
||
7 Day CHG~0.00%
Published-26 Nov, 2024 | 13:56
Updated-09 Jan, 2025 | 20:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information Exposure in Kernel

Information disclosure possible while audio playback.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_820asd_845sd_625_firmwaresd_820sd_625sd_850sd_820a_firmwaresd_835_firmwaresd_450_firmwaresd_820_firmwaresd_835sd_450sd_850_firmwaresd_845_firmwareSnapdragonsd_820a_firmwaresd_835_firmwaresd_850_firmwaresd_450_firmwaresd_845_firmwaresd_625_firmwaresd_820_firmware
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-18326
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.46%
||
7 Day CHG~0.00%
Published-03 Jan, 2019 | 15:00
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cryptographic keys are printed in modem debug messages in snapdragon mobile and snapdragon wear in versions MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 800, SD 810, SD 820, SD 835, SDA660, SDM630, SDM660, Snapdragon_High_Med_2016.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9635m_firmwaremdm9640_firmwaremdm9650sd_636sd_615_firmwaresnapdragon_high_med_2016_firmwaremsm8909w_firmwaresd_820mdm9645sd_650sd_450_firmwaresd_410sd_652sd_425_firmwaresd_800_firmwaresd_625_firmwaresd_450mdm9635mmdm9615sd_835_firmwaremdm9650_firmwaresd_835sda660sd_210_firmwaresd_415_firmwaresd_652_firmwaremsm8909wsd_616_firmwaresd_205_firmwaresd_415sd_650_firmwaresd_212sd_427_firmwaresd_412sd_616sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435mdm9655_firmwaresd_615sdm630sd_625sd_210mdm9607sd_636_firmwaresd_820_firmwaremdm9645_firmwaremdm9625_firmwaresd_800snapdragon_high_med_2016sd_212_firmwaremdm9655sd_412_firmwaresdm630_firmwaresda660_firmwaremdm9625sd_427sd_430sd_810sd_435_firmwaremdm9615_firmwaresd_410_firmwaresd_205sd_810_firmwaresdm660_firmwaremdm9640Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-18324
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.46%
||
7 Day CHG~0.00%
Published-03 Jan, 2019 | 15:00
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cryptographic key material leaked in debug messages - GERAN in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835, SD 855, SDX24, Snapdragon_High_Med_2016.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9635m_firmwaresdx24mdm9650sd_615_firmwaresnapdragon_high_med_2016_firmwaremsm8909w_firmwaresd_820mdm9645sd_650sd_450_firmwaresd_410mdm9206sd_652sd_425_firmwaresd_800_firmwaresdx24_firmwaresd_625_firmwaresd_450mdm9635mmdm9615mdm9206_firmwaresd_835_firmwaremdm9650_firmwaresd_835sd_210_firmwaresd_415_firmwaresd_652_firmwaremsm8909wsd_616_firmwaresd_205_firmwaresd_415sd_650_firmwaresd_212sd_427_firmwaresd_855sd_412sd_616sd_425sd_430_firmwaremdm9607_firmwaresd_435mdm9655_firmwaresd_615sd_625sd_210mdm9607sd_820_firmwaremdm9645_firmwaremdm9625_firmwaresd_800snapdragon_high_med_2016sd_212_firmwaremdm9655sd_412_firmwaremdm9625sd_427sd_430sd_810sd_435_firmwaremdm9615_firmwaresd_410_firmwaresd_205sd_810_firmwaresd_855_firmwareSnapdragon Mobile, Snapdragon Wear
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-18321
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.46%
||
7 Day CHG~0.00%
Published-03 Jan, 2019 | 15:00
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Security keys used by the terminal and NW for a session could be leaked in snapdragon mobile in versions MDM9650, MDM9655, SD 835, SDA660.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_835_firmwaremdm9655_firmwaremdm9650_firmwaremdm9655sd_835sda660sda660_firmwaremdm9650Snapdragon Mobile
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-18323
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.46%
||
7 Day CHG~0.00%
Published-03 Jan, 2019 | 15:00
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cryptographic key material leaked in TDSCDMA RRC debug messages in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9635m_firmwaremdm9640_firmwaresd_820amsm8996au_firmwaresd_670_firmwaremdm9650sd_615_firmwaremsm8909w_firmwaremsm8996aumdm9645sd_650sd_820sd_450_firmwaresd_845_firmwaresd_410sd_820a_firmwaremdm9206sd_652sd_425_firmwaresd_625_firmwaresd_450mdm9635mmdm9615sd_845mdm9206_firmwaremdm9640sd_835_firmwaremdm9650_firmwaresxr1130._firmwaresd_835sda660sd_210_firmwaresd_415_firmwaresd_652_firmwaremsm8909wsd_616_firmwaresd_205_firmwaresd_415sd_650_firmwaresd_212sd_712sd_412sdx20sd_616sd_425sd_430_firmwaremdm9607_firmwaresd_615mdm9655_firmwaresd_710_firmwaresd_625sd_210mdm9607sd_820_firmwaremdm9645_firmwaresd_212_firmwaresd_850_firmwaremdm9655sd_412_firmwaresd_712_firmwaresda660_firmwaresd_430sd_670mdm9615_firmwaresd_710sd_410_firmwaresdx20_firmwaresd_205sxr1130.Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-320
Not Available
CVE-2024-43046
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.22%
||
7 Day CHG~0.00%
Published-07 Apr, 2025 | 10:15
Updated-07 Apr, 2025 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information Exposure in TZ Secure OS

There may be information disclosure during memory re-allocation in TZ Secure OS.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-Snapdragon
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-15824
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.33%
||
7 Day CHG~0.00%
Published-06 Jul, 2018 | 17:00
Updated-17 Sep, 2024 | 02:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, the function UpdateDeviceStatus() writes a local stack buffer without initialization to flash memory using WriteToPartition() which may potentially leak memory.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2021-30331
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 13.91%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 04:40
Updated-03 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer overflow due to improper data validation of external commands sent via DIAG interface in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fsm10055qca9377_firmwaremdm9150_firmwarewcn3991_firmwaresd678wsa8830sm6250p_firmwareqcs610qcs2290_firmwarefsm10056qca8337mdm9650sdx65fsm10055_firmwareqcs4290wcn3950_firmwaresd765g_firmwareqcs2290qca6390_firmwaresd690_5gsd730_firmwarewcd9370sd_675_firmwaresd675_firmwareqcs6125_firmwareqca6426wcn3990_firmwareqca9377wcn3998wcd9385_firmwaresdxr2_5g_firmwarewcn3950sd720gsd_8_gen1_5g_firmwaresm6375_firmwaresd662sd460_firmwaresdx55_firmwarewcd9375_firmwareqca8081_firmwarewcn3998_firmwaresm7250p_firmwareqca6436_firmwaresd778gsm6225qcs6490sdxr2_5gqcs6125sd662_firmwarewcn3988_firmwaresm6250sd778g_firmwarewsa8810_firmwaresd765gsw5100sd765_firmwarefsm10056_firmwareqca6436wcn6851wcd9335qca8081qca6174a_firmwareqcs4290_firmwarewcd9385wcd9341qcs6490_firmwaresd750gsd870_firmwareqca6390ar8035sd750g_firmwarewcd9375wcn3910_firmwaresm6250_firmwarewsa8830_firmwaresd865_5g_firmwareqcm6490sd888_5g_firmwarewcn3988wcn6850_firmwarewsa8815_firmwarewsa8835_firmwareqcx315sm8475wcn6750_firmwareqcm6125_firmwareqcm2290_firmwaresm6375wcn3991qca8337_firmwarewcd9380_firmwarewcn3990sd_675sw5100psd865_5gsdx55m_firmwarewcn6856_firmwarewsa8835qcx315_firmwaresd665_firmwarewcd9380sd888_5gsm6250pqcs410sd690_5g_firmwarewcn6855_firmwareqca6174asm7325pwcd9335_firmwarewcn3980wcn6750wsa8815sm7325p_firmwaresd665wcn3910wcn6850mdm9650_firmwaresd765qca6426_firmwaresd768g_firmwarewcn3980_firmwaresd460sd730qca6391sdx55msdx65_firmwaresd678_firmwareqcm4290qcm6490_firmwaresd480_firmwarewcn6851_firmwaresm6225_firmwarewcd9341_firmwareqcm6125qcm4290_firmwaresd480sd870wcn6855wsa8810sw5100p_firmwareqcs610_firmwaremdm9150wcn6856sd768gqca6391_firmwarewcd9370_firmwaresdx55sd675sm7250psd720g_firmwaresw5100_firmwareqcs410_firmwarear8035_firmwareqcm2290Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2017-15844
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.17%
||
7 Day CHG~0.00%
Published-18 Sep, 2018 | 18:00
Updated-05 Aug, 2024 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the function for writing device values into flash, uninitialized memory can be written to flash.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found