Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-14048

Summary
Assigner-qualcomm
Assigner Org ID-2cfc7d3e-20d3-47ac-8db7-1b7285aff15f
Published At-05 Mar, 2020 | 08:56
Updated At-05 Aug, 2024 | 00:05
Rejected At-
Credits

Possible out of bound memory access while playing a crafted clip in media player in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in SM8150

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:qualcomm
Assigner Org ID:2cfc7d3e-20d3-47ac-8db7-1b7285aff15f
Published At:05 Mar, 2020 | 08:56
Updated At:05 Aug, 2024 | 00:05
Rejected At:
▼CVE Numbering Authority (CNA)

Possible out of bound memory access while playing a crafted clip in media player in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in SM8150

Affected Products
Vendor
Qualcomm Technologies, Inc.Qualcomm, Inc.
Product
Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Versions
Affected
  • SM8150
Problem Types
TypeCWE IDDescription
textN/ABuffer Copy Without Checking Size of Input in Video
Type: text
CWE ID: N/A
Description: Buffer Copy Without Checking Size of Input in Video
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin
x_refsource_CONFIRM
Hyperlink: https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@qualcomm.com
Published At:05 Mar, 2020 | 09:15
Updated At:05 Mar, 2020 | 18:27

Possible out of bound memory access while playing a crafted clip in media player in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in SM8150

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.04.6MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 4.6
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Qualcomm Technologies, Inc.
qualcomm
>>sm8150_firmware>>-
cpe:2.3:o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sm8150>>-
cpe:2.3:h:qualcomm:sm8150:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Primarynvd@nist.gov
CWE ID: CWE-125
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletinproduct-security@qualcomm.com
Vendor Advisory
Hyperlink: https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin
Source: product-security@qualcomm.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1448Records found
CVE-2022-22074
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.09% / 27.08%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 05:25
Updated-03 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory Corruption during wma file playback due to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaremdm9640_firmwareqcs610qca8337qca6431_firmwaresdx65wcn3950_firmwareqcs2290qca6595au_firmwaresa6155msm8917csra6620_firmwareqcs605_firmwaresd_675_firmwarecsra6640_firmwareqcs6125_firmwaresd632sa415mwcn3998wcd9371_firmwarewcn3950sd_8cx_gen2_firmwaremdm9628mdm9206_firmwaresd_8_gen1_5g_firmwarewcn3660bsd450_firmwaresd460_firmwareqca4020wcn7850qca6574au_firmwarewcd9375_firmwarewcn3998_firmwareqca8081_firmwaresa6155_firmwaremsm8909wapq8009w_firmwareqca6420apq8053_firmwaresm7450_firmwaresd680_firmwareqca9367_firmwarewcn3999sd_8cx_gen2qrb5165_firmwareqrb5165m_firmwareqcs6125sa8155_firmwaresd662_firmwareqcs405qca6430wcd9340sd765gqualcomm215_firmwaresw5100sd680qca4020_firmwareqca6436wcn6851sa6155pqcs603_firmwarewcn7851_firmwaremsm8937mdm9250_firmwarewcn3660_firmwarewcd9341pm8937_firmwareqca6696_firmwareqca6431wcd9371sd870_firmwaresd750gwcn3910_firmwarewsa8830_firmwaresd855_firmwaresd660sd865_5g_firmwarewcn3988sd660_firmwarewcn7850_firmwaresa8195p_firmwaresm8475wcn6750_firmwaresd450wcn3610mdm9640wcn3991qca8337_firmwarewcd9380_firmwaresdm429wsw5100pmsm8996au_firmwarewcd9330qca6564ausdx55m_firmwarewcn6856_firmwareqca6574sd632_firmwarewcd9380qualcomm215qcs410sd690_5g_firmwareqca9379_firmwaresdx24_firmwareqca6430_firmwarewcd9335_firmwarewcn3980sd439_firmwareqcs605wcd9340_firmwarewsa8815wcn6850wcn3910qca6320qca6584_firmwaremsm8937_firmwaremdm9650_firmwareqca6426_firmwarewcn3660b_firmwarewcn3680sd835wcn3980_firmwaresd730wcd9330_firmwaresdx55mqca6421_firmwaresm8475_firmwarewcn6740_firmwaremsm8953sd678_firmwarear8031_firmwarewcn3680_firmwareqrb5165wcn6851_firmwareqcs603sd_636_firmwareqca6564a_firmwareapq8009wqcm4290_firmwaresd480sd870wcn6855wsa8832sw5100p_firmwareqcs610_firmwaresa6145psdxr1ar8031apq8096auqcs405_firmwaresdm630_firmwareqca6391_firmwarewcd9370_firmwaresd780g_firmwaresdx55apq8053sa8155pcsra6640sd675sd439wcn3660sm8475p_firmwareqca9379ar8035_firmwareqcm2290wcn3991_firmwaremdm9150_firmwarewsa8830sd678qcs2290_firmwarecsrb31024mdm9628_firmwaremdm9650sd_636csra6620qcs4290mdm9250sd765g_firmwareqca6420_firmwareqca6390_firmwareapq8009_firmwaresd690_5gsd730_firmwarewcd9370sd675_firmwareqca6426wcn3990_firmwareqrb5165n_firmwareqca9377sdw2500_firmwarewcd9385_firmwaresdxr2_5g_firmwarewcd9326_firmwarewcn3615_firmwaresd662sa8155qca6320_firmwareqca6584wcn3680b_firmwaresdx55_firmwarewcn3615qca6595auwcn3999_firmwaresm7250p_firmwarewcn3610_firmwareqca6436_firmwareqrb5165nqca6564au_firmwaresa6155p_firmwareqca6310pm8937wcn7851sd429sdxr2_5gqca9367sdm630mdm9607_firmwaresa415m_firmwarewcn3988_firmwaresd429_firmwaresa6145p_firmwareqca6421sa8195papq8017_firmwarewsa8810_firmwaresd765_firmwarewcd9326wcd9335qca8081qca6174a_firmwareqcs4290_firmwarewcd9385qca6390wcd9375sd750g_firmwareaqt1000ar8035msm8953_firmwaremsm8917_firmwarewcn3620_firmwaresdx20_firmwarewsa8815_firmwaresd888_5g_firmwarewcn6850_firmwarewsa8835_firmwarewcn3620sm7450apq8017qca6564aqcm6125_firmwareqcm2290_firmwarewcn3990sd_675sd780gsd865_5gsdx24msm8909w_firmwarewsa8835msm8996ausdm429w_firmwaresd665_firmwaresd888_5gqca6574amdm9206wcn6855_firmwareqca6174aqca6310_firmwarewcn6750qca6574_firmwaresd855sd665sd765qca6574a_firmwaresd768g_firmwareqrb5165mapq8009sd460qca6391sdxr1_firmwareaqt1000_firmwaresdx65_firmwaremdm9626qcm4290csrb31024_firmwarewsa8832_firmwaresdx20sd480_firmwaremdm9626_firmwareqca6574ausa8155p_firmwaremdm9607wcd9341_firmwareqcm6125wsa8810mdm9150wcn6856wcn3680bsd835_firmwaresd768gwcn6740qca6696sdw2500apq8096au_firmwaresm7250psw5100_firmwareqcs410_firmwaresm8475pSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-22100
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.09% / 27.08%
||
7 Day CHG~0.00%
Published-02 Sep, 2022 | 11:31
Updated-03 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption in multimedia due to improper check on received export descriptors in Snapdragon Auto

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca6564au_firmwaresa6155p_firmwaresa6150p_firmwaresa8145p_firmwareqca6564auqca6574ausa6145p_firmwaresa8155p_firmwareqca6564a_firmwaresa8195psa8540p_firmwaresa8150p_firmwaresa6155psa8540psa8295p_firmwareqca6574asa6145papq8096auqca6696_firmwaresa8145pqca6696qam8295psa9000psa8150psa6150papq8096au_firmwaresa8155pqam8295p_firmwaresa9000p_firmwareqca6574a_firmwareqca6574au_firmwaresa8195p_firmwareqca6564asa8295pSnapdragon Auto
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-22070
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.31%
||
7 Day CHG~0.00%
Published-02 Sep, 2022 | 11:31
Updated-03 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption in audio due to lack of check of invalid routing address into APR Routing table in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaresm6250p_firmwareqcs610qca8337qca6431_firmwarewcd9360_firmwaresdx65wcn3950_firmwaresc8180x\+sdx55qcs2290qca6595au_firmwaresa6155qca6335csra6620_firmwareqcs605_firmwaresd_675_firmwarecsra6640_firmwareqcs6125_firmwaresa415mwcn3998wcd9371_firmwaresd_8cx_gen2_firmwaresm4125sd720gwcn3950sd_8_gen1_5g_firmwaresd710_firmwaresd460_firmwaresm7315_firmwareqca6574au_firmwarewcd9375_firmwareqca8081_firmwaresa6155_firmwaresdx12_firmwarewcn3998_firmwareqca6420wcd9360sm7450_firmwaresd680_firmwarewcn3999sd_8cx_gen2qrb5165_firmwareqrb5165m_firmwareqcs6125sa8155_firmwaresd662_firmwareqcs405qca6430wcd9340sd765gsw5100qca6436sd680wcn6851sa6155pqcs603_firmwarewcn7851_firmwaremdm9250_firmwarewcd9341qca6431qca6696_firmwarewcd9371sd750gsd870_firmwarewcn3910_firmwaresd_8cxwsa8830_firmwaresd855_firmwaresd660sd865_5g_firmwaresd712wcn3988sd660_firmwaresa8195p_firmwaresm8475wcn6750_firmwarewcn3991qca8337_firmwarewcd9380_firmwaresw5100pqca6564ausdx55m_firmwarewcn6856_firmwaresd670_firmwareqca6574wcd9380qcs410sd690_5g_firmwaresdx50m_firmwaresdx24_firmwareqca6430_firmwarewcd9335_firmwarewcn3980qca6335_firmwareqcs605wcd9340_firmwarewsa8815wcn6850sd7cwcn3910qca6320mdm9650_firmwareqca6426_firmwaresd695sd835wcn3980_firmwaresd730sdx55mqca6421_firmwaresm8475_firmwarewcn6740_firmwaresd678_firmwarear8031_firmwareqrb5165wcn6851_firmwareqcs603sd_636_firmwaresd670qca6564a_firmwareqcm4290_firmwaresd480sd870wcn6855wsa8832sw5100p_firmwareqcs610_firmwaresa6145psd695_firmwaresdxr1ar8031qca6595_firmwareqcs405_firmwaresdm630_firmwareqca6391_firmwaresd780g_firmwarewcd9370_firmwaresdx55sd888_firmwaresa8155pcsra6640sd675sm8475p_firmwarear8035_firmwareqcm2290wcn3991_firmwaremdm9150_firmwarewsa8830sd678qcs2290_firmwaresd7c_firmwarecsrb31024mdm9650sd_636csra6620qcs4290mdm9250sd765g_firmwareqca6420_firmwareqca6390_firmwaresd690_5gsd730_firmwarewcd9370sd675_firmwareqca6564qca6426wcn3990_firmwareqrb5165n_firmwareqca9377sd_8cx_firmwarewcd9385_firmwaresdxr2_5g_firmwarewcd9326_firmwaresd662sa8155qca6320_firmwaresdx55_firmwareqca6595auwcn3999_firmwaresm7250p_firmwareqca6436_firmwareqrb5165nqca6564au_firmwaresd778gsa6155p_firmwareqca6310sa515m_firmwareqcs6490wcn7851sdxr2_5gsdm630sa415m_firmwarewcn3988_firmwaresa6145p_firmwareqca6421sd712_firmwaresd778g_firmwaresm6250sa8195pwsa8810_firmwaresd765_firmwarewcd9326wcd9335qca8081qca6174a_firmwareqcs4290_firmwarewcd9385qcs6490_firmwarear8035qca6390sd750g_firmwareaqt1000wcd9375sc8180x\+sdx55_firmwaresm6250_firmwaresdx20_firmwareqcm6490sd888_5g_firmwarewcn6850_firmwarewsa8815_firmwarewsa8835_firmwaresm7450qca6564aqcm6125_firmwareqcm2290_firmwarewcn3990sd_675sd780gsd865_5gqca6595sdx24sd888wsa8835sd665_firmwaresd888_5gsm6250pqca6574awcn6855_firmwareqca6174asm7325pqca6310_firmwarewcn6750sa515mqca6574_firmwaresd855sm4125_firmwaresm7325p_firmwaresd665qca6175asd765qca6574a_firmwaresd768g_firmwareqrb5165msd850_firmwaresm7315sd460qca6391sdxr1_firmwareaqt1000_firmwaresdx65_firmwareqcm4290csrb31024_firmwareqcm6490_firmwaresdx50mwsa8832_firmwaresdx20sd480_firmwareqca6574ausa8155p_firmwaresd710wcd9341_firmwareqcm6125wsa8810mdm9150wcn6856sd835_firmwareqca6564_firmwaresd768gwcn6740qca6696sd845_firmwaresd845sm7250psd720g_firmwaresdx12sw5100_firmwareqcs410_firmwareqca6175a_firmwaresd850sm8475pSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-22084
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.12% / 31.52%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 09:40
Updated-03 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption when extracting qcp audio file due to lack of check on data length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaresm6250p_firmwareqcs610sdx65wcn3950_firmwareqcs2290qca6595au_firmwaresa6155qca6335msm8917csra6620_firmwareqcs605_firmwaresd_675_firmwarecsra6640_firmwaresd632wcn3998wcd9371_firmwarewcn3950sm4125mdm9628sd720gmdm9206_firmwaresd_8_gen1_5g_firmwarewcn3660bsd450_firmwaresd710_firmwaresd460_firmwareqca4020sm7315_firmwarewcn7850qca6574au_firmwarewcd9375_firmwarewcn3998_firmwaresa6155_firmwaremsm8909wapq8009w_firmwareqca6420apq8053_firmwaresm7450_firmwaresd680_firmwareqca9367_firmwarewcn3999sa8155_firmwaresd662_firmwareqcs405qca6430wcd9340qualcomm215_firmwaresd765gsw5100qca4020_firmwareqca6436sd680sa6155pwcn6851qcs603_firmwarewcn7851_firmwaremsm8937mdm9250_firmwarewcn3660_firmwarewcd9341pm8937_firmwareqca6696_firmwarewcd9371sd750gsd870_firmwarewcn3910_firmwarewsa8830_firmwaresd855_firmwaresd660sd865_5g_firmwarewcn3988sd660_firmwarewcn7850_firmwaresa8195p_firmwaresm8475wcn6750_firmwaresd450wcn3610wcn3991wcd9380_firmwaresdm429wmsm8996au_firmwaresw5100pwcd9330qca6564ausdx55m_firmwarewcn6856_firmwaresd670_firmwareqca6574sd632_firmwarewcd9380qualcomm215qcs410sd690_5g_firmwaresdx50m_firmwareqca9379_firmwareqca6430_firmwarewcd9335_firmwarewcn3980sd439_firmwareqca6335_firmwareqcs605wcd9340_firmwarewsa8815wcn6850wcn3910qca6320msm8937_firmwaremdm9650_firmwareqca6426_firmwarewcn3660b_firmwarewcn3680sd835wcn3980_firmwaresd730wcd9330_firmwaresdx55msm8475_firmwarewcn6740_firmwaremsm8953sd678_firmwarear8031_firmwarewcn3680_firmwarewcn6851_firmwareqcs603sd_636_firmwaresd670qca6564a_firmwareapq8009wqcm4290_firmwaresd480sd870wcn6855wsa8832sw5100p_firmwareqcs610_firmwaresa6145psdxr1apq8096auar8031qcs405_firmwaresdm630_firmwaresd820_firmwareqca6391_firmwaresd780g_firmwarewcd9370_firmwaresdx55sd888_firmwareapq8053sa8155pcsra6640sd675sd439wcn3660sm8475p_firmwareqca9379qcm2290wcn3991_firmwarewsa8830sd678qcs2290_firmwaremdm9628_firmwaremdm9650sd_636csra6620qcs4290mdm9250sd765g_firmwareqca6420_firmwareqca6390_firmwareapq8009_firmwaresd690_5gsd730_firmwarewcd9370sd675_firmwareqca6564qca6426wcn3990_firmwareqca9377sdw2500_firmwarewcd9385_firmwaresdxr2_5g_firmwarewcd9326_firmwarewcn3615_firmwaresd662sa8155qca6320_firmwarewcn3680b_firmwaresdx55_firmwareqca6595auwcn3615wcn3999_firmwaresm7250p_firmwarewcn3610_firmwareqca6436_firmwareqca6564au_firmwaresd778gsa6155p_firmwareqca6310pm8937wcn7851qcs6490sd429sdxr2_5gqca9367sdm630mdm9607_firmwarewcn3988_firmwaresa6145p_firmwaresd429_firmwaresm6250sd778g_firmwaresa8195papq8017_firmwarewsa8810_firmwaresd765_firmwarewcd9326wcd9335qca6174a_firmwareqcs4290_firmwarewcd9385qcs6490_firmwareqca6390wcd9375sd750g_firmwareaqt1000sm6250_firmwaremsm8953_firmwaremsm8917_firmwarewcn3620_firmwaresd820qcm6490sd888_5g_firmwarewsa8835_firmwaresdx20_firmwarewcn3620wcn6850_firmwarewsa8815_firmwaresm7450apq8017qca6564aqcm2290_firmwarewcn3990sd_675sd780gsd865_5gsd888msm8909w_firmwarewsa8835msm8996ausdm429w_firmwaresd888_5gsm6250pqca6574amdm9206wcn6855_firmwareqca6174asm7325pqca6310_firmwarewcn6750qca6574_firmwaresd855sm4125_firmwaresm7325p_firmwaresd765qca6574a_firmwaresd768g_firmwaresm7315apq8009qca6391sd460sdxr1_firmwareaqt1000_firmwaresdx65_firmwaremdm9626qcm4290qcm6490_firmwaresdx50mwsa8832_firmwaresdx20sd480_firmwaremdm9626_firmwareqca6574ausa8155p_firmwaresd710mdm9607wcd9341_firmwarewsa8810wcn6856wcn3680bsd835_firmwareqca6564_firmwaresd768gwcn6740qca6696sd845_firmwaresdw2500apq8096au_firmwaresd845sm7250psd720g_firmwaresw5100_firmwareqcs410_firmwaresm8475pSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-22058
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.07% / 21.28%
||
7 Day CHG~0.00%
Published-26 Sep, 2022 | 16:35
Updated-21 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption due to use after free issue in kernel while processing ION handles in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-msm8909wsd439_firmwarewcn3660_firmwaresd439qca6574au_firmwareqca6310wcd9330_firmwaresd429_firmwaremsm8996au_firmwaremdm9650_firmwaremsm8996ausd845qca6574a_firmwarequalcomm215_firmwaremdm9206qualcomm215sd660wsa8810_firmwareqca6320qca6595auapq8096au_firmwarewcn3660apq8053sd835_firmwareapq8017qca6420mdm9640mdm9628_firmwarewcn3980wcn3680_firmwareaqt1000_firmwareqca6574_firmwarewcd9326wsa8810sdx20_firmwarewcn3998_firmwaremsm8937qca9379_firmwareaqt1000qca9377qca6335sd820qca6696mdm9206_firmwareqca6574asd845_firmwaresd429qca6595au_firmwaresdw2500_firmwareqca9379qca6574sd450_firmwarewcn3990_firmwaresd855apq8009_firmwarewcd9330wcn3620sd670wcd9340_firmwareapq8009w_firmwaresd632_firmwareqca4020_firmwaremdm9640_firmwarewsa8815qca6564asdm429w_firmwareqca6320_firmwaremdm9607qcn7606_firmwaresd670_firmwareqcs605_firmwaresd855_firmwareqca6564au_firmwaremsm8917qca6564a_firmwaresa415m_firmwarewcn3680bmdm9607_firmwarewcn3660bsd835mdm9150sd820_firmwareapq8053_firmwareqca6175aqca6335_firmwarewcd9341_firmwareqcs603qca6564auqcs603_firmwarewcn3680b_firmwaremsm8953sd632sd660_firmwarewcn3610_firmwaresdxr1_firmwaresd710_firmwaremdm9626mdm9626_firmwareqca4020sa415msdw2500msm8937_firmwaresd450qca6584_firmwarewcd9335_firmwareqca6310_firmwareqcn7606mdm9250_firmwarewcn3620_firmwareqca6430_firmwaresdm429wapq8096aumdm9250qca6696_firmwareqca6174a_firmwarewcd9326_firmwareapq8017_firmwaresdx20csrb31024_firmwareqca9367_firmwarepm8937_firmwarewcn3998wcn3615_firmwarewcd9341qca6175a_firmwareqcn7605_firmwareqca6174aqcs605pm8937wcn3660b_firmwaremsm8909w_firmwarewsa8815_firmwarewcd9335wcn3615csrb31024qcn7605mdm9628qca6430qca9377_firmwaremsm8953_firmwaresd710wcn3990wcn3680msm8917_firmwarewcn3610wcn3980_firmwareqca9367mdm9150_firmwaremdm9650apq8009qca6574ausdxr1wcd9340sdx24sdx24_firmwareapq8009wqca6584qca6420_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-416
Use After Free
CVE-2022-22098
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.07% / 22.31%
||
7 Day CHG~0.00%
Published-02 Sep, 2022 | 11:31
Updated-03 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption in multimedia driver due to untrusted pointer dereference while reading data from socket in Snapdragon Auto

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-apq8096au_firmwareapq8096auSnapdragon Auto
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-3696
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.62%
||
7 Day CHG~0.00%
Published-02 Nov, 2020 | 06:21
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Use after free while installing new security rule in ipcrtr as old one is deleted and this rule could still be in use for checking security permission for particular process' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8996AU, QCA4531, QCA6574AU, QCA9531, QCM2150, QCS605, SDM429W, SDX20, SDX24

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca4531_firmwareqcm2150_firmwaresdm429wmsm8996au_firmwareapq8098_firmwaresdx20qcm2150sdx24mdm9607_firmwareqca9531ipq8074_firmwareqca6574aumsm8909w_firmwaremdm9607msm8996ausdm429w_firmwareapq8017_firmwareapq8009_firmwaremsm8909wqcs605_firmwareipq4019_firmwaremdm9207c_firmwareipq6018mdm9206mdm9207cmsm8905sdx24_firmwareipq8074apq8096auqca4531apq8098ipq6018_firmwaremdm9206_firmwareqcs605ipq4019apq8053apq8096au_firmwaresdx20_firmwareqca9531_firmwaremsm8905_firmwareipq8064qca6574au_firmwareapq8017apq8009apq8053_firmwareipq8064_firmwareSnapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-416
Use After Free
CVE-2020-3616
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.46%
||
7 Day CHG~0.00%
Published-02 Jun, 2020 | 15:05
Updated-04 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in display function due to memory copy without checking length of size using strcpy function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8909W, MSM8917, MSM8953, MSM8996AU, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SM6150, SM7150, SM8150

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-msm8953sdm450sdm636_firmwaresdm632_firmwaremsm8996au_firmwareapq8098_firmwaresdm845sdm450_firmwaresdm632sdx20sdm660sdm439mdm9607_firmwaresdm630sdm429sm7150_firmwaresm6150msm8909w_firmwaremdm9607msm8996auqm215apq8017_firmwaresm7150msm8917qcs605_firmwaremdm9207c_firmwaremdm9206mdm9207csm8150_firmwareapq8096ausdm439_firmwaresda845_firmwaresdm636sdm630_firmwareapq8098sda660_firmwaremdm9206_firmwareqcs605qm215_firmwaremsm8953_firmwareapq8053apq8096au_firmwaresm6150_firmwaremsm8917_firmwaresdm429_firmwaresm8150sdx20_firmwaresda660apq8017msm8909wapq8053_firmwaresdm660_firmwaresda845sdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-22071
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.81% / 73.28%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 09:51
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-12-26||Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-ar8031qcm2290_firmwaresd778gsd855_firmwarewcn6851wcn6850_firmwaresd855wcn3988_firmwaresa6155pqcs2290wcn3999_firmwareqca6436qcs4290_firmwarecsra6620sd765_firmwarewcn3980_firmwaresd690_5gwcd9335qrb5165qca6595ausm7250psd780gcsra6620_firmwaremsm8953qca6574au_firmwaresd750gsdx55_firmwareqca6696wcd9380apq8053qcs405sm4125_firmwarear8031_firmwarewsa8830_firmwarewsa8815qcm4290wsa8810wcn3615_firmwaresd662qca6391qca6391_firmwareqca6436_firmwarewcn6750wcn6856_firmwarewcn7850qca8081_firmwareqcm4290_firmwaresdx55mqrb5165m_firmwaresm7250p_firmwaresd662_firmwareqca6390_firmwareqrb5165_firmwarewcn3910qca6426_firmwarewcn3910_firmwaresd439_firmwareqca6574auwcn3999qca6696_firmwaremdm9150_firmwaresdxr2_5g_firmwareqcs410_firmwaresdxr2_5gqca6595au_firmwaresd750g_firmwareqca6426wcn3991_firmwaresd765gsm4125wcn3950_firmwarewcn6855sd865_5gsa8195p_firmwareqcs6490_firmwareqcs410sdx55m_firmwarewcd9326sa8195psd439sd765csra6640qca6574qrb5165n_firmwarewcn3998wsa8830wcn3980wsa8835_firmwareqca6174awsa8835sd865_5g_firmwarewcn6740_firmwarewcn3680b_firmwarewcn7851_firmwarewcd9370_firmwarewcn3988sd460wcn6850sd765g_firmwaresd680wcn3660bwcn6855_firmwareqca6574a_firmwarewcd9341_firmwarewcd9375_firmwaresa6155p_firmwaresd768gwcn3950wcn7851sdx65sd870wcn3998_firmwarear8035_firmwareqcs6490sd870_firmwaresd888_5gqca8337_firmwareqcm2290qcs2290_firmwareqca9377qca6390sd480_firmwaresdx12wcd9380_firmwareqcs610qca6574acsra6640_firmwarewcd9335_firmwarewcd9375qca8337sd690_5g_firmwaresm7325p_firmwaresdx12_firmwareqcm6490wcn3615sd768g_firmwareqcm6490_firmwarequalcomm215qca8081sd695wsa8810_firmwaremsm8953_firmwaremdm9150qca9377_firmwareqcs405_firmwaresd680_firmwaresdx55qrb5165napq8053_firmwarewcn3991wcn3680bqrb5165msa8155pwcn6851_firmwarewcn6856sd460_firmwarewcd9370sd480qcs610_firmwarewcn6740qualcomm215_firmwarear8035sm7325pwcd9341wcn6750_firmwarewcn3660b_firmwarewcd9326_firmwareqca6574_firmwaresa8155p_firmwarewcd9385_firmwaresd780g_firmwaresd695_firmwaresd778g_firmwarewcd9385sd888_5g_firmwaresdx65_firmwareqcs4290qca6174a_firmwarewcn7850_firmwarewsa8815_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & MusicMultiple Chipsets
CWE ID-CWE-416
Use After Free
CVE-2022-22092
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.24%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 05:25
Updated-03 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption in kernel due to use after free issue in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3991_firmwarewcn3991wsa8830qca8337_firmwarewcd9380_firmwaresd780gqca8337sd865_5gqca6431_firmwaresdx55m_firmwarewcn6856_firmwaresd888sdx65wsa8835wcd9380sd765g_firmwaresd888_5gqca6390_firmwarewcd9370wcn6855_firmwaresm8475p_firmwaresm7325pqca6426qrb5165n_firmwarewcn6750wcn3998wcd9385_firmwaresdxr2_5g_firmwaresd_8_gen1_5g_firmwarewsa8815sm7325p_firmwareqsm8350_firmwarewcn6850qsm8350sd765qca6426_firmwaresm7315_firmwarewcn7850sd768g_firmwarewcd9375_firmwareqca8081_firmwarewcn3998_firmwareqrb5165msm7250p_firmwaresm7315qca6391sdx55mqca6436_firmwareqrb5165nqca6421_firmwaresm8475_firmwaresm7450_firmwarewcn6740_firmwaresd778gsdx65_firmwarewcn7851qcs6490qrb5165_firmwareqrb5165m_firmwaresdxr2_5gqcm6490_firmwarewsa8832_firmwareqrb5165wcn6851_firmwareqca6421sd778g_firmwarewsa8810_firmwaresd765gwsa8810sd765_firmwaresd870qca6436wcn6851wsa8832wcn6855qca8081wcn7851_firmwarewcn6856wcd9385sd768gqca6431qcs6490_firmwaresd870_firmwarewcn6740qca6391_firmwareqca6390ar8035wcd9375sd780g_firmwarewcd9370_firmwaresd888_firmwarewsa8830_firmwaresd865_5g_firmwareqcm6490sd888_5g_firmwarewcn6850_firmwarewcn7850_firmwarewsa8815_firmwarewsa8835_firmwaresm7250psm7450sm8475wcn6750_firmwarear8035_firmwaresm8475pSnapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-416
Use After Free
CVE-2022-22082
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.12% / 32.25%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 09:40
Updated-03 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption due to possible buffer overflow while parsing DSF header with corrupted channel count in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaresm6250p_firmwareqcs610sdx65wcn3950_firmwareqcs2290qca6595au_firmwaresa6155qca6335msm8917csra6620_firmwareqcs605_firmwaresd_675_firmwarecsra6640_firmwaresd632wcn3998wcd9371_firmwarewcn3950sm4125mdm9628sd720gmdm9206_firmwaresd_8_gen1_5g_firmwarewcn3660bsd450_firmwaresd710_firmwaresd460_firmwareqca4020sm7315_firmwarewcn7850qca6574au_firmwarewcd9375_firmwarewcn3998_firmwaresa6155_firmwaremsm8909wapq8009w_firmwareqca6420apq8053_firmwaresm7450_firmwaresd680_firmwareqca9367_firmwarewcn3999sa8155_firmwaresd662_firmwareqcs405qca6430wcd9340qualcomm215_firmwaresd765gsw5100qca4020_firmwareqca6436sd680sa6155pwcn6851qcs603_firmwarewcn7851_firmwaremsm8937mdm9250_firmwarewcn3660_firmwarewcd9341pm8937_firmwareqca6696_firmwarewcd9371sd750gsd870_firmwarewcn3910_firmwarewsa8830_firmwaresd855_firmwaresd660sd865_5g_firmwarewcn3988sd660_firmwarewcn7850_firmwaresa8195p_firmwaresm8475wcn6750_firmwaresd450wcn3610wcn3991wcd9380_firmwaresdm429wmsm8996au_firmwaresw5100pwcd9330qca6564ausdx55m_firmwarewcn6856_firmwaresd670_firmwareqca6574sd632_firmwarewcd9380qualcomm215qcs410sd690_5g_firmwaresdx50m_firmwareqca9379_firmwareqca6430_firmwarewcd9335_firmwarewcn3980sd439_firmwareqca6335_firmwareqcs605wcd9340_firmwarewsa8815wcn6850wcn3910qca6320msm8937_firmwaremdm9650_firmwareqca6426_firmwarewcn3660b_firmwarewcn3680sd835wcn3980_firmwaresd730wcd9330_firmwaresdx55msm8475_firmwarewcn6740_firmwaremsm8953sd678_firmwarear8031_firmwarewcn3680_firmwarewcn6851_firmwareqcs603sd_636_firmwaresd670qca6564a_firmwareapq8009wqcm4290_firmwaresd480sd870wcn6855wsa8832sw5100p_firmwareqcs610_firmwaresa6145psdxr1apq8096auar8031qcs405_firmwaresdm630_firmwaresd820_firmwareqca6391_firmwaresd780g_firmwarewcd9370_firmwaresdx55sd888_firmwareapq8053sa8155pcsra6640sd675sd439wcn3660sm8475p_firmwareqca9379qcm2290wcn3991_firmwarewsa8830sd678qcs2290_firmwaremdm9628_firmwaremdm9650sd_636csra6620qcs4290mdm9250sd765g_firmwareqca6420_firmwareqca6390_firmwareapq8009_firmwaresd690_5gsd730_firmwarewcd9370sd675_firmwareqca6564qca6426wcn3990_firmwareqca9377sdw2500_firmwarewcd9385_firmwaresdxr2_5g_firmwarewcd9326_firmwarewcn3615_firmwaresd662sa8155qca6320_firmwarewcn3680b_firmwaresdx55_firmwareqca6595auwcn3615wcn3999_firmwaresm7250p_firmwarewcn3610_firmwareqca6436_firmwareqca6564au_firmwaresd778gsa6155p_firmwareqca6310pm8937wcn7851qcs6490sd429sdxr2_5gqca9367sdm630mdm9607_firmwarewcn3988_firmwaresa6145p_firmwaresd429_firmwaresm6250sd778g_firmwaresa8195papq8017_firmwarewsa8810_firmwaresd765_firmwarewcd9326wcd9335qca6174a_firmwareqcs4290_firmwarewcd9385qcs6490_firmwareqca6390wcd9375sd750g_firmwareaqt1000sm6250_firmwaremsm8953_firmwaremsm8917_firmwarewcn3620_firmwaresd820qcm6490sd888_5g_firmwarewsa8835_firmwaresdx20_firmwarewcn3620wcn6850_firmwarewsa8815_firmwaresm7450apq8017qca6564aqcm2290_firmwarewcn3990sd_675sd780gsd865_5gsd888msm8909w_firmwarewsa8835msm8996ausdm429w_firmwaresd888_5gsm6250pqca6574amdm9206wcn6855_firmwareqca6174asm7325pqca6310_firmwarewcn6750qca6574_firmwaresd855sm4125_firmwaresm7325p_firmwaresd765qca6574a_firmwaresd768g_firmwaresm7315apq8009qca6391sd460sdxr1_firmwareaqt1000_firmwaresdx65_firmwaremdm9626qcm4290qcm6490_firmwaresdx50mwsa8832_firmwaresdx20sd480_firmwaremdm9626_firmwareqca6574ausa8155p_firmwaresd710mdm9607wcd9341_firmwarewsa8810wcn6856wcn3680bsd835_firmwareqca6564_firmwaresd768gwcn6740qca6696sd845_firmwaresdw2500apq8096au_firmwaresd845sm7250psd720g_firmwaresw5100_firmwareqcs410_firmwaresm8475pSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-22103
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.46%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 09:41
Updated-03 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption in multimedia driver due to double free while processing data from user in Snapdragon Auto

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa8540psa9000psa8540p_firmwaresa9000p_firmwareSnapdragon Auto
CWE ID-CWE-415
Double Free
CVE-2022-22094
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.51%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 05:25
Updated-03 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

memory corruption in Kernel due to race condition while getting mapping reference in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3991_firmwarewcn3991wsa8830wcd9380_firmwaresd780gsd865_5gqca6431_firmwaresdx55m_firmwarewcn6856_firmwaresd888wsa8835wcd9380sd765g_firmwaresd888_5gqca6420_firmwareqca6390_firmwarewcd9370wcn6855_firmwaresm8475p_firmwaresm7325pqca6426qrb5165n_firmwareqca6430_firmwarewcn6750wcn3998sd_8cx_firmwarewcd9385_firmwaresdxr2_5g_firmwaresd_8cx_gen2_firmwaresd_8_gen1_5g_firmwarewcd9340_firmwarewsa8815sm7325p_firmwareqsm8350_firmwarewcn6850qsm8350sd765qca6426_firmwaresm7315_firmwarewcn7850sd768g_firmwarewcd9375_firmwarewcn3998_firmwareqrb5165msm7315sm7250p_firmwareqca6391sdx55mqca6420qca6436_firmwareqrb5165nqca6421_firmwaresm8475_firmwaresm7450_firmwareaqt1000_firmwaresd778gwcn6740_firmwaresd_8cx_gen2wcn7851qcs6490qrb5165_firmwareqrb5165m_firmwaresdxr2_5gqcm6490_firmwarewsa8832_firmwareqrb5165wcn6851_firmwareqca6430qca6421sd778g_firmwarewcd9340wsa8810_firmwaresd765gwcd9341_firmwarewsa8810sd765_firmwaresd870qca6436wcn6851wsa8832wcn6855wcn7851_firmwarewcn6856wcd9385wcd9341sd768gqca6431qcs6490_firmwaresd870_firmwarewcn6740qca6391_firmwareqca6390wcd9375sd_8cxaqt1000sd780g_firmwarewcd9370_firmwaresd888_firmwarewsa8830_firmwaresd865_5g_firmwareqcm6490sd888_5g_firmwarewcn6850_firmwarewcn7850_firmwarewsa8815_firmwarewsa8835_firmwaresm7250psm7450sm8475wcn6750_firmwaresm8475pSnapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2020-3624
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.81%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-04 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'A potential buffer overflow exists due to integer overflow when parsing handler options due to wrong data type usage in operation' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCN7605, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwarekamorta_firmwaremdm9635m_firmwaremdm9640_firmwareqcm2150_firmwareqcs610sdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632sdx24sdm439mdm9650sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996aumdm9645sdm429w_firmwaresm7150apq8009_firmwaremsm8917sdm670qcs605_firmwaresc8180xmdm9206sdm670_firmwaresdx24_firmwaresdm636sda845_firmwaresa415mmdm9635mapq8098qcn7605mdm9615mdm9205mdm9206_firmwaresa515mqcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaremsm8905_firmwaresda660sdx55_firmwaresxr1130_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwaresda845nicobarsdm850_firmwaremsm8920msm8953sdm450sdm636_firmwaresdm845_firmwaresa515m_firmwareapq8098_firmwaresdx20msm8998_firmwareqcm2150msm8920_firmwaresdm630mdm9607_firmwaresdm660mdm9655_firmwaresc8180x_firmwaresa415m_firmwaresdm710qm215sc7180_firmwaremdm9607mdm9645_firmwareapq8017_firmwaremdm9625_firmwaresdm710_firmwareqcn7605_firmwareqcs610_firmwaremdm9150msm8937mdm9207c_firmwaremsm8905mdm9207csm8150_firmwaremsm8909mdm9655apq8096ausdm439_firmwarerennellsc7180sdm630_firmwaremdm9205_firmwaresda660_firmwaremdm9625rennell_firmwareqm215_firmwaresdx55msm8953_firmwaremsm8940saipan_firmwaresm6150_firmwareapq8053msm8917_firmwareapq8096au_firmwaremsm8998sm8150sdx20_firmwaresdm850mdm9615_firmwarekamortaapq8017saipannicobar_firmwaresdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-22099
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.05% / 16.03%
||
7 Day CHG~0.00%
Published-02 Sep, 2022 | 11:31
Updated-03 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption in multimedia due to improper validation of array index in Snapdragon Auto

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa8540psa9000psa8540p_firmwaresa9000p_firmwareSnapdragon Auto
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2022-22090
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.04% / 12.29%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 09:40
Updated-03 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption in audio due to use after free while managing buffers from internal cache in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sm8475_firmwaresm7450_firmwarewcd9380_firmwarewsa8830sdx65_firmwarewcn7851wsa8832_firmwaresd865_5gwcn6851_firmwarewcn6856_firmwaresdx65wsa8835wsa8810_firmwarewcd9380sd888_5gwsa8810wsa8832wcn6855wcn6851wcd9370wcn7851_firmwarewcn6856wcn6855_firmwarewcd9385wcn6750wcd9385_firmwarewcd9375wcd9370_firmwarewcn6750_firmwaresd_8_gen1_5g_firmwarewsa8815wcn6850wsa8830_firmwaresd865_5g_firmwarewsa8815_firmwaresd888_5g_firmwarewcn6850_firmwarewcn7850_firmwarewcn7850wsa8835_firmwaresm7450wcd9375_firmwaresm8475sm8475p_firmwaresm8475pSnapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
CWE ID-CWE-416
Use After Free
CVE-2022-22095
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.09% / 26.24%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 05:25
Updated-03 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption in synx driver due to use-after-free condition in the synx driver due to accessing object handles without acquiring lock in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcm2290_firmwarewcn3991_firmwarewcn3991wsa8830wcd9380_firmwareqcs2290_firmwaresd865_5gsdx55m_firmwarewsa8835qcs4290wcn3950_firmwarewcd9380sd765g_firmwareqcs2290qca6390_firmwaresd690_5gwcd9370sd690_5g_firmwareqca6426qrb5165n_firmwarewcn3998sd439_firmwarewcd9385_firmwaresdxr2_5g_firmwarewcn3950sm4125wcd9326_firmwarewcn3615_firmwaresd855sm4125_firmwarewcn6850wsa8815sd662wcn3910sd460_firmwaresd765qca6426_firmwarewcn3680b_firmwaresdx55_firmwaresd768g_firmwarewcd9375_firmwarewcn3615wcn3998_firmwareqrb5165msm7250p_firmwaresd460qca6391sdx55mapq8053_firmwareqca6436_firmwareqrb5165nsd680_firmwaremsm8953qcm4290qrb5165_firmwareqrb5165m_firmwaresdxr2_5gqrb5165wcn6851_firmwaresd662_firmwarewcn3988_firmwarewsa8810_firmwaresd765gwcd9341_firmwareqcm4290_firmwaresd765_firmwaresd870qca6436sd680wcd9326wcn6851wsa8810wcn3680bqcs4290_firmwarewcd9385wcd9341sd768gsd750gsd870_firmwareqca6391_firmwareqca6390wcd9375sd750g_firmwarewcn3910_firmwarewcd9370_firmwaresdx55msm8953_firmwareapq8053wsa8830_firmwaresd855_firmwaresd865_5g_firmwaresd439wcn3988wcn6850_firmwarewsa8815_firmwarewsa8835_firmwaresm7250pqcm2290Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-416
Use After Free
CVE-2020-3623
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.75%
||
7 Day CHG~0.00%
Published-02 Jun, 2020 | 15:05
Updated-04 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

kernel failure due to load failures while running v1 path directly via kernel in Snapdragon Mobile in SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sm8250sxr2130sm8250_firmwaresxr2130_firmwareSnapdragon Mobile
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3647
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.81%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-04 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Potential buffer overflow when accessing npu debugfs node "off"/"log" with large buffer size' in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, QCS405, SC8180X, SDX55, SM6150, SM7150, SM8150

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcs405sm7150_firmwaresm6150_firmwaresm6150sdx55mdm9607sm8150_firmwaresm8150qcs405_firmwaresdx55_firmwaresm7150mdm9607_firmwaresc8180xsc8180x_firmwareSnapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-3648
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.05%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-04 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Possible out of bound write in DSP driver code due to lack of check of data received from user' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-msm8909w_firmwaremsm8909wSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3613
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.55%
||
7 Day CHG~0.00%
Published-22 Jun, 2020 | 07:10
Updated-04 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free issue in kernel memory mapping due to lack of memory protection mechanism in Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice & Music in SM8150

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sm8150sm8150_firmwareSnapdragon Compute, Snapdragon Mobile, Snapdragon Voice & Music
CWE ID-CWE-415
Double Free
CVE-2020-3694
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.22%
||
7 Day CHG~0.00%
Published-02 Nov, 2020 | 06:21
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Use out of range pointer issue can occur due to incorrect buffer range check during the execution of qseecom' in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice & Music in Bitra, Nicobar, Saipan, SM6150, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sxr2130saipan_firmwaresm6150_firmwaresm6150sm8250bitra_firmwaresm8150_firmwaresm8150sxr2130_firmwarebitranicobar_firmwaresaipansm8250_firmwarenicobarSnapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice & Music
CVE-2020-3629
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.05%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-04 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Stack out of bound issue occurs when making query to DSP capabilities due to wrong assumption was made on determining the buffer size for the DSP attributes' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Bitra, Kamorta, Rennell, SC7180, SDM845, SM6150, SM7150, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-kamorta_firmwaresm8150_firmwaresxr2130_firmwarerennellsc7180bitrasdm845rennell_firmwaresm8250_firmwaresm7150_firmwaresm6150_firmwaresm8250sm6150sc7180_firmwarebitra_firmwaresm8150kamortasm7150sxr2130sdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-3693
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.22%
||
7 Day CHG~0.00%
Published-02 Nov, 2020 | 06:21
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Use out of range pointer issue can occur due to incorrect buffer range check during the execution of qseecom.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8098, Bitra, MSM8909W, MSM8996AU, Nicobar, QCM2150, QCS605, Saipan, SDM429W, SDX20, SM6150, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcm2150_firmwaresdm429wmsm8996au_firmwareapq8098_firmwaresdx20qcm2150sm8250_firmwaresm6150msm8909w_firmwaremsm8996ausdm429w_firmwareapq8017_firmwareapq8009apq8009_firmwaresxr2130qcs605_firmwaresm8150_firmwaresxr2130_firmwarebitraapq8098qcs605apq8053saipan_firmwaresm6150_firmwaresm8250bitra_firmwaresm8150sdx20_firmwareapq8017nicobar_firmwaremsm8909wsaipanapq8053_firmwarenicobarSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-3636
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.05%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-04 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Out of bound writes happen when accessing usage_table header entry beyond the memory allocated for the header' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, QCS610, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-kamorta_firmwareqcs404sxr2130_firmwareqcs610rennellsc7180rennell_firmwareqcs404_firmwaresm8250_firmwaresdx55sm7150_firmwaresm6150_firmwaresm8250sm6150sc7180_firmwarekamortasm7150sdx55_firmwareqcs610_firmwaresxr2130Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
CVE-2020-3701
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.69%
||
7 Day CHG~0.00%
Published-30 Jul, 2020 | 11:40
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free issue while processing error notification from camx driver due to not properly releasing the sequence data in Snapdragon Mobile in Saipan, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-saipan_firmwaresm8250sxr2130_firmwaresaipansxr2130sm8250_firmwareSnapdragon Mobile
CWE ID-CWE-416
Use After Free
CVE-2020-3656
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.75%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 06:25
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound access can happen in MHI command process due to lack of check of command channel id value received from MHI devices in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, Kamorta, MDM9607, MSM8917, MSM8953, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-kamorta_firmwaresa6155p_firmwareqcm2150_firmwaremsm8953sdm450sdm429wsdm632_firmwaresdm845sdm450_firmwaresdm632qcm2150sdm439mdm9607_firmwaresm8250_firmwaresc8180x_firmwaresdm429qcs405sm7150_firmwaresa8155p_firmwareqm215mdm9607sdm710sdm429w_firmwaresm6150sdm710_firmwaresm7150apq8009_firmwaremsm8917sa6155psxr2130qcs605_firmwaresc8180xsm8150_firmwaresxr2130_firmwaresdm439_firmwareqcs405_firmwarerennellrennell_firmwareqm215_firmwareqcs605sdx55msm8953_firmwaresa8155psaipan_firmwaresm6150_firmwaremsm8917_firmwaresdm429_firmwaresm8250sm8150kamortasdx55_firmwarenicobar_firmwareapq8009saipannicobarsdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-3690
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.75%
||
7 Day CHG~0.00%
Published-02 Nov, 2020 | 06:21
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Due to an incorrect SMMU configuration, the modem crypto engine can potentially compromise the hypervisor' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Agatti, Bitra, Kamorta, Nicobar, QCA6390, QCS404, QCS605, QCS610, Rennell, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC7180, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm850_firmwarekamorta_firmwaresa6155p_firmwareqcs610sa515m_firmwaresdm845sdx24qcs404_firmwaresm8250_firmwaresc8180x_firmwaresa415m_firmwaresm7150_firmwaresa8155p_firmwaresc7180_firmwaresdm710agatti_firmwaresm6150sdm710_firmwaresm7150qca6390_firmwaresa6155psdm670qcs610_firmwaresxr2130qcs605_firmwaresc8180xsdm670_firmwareqcs404sdx24_firmwaresm8150_firmwaresxr2130_firmwaresda845_firmwarerennellsa415msc7180bitrarennell_firmwareqca6390sa515mqcs605sdx55sa8155psaipan_firmwaresm6150_firmwaresm8250bitra_firmwaresm8150sdm850sxr1130_firmwarekamortasdx55_firmwarenicobar_firmwaresaipansxr1130agattisda845nicobarsdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CVE-2020-3626
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.59%
||
7 Day CHG~0.00%
Published-22 Jun, 2020 | 07:10
Updated-04 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Any application can bind to it and exercise the APIs due to no protection for AIDL uimlpaservice in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632sdm439sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996ausdm429w_firmwaresm7150msm8917sdm670sxr2130qcs605_firmwaresdm670_firmwaresdm636apq8098qcs605msm8937_firmwaresdm429_firmwaremsm8905_firmwareqca6574au_firmwaresda660sxr1130_firmwaresxr1130msm8909wapq8053_firmwarenicobarmsm8920msm8953sdm450sdm636_firmwareapq8098_firmwaremsm8998_firmwaresdm660msm8920_firmwaresdm630sm8250_firmwareqca6574ausdm710qm215sdm710_firmwaremsm8937msm8905sm8150_firmwaresxr2130_firmwareapq8096ausdm439_firmwarerennellsdm630_firmwaresda660_firmwarerennell_firmwareqm215_firmwaremsm8940apq8053apq8096au_firmwaremsm8953_firmwaresaipan_firmwaremsm8917_firmwaresm6150_firmwaremsm8998sm8150sm8250nicobar_firmwaresaipansdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-3678
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.16% / 37.48%
||
7 Day CHG~0.00%
Published-02 Nov, 2020 | 06:21
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'A buffer overflow could occur if the API is improperly used due to UIE init does not contain a buffer size a param' in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Agatti, Kamorta, QCS404, QCS605, SDA845, SDM670, SDM710, SDM845, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-kamorta_firmwaresdm670_firmwareqcs404sda845_firmwaresdm845agattiqcs605qcs404_firmwaresdm710agatti_firmwaresdm710_firmwaresxr1130_firmwarekamortasxr1130sdm670qcs605_firmwaresda845sdm845_firmwareSnapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-3622
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.20%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-04 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Channel name string which has been read from shared memory is potentially subjected to string manipulations but not validated for NULL termination can results into memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwaremdm9640_firmwareqcs610sdm632sdm450_firmwareqcs404_firmwaremdm9650mdm9645apq8009_firmwaremsm8917sdm670qcs605_firmwaresda845_firmwaresa415mbitraapq8098qcn7605mdm9206_firmwarebitra_firmwaremsm8905_firmwaresda660sdx55_firmwareqca8081_firmwaresxr1130apq8053_firmwaresda845sa6155p_firmwaresdm450sdm636_firmwareapq8098_firmwaremsm8998_firmwaresdm630mdm9607_firmwaresm8250_firmwaremdm9655_firmwaresa415m_firmwareqcs405qm215sc7180_firmwareapq8017_firmwaresdm710_firmwaresa6155pqca8081msm8937msm8905sm8150_firmwaremsm8909sxr2130_firmwaremdm9655rennellsc7180msm8953_firmwaresaipan_firmwaresm6150_firmwaremsm8917_firmwaremsm8998sm8150sdx20_firmwaresdm850kamortaapq8017msm8996saipanmdm9640kamorta_firmwareqcm2150_firmwaresdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdx24sdm439sdm429msm8940_firmwaresm7150_firmwaresm6150msm8996ausdm429w_firmwaresm7150sxr2130sc8180xmdm9206sdm670_firmwareqcs404sdx24_firmwareipq8074sdm636ipq6018_firmwaremdm9205qcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaresxr1130_firmwareapq8009msm8909_firmwarenicobarsdm850_firmwaremsm8920msm8953sdx20qcm2150sdm660msm8920_firmwaresc8180x_firmwareipq8074_firmwaresdm710mdm9607mdm9645_firmwareqcn7605_firmwareqcs610_firmwaremdm9150msm8996_firmwareipq6018apq8096ausdm439_firmwareqcs405_firmwaresdm630_firmwaremdm9205_firmwaresda660_firmwarerennell_firmwareqm215_firmwaresdx55msm8940apq8053sm8250apq8096au_firmwarenicobar_firmwaresdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-3666
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.09% / 27.26%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Out of bounds memory access during memory copy while processing Host command' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996AU, MSM8998, QCA6174A, QCA6574, QCA6574AU, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, QCN5500, QCN5502, QCS404, QCS405, QCS605, SA6155P, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwareqcn5500mdm9640_firmwareqca9980_firmwaremsm8996au_firmwaresdm845sdx24qca9563_firmwareqcs404_firmwaremdm9650qca9558qca9558_firmwareqca6574msm8996auqca9880_firmwareapq8009_firmwaresdm670qcs605_firmwareipq4019_firmwaremdm9206qca9379_firmwareqca6174asdm670_firmwareqcs404sdx24_firmwareqca6584au_firmwareipq8074sdm636sda845_firmwareqca9377apq8098ipq6018_firmwaremdm9206_firmwareqca9563qca6574_firmwareqca9886qcn5502_firmwareqcs605mdm9650_firmwareqca6574au_firmwareipq8064sxr1130_firmwareqca8081_firmwaresxr1130apq8009apq8053_firmwareipq8064_firmwaresda845sdm850_firmwareqca6584ausa6155p_firmwaresdm636_firmwaresdm845_firmwareapq8098_firmwaresdx20msm8998_firmwaresdm660sdm630mdm9607_firmwareqcn5502qcs405qca9531ipq8074_firmwareqca6574ausdm710mdm9607qca9980apq8017_firmwaresdm710_firmwareqca9880sa6155pqcn5500_firmwareqca8081mdm9207c_firmwareipq6018mdm9207cqca6174a_firmwareqca9886_firmwareapq8096auqcs405_firmwaresdm630_firmwareipq4019apq8053apq8096au_firmwaremsm8998sdx20_firmwaresdm850qca9531_firmwareapq8017qca9379sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-3625
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.75%
||
7 Day CHG~0.00%
Published-02 Jun, 2020 | 15:05
Updated-04 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When making query to DSP capabilities, Stack out of bounds occurs due to wrong buffer length configured for DSP attributes in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sm8250sxr2130sm8250_firmwaresxr2130_firmwareSnapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2002-0889
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.08% / 24.28%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Qpopper (popper) 4.0.4 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a long bulldir argument in the user's .qpopper-options configuration file.

Action-Not Available
Vendor-n/aQualcomm Technologies, Inc.
Product-qpoppern/a
CVE-2020-3630
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.05%
||
7 Day CHG~0.00%
Published-02 Jun, 2020 | 15:05
Updated-04 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possibility of out of bound access while processing the responses from video firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8917, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA415M, SA6155P, Saipan, SC8180X, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwarekamorta_firmwareqcm2150_firmwaremdm9640_firmwaresdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632sdx24sdm439mdm9650sdm429sm7150_firmwaresm6150msm8909w_firmwaremsm8996ausdm429w_firmwaresm7150apq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwaresc8180xmdm9206sdm670_firmwaresdx24_firmwaresdm636sa415mapq8098mdm9206_firmwareqcs605sdm429_firmwaremdm9650_firmwaresda660sdx55_firmwaresxr1130_firmwaresxr1130msm8909wapq8009apq8053_firmwarenicobarsa6155p_firmwaremsm8953sdm450sdm636_firmwaresdm845_firmwareapq8098_firmwaresdx20msm8998_firmwareqcm2150sdm660sdm630mdm9607_firmwaresm8250_firmwaresc8180x_firmwaresa415m_firmwareqcs405sdm710qm215mdm9607sdm710_firmwaresa6155pmdm9150mdm9207c_firmwaremsm8996_firmwaremdm9207csm8150_firmwaresxr2130_firmwareapq8096ausdm439_firmwareqcs405_firmwarerennellsdm630_firmwaresda660_firmwarerennell_firmwareqm215_firmwaresdx55msm8953_firmwareapq8053saipan_firmwaresm6150_firmwareapq8096au_firmwaremsm8917_firmwaresm8250msm8998sm8150sdx20_firmwarekamortamsm8996saipannicobar_firmwaresdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2020-3684
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.93%
||
7 Day CHG~0.00%
Published-02 Nov, 2020 | 06:21
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'QSEE reads the access permission policy for the SMEM TOC partition from the SMEM TOC contents populated by XBL Loader and applies them without validation' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, APQ8098, Bitra, IPQ6018, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8998, Nicobar, QCA6390, QCS404, QCS405, QCS605, QCS610, Rennell, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwarekamorta_firmwareqcs610sdm845sdx24qcs404_firmwaremdm9650sm7150_firmwaresm6150agatti_firmwaresm7150qca6390_firmwareapq8009_firmwaresdm670sxr2130qcs605_firmwaresc8180xmdm9206sdm670_firmwareqcs404sdx24_firmwaresdm636sda845_firmwaresa415mbitraapq8098ipq6018_firmwaremdm9205mdm9206_firmwaresa515mqcs605bitra_firmwaremdm9650_firmwaremsm8905_firmwaresda660sdx55_firmwaresxr1130_firmwaresxr1130apq8009agattisda845nicobarsdm850_firmwaresa6155p_firmwaresdm636_firmwaresa515m_firmwareapq8098_firmwaresdx20msm8998_firmwaresdm660sdm630mdm9607_firmwaresm8250_firmwaresc8180x_firmwaresa415m_firmwareqcs405sa8155p_firmwaresc7180_firmwaresdm710mdm9607sdm710_firmwaresa6155pqcs610_firmwaremdm9150msm8905ipq6018sm8150_firmwaresxr2130_firmwareqcs405_firmwarerennellsc7180sdm630_firmwaremdm9205_firmwaresda660_firmwarerennell_firmwareqca6390sdx55saipan_firmwaresm6150_firmwaresa8155psm8250msm8998sm8150sdx20_firmwaresdm850kamortasaipannicobar_firmwaresdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CVE-2020-3635
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.05%
||
7 Day CHG~0.00%
Published-22 Jun, 2020 | 07:10
Updated-04 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack based overflow If the maximum number of arguments allowed per request in perflock exceeds in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, Saipan, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcm2150_firmwaresdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632sdm439sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996ausdm429w_firmwaresm7150msm8917sdm670sxr2130qcs605_firmwaresdm670_firmwaresdm636apq8098qcs605msm8937_firmwaresdm429_firmwaresxr1130_firmwaresxr1130msm8909wapq8053_firmwarenicobarmsm8920msm8953sdm450sdm636_firmwareapq8098_firmwaremsm8998_firmwareqcm2150msm8920_firmwaresdm630sdm660sm8250_firmwaresdm710qm215sdm710_firmwaremsm8937sm8150_firmwaresxr2130_firmwareapq8096ausdm439_firmwarerennellsdm630_firmwarerennell_firmwareqm215_firmwaremsm8940apq8053apq8096au_firmwaremsm8953_firmwaresaipan_firmwaremsm8917_firmwaresm6150_firmwaremsm8998sm8150sm8250nicobar_firmwaresaipansdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25656
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.06% / 19.69%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 05:25
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible integer overflow and memory corruption due to improper validation of buffer size sent to write to console when computing the payload size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwarewcn3991_firmwarewsa8830qca8337sdx65wcn3950_firmwareqca6595au_firmwareqca6390_firmwarewcd9370qca6426qca9377wcn3998wcd9385_firmwaresdxr2_5g_firmwarewcn3950wcd9326_firmwaresd_8_gen1_5g_firmwaresd460_firmwaresm7315_firmwarewcn7850qca6574au_firmwareqca6595auqca8081_firmwaresdx12_firmwarewcd9375_firmwarewcn3998_firmwareqca6436_firmwaresm7450_firmwaresd778gsa6155p_firmwarewcn7851qcs6490sdxr2_5gwcn3988_firmwaresd778g_firmwaresa8195pwsa8810_firmwaresw5100qca6436wcd9326wcd9335sa6155pwcn6851qca8081wcn7851_firmwareqca6174a_firmwarewcd9385wcd9341qca6696_firmwareqcs6490_firmwaresd870_firmwareqca6390ar8035wcd9375wsa8830_firmwaresd865_5g_firmwareqcm6490sd888_5g_firmwarewcn3988wcn6850_firmwarewcn7850_firmwarewsa8815_firmwaresa8195p_firmwaresm7450wsa8835_firmwaresm8475wcn6750_firmwarewcn3991qca8337_firmwarewcd9380_firmwaresw5100psd780gsd865_5gsdx55m_firmwarewcn6856_firmwaresd888wsa8835qca6574wcd9380sd888_5gqca6574awcn6855_firmwareqca6174asm7325pwcd9335_firmwarewcn3980wcn6750qca6574_firmwarewsa8815sm7325p_firmwarewcn6850qca6426_firmwareqca6574a_firmwaresd695wcn3980_firmwaresm7315sd460qca6391sdx55msm8475_firmwarewcn6740_firmwaresdx65_firmwareqcm6490_firmwarewsa8832_firmwaresd480_firmwarewcn6851_firmwareqca6574ausa8155p_firmwarewcd9341_firmwaresd480sd870wsa8810wcn6855wsa8832sw5100p_firmwarewcn6856sd695_firmwarewcn6740qca6696qca6391_firmwaresd780g_firmwarewcd9370_firmwaresd888_firmwaresa8155psw5100_firmwaresdx12sm8475p_firmwarear8035_firmwaresm8475pSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-3618
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.75%
||
7 Day CHG~0.00%
Published-02 Jun, 2020 | 15:05
Updated-04 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NULL exception due to accessing bad pointer while posting events on RT FIFO in Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, QCA8081, SC8180X, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-ipq6018ipq8074_firmwaresxr2130_firmwareipq8074qca8081_firmwareipq6018_firmwareqca8081sxr2130sc8180xsc8180x_firmwareSnapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-416
Use After Free
CVE-2020-3611
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.05%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-04 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'XBL SEC clears only ZI region when loading Qualcomm-signed segments can lead to improper access issue' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in APQ8098, Kamorta, MSM8998, QCS404, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm850_firmwarekamorta_firmwaresdm670_firmwareqcs404sdm636_firmwaresdm636sda845_firmwaresdm660_firmwareapq8098_firmwaresdm630_firmwaresdm845apq8098sda660_firmwaremsm8998_firmwaresdm660sdm630qcs404_firmwareqcs605sdm710msm8998sdm850sdm710_firmwaresda660kamortasxr1130_firmwaresxr1130sdm670qcs605_firmwaresda845sdm845_firmwareSnapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
CVE-2020-3640
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.75%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-04 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Resizing the usage table header before passing all the checks leads to the function exiting with a usage table in invalid state when a HLOS adversary calls the function with wrong input' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Bitra, Kamorta, QCS404, QCS610, Rennell, Saipan, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-kamorta_firmwareqcs404sxr2130_firmwareqcs610rennellsc7180bitrarennell_firmwareqcs404_firmwaresm8250_firmwaresdx55sm7150_firmwaresaipan_firmwaresm6150_firmwaresm6150sc7180_firmwaresm8250bitra_firmwarekamortasm7150sdx55_firmwaresaipanqcs610_firmwaresxr2130Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CVE-2020-3632
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.75%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 10:00
Updated-04 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Incorrect validation of ring context fetched from host memory can lead to memory overflow' in Snapdragon Compute, Snapdragon Mobile in QSM8350, SC7180, SDX55, SDX55M, SM6150, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sm7125sm7250sxr2130p_firmwaresm6250p_firmwaresm7250_firmwaresm8350_firmwaresdx55m_firmwaresm8250_firmwaresm7150_firmwaresm6150sc7180_firmwaresm6250sm7150sm6250psm8350sxr2130sm8350p_firmwaresm8350psm7150psm8150_firmwaresm7150p_firmwaresxr2130_firmwaresxr2130psc7180sm7125_firmwaresm6250_firmwaresdx55qsm8350_firmwaresm6150_firmwaresm8250qsm8350sm8150p_firmwaresm8150sm7250psdx55_firmwaresm7250p_firmwaresdx55msm8150pSnapdragon Compute, Snapdragon Mobile
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2022-25724
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.11% / 29.63%
||
7 Day CHG~0.00%
Published-15 Nov, 2022 | 00:00
Updated-22 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption in graphics due to buffer overflow while validating the user address in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9380_firmwarewcn3615_firmwaremsm8996ausd429_firmwareqca6595au_firmwarequalcomm215_firmwaresd730qca6310apq8009mdm9607qca6696qca6421wcn7850qsm8250_firmwareqca6564ausdx24wcn3660bqca6426_firmwaresd632_firmwaresd720gsa6150psd460sd710_firmwaresd205_firmwaremsm8996au_firmwareapq8056sdx24_firmwarewsa8830wsa8815wcn3680bqca6430wcn3620_firmwaresd855qcs6490_firmwarewcd9340sdx55_firmwaresxr2150p_firmwaresdxr2_5g_firmwaremsm8976sg_firmwaresa4155p_firmwaremdm9650sd765g_firmwareqca6574amsm8108_firmwaresd865_5g_firmwareapq8017_firmwareqcm6125_firmwaresdm429w_firmwaresd835_firmwarewcn6750sa8295p_firmwaresm7325pmsm8917_firmwaresd_636_firmwaresd695_firmwareqcc5100sd_675qca6335sd625_firmwaremsm8108qcs405qca6595qca6431_firmwaremsm8208csra6640sd480_firmwareapq8064au_firmwareqca6430_firmwareqca8081sm7315_firmwaresm7325p_firmwareqca6584auapq8009wsd870mdm9150qca9367qca6390_firmwareqcn9024_firmwareqcn9011_firmwaresa6155_firmwarewcn6855qca6584_firmwareqcx315_firmwarewcn3910sd870_firmwareqcm6490_firmwaresm6250qcs8155sdm630_firmwareqca6431qca6595auwcd9370sd821_firmwareqcs4290_firmwaresd888_firmwarewcn3980sm4125_firmwaresd439_firmwaresm7315sd765_firmwaresd720g_firmwaresd765gsd670mdm9150_firmwaresdx55mmsm8208_firmwaremsm8917qam8295psd450wcn6850_firmwarewcn3660sm6250pwsa8810_firmwarewsa8815_firmwarewcn3991_firmwaresa8150psd625wcn6740msm8608_firmwareqca6436apq8064aumsm8952_firmwaresa8155psdxr1wsa8810msm8909wsdm630sw5100p_firmwareaqt1000_firmwareqcn9012wsa8835_firmwarewcd9335_firmwaresm7250p_firmwareapq8009_firmwareqca6391qcn9024wcn3998_firmwarecsra6620wcn6851sd778g_firmwarewcd9370_firmwaresd675qca6420_firmwaresd439wcn3660_firmwareqcx315qcc5100_firmwaresd210_firmwareqcm6125apq8052_firmwareqca4020_firmwaresdx12sd660csrb31024_firmwaresa4150p_firmwaresdm429wsdx20qcs610qualcomm215apq8052qca6391_firmwaresd205wcd9326_firmwareqcn9012_firmwaresm7250psa8155p_firmwarecsra6620_firmwarewcn3610sdx20_firmwaresa6145pwcn3910_firmwareqrb5165_firmwaremsm8209apq8017wcd9375sd750g_firmwaremsm8976_firmwareqca6696_firmwaresm6250p_firmwaresxr2150psd865_5gqca9377wcn3990_firmwarewcn3950_firmwarewcn3988sd778gwcd9371_firmwarewcn3615msm8976sd750gsd768g_firmwareqcs605msm8952wcn7851qca6310_firmwaresd710qcs8155_firmwareqca6436_firmwaresa8195p_firmwareqca4020qca9367_firmwaresd_636wcd9341_firmwaresd821sd632wcd9340_firmwaresd_675_firmwareqca6174a_firmwareqca6564a_firmwaresd855_firmwaresd662_firmwarewcd9371mdm9650_firmwaresdx50mqcs405_firmwareqcn6024_firmwareqcs6490sdx55sd460_firmwaremsm8956mdm9628wcn3610_firmwaresa6155qcm4290_firmwaremsm8976sgsd450_firmwaresd820wcn3660b_firmwaresm4375msm8909w_firmwaresdx20m_firmwarewcd9360_firmwareqrb5165m_firmwaresdw2500_firmwaresdw2500sa6145p_firmwaresd626sd768gwcn6740_firmwarewcn6856sd626_firmwaresm4125sda429w_firmwaresdx50m_firmwareapq8009w_firmwaresa6155pqca6390sa8150p_firmwaresd480wcd9330wcn7851_firmwaresa8145p_firmwaresw5100wcn6850sa8145psa415mwcn3950msm8608qca6320_firmwareqca6584au_firmwareqcm6490qcn6024qca6174awcd9335wcn3999sd835sd670_firmwarewcn3680b_firmwareqca6595_firmwareqrb5165nqca6421_firmwareqrb5165qca6574au_firmwaresd662qrb5165n_firmwaremdm9250_firmwareqam8295p_firmwareqca6564_firmwaresa8295pqcs610_firmwaremsm8956_firmwareqca6174qcm2290_firmwarewcd9380ar8031qcm4290wcn3680mdm9628_firmwaresd660_firmwaresd730_firmwaresd695qca6174_firmwarewcd9375_firmwaresd888sa6150p_firmwarear8035_firmwarewcn6856_firmwareaqt1000sdx12_firmwarear8035wcn6855_firmwareqsm8250qca6420wcd9360sd780g_firmwarewcn3680_firmwareqcm2290sdx65_firmwaremdm9250qcn9011sa515msd845_firmwaremdm9206sdxr1_firmwaresa515m_firmwaremdm9607_firmwarewcn3990apq8076sd429apq8076_firmwaresd690_5gqca8081_firmwarewsa8835wcn3998ar8031_firmwareapq8056_firmwareqca8337_firmwaremdm9206_firmwareqcs2290qrb5165msd820_firmwarewcd9385sd678qca6574auwcn7850_firmwaresdx65wcd9385_firmwareapq8096auwcn6750_firmwareqcs410_firmwaresd210sd680sd888_5gsd678_firmwareqca9379wcn3999_firmwareqcs6125sm4375_firmwarewcn3991qca6574csra6640_firmwareqca6574_firmwaresa415m_firmwareqca6564asdx20msa8195psd675_firmwareqca6574a_firmwaresda429wsa8155_firmwarewsa8830_firmwaresd888_5g_firmwareqca6320qca8337sd_8_gen1_5g_firmwaresm6250_firmwaresdxr2_5gwcd9341wcn3980_firmwareqcs2290_firmwarewcn6851_firmwarewcd9326sd680_firmwareqca9379_firmwaresa6155p_firmwaresa4150pqca9377_firmwareapq8096au_firmwaresw5100_firmwareqca6584sd780gqca6564au_firmwarecsrb31024qca6426qca6335_firmwaresdx55m_firmwareqcs6125_firmwaresd690_5g_firmwaresm8475sa8155wcn3620sd765qcs605_firmwareqca6564wcd9330_firmwarewcn3988_firmwareqcs4290msm8209_firmwaresa4155psw5100psd845qcs410Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-25717
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.26%
||
7 Day CHG~0.00%
Published-06 Jan, 2023 | 04:56
Updated-09 Apr, 2025 | 19:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use-After-Free Issue in Display

Memory corruption in display due to double free while allocating frame buffer memory

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwareqca8337_firmwaresda429w_firmwarewcn3990qcs610sdm429wmsm8996au_firmwareqca8337qca6564aumdm9650msm8996ausdm429w_firmwarewcn3950_firmwaremdm9250qca6420_firmwarequalcomm215qcs410wcd9370qca6574awcn3990_firmwareqca6430_firmwarewcd9335_firmwarewcn3980wcn3998wcn3950wcd9326_firmwaresa515mwcd9340_firmwarewcn3660bsd855wsa8815mdm9650_firmwarewcn3660b_firmwareqca6574a_firmwareqca6574au_firmwaresdx55_firmwarewcn3680b_firmwaresd835wcn3998_firmwarewcn3980_firmwaresdxr1_firmwarewcn3610_firmwareqca6420qca6391aqt1000_firmwareqca6564au_firmwareqcs8155sa515m_firmwaresd429qca6430qca6574auqcn9074sd205sd429_firmwaresa8155p_firmwaresd205_firmwarewcd9340qca6564a_firmwarewsa8810_firmwarequalcomm215_firmwarewcd9341_firmwarewsa8810wcd9326wcd9335sd210_firmwareqcs610_firmwaremdm9150wcn3680bsd835_firmwaremdm9250_firmwarewcd9341sdxr1apq8096auqca6391_firmwarewcd9370_firmwareaqt1000sdx55apq8096au_firmwaresa8155psda429wsd210sd855_firmwarewcn3620_firmwarewsa8815_firmwarewcn3620qcs8155_firmwareqcn9074_firmwareqcs410_firmwareqca6564awcn3610Snapdragon
CWE ID-CWE-415
Double Free
CVE-2022-25712
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 8.84%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-22 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption in camera due to buffer copy without checking size of input in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9380_firmwarewcd9340_firmwareqca6310qualcomm215_firmwarewsa8835mdm9150_firmwaresdx55msd855_firmwarewcn3998wcn6850_firmwarewsa8810_firmwarewsa8815_firmwarewcn3610_firmwareqca6436qca6426_firmwarewcn3660bwcn3660b_firmwaresd710_firmwareqcs410_firmwaresd205_firmwarewsa8810sdxr1sd210wcd9341_firmwarewsa8830sw5100p_firmwarewsa8815qca6390sda429w_firmwarewcn3680baqt1000_firmwarewsa8835_firmwareqca6430sw5100sd855qca6391wcn3998_firmwarewcd9340wcn6850wcn6851wcn3950wcd9370_firmwaresdxr2_5g_firmwareqca6420_firmwaresda429wqcc5100_firmwaresd210_firmwarewsa8830_firmwarewcn3680b_firmwaresdxr2_5gsd865_5g_firmwarewcd9341wcn3980_firmwarewcn6851_firmwarewcd9326qcs610qcs610_firmwarequalcomm215qca6391_firmwaresd205wcd9326_firmwareqcc5100wcd9380wcn3610qca6335sw5100_firmwareqca6430_firmwaresd865_5gqca6426sd870qca6335_firmwaresdx55m_firmwareaqt1000wcn3990_firmwarewcn3950_firmwarewcn3988mdm9150qca6390_firmwareqca6420wcn3988_firmwareqca6310_firmwaresd710sd870_firmwaresw5100psd845_firmwaresdxr1_firmwareqca6436_firmwaresd845wcd9370qcs410wcn3990wcn3980Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-25697
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.04% / 12.72%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-22 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption in i2c buses due to improper input validation while reading address configuration from i2c driver in Snapdragon Mobile, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd429wcd9380_firmwaresd429_firmwarewcn3980_firmwaresdm429w_firmwaresdm429wwsa8835wcd9380wcn3610_firmwarewcn3610wcn7850wcn3660bwcn7850_firmwarewcn3660b_firmwarewcn6856_firmwarewsa8830wcn6856sm8475sda429w_firmwarewcn3680bwsa8835_firmwarewcn7851_firmwarewcn3620_firmwarewcn3620wcn6855_firmwarewcn6855wcn7851sda429wwsa8830_firmwaresd_8_gen1_5g_firmwarewcn3680b_firmwarewcn3980Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25680
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.09% / 27.04%
||
7 Day CHG~0.00%
Published-02 Sep, 2022 | 11:31
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption in multimedia due to buffer overflow while processing count variable from client in Snapdragon Auto

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-msm8996au_firmwaremsm8996auSnapdragon Auto
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-25652
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9||CRITICAL
EPSS-0.07% / 20.43%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 05:25
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cryptographic issues in BSP due to improper hash verification in Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcn5024_firmwareqca6428_firmwareipq5018_firmwareqca8072qcn9070qcn9000ipq8072aqcn5550ipq8076a_firmwareipq8173_firmwareipq8078ipq8173qcn9012qcn5164qcn5124qca4024_firmwareqcn9072qcn6122_firmwarecsr8811_firmwareipq8078aipq5028_firmwareqcn5054_firmwareipq6000qcn5064qcn5154qca8075_firmwareqcn5024ipq8072ipq6005_firmwareqcn5152_firmwareqca9889qcn6132_firmwareipq8074qca8072_firmwareqcn9000_firmwareqca9888ipq5018qcn9012_firmwareqcn5052_firmwareipq8070a_firmwareipq8076aqcn6024_firmwareipq6018_firmwareipq8076_firmwareipq8074apmp8074_firmwareqcn6112qcn5124_firmwareipq8076qcn6100_firmwareqcn6102_firmwareqca6428qcn5021qcn5164_firmwareqcn5122_firmwareipq8071ipq6028qcn5152qca8081_firmwareqcn6023_firmwareqcn9024pmp8074qcn5550_firmwareqca6438_firmwareipq5010ipq6005ipq8070_firmwareqcn6102qcn9100ipq8078a_firmwareqcn5064_firmwareipq8174ipq5028ipq8078_firmwareipq8072_firmwareqcn5052qcn5054qcn9070_firmwareipq8070ipq6010ipq6028_firmwareipq8072a_firmwareqcn6112_firmwareipq8074_firmwareqcn9074qca9889_firmwareqcn5122qcn9024_firmwareipq8174_firmwareqcn6132qcn5121_firmwareqca8081ipq8071aqcn6023ipq6018qcn5022ipq8071a_firmwareqca9888_firmwareqcn6122ipq6010_firmwareqcn5154_firmwarecsr8811qca4024qcn9100_firmwareqca8075qcn5021_firmwareqcn9022_firmwareqcn6024qcn9022ipq8070aipq5010_firmwareipq8074a_firmwareqca6438qcn6100qcn9072_firmwareipq6000_firmwareqcn5121ipq8071_firmwareqcn9074_firmwareqcn5022_firmwareSnapdragon Wired Infrastructure and Networking
CWE ID-CWE-287
Improper Authentication
CVE-2023-43549
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.12% / 32.31%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 10:48
Updated-10 Jan, 2025 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack-based Buffer Overflow in WLAN HAL

Memory corruption while processing TPC target power table in FTM TPC.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcn6422ipq8070a_firmwarewcd9385_firmwareipq8070aipq6000qcf8001_firmwaresnapdragon_x75_5g_modem-rf_firmwareqcn9072_firmwaresnapdragon_x65_5g_modem-rf_firmwareqcn6132_firmwareqcc2076immersive_home_326_firmwaresnapdragon_8_gen_2_mobile_firmwareqcn6422_firmwareipq9574_firmwaresc8380xpwcd9395_firmwareqca6698aq_firmwarefastconnect_6900_firmwaresxr2230pqca8085qcf8000fastconnect_6900ipq8078aipq8071a_firmwareqcn9024_firmwaresdx55ipq9008qcn6122_firmwaresd865_5gqcn6432qam8775pqcn9274_firmwareqcn6132qcn9024ssg2115p_firmwareqca8085_firmwareqca6698aqipq6028_firmwareimmersive_home_3210qca8081_firmwarear8035_firmwareqcn6224_firmwareqcn9274snapdragon_x65_5g_modem-rfqcf8000_firmwareipq5332_firmwareipq6018_firmwareqcn9074qcn5022sc8380xp_firmwarecsr8811_firmwaresnapdragon_865\+_5g_mobileqcn6112qca8386ipq9570qca6696_firmwareqcn9013_firmwareqfw7124_firmwareqca6574aipq8076qcn9013qca6554a_firmwaresnapdragon_xr2_5gqca6574_firmwarefastconnect_7800ssg2125p_firmwareqam8255pqcn6024qca6595snapdragon_x75_5g_modem-rfwcn6740snapdragon_870_5g_mobilewcd9390qca6797aq_firmwareqcn6122wsa8810qca6426qcn6432_firmwaresnapdragon_ar2_gen_1sdx65mqca6595au_firmwareqcn9012_firmwarewsa8830_firmwareqcc710ipq6010qcc2076_firmwareqcn5024qca8337_firmwareqca6554aqcn5154_firmwaresnapdragon_865\+_5g_mobile_firmwareqca8084_firmwareqcn5122_firmwarewsa8810_firmwareipq8076_firmwaresdx65m_firmwareqcn5052ipq9008_firmwareqca8082_firmwarewcd9395immersive_home_326wsa8830qca8084sa7255pqcn6112_firmwareqca6564auqam8775p_firmwareqca6426_firmwareqca8081qca8075_firmwareqca6436ipq8078qcc2073fastconnect_6800ipq5302qcn6274wsa8815_firmwareimmersive_home_318ipq5332qca6595aufastconnect_7800_firmwareqcn9072qfw7114snapdragon_8\+_gen_2_mobile_firmwareqcn5164_firmwareipq8174sm8550p_firmwaressg2125psxr1230psnapdragon_865_5g_mobileqcn5052_firmwareqam8650pwcn6740_firmwareqca6574a_firmwaresnapdragon_8_gen_2_mobileqca4024ipq8173_firmwareipq8173qcn5154wcd9390_firmwareqca6436_firmwaressg2115pqcs8550qca6797aqwcd9385wcd9380qcn6412_firmwareqcn9100_firmwareqcn6402_firmwarewsa8815wsa8845ipq5312qam8650p_firmwareipq8078a_firmwareipq9554qcn5122qcn5152_firmwareqca6391qcn9070_firmwareipq5028qca6696qca9888_firmwareqca8075wsa8835qam8255p_firmwareqcf8001qcn9000snapdragon_8_gen_3_mobilesnapdragon_8_gen_3_mobile_firmwareqca6574auwcd9380_firmwaresnapdragon_ar2_gen_1_firmwarewsa8845hqcn9100qcn9012wsa8840ipq8076a_firmwareqcn9022qca0000immersive_home_316_firmwareimmersive_home_216qca6584auqca8386_firmwareipq5312_firmwaresnapdragon_870_5g_mobile_firmwarewcd9340sxr2230p_firmwareqcn9074_firmwareqca4024_firmwareqcn9022_firmwaresxr1230p_firmwareqca6584au_firmwareqcn6224ipq8078_firmwaresa7255p_firmwareipq6000_firmwarewsa8845h_firmwareqcc2073_firmwareipq8071aqcn5022_firmwareqcn6023_firmwareqfw7114_firmwarear8035qcn6402snapdragon_8\+_gen_1_mobile_firmwareipq5028_firmwareqcn9070sg8275pimmersive_home_214_firmwareipq8076aipq5010sg8275p_firmwareqcn5024_firmwareipq5302_firmwareipq8174_firmwaresnapdragon_8_gen_1_mobileqca6564au_firmwareipq6018qcn5152qcn6023immersive_home_214sm8550pipq8072aqca9889_firmwareimmersive_home_3210_firmwaresnapdragon_8_gen_1_mobile_firmwareqcm8550_firmwareqcn6024_firmwarewsa8845_firmwareqfw7124snapdragon_865_5g_mobile_firmwarewsa8832_firmwaresdx55_firmwareipq8072a_firmwareipq5010_firmwareipq9554_firmwareipq6028qcc710_firmwarewcd9340_firmwareqca8082qca9888ipq8074a_firmwareimmersive_home_216_firmwarewsa8832csr8811qcn5164qca6391_firmwareqca6595_firmwareqcn5124fastconnect_6800_firmwareqca6574au_firmwareqca8337immersive_home_318_firmwaresd865_5g_firmwareipq9570_firmwaresd_8_gen1_5gimmersive_home_316fastconnect_6700qcs8550_firmwareqca0000_firmwaresnapdragon_8\+_gen_1_mobileqca6574qcn5124_firmwaresd_8_gen1_5g_firmwaresnapdragon_8\+_gen_2_mobileipq9574qca9889snapdragon_xr2_5g_firmwareqcm8550wsa8835_firmwareipq8074awsa8840_firmwareqcn6274_firmwareqcn6412fastconnect_6700_firmwareipq6010_firmwareqcn9000_firmwareSnapdragonqcn6412_firmwareqca6574a_firmwarewsa8832_firmwareqcn5124_firmwareqcn9024_firmwareqcn9070_firmwarewsa8835_firmwareqcn6422_firmwarecsr8811_firmwaresnapdragon_8_gen_3_mobile_platform_firmwarefastconnect_6700_firmwareipq8076a_firmwareqcn9022_firmwareipq8076_firmwareipq8074a_firmwareqcn6224_firmwareqca8386_firmwareqcn5164_firmwareqcn5052_firmwareimmersive_home_3210_platform_firmwareqca6698aq_firmwareqca8081_firmwareqcn6402_firmwarewcd9385_firmwarefastconnect_7800_firmwarewsa8845h_firmwareqcm8550_firmwareipq8078_firmwaressg2125p_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqcn6024_firmwareqca6436_firmwareipq8070a_firmwareqca6595_firmwareipq5302_firmwareqca0000_firmwareqcn5152_firmwareqam8650p_firmwareqcn6274_firmwaresa7255p_firmwareqcn6432_firmwareimmersive_home_316_platform_firmwaresnapdragon_8_gen_2_mobile_platform_firmwareqcn5024_firmwareqcc2073_firmwareqca9889_firmwareipq8173_firmwareqcn9012_firmwareipq6018_firmwareqcn9100_firmwareipq9554_firmwarewcd9340_firmwarear8035_firmwareqca8084_firmwarefastconnect_6800_firmwareqcn5022_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewsa8845_firmwareqcf8001_firmwareqcc710_firmwareqca8075_firmwareqca6574au_firmwareqcf8000_firmwareqcn9274_firmwareipq8071a_firmwareqcn9074_firmwarewcn6740_firmwaresd_8_gen1_5g_firmwareqcn5122_firmwareqcs8550_firmwareipq5312_firmwaresdx65m_firmwareqca6564au_firmwareqca4024_firmwaresnapdragon_xr2_5g_platform_firmwareqcn9000_firmwareqca6696_firmwareimmersive_home_326_platform_firmwareqcn6122_firmwareimmersive_home_318_platform_firmwareqcn9013_firmwareqca8337_firmwareipq6000_firmwareqcn5154_firmwareqca6595au_firmwarewcd9390_firmwaresm8550p_firmwareqca6554a_firmwaresnapdragon_ar2_gen_1_platform_firmwareipq9570_firmwareipq8078a_firmwarewcd9395_firmwaresxr1230p_firmwareqcn9072_firmwareqfw7124_firmwareqca6391_firmwareqcc2076_firmwareipq8174_firmwareipq6010_firmwarefastconnect_6900_firmwarewsa8840_firmwareqca9888_firmwarewcd9380_firmwareqca6584au_firmwareqam8775p_firmwaresnapdragon_8_gen_1_mobile_platform_firmwarewsa8810_firmwareimmersive_home_216_platform_firmwareipq9008_firmwareqfw7114_firmwaresnapdragon_865_5g_mobile_platform_firmwarewsa8830_firmwareqca8085_firmwaresxr2230p_firmwaressg2115p_firmwareqca6574_firmwaresg8275p_firmwareqcn6112_firmwareqcn6023_firmwareipq5028_firmwareipq6028_firmwarewsa8815_firmwareipq8072a_firmwareipq9574_firmwareqca6797aq_firmwareipq5010_firmwaresd865_5g_firmwareqca6426_firmwaresc8380xp_firmwaresdx55_firmwareqca8082_firmwareipq5332_firmwareimmersive_home_214_platform_firmwareqam8255p_firmwareqcn6132_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25677
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.27%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-22 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption in diag due to use after free while processing dci packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9380_firmwareqcn9072_firmwaremsm8996auqca6310qca6595au_firmwareqcn9000qualcomm215_firmwaresd429_firmwaresd730ipq6028qcn9070qcn5122qsm8250_firmwareqca6564auqca6426_firmwarewcn3660bsd720gipq8078asd205_firmwaremsm8996au_firmwareqca9889_firmwareqcn5124wsa8815ipq9008wcn3680bqca6430wcn3620_firmwaresd855ipq9008_firmwarewcd9340sdx55_firmwaresdxr2_5g_firmwareqcn5022_firmwaremdm9650qca8072qca6574asd865_5g_firmwaresdm429w_firmwaresd835_firmwareqcn5024ipq4019_firmwareqca9994qca6335sd_675qcn5024_firmwareqca6595qca6430_firmwareqca8081sd870ipq6018mdm9150ipq5018_firmwareipq9574qca6390_firmwareqcn9024_firmwareipq4028_firmwareipq8072aipq8070aipq8070a_firmwareqca9880_firmwaresd870_firmwaresm6250qcs8155ipq8078_firmwareipq4019qca6595auwcd9370wcn3980qcn5152qca9992qcn9022sd720g_firmwareipq8065_firmwareqca9985_firmwaremdm9150_firmwareqca9888_firmwaresdx55mwcn6850_firmwareqcn9274wsa8810_firmwarewsa8815_firmwarewcn3991_firmwareipq8078ipq8076aqca6436ipq8071aqca4024sa8155pwsa8810aqt1000_firmwareqcn9012ipq8076wcd9335_firmwareqcn5154_firmwarear9380_firmwareqca6391qcn9024qcn5052_firmwarewcn3998_firmwarewcn6851wcd9370_firmwaresd675qca6420_firmwareipq8074aqcn6023_firmwaresd210_firmwareipq4028qca9886_firmwareqca7500_firmwareipq8174ipq8064_firmwareqcn6122sdm429wipq8070qcs610qualcomm215qca6391_firmwaresd205qcn9012_firmwaresa8155p_firmwaresa6145pwcn3610wcd9375ipq8076_firmwareqca9980_firmwaresd865_5gwcn3990_firmwarewcn3950_firmwarewcn3988ipq8071a_firmwareqca9980qca6310_firmwareqcs8155_firmwareqca6436_firmwareqcn5021_firmwarewcd9341_firmwareipq8074a_firmwareqca9886ipq6000_firmwareqcn6102ipq4018wcd9340_firmwaresd_675_firmwareqca6564a_firmwareqcn5021sd855_firmwareqcn5054_firmwaremdm9650_firmwareqca9889sdx50mqcn6024_firmwaresdx55ipq5018wcn3610_firmwareqca9990wcn3660b_firmwareqca7500sa6145p_firmwareipq5028_firmwareqca6390sda429w_firmwaresdx50m_firmwareipq5010_firmwaresa6155pqca4024_firmwarewcn6850csr8811wcn3950ipq6018_firmwareqca6320_firmwareqcn9100_firmwareqcn5122_firmwareqcn6024wcd9335ipq8078a_firmwaresd835wcn3680b_firmwareqca6595_firmwareipq6010qca6574au_firmwareipq4029_firmwareqca6564_firmwareqcs610_firmwareqcn9074qcn9274_firmwareqcn5054wcd9380qcn6102_firmwareqcn5052sd730_firmwareipq8064wcd9375_firmwareipq8070_firmwareqca9880qcn6132_firmwareaqt1000qcn5152_firmwareqcn6100_firmwareqca9985qcn6112qca8072_firmwareqsm8250qca6420qca9898_firmwareqcn5124_firmwaresa515msd845_firmwaresa515m_firmwareqcn5164_firmwareqca9994_firmwarewcn3990sd429ipq6028_firmwareqcn6023qca8081_firmwareqca9984ipq8068wcn3998csr8811_firmwareqca8337_firmwareqca9898qca8075_firmwareqcn5164qcn6122_firmwareqca9990_firmwareipq8068_firmwareipq8072a_firmwaresd678qca6574auqcn6112_firmwareipq4029ipq9574_firmwareapq8096auqcs410_firmwareqcn9000_firmwaresd210ipq8173_firmwareipq8065qcn9070_firmwarepmp8074qca8075pmp8074_firmwaresd678_firmwareipq6010_firmwareqca9984_firmwarewcn3991ipq8076a_firmwarear9380qca6564asd675_firmwareqca6574a_firmwareqca9888sda429wqca6320ipq8174_firmwareqca8337sm6250_firmwareqcn6100sdxr2_5gqcn6132wcd9341wcn3980_firmwarewcn6851_firmwareipq4018_firmwaresa6155p_firmwareqcn9074_firmwareqca9992_firmwareqcn5154apq8096au_firmwareipq8173qcn9072qca6564au_firmwareqca6426qca6335_firmwaresdx55m_firmwareqcn9100qcn5022ipq6000wcn3620qca6564ipq5010wcn3988_firmwareqcn9022_firmwareipq5028sd845qcs410Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 28
  • 29
  • Next
Details not found