CVE-2019-2238 | ByteOS Network

Vulnerability Details :

CVE-2019-2238

Assigner-qualcomm

Assigner Org ID-2cfc7d3e-20d3-47ac-8db7-1b7285aff15f

Published At-25 Jul, 2019 | 16:33

Updated At-04 Aug, 2024 | 18:42

Lack of check of data type can lead to subsequent loop-expression potentially go negative and the condition will still evaluate to true leading to buffer underflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 8CX, SXR1130

EPSS History

Score

Latest Score

-

N/A

Percentile

Latest Percentile

-

N/A

▼Common Vulnerabilities and Exposures (CVE)

Assigner:qualcomm

Assigner Org ID:2cfc7d3e-20d3-47ac-8db7-1b7285aff15f

Published At:25 Jul, 2019 | 16:33

Updated At:04 Aug, 2024 | 18:42

▼CVE Numbering Authority (CNA)

Lack of check of data type can lead to subsequent loop-expression potentially go negative and the condition will still evaluate to true leading to buffer underflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 8CX, SXR1130

Affected Products

Vendor

Qualcomm Technologies, Inc.

Product

Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

Versions

Affected

MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 8CX, SXR1130

Problem Types

Type	CWE ID	Description
text	N/A	Buffer Over-read in Content Protection

Type: text

CWE ID: N/A

Description: Buffer Over-read in Content Protection

References

Hyperlink	Resource
https://www.qualcomm.com/company/product-security/bulletins	x_refsource_CONFIRM

Hyperlink: https://www.qualcomm.com/company/product-security/bulletins

Resource:

x_refsource_CONFIRM

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://www.qualcomm.com/company/product-security/bulletins	x_refsource_CONFIRM x_transferred

Hyperlink: https://www.qualcomm.com/company/product-security/bulletins

Resource:

x_refsource_CONFIRM

x_transferred

▼National Vulnerability Database (NVD)

Source:product-security@qualcomm.com

Published At:25 Jul, 2019 | 17:15

Updated At:24 Aug, 2020 | 17:37

Lack of check of data type can lead to subsequent loop-expression potentially go negative and the condition will still evaluate to true leading to buffer underflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 8CX, SXR1130

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	7.8	HIGH	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P

Type: Primary

Version: 3.0

Base score: 7.8

Base severity: HIGH

Vector:

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 4.6

Base severity: MEDIUM

Vector:

AV:L/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

Qualcomm Technologies, Inc.

>>mdm9206_firmware>>-

cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>mdm9607_firmware>>-

cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>mdm9650_firmware>>-

cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>mdm9655_firmware>>-

cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>qcs605_firmware>>-

cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_210_firmware>>-

cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_212_firmware>>-

cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_205_firmware>>-

cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_410_firmware>>-

cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_412_firmware>>-

cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_675_firmware>>-

cpe:2.3:o:qualcomm:sd_675_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_675:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_712_firmware>>-

cpe:2.3:o:qualcomm:sd_712_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_712:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_710_firmware>>-

cpe:2.3:o:qualcomm:sd_710_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_710:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_670_firmware>>-

cpe:2.3:o:qualcomm:sd_670_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_670:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_730_firmware>>-

cpe:2.3:o:qualcomm:sd_730_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_730:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_8cx_firmware>>-

cpe:2.3:o:qualcomm:sd_8cx_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_8cx:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sxr1130_firmware>>-

cpe:2.3:o:qualcomm:sxr1130_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sxr1130:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-787	Primary	nvd@nist.gov

CWE ID: CWE-787

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://www.qualcomm.com/company/product-security/bulletins	product-security@qualcomm.com	Vendor Advisory

Hyperlink: https://www.qualcomm.com/company/product-security/bulletins

Source: product-security@qualcomm.com

Resource:

Vendor Advisory

Similar CVEs

1191Records found

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.10% / 27.67%

||

7 Day CHG~0.00%

Published-30 Jul, 2020 | 11:40

Updated-04 Aug, 2024 | 22:24

When kernel thread unregistered listener, Use after free issue happened as the listener client`s private data has been already freed in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9607, MSM8909W, Nicobar, QCM2150, QCS405, QCS605, Saipan, SC8180X, SDM429W, SDX55, SM8150, SM8250, SXR2130

Vendor-Qualcomm Technologies, Inc.

Product-qcm2150_firmware sm8150_firmware sxr2130_firmware sdm429w qcs405_firmware qcs605_firmware qcm2150 mdm9607_firmware sm8250_firmware qcs605 sc8180x_firmware sdx55 qcs405 saipan_firmware sm8250 msm8909w_firmware mdm9607 sdm429w_firmware sm8150 sdx55_firmware nicobar_firmware msm8909w saipan sxr2130 sc8180x nicobar Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CWE ID-CWE-416

Use After Free

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.05% / 14.85%

||

7 Day CHG~0.00%

Published-06 Nov, 2019 | 17:11

Updated-04 Aug, 2024 | 22:24

Lack of check for a negative value returned for get_clk is wrongly interpreted as valid pointer and lead to use after free in clk driver in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24

Vendor-Qualcomm Technologies, Inc.

Product-sd_850 mdm9150_firmware sd_632 mdm9640_firmware sd_820a sd_675 msm8996au_firmware sd_439 sd_670_firmware sd_429 sdx24 sdm439 mdm9650 sd_636 msm8909w_firmware msm8996au sd_820 sd_450_firmware sd_845_firmware sd_820a_firmware qcs605_firmware sd_675_firmware mdm9206 sd_425_firmware sd_665 sdx24_firmware sd_625_firmware sd_450 sd_845 mdm9206_firmware qcs605 sd_632_firmware sd_835_firmware mdm9650_firmware sd_835 sda660 sd_210_firmware msm8909w sd_665_firmware sd_205_firmware sd_212 sd_427_firmware sd_712 sd_855 sd_730_firmware qualcomm_215 sdx20 sd_425 sdm660 sd_430_firmware mdm9607_firmware sd_435 sd_710_firmware sdm630 qcs405 sd_625 sd_820_firmware sd_210 mdm9607 sd_636_firmware sd_439_firmware qualcomm_215_firmware mdm9150 sd_429_firmware sd_730 sd_212_firmware sd_850_firmware sd_855_firmware sdm439_firmware qcs405_firmware sd_712_firmware sdm630_firmware sda660_firmware sd_430 sd_427 sd_670 sd_435_firmware sdx20_firmware sd_710 sd_205 sdm660_firmware mdm9640 Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CWE ID-CWE-416

Use After Free

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 12.01%

||

7 Day CHG~0.00%

Published-18 Dec, 2019 | 05:25

Updated-04 Aug, 2024 | 22:24

Possibility of out of bound access in debug queue, if packet size field is corrupted in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS405, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Vendor-Qualcomm Technologies, Inc.

Product-mdm9640_firmware sdm632_firmware msm8996au_firmware sdm845 sdm450_firmware sdm632 sdx24 sdm439 mdm9650 sdm429 msm8940_firmware sm7150_firmware sm6150 msm8909w_firmware msm8996au sm7150 apq8009_firmware msm8917 sdm670 sxr2130 qcs605_firmware mdm9206 sdm670_firmware sdx24_firmware sdm636 sda845_firmware apq8098 qcn7605 mdm9206_firmware qcs605 msm8937_firmware mdm9650_firmware sdm429_firmware sda660 sdx55_firmware sxr1130_firmware sxr1130 msm8909w apq8009 apq8053_firmware sda845 nicobar sa6155p_firmware msm8920 msm8953 sdm450 sdm636_firmware sdm845_firmware apq8098_firmware sdx20 msm8998_firmware sdm660 msm8920_firmware sdm630 mdm9607_firmware sm8250_firmware qcs405 sdm710 qm215 mdm9607 apq8017_firmware sdm710_firmware qcn7605_firmware sa6155p msm8937 mdm9207c_firmware mdm9207c sm8150_firmware sxr2130_firmware apq8096au sdm439_firmware qcs405_firmware sdm630_firmware sda660_firmware qm215_firmware sdx55 msm8953_firmware msm8940 sm6150_firmware apq8053 apq8096au_firmware msm8917_firmware sm8250 msm8998 sm8150 sdx20_firmware apq8017 nicobar_firmware sdm660_firmware mdm9640 Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CWE ID-CWE-125

Out-of-bounds Read

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 12.57%

||

7 Day CHG~0.00%

Published-18 Dec, 2019 | 05:25

Updated-04 Aug, 2024 | 22:24

Use after free of a pointer in iWLAN scenario during netmgr state transition to CONNECT in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, SDA660, SDA845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Vendor-Qualcomm Technologies, Inc.

Product-mdm9150_firmware mdm9640_firmware sdm632_firmware msm8996au_firmware sdm845 sdm632 sdx24 sdm439 mdm9650 sdm429 msm8940_firmware sm7150_firmware sm6150 msm8909w_firmware msm8996au sm7150 apq8009_firmware msm8917 sdm670 sxr2130 qcs605_firmware ipq4019_firmware mdm9206 sdm670_firmware sdx24_firmware ipq8074 sdm636 sda845_firmware apq8098 mdm9206_firmware msm8939 qcs605 msm8937_firmware mdm9650_firmware sdm429_firmware msm8905_firmware qca6574au_firmware sda660 sdx55_firmware ipq8064 sxr1130_firmware apq8064_firmware sxr1130 msm8909w apq8009 msm8909_firmware apq8053_firmware ipq8064_firmware sda845 msm8920 msm8953 sdm636_firmware apq8064 sdm845_firmware apq8098_firmware sdx20 msm8998_firmware sdm660 msm8920_firmware sdm630 mdm9607_firmware sm8250_firmware qcs405 ipq8074_firmware qca6574au sdm710 mdm9607 apq8017_firmware sdm710_firmware msm8939_firmware mdm9150 msm8937 mdm9207c_firmware msm8905 mdm9207c sm8150_firmware msm8909 sxr2130_firmware apq8096au sdm439_firmware qcs405_firmware sdm630_firmware sda660_firmware ipq4019 sdx55 msm8953_firmware msm8940 sm6150_firmware apq8053 apq8096au_firmware msm8917_firmware sm8250 msm8998 sm8150 sdx20_firmware apq8017 sdm660_firmware mdm9640 Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

CWE ID-CWE-416

Use After Free

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 12.84%

||

7 Day CHG~0.00%

Published-06 Nov, 2019 | 17:11

Updated-04 Aug, 2024 | 22:24

Lack of checking a variable received from driver and populating in Firmware data structure leads to buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

Vendor-Qualcomm Technologies, Inc.

Product-sd_850 sd_632 sd_820a sd_675 msm8996au_firmware sd_439 sd_670_firmware sd_429 sdm439 sd_636 snapdragon_high_med_2016_firmware msm8909w_firmware msm8996au sd_820 sd_450_firmware sd_845_firmware sd_820a_firmware qcs605_firmware sd_675_firmware sd_425_firmware sd_665 sd_625_firmware sd_450 sd_8cx_firmware sd_845 qcs605 sd_632_firmware sd_835_firmware sd_835 sda660 sxr1130_firmware sd_210_firmware sxr1130 msm8909w sd_665_firmware sd_205_firmware sd_212 sd_427_firmware sd_712 sd_855 sd_730_firmware qualcomm_215 sd_425 sdm660 sd_430_firmware sd_710_firmware sd_435 sdm630 sd_625 sd_210 sd_820_firmware sd_636_firmware sd_439_firmware qualcomm_215_firmware sd_429_firmware sd_730 snapdragon_high_med_2016 sd_212_firmware sd_850_firmware sdm439_firmware sd_712_firmware sdm630_firmware sda660_firmware sd_8cx sd_427 sd_430 sd_670 sd_435_firmware sd_710 sd_205 sdm660_firmware sd_855_firmware Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 12.01%

||

7 Day CHG~0.00%

Published-12 Dec, 2019 | 08:30

Updated-04 Aug, 2024 | 22:24

Snapshot of IB can lead to invalid address access due to missing check for size in the related function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCN7605, QCS405, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SM8250, SXR2130

Vendor-Qualcomm Technologies, Inc.

Product-sdm632_firmware msm8996au_firmware sdm845 sdm450_firmware sdm632 sdx24 sdm439 mdm9650 sdm429 msm8940_firmware sm7150_firmware sm6150 msm8909w_firmware msm8996au sm7150 msm8917 sdm670 sxr2130 qcs605_firmware mdm9206 sdm670_firmware sdx24_firmware sdm636 sda845_firmware apq8098 qcn7605 mdm9206_firmware qcs605 msm8937_firmware mdm9650_firmware sdm429_firmware sda660 msm8909w msm8909_firmware apq8053_firmware sda845 nicobar sa6155p_firmware msm8920 msm8953 sdm450 sdm636_firmware apq8098_firmware sdx20 sdm660 msm8920_firmware sdm630 mdm9607_firmware sm8250_firmware qcs405 sdm710 qm215 mdm9607 apq8017_firmware sdm710_firmware qcn7605_firmware sa6155p msm8937 mdm9207c_firmware mdm9207c sm8150_firmware msm8909 sxr2130_firmware apq8096au sdm439_firmware qcs405_firmware sdm630_firmware sda660_firmware qm215_firmware msm8953_firmware msm8940 sm6150_firmware apq8053 apq8096au_firmware msm8917_firmware sm8250 sm8150 sdx20_firmware apq8017 nicobar_firmware sdm660_firmware sdm845_firmware Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.05% / 16.79%

||

7 Day CHG~0.00%

Published-16 Apr, 2020 | 10:46

Updated-04 Aug, 2024 | 22:24

Missing length check before copying the data from kernel space to userspace through the copy function can lead to buffer overflow in some cases in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, MSM8909W, MSM8917, MSM8953, Nicobar, QCN7605, QCS405, QCS605, QM215, Rennell, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Vendor-Qualcomm Technologies, Inc.

Product-msm8953 sdm450 sdm429w sdm632_firmware sdm845 sdm450_firmware sdm632 sdx24 sdm439 sm8250_firmware sc8180x_firmware sdm429 qcs405 sm7150_firmware sdm710 msm8909w_firmware qm215 sm6150 sdm429w_firmware sdm710_firmware apq8009 sm7150 apq8009_firmware qcn7605_firmware msm8917 sdm670 sxr2130 qcs605_firmware sc8180x sdm670_firmware sm8150_firmware sdx24_firmware sxr2130_firmware apq8096au sdm439_firmware qcs405_firmware rennell sda845_firmware qcn7605 rennell_firmware qm215_firmware qcs605 sdx55 msm8953_firmware apq8053 apq8096au_firmware saipan_firmware sm6150_firmware msm8917_firmware sdm429_firmware sm8250 sm8150 sxr1130_firmware sdx55_firmware nicobar_firmware msm8909w saipan sxr1130 apq8053_firmware sda845 nicobar sdm845_firmware Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 12.01%

||

7 Day CHG~0.00%

Published-18 Dec, 2019 | 05:25

Updated-04 Aug, 2024 | 22:24

Possible OOB issue in EEPROM due to lack of check while accessing memory map array at the time of reading operation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, MSM8909W, MSM8917, MSM8953, Nicobar, QCS405, QCS605, QM215, SA6155P, SDA845, SDM429, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Vendor-Qualcomm Technologies, Inc.

Product-sa6155p_firmware msm8953 sdm450 sdm632_firmware sdm845 sdm450_firmware sdm632 sdx24 sdm439 sm8250_firmware sdm429 qcs405 sm7150_firmware sdm710 msm8909w_firmware qm215 sm6150 sdm710_firmware apq8009 sm7150 apq8009_firmware msm8917 sa6155p sdm670 sxr2130 qcs605_firmware sdm670_firmware sm8150_firmware sdx24_firmware sxr2130_firmware sdm439_firmware qcs405_firmware sda845_firmware qm215_firmware qcs605 sdx55 msm8953_firmware apq8053 sm6150_firmware sm8250 msm8917_firmware sdm429_firmware sm8150 sxr1130_firmware sdx55_firmware nicobar_firmware msm8909w sxr1130 apq8053_firmware sda845 nicobar sdm845_firmware Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CWE ID-CWE-125

Out-of-bounds Read

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 12.01%

||

7 Day CHG~0.00%

Published-21 Nov, 2019 | 14:38

Updated-04 Aug, 2024 | 22:24

Out-of-bounds access can occur in camera driver due to improper validation of array index in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, QCN7605, SDA660, SDM450, SDM630, SDM636, SDM660, SDX20

Vendor-Qualcomm Technologies, Inc.

Product-msm8920 mdm9640_firmware msm8953 sdm450 sdm636_firmware msm8996au_firmware apq8098_firmware sdm450_firmware msm8998_firmware sdx20 sdm660 msm8920_firmware sdm630 mdm9607_firmware mdm9650 msm8940_firmware msm8909w_firmware mdm9607 msm8996au apq8017_firmware apq8009_firmware qcn7605_firmware msm8909w msm8917 msm8937 mdm9207c_firmware mdm9206 msm8905 mdm9207c msm8909 apq8096au sdm636 sdm630_firmware apq8098 qcn7605 sda660_firmware mdm9206_firmware msm8940 apq8053 apq8096au_firmware msm8953_firmware msm8917_firmware msm8937_firmware mdm9650_firmware msm8998 sdx20_firmware msm8905_firmware sda660 apq8017 apq8009 msm8909_firmware apq8053_firmware sdm660_firmware mdm9640 Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CWE ID-CWE-129

Improper Validation of Array Index

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.05% / 16.79%

||

7 Day CHG~0.00%

Published-30 Sep, 2019 | 15:40

Updated-04 Aug, 2024 | 22:24

Buffer overflow scenario if the client sends more than 5 io_vec requests to the server in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24

Vendor-Qualcomm Technologies, Inc.

Product-sd_850 mdm9150_firmware sd_632 mdm9640_firmware sd_820a sd_675 msm8996au_firmware sd_439 sd_670_firmware sd_429 sdx24 sdm439 mdm9650 sd_636 sd_615_firmware msm8909w_firmware msm8996au sd_820 sd_450_firmware sd_845_firmware sd_820a_firmware qcs605_firmware sd_675_firmware mdm9206 sd_425_firmware sd_665 sdx24_firmware sd_625_firmware sd_450 sd_845 mdm9206_firmware qcs605 sd_632_firmware sd_835_firmware mdm9650_firmware sd_835 sda660 sd_210_firmware sd_415_firmware msm8909w sd_665_firmware sd_616_firmware sd_205_firmware sd_415 sd_212 sd_427_firmware sd_712 sd_855 sd_730_firmware qualcomm_215 sdx20 sd_616 sd_425 sdm660 sd_430_firmware mdm9607_firmware sd_435 sd_615 sd_710_firmware sdm630 qcs405 sd_625 sd_820_firmware sd_210 mdm9607 sd_636_firmware sd_439_firmware qualcomm_215_firmware mdm9150 sd_429_firmware sd_730 sd_212_firmware sd_850_firmware sd_855_firmware sdm439_firmware qcs405_firmware sd_712_firmware sdm630_firmware sda660_firmware sd_430 sd_427 sd_670 sd_435_firmware sdx20_firmware sd_710 sd_205 sdm660_firmware mdm9640 Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 11.82%

||

7 Day CHG~0.00%

Published-30 Sep, 2019 | 15:40

Updated-04 Aug, 2024 | 22:24

While processing QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY vendor command, driver does not validate the data obtained from the user space which could be invalid and thus leads to an undesired behaviour in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS605, SD 600, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX24

Vendor-Qualcomm Technologies, Inc.

Product-sd_712 qca9377_firmware sd_850 sd_855 sd_730_firmware sd_820a sd_675 msm8996au_firmware sd_670_firmware sdm660 sdx24 sdm630 mdm9607_firmware sd_710_firmware sd_636 sd_625 qca6574au sd_820_firmware mdm9607 msm8996au sd_636_firmware sd_820 sd_845_firmware sd_820a_firmware qcs605_firmware sd_675_firmware mdm9206 qca6174a_firmware qca6174a qca9379_firmware sd_665 sd_730 sd_850_firmware sd_625_firmware sdx24_firmware qca9377 sd_712_firmware sdm630_firmware sd_845 mdm9206_firmware qcs605 sd_670 sd_835_firmware sd_710 sd_600_firmware sd_835 qca6574au_firmware sd_600 qca9379 sd_665_firmware sdm660_firmware sd_855_firmware Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

CWE ID-CWE-20

Improper Input Validation

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.08% / 25.03%

||

7 Day CHG~0.00%

Published-21 Nov, 2019 | 14:38

Updated-04 Aug, 2024 | 22:31

Low privilege users can access service configuration which contains registry data that admins uses to create or delete entries in the registry in QCA6174_9377.WIN.1.0 in QCA6174_9377

Vendor-Qualcomm Technologies, Inc.

Product-qca6174_firmware qca6174 QCA6174_9377.WIN.1.0

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.05% / 14.85%

||

7 Day CHG~0.00%

Published-30 Sep, 2019 | 15:40

Updated-04 Aug, 2024 | 22:24

Use after free issue occurs If another instance of open for voice_svc node has been called from application without closing the previous one. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24

Vendor-Qualcomm Technologies, Inc.

Product-sd_850 mdm9150_firmware sd_632 mdm9640_firmware sd_820a sd_675 msm8996au_firmware sd_439 sd_670_firmware sd_429 sdx24 sdm439 mdm9650 sd_636 sd_615_firmware msm8909w_firmware msm8996au sd_820 sd_450_firmware sd_845_firmware sd_820a_firmware qcs605_firmware sd_675_firmware mdm9206 sd_425_firmware sd_665 sdx24_firmware sd_625_firmware sd_450 sd_845 mdm9206_firmware qcs605 sd_632_firmware sd_835_firmware mdm9650_firmware sd_835 sda660 sd_210_firmware sd_415_firmware msm8909w sd_665_firmware sd_616_firmware sd_205_firmware sd_415 sd_212 sd_427_firmware sd_712 sd_855 sd_730_firmware qualcomm_215 sdx20 sd_616 sd_425 sdm660 sd_430_firmware mdm9607_firmware sd_435 sd_615 sd_710_firmware sdm630 sd_625 sd_820_firmware sd_210 mdm9607 sd_636_firmware sd_439_firmware qualcomm_215_firmware mdm9150 sd_429_firmware sd_730 sd_212_firmware sd_850_firmware sd_855_firmware sdm439_firmware sd_712_firmware sdm630_firmware sda660_firmware sd_430 sd_427 sd_670 sd_435_firmware sdx20_firmware sd_710 sd_205 sdm660_firmware mdm9640 Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CWE ID-CWE-416

Use After Free

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 12.01%

||

7 Day CHG~0.00%

Published-18 Dec, 2019 | 05:25

Updated-04 Aug, 2024 | 22:24

Memory is being freed up twice when two concurrent threads are executing in parallel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8996AU, QCS405, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Vendor-Qualcomm Technologies, Inc.

Product-apq8096_firmware msm8996au_firmware sdm845 apq8096 mdm9650 msm8940_firmware sm7150_firmware sm6150 msm8909w_firmware msm8996au sm7150 apq8009_firmware msm8917 sxr2130 qcs605_firmware mdm9206 sdm636 sda845_firmware apq8098 mdm9206_firmware msm8939 qcs605 msm8937_firmware mdm9650_firmware sda660 sxr1130_firmware sxr1130 msm8909w apq8009 msm8909_firmware apq8053_firmware sda845 msm8920 sdm636_firmware apq8098_firmware sdx20 sdm660 msm8920_firmware sdm630 mdm9607_firmware sm8250_firmware qcs405 mdm9607 apq8017_firmware msm8939_firmware msm8937 mdm9207c_firmware mdm9207c sm8150_firmware msm8909 sxr2130_firmware apq8096au qcs405_firmware sdm630_firmware sda660_firmware msm8940 apq8053 apq8096au_firmware sm6150_firmware sm8250 msm8917_firmware sm8150 sdx20_firmware apq8017 sdm660_firmware sdm845_firmware Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CWE ID-CWE-415

Double Free

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.02% / 3.03%

||

7 Day CHG~0.00%

Published-12 Jun, 2018 | 20:00

Updated-17 Sep, 2024 | 03:12

In the function wma_pdev_div_info_evt_handler() in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, there is no upper bound check on the value event->num_chains_valid received from firmware which can lead to a buffer overwrite of the fixed size chain_rssi_result structure.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.07% / 21.10%

||

7 Day CHG~0.00%

Published-06 Jul, 2018 | 17:00

Updated-17 Sep, 2024 | 04:19

While processing the HTT_T2H_MSG_TYPE_MGMT_TX_COMPL_IND message, a buffer overflow can potentially occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.06% / 20.04%

||

7 Day CHG~0.00%

Published-06 Jul, 2018 | 17:00

Updated-17 Sep, 2024 | 03:48

In the KGSL driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a reference counting error can lead to a Use After Free condition.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-416

Use After Free

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.05% / 16.79%

||

7 Day CHG~0.00%

Published-28 Nov, 2018 | 15:00

Updated-05 Aug, 2024 | 05:47

Possible buffer overflow in DRM Trusted application due to lack of check function return values in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX24, SXR1130.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.07% / 22.71%

||

7 Day CHG~0.00%

Published-06 Jul, 2018 | 17:00

Updated-16 Sep, 2024 | 17:22

In __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potentially occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.03% / 7.73%

||

7 Day CHG~0.00%

Published-14 Jun, 2019 | 17:02

Updated-05 Aug, 2024 | 05:47

A non-time constant function memcmp is used which creates a side channel that could leak information in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

Vendor-Qualcomm Technologies, Inc.

Product-sd_850 mdm9150_firmware sd_632 mdm9635m_firmware mdm9640_firmware sd_820a sd_675 msm8996au_firmware sd_439 sd_670_firmware sd_429 sdm439 mdm9650 sd_636 sd_615_firmware snapdragon_high_med_2016_firmware msm8909w_firmware msm8996au sd_820 sd_650 sd_450_firmware sd_845_firmware sd_410 sd_820a_firmware qcs605_firmware sd_675_firmware mdm9206 sd_652 sd_425_firmware sd_625_firmware sd_450 mdm9635m sd_8cx_firmware sd_845 mdm9206_firmware qcs605 sd_632_firmware sd_835_firmware mdm9650_firmware sd_835 sda660 sxr1130_firmware sd_210_firmware sd_415_firmware sd_652_firmware sxr1130 msm8909w sd_616_firmware sd_205_firmware sd_415 sd_212 sd_650_firmware sd_427_firmware sd_712 sd_855 sd_730_firmware sd_412 sd_616 sd_425 sdm660 sd_430_firmware mdm9607_firmware sd_435 mdm9655_firmware sd_615 sd_710_firmware qcs405 sdm630 sd_625 qm215 sd_820_firmware sd_210 mdm9607 sd_636_firmware mdm9625_firmware sd_439_firmware mdm9150 sd_429_firmware sd_730 snapdragon_high_med_2016 sd_212_firmware sd_850_firmware mdm9655 sdm439_firmware qcs405_firmware sd_712_firmware sd_412_firmware sd_855_firmware sdm630_firmware sda660_firmware mdm9625 sd_8cx sd_430 qm215_firmware sd_427 sd_670 sd_435_firmware sd_710 sd_410_firmware sd_205 sdm660_firmware mdm9640 Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CWE ID-CWE-310

Not Available

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 10.96%

||

7 Day CHG~0.00%

Published-18 Jan, 2019 | 22:00

Updated-05 Aug, 2024 | 05:47

Lack of checking input size can lead to buffer overflow In WideVine in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016, SXR1130

Vendor-Qualcomm Technologies, Inc.

Product-sd_850 sd_632 mdm9635m_firmware sd_820a msm8996au_firmware sd_439 sd_670_firmware sd_429 sdx24 sdm439 mdm9650 sd_636 snapdragon_high_med_2016_firmware msm8996au sd_820 sd_650 sd_450_firmware sd_845_firmware sd_410 sd_820a_firmware mdm9206 sd_652 sd_425_firmware sdx24_firmware sd_625_firmware sd_450 mdm9635m sd_845 mdm9206_firmware sd_632_firmware sd_835_firmware mdm9650_firmware sd_835 sda660 sxr1130_firmware sd_210_firmware sd_652_firmware sxr1130 sd_205_firmware sd_650_firmware sd_212 sd_427_firmware sd_712 sd_412 sd_425 sdm660 sd_430_firmware mdm9607_firmware sd_435 mdm9655_firmware sd_710_firmware sdm630 sd_625 sd_210 mdm9607 sd_636_firmware sd_820_firmware sd_439_firmware sd_429_firmware snapdragon_high_med_2016 sd_212_firmware sd_850_firmware mdm9655 sdm439_firmware sd_412_firmware sd_712_firmware sdm630_firmware sda660_firmware sd_427 sd_430 sd_670 sd_435_firmware sd_710 sd_410_firmware sd_205 sdm660_firmware Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.02% / 3.03%

||

7 Day CHG~0.00%

Published-12 Jun, 2018 | 20:00

Updated-17 Sep, 2024 | 00:52

In the video driver function set_output_buffers(), binfo can be accessed after being freed in a failure scenario in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-416

Use After Free

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.02% / 2.40%

||

7 Day CHG~0.00%

Published-06 Jul, 2018 | 17:00

Updated-16 Sep, 2024 | 23:26

While processing the system path, an out of bounds access can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-125

Out-of-bounds Read

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.03% / 7.73%

||

7 Day CHG~0.00%

Published-26 Oct, 2018 | 13:00

Updated-05 Aug, 2024 | 05:47

Improper input validation in TZ led to array out of bound in TZ function while accessing the peripheral details using the incoming data in Snapdragon Mobile, Snapdragon Wear version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-129

Improper Validation of Array Index

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.02% / 2.40%

||

7 Day CHG~0.00%

Published-06 Jul, 2018 | 17:00

Updated-16 Sep, 2024 | 16:22

If the fdt_totalsize is reported as 0 for the current device tree, it bypasses an error check for a valid device tree in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.02% / 2.73%

||

7 Day CHG~0.00%

Published-03 Apr, 2018 | 17:00

Updated-16 Sep, 2024 | 16:58

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, improper buffer length validation in extscan hotlist event can lead to potential buffer overflow.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 10.96%

||

7 Day CHG~0.00%

Published-28 Nov, 2018 | 15:00

Updated-05 Aug, 2024 | 05:47

Possible buffer overflow in OEM crypto function due to improper input validation in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU, SD 425, SD 430, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX24, SXR1130.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.13% / 33.32%

||

7 Day CHG~0.00%

Published-12 Jun, 2018 | 20:00

Updated-17 Sep, 2024 | 00:31

In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

Vendor-Qualcomm Technologies, Inc.Google LLC Debian GNU/Linux Red Hat, Inc.

Product-enterprise_linux_server debian_linux android enterprise_linux_workstation virtualization_host enterprise_linux_desktop Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE ID-CWE-190

Integer Overflow or Wraparound

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.03% / 7.73%

||

7 Day CHG~0.00%

Published-26 Oct, 2018 | 13:00

Updated-05 Aug, 2024 | 05:47

While processing logs, data is copied into a buffer pointed to by an untrusted pointer in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.02% / 3.27%

||

7 Day CHG~0.00%

Published-06 Jul, 2018 | 17:00

Updated-16 Sep, 2024 | 16:38

In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, whenever TDLS connection is setup, we are freeing the netbuf in ol_tx_completion_handler and after that, we are accessing it in NBUF_UPDATE_TX_PKT_COUNT causing a use after free.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-416

Use After Free

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.02% / 2.40%

||

7 Day CHG~0.00%

Published-03 Apr, 2018 | 17:00

Updated-16 Sep, 2024 | 22:30

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in function wma_extscan_start_stop_event_handler(), vdev_id comes from the variable event from firmware and is not properly validated potentially leading to a buffer overwrite.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.02% / 2.73%

||

7 Day CHG~0.00%

Published-03 Apr, 2018 | 17:00

Updated-16 Sep, 2024 | 17:08

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing HTT_T2H_MSG_TYPE_RX_FLUSH or HTT_T2H_MSG_TYPE_RX_PN_IND messages, a buffer overflow can occur if the tid value obtained from the firmware is out of range.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.03% / 5.48%

||

7 Day CHG~0.00%

Published-06 Jul, 2018 | 17:00

Updated-16 Sep, 2024 | 19:30

Improper Validation of Array Index In the adreno OpenGL driver in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur in SurfaceFlinger.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-129

Improper Validation of Array Index

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.02% / 2.40%

||

7 Day CHG~0.00%

Published-06 Jul, 2018 | 17:00

Updated-16 Sep, 2024 | 17:32

While processing the USB StrSerialDescriptor array, an array index out of bounds can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-125

Out-of-bounds Read

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.07% / 20.77%

||

7 Day CHG~0.00%

Published-06 Jul, 2018 | 17:00

Updated-16 Sep, 2024 | 16:39

If the seq_len is greater then CSR_MAX_RSC_LEN, a buffer overflow in __wlan_hdd_cfg80211_add_key() may occur when copying keyRSC in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 10.96%

||

7 Day CHG~0.00%

Published-18 Jan, 2019 | 22:00

Updated-05 Aug, 2024 | 05:47

Lack of checking input size can lead to buffer overflow In WideVine in snapdragon automobile and snapdragon mobile in versions MSM8996AU, SD 425, SD 430, SD 450, SD 625, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX24, SXR1130

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 10.04%

||

7 Day CHG~0.00%

Published-28 Nov, 2018 | 15:00

Updated-05 Aug, 2024 | 05:47

In the device programmer target-side code for firehose, a string may not be properly NULL terminated can lead to a incorrect buffer size in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600, SD 820, SD 820A, SD 835, SDA660, SDX20.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.03% / 5.75%

||

7 Day CHG~0.00%

Published-06 Jul, 2018 | 19:00

Updated-17 Sep, 2024 | 01:21

In __wlan_hdd_cfg80211_vendor_scan() in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, when SCAN_SSIDS and QCA_WLAN_VENDOR_ATTR_SCAN_FREQUENCIES are parsed, a buffer overwrite can potentially occur.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 12.84%

||

7 Day CHG~0.00%

Published-14 Jun, 2019 | 17:02

Updated-05 Aug, 2024 | 05:47

Buffer overflow in WLAN function due to improper check of buffer size before copying in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS605, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 855, SDM630, SDM660, SDX20, SDX24

Vendor-Qualcomm Technologies, Inc.

Product-sd_712 mdm9150_firmware sd_855 sd_730_firmware mdm9640_firmware sd_820a sd_675 msm8996au_firmware sdx20 sd_670_firmware sdm660 sdx24 sdm630 mdm9607_firmware sd_710_firmware sd_636 mdm9650 sd_625 mdm9607 msm8996au sd_636_firmware sd_820a_firmware mdm9150 qcs605_firmware sd_675_firmware mdm9206 sd_730 sdx24_firmware sd_625_firmware sd_855_firmware sd_712_firmware sdm630_firmware mdm9206_firmware qcs605 sd_670 mdm9650_firmware sd_710 sdx20_firmware sdm660_firmware mdm9640 Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-8.4||HIGH

EPSS-0.10% / 27.29%

||

7 Day CHG~0.00%

Published-06 Jul, 2018 | 17:00

Updated-17 Sep, 2024 | 01:35

While processing modem SSR after IMS is registered, the IMS data daemon is restarted but the ipc_dataHandle is no longer available. Consequently, the DPL thread frees the internal memory for dataDHandle but the local variable pointer is not updated which can lead to a Use After Free condition in Snapdragon Mobile and Snapdragon Wear.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-416

Use After Free

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-8.4||HIGH

EPSS-0.10% / 27.57%

||

7 Day CHG~0.00%

Published-06 Jul, 2018 | 17:00

Updated-16 Sep, 2024 | 18:23

Improper Access Control in Multimedia in Snapdragon Mobile and Snapdragon Wear, Non-standard applications without permission may acquire permission of Qualcomm-specific proprietary intents.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-269

Improper Privilege Management

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.03% / 5.75%

||

7 Day CHG~0.00%

Published-06 Jul, 2018 | 17:00

Updated-16 Sep, 2024 | 22:14

While processing a message from firmware in htt_t2h_msg_handler_fast() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a buffer overwrite can occur.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.03% / 7.81%

||

7 Day CHG~0.00%

Published-06 Jul, 2018 | 19:00

Updated-17 Sep, 2024 | 02:22

In the audio debugfs in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, out of bounds access can occur.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.02% / 2.73%

||

7 Day CHG~0.00%

Published-06 Jul, 2018 | 17:00

Updated-16 Sep, 2024 | 16:58

While processing a compressed kernel image, a buffer overflow can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.02% / 3.95%

||

7 Day CHG~0.00%

Published-12 Jun, 2018 | 20:00

Updated-16 Sep, 2024 | 22:46

Early or late retirement of rotation requests can result in a Use After Free condition in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-416

Use After Free

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.02% / 3.03%

||

7 Day CHG~0.00%

Published-12 Jun, 2018 | 20:00

Updated-17 Sep, 2024 | 03:02

An arbitrary address write can occur if a compromised WLAN firmware sends incorrect data to WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.02% / 3.03%

||

7 Day CHG~0.00%

Published-12 Jun, 2018 | 20:00

Updated-16 Sep, 2024 | 19:15

improper validation of array index in WiFi driver function sapInterferenceRssiCount() leads to array out-of-bounds access in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-129

Improper Validation of Array Index

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.02% / 3.03%

||

7 Day CHG~0.00%

Published-17 May, 2018 | 22:00

Updated-17 Sep, 2024 | 01:36

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potentially occur.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.02% / 2.40%

||

7 Day CHG~0.00%

Published-06 Jul, 2018 | 17:00

Updated-16 Sep, 2024 | 18:48

In the ADSP RPC driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, an arbitrary kernel write can occur.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-20

Improper Input Validation

Matching Score-8

Assigner-Qualcomm, Inc.

Matching Score-8

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.06% / 20.04%

||

7 Day CHG~0.00%

Published-06 Jul, 2018 | 17:00

Updated-17 Sep, 2024 | 04:19

A buffer over-read can occur during a fast initial link setup (FILS) connection in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-125

Out-of-bounds Read