Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-2250

Summary
Assigner-qualcomm
Assigner Org ID-2cfc7d3e-20d3-47ac-8db7-1b7285aff15f
Published At-24 May, 2019 | 16:44
Updated At-04 Aug, 2024 | 18:42
Rejected At-
Credits

Kernel can write to arbitrary memory address passed by user while freeing/stopping a thread in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCS605, SD 675, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SM7150, SXR1130

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:qualcomm
Assigner Org ID:2cfc7d3e-20d3-47ac-8db7-1b7285aff15f
Published At:24 May, 2019 | 16:44
Updated At:04 Aug, 2024 | 18:42
Rejected At:
▼CVE Numbering Authority (CNA)

Kernel can write to arbitrary memory address passed by user while freeing/stopping a thread in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCS605, SD 675, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SM7150, SXR1130

Affected Products
Vendor
Qualcomm Technologies, Inc.Qualcomm, Inc.
Product
Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
Versions
Affected
  • QCS605, SD 675, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SM7150, SXR1130
Problem Types
TypeCWE IDDescription
textN/AImproper Input Validation in Kernel
Type: text
CWE ID: N/A
Description: Improper Input Validation in Kernel
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.qualcomm.com/company/product-security/bulletins#_CVE-2019-2250
x_refsource_CONFIRM
Hyperlink: https://www.qualcomm.com/company/product-security/bulletins#_CVE-2019-2250
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.qualcomm.com/company/product-security/bulletins#_CVE-2019-2250
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.qualcomm.com/company/product-security/bulletins#_CVE-2019-2250
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@qualcomm.com
Published At:24 May, 2019 | 17:29
Updated At:21 Jul, 2021 | 11:39

Kernel can write to arbitrary memory address passed by user while freeing/stopping a thread in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCS605, SD 675, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SM7150, SXR1130

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.07.2HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.2
Base severity: HIGH
Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Qualcomm Technologies, Inc.
qualcomm
>>qcs605_firmware>>-
cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qcs605>>-
cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_675_firmware>>-
cpe:2.3:o:qualcomm:sd_675_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_675>>-
cpe:2.3:h:qualcomm:sd_675:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_712_firmware>>-
cpe:2.3:o:qualcomm:sd_712_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_712>>-
cpe:2.3:h:qualcomm:sd_712:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_710_firmware>>-
cpe:2.3:o:qualcomm:sd_710_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_710>>-
cpe:2.3:h:qualcomm:sd_710:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_670_firmware>>-
cpe:2.3:o:qualcomm:sd_670_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_670>>-
cpe:2.3:h:qualcomm:sd_670:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_835_firmware>>-
cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_835>>-
cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_845_firmware>>-
cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_845>>-
cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_850_firmware>>-
cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_850>>-
cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_855_firmware>>-
cpe:2.3:o:qualcomm:sd_855_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_855>>-
cpe:2.3:h:qualcomm:sd_855:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_8cx_firmware>>-
cpe:2.3:o:qualcomm:sd_8cx_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_8cx>>-
cpe:2.3:h:qualcomm:sd_8cx:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sm7150_firmware>>-
cpe:2.3:o:qualcomm:sm7150_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sm7150>>-
cpe:2.3:h:qualcomm:sm7150:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sxr1130_firmware>>-
cpe:2.3:o:qualcomm:sxr1130_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sxr1130>>-
cpe:2.3:h:qualcomm:sxr1130:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE-20Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.qualcomm.com/company/product-security/bulletins#_CVE-2019-2250product-security@qualcomm.com
Vendor Advisory
Hyperlink: https://www.qualcomm.com/company/product-security/bulletins#_CVE-2019-2250
Source: product-security@qualcomm.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2141Records found
CVE-2017-18124
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.73%
||
7 Day CHG~0.00%
Published-26 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

During secure boot, addition is performed on uint8 ptrs which led to overflow issue in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9635m_firmwaremdm9640_firmwaresd_820amsm8996au_firmwaremdm9650sd_615_firmwaremsm8909w_firmwaremsm8996aumdm9645sd_650sd_820sd_450_firmwaresd_845_firmwaresd_410sd_820a_firmwareipq4019_firmwaremdm9206sd_652sd_425_firmwaresd_800_firmwaresd_625_firmwaresd_450mdm9635msd_845mdm9206_firmwaremdm9640sd_835_firmwaremdm9650_firmwaresd_835sda660sd_210_firmwaresd_415_firmwaresd_652_firmwaremsm8909wsd_616_firmwaresd_205_firmwaresd_415sd_650_firmwaresd_212fsm9055sd_412sdx20sd_616sd_425sd_430_firmwaremdm9607_firmwaresd_615mdm9655_firmwaresd_625sd_210mdm9607sd_820_firmwaremdm9645_firmwaremdm9625_firmwarefsm9055_firmwaresd_800sd_617sd_212_firmwaresd_850_firmwaremdm9655sd_412_firmwaresda660_firmwaremdm9625sd_430ipq4019sd_810sdx20_firmwaresd_410_firmwaresd_205sd_810_firmwaresd_617_firmwareSmall Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15845
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.76%
||
7 Day CHG~0.00%
Published-10 Jan, 2018 | 22:00
Updated-16 Sep, 2024 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an invalid input of firmware size (negative value) from user space can potentially lead to the memory leak or buffer overflow during the WLAN cal data store operation.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2020-11150
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 8.88%
||
7 Day CHG~0.00%
Published-21 Jan, 2021 | 09:41
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound memory access in camera driver due to improper validation on data coming from UMD which is used for offset manipulation of pointer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qpm5579qfs2580qca8337qdm5579qdm2307qfs2530qpa8802pm6125qat3519pm8150aqtc800hqdm5670sa6155pm7150lqpa8821qdm5671pmc1000hqat3518sd8cwcn3998wcn3950wcn3660bqca4020qdm5652sd6905gqpm8870qpm5679qbt2000pm855pqca6420pm6150asdr735gwcn3999pm8150bqsm7250qcs405qca6430qat3522pmr735awcd9340sd765gqca6436sdr660wcn6851sa6155pqpa6560sdr865wcd9341smr545qca6431qln5020sd750gqdm3302sa8150ppm6350qdm5621qdm5650wcn3988wtr3925smb1390pm6150lsd8885gwcn3610qpm6585qtc410swcn3991smb1355qln4650qpa8801sdm429wwgr7640qat5568qet5100qca6564ausdxr25gpm6150pm7250bqca6574qfs2630qpa8842wcd9380qualcomm215smb1381sdr735pm7250smb1395pm660lwtr4905qpa8803smr526wcn3980pmk8003qdm2301qsw8573qcs605wsa8815wcn6850qpm6375smb1394wcn3680pm8009sdx55mpm670apm8008qsw8574pme605pm855lqcs603sd8655gqpm5621qpm6582pm670pm8150lqdm5677pm8005sa6145ppm215qdm2302pmm6155ausdxr1ar8031qpm5577wtr2965pm8150qpm5875qet5100msdx55sa8155pcsra6640pm8350bhssd675qet4101qat3516pm670lqpm5658qca9379pm855bsmb2351qln1031qpm5870pm8909wsa8830pm660qln5030qpm6325qbt1500pmi632qpa5581csra6620qpm4621qcs4290qet6100pmm855ausdr660gqpa8686smb1396pm7150awcd9370pm8350qca6564sdr425qca6426qca9377qpm5641qpm5541qat5516qdm5620qln1021aqsd662pm8350bhpm3003asa8155qat5533qca6595auwcn3615sm7350qpm6670smb1354qca6584auqdm2305qpm8820qpm4641pm855pm8250smb1398qdm4643pmx55sd205qca6421qdm3301sa8195pqpm5677qat5515qat3514wcd9326wcd9335qet4200aqwcd9385pmm8155auqpm4630ar8035qca6390wcd9375aqt1000qpa8673qdm2310pmm8195auqln4642sda429wsd210wcn3620pmk7350qca6564asmr546pmx24qet6110qln5040qpm8895qpm5670wcn3990qtm527qca6595pmk8350sdx24qpm8830pm8350bqat5522wsa8835pm8150cpmr735bqpa4360qca6574aqpa4361qca6174apm8350csmr525qpm4640wcn6750pmr525pm7350cqpm4650qtm525sd855sd8cxsd665qca6175asd765pm640pqat3555sd460qca6391smb1351qpa5461qcm4290pm640asdr8150qfs2608pm8916qln1036aqqtc801sqdm4650pmd9655qca6574auqsw6310qpm6621wsa8810qdm2308qat3550wcn6856qdm5679wcn3680bsdr8250sd768gwcn6740qca6696qpa2625pm640lpmk8002sm7250pqpa5580Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-11259
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-8.8||HIGH
EPSS-0.04% / 10.51%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 05:00
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption due to lack of validation of pointer arguments passed to Trustzone BSP in Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-ar9580_firmwareipq4018_firmwareqfe1952ipq4028_firmwareqca7500_firmwareqca7520qca7500ipq4029_firmwareqca7550_firmwareqca9994qca4024_firmwareqca9889_firmwareqca9880_firmwareqca10901qca9992wcd9340csr8811_firmwareqca7520_firmwareqca9880wsa8810_firmwareqca7550wsa8810qcn3018_firmwareqca8075_firmwareipq4019_firmwareipq4018qcn3018qca9886_firmwareqca9889qca9888_firmwareqca9888qca9984_firmwareqca9994_firmwarear9580qca9898_firmwareqca4024csr8811ipq4019ar7420qca9886wcd9340_firmwarear7420_firmwareqca8075qfe1922qfe1922_firmwareqca9992_firmwareqfe1952_firmwareqca9984qca9898ipq4029ipq4028qca10901_firmwareSnapdragon Wired Infrastructure and Networking
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-11237
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.03% / 7.80%
||
7 Day CHG~0.00%
Published-07 Apr, 2021 | 07:55
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory crash when accessing histogram type KPI input received due to lack of check of histogram definition before accessing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfs2580qpm5679_firmwaresm6250p_firmwareqpm5620_firmwareqca8337qdm2307qca6431_firmwareqfs2530qpm8870_firmwareqpa8802qpm6585_firmwareqat3519qbt2000_firmwareqat5522_firmwarewcn3950_firmwarepm8150aqtc800hqdm5670sdr8250_firmwareqca6595au_firmwareqpa5581_firmwarepm7150lqpa8821qdm5671qpm4650_firmwareqat3518pm456_firmwareqpa5580_firmwaresa415mwcn3998smr526_firmwarewcn3950sd720gqdm2305_firmwareqpm5670_firmwareqdm5652sd6905gqca6574au_firmwareqpm8870wcd9375_firmwarewcn3998_firmwareqpm5679qbt2000pm6150aqpa8675_firmwaresdr735gpm8150bqdm3301_firmwareqsm7250pmr735asd765gqdm2308_firmwaresdr660qca6436wcn6851qpa6560sdr675_firmwaresdr865qdm5620_firmwarewcd9341qca6431qca6696_firmwareqln5020qet4100_firmwaresd870_firmwaresd750gqpm5657pm6350qdm5621wsa8830_firmwaresd855_firmwareqdm5650wcn3988smb1390qat5516_firmwarepm6150lpm855l_firmwareqet4100qpa8686_firmwareqpm6585wcn3991qca8337_firmwarewcd9380_firmwaresmb1355qln4650qpa8801sdr735g_firmwareqet5100qdm5671_firmwareqpa8801_firmwareqca6564aupm8150l_firmwareqat5533_firmwaresdx55m_firmwareqtm527_firmwaresdxr25gqpa8673_firmwarepm6150qet4101_firmwarepm7250bqln4642_firmwareqpa8842wcd9380smb1355_firmwarepm7250b_firmwareqln4640smb1381sdr735pm7250smb1395qpa8803smr526wcn3980pmk8003qtc801s_firmwaresdxr25g_firmwareqdm2301wsa8815wcn6850qdm5621_firmwareqdm2301_firmwareqca6426_firmwarepm8009wcn3980_firmwareqpa8675sd730sdx55mpm6250_firmwareqca6421_firmwarepm8008qtm525_firmwareqat3518_firmwaresd6905g_firmwaresd678_firmwareqpm5621_firmwarepm855lqln1021aq_firmwarewcn6851_firmwareqdm5670_firmwareqpa6560_firmwaresd8655gqpa8802_firmwareqln4640_firmwarepm7150a_firmwarepm8150b_firmwareqpm5621qpm6582pm8009_firmwareqdm2310_firmwareqfs2580_firmwaresd480sd870pm8150lqdm5677pm855_firmwarepm855b_firmwareqpm6582_firmwareqca6391_firmwarewcd9370_firmwareqln4650_firmwareqat3516_firmwaresdx55sd675qet4101qat3555_firmwareqat3516qpa8803_firmwareqpm5658pm855bqln1031qpm5658_firmwarewcn3991_firmwareqdm5652_firmwarewsa8830sd678qet6110_firmwareqln5030qbt1500qpa5581pmi632qpa2625_firmwarepm456csrb31024pmr735b_firmwarepmx24_firmwareqbt1500_firmwareqet5100_firmwareqet6100_firmwareqet6100sd765g_firmwareqpa8686qca6390_firmwaresmb1396sd730_firmwarepm7150awcd9370sd675_firmwarepmr525_firmwareqca6426qca6584au_firmwarewcn3990_firmwarepmi632_firmwarewcd9385_firmwareqdm5650_firmwareqat5516pm7250_firmwareqdm5620qln1021aqqpa8821_firmwarepmk8002_firmwarepm3003aqln1031_firmwaresdx55_firmwareqat5533qca6595ausm7250p_firmwareqca6436_firmwareqsm7250_firmwarepm7150l_firmwareqca6564au_firmwareqca6584auqdm2305qpm8820qat5515_firmwareqln5020_firmwarepm855qpm8830_firmwarepm8250qfs2530_firmwaresa415m_firmwarepmx55wcn3988_firmwaresdr675pm8150c_firmwareqca6421qdm3301qpa8842_firmwareqat3519_firmwaresdr735_firmwaresm6250wsa8810_firmwareqpm5677qat5515sd765_firmwareqdm5677_firmwarepm6350_firmwaresdr8150_firmwarewcd9385qtc800h_firmwareqpm5620qln5040_firmwareqca6390wcd9375sd750g_firmwareqpa8673sm6250_firmwareqdm2310qln5030_firmwareqln4642qpm5677_firmwarewsa8815_firmwaresmb1396_firmwaresmr525_firmwarewcn6850_firmwarewsa8835_firmwareqpm8820_firmwarepmx24qet6110qln5040qpm8895qpm5670wcn3990pmx55_firmwareqtm527qpm8830qdm2307_firmwareqat5522wsa8835pm8150cpmr735bqpm5657_firmwaresm6250ppmk8003_firmwaresdr660_firmwareqca6574asmb1390_firmwareqdm5679_firmwaresmr525pm6150l_firmwarepmr525pm8150a_firmwareqpm4650qtm525qln1036aq_firmwaresd855pm6150a_firmwarepm6150_firmwaresd765qca6574a_firmwaresd768g_firmwaresdr865_firmwareqat3555pm8250_firmwareqca6391qpm8895_firmwarecsrb31024_firmwaresdr8150sd480_firmwareqln1036aqqtc801ssmb1395_firmwareqca6574aupm8008_firmwaresd8655g_firmwarewcd9341_firmwarewsa8810pmr735a_firmwareqdm2308qdm5679sdr8250sd768gpm3003a_firmwareqca6696smb1381_firmwareqpa2625pmk8002sm7250psd720g_firmwarepm6250qpa5580Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
CWE ID-CWE-20
Improper Input Validation
CVE-2020-11180
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.80%
||
7 Day CHG~0.00%
Published-21 Jan, 2021 | 09:41
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound access in computer vision control due to improper validation of command length before processing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfs2580wsa8830sdr051qln5030qbt1500qfs2530qpa8802qat3519pmm855aupm8150asc8180x\+sdx55qtc800hqdm5670qpa8686sa6155pm7150lqpa8821pm7150awcd9370qdm5671pmc1000hqca6426qat3518sd8cwcn3998qdm5620pm3003asa8155qdm5652qat5533qca6595auqpm5679qbt2000pm855pqca6420qdm2305qpm8820pm8150bpm855qsm7250pm8250pmx55qca6430qca6421qdm3301wcd9340sa8195pqpm5677qat5515sd765gqca6436sdr660wcn6851sa6155pqpa6560sdr865wcd9385wcd9341qca6431qln5020wcd9371qpm5620pmm8155auqca6390wcd9375aqt1000qpa8673qpm5657sa8150ppmm8195auqdm5621qln4642qdm5650wcn3988sdr052smb1390qet6110qln5040qpm8895qpm6585wcn3991qpm5670wcn3990smb1355qln4650qpa8801qet5100qpm8830sdxr25gpm6150qat5522wsa8835pm7250bqca6574pm8150cpmr735bqpa8842wcd9380smb1381qca6574asdr735pm7250smb1395smr525qpa8803smr526wcn3980pmk8003wcn6750pmr525qdm2301qpm4650qtm525sd855wsa8815sd8cxwcn6850wcn3910sd765qat3555pm8009sd730qca6391sdx55mpm8008sdx50msdr8150pm855lqtc801ssd8655gqca6574auqpm5621qpm6582wsa8810pm8150lpmx50qdm5677qdm5679qsm8250sa6145ppmm6155ausdr8250sd768gqca6696pm8150pm8004pmk8002qpa2625sa6150psa8155psdx55qet4101qat3516sm7250pqpm5658pm855bsmb2351qpa5580Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-11257
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-8.8||HIGH
EPSS-0.04% / 10.51%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 05:00
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption due to lack of validation of pointer arguments passed to TrustZone BSP in Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-ar9580_firmwareipq4018_firmwareqfe1952ipq4028_firmwareqca7500_firmwareqca7520qca7500ipq4029_firmwareqca7550_firmwareqca9994qca4024_firmwareqca9889_firmwareqca9880_firmwareqca10901qca9992wcd9340csr8811_firmwareqca7520_firmwareqca9880wsa8810_firmwareqca7550wsa8810qcn3018_firmwareqca8075_firmwareipq4019_firmwareipq4018qcn3018qca9886_firmwareqca9889qca9888_firmwareqca9888qca9984_firmwareqca9994_firmwarear9580qca9898_firmwareqca4024csr8811ipq4019ar7420qca9886wcd9340_firmwarear7420_firmwareqca8075qfe1922qfe1922_firmwareqca9992_firmwareqfe1952_firmwareqca9984qca9898ipq4029ipq4028qca10901_firmwareSnapdragon Wired Infrastructure and Networking
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-11201
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.73%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 10:00
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Arbitrary access to DSP memory due to improper check in loaded library for data received from CPU side' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCM6125, QCS410, QCS603, QCS605, QCS610, QCS6125, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA845, SDM640, SDM830, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6150, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM8150, SM8150P

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sm7125sa6155p_firmwaresda640sm6250p_firmwareqcs610sm6125sdm640sdx50msdm845qcs6125qcs603sa8155_firmwaresdx55m_firmwaresm7150_firmwaresa6145p_firmwaresa8155p_firmwaresm6150sm6250sdm830_firmwareqcm6125sm7150sm6250psa6155qcs410sa6155pqcs610_firmwareqcs603_firmwareqcs605_firmwaresda640_firmwaresdx50m_firmwaresa6145pqcs6125_firmwaresm7150psm8150_firmwaresm7150p_firmwaresda845_firmwareqcs605sm7125_firmwaresdx55sm6250_firmwaresa8155psm6150_firmwaresm8150p_firmwaresm8150sa8155sdm830sdx55_firmwaresdm640_firmwaresa6155_firmwareqcs410_firmwaresm6125_firmwaresdx55msm8150psda845qcm6125_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-20
Improper Input Validation
CVE-2020-11253
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.80%
||
7 Day CHG~0.00%
Published-22 Feb, 2021 | 06:25
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Arbitrary memory write issue in video driver while setting the internal buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfs2580qpm5679_firmwaresa6150p_firmwareqpm5620_firmwareqdm2307qca6431_firmwareqfs2530qpm8870_firmwareqpa8802qpm6585_firmwareqat3519qbt2000_firmwareqat5522_firmwarepm8150aqtc800hqdm5670sa8150p_firmwareqca6595au_firmwaresdr8250_firmwareqpa5581_firmwaresa6155pm7150lqpa8821qdm5671pmc1000hqpm4650_firmwareqat3518sd8cqpa5580_firmwarewcn3998wcd9371_firmwaresmr526_firmwareqdm2305_firmwareqpm5670_firmwaresmb2351_firmwareqdm5652sd6905gqca6574au_firmwareqpm8870wcd9375_firmwarewcn3998_firmwareqpm5679qbt2000sa6155_firmwarepm855pqca6420pm6150apmx50_firmwaresdr735gpm8150bqdm3301_firmwareqsm7250sa8155_firmwareqca6430pmr735awcd9340sd765gqdm2308_firmwaresdr660qca6436wcn6851sa6155pqpa6560sdr865qdm5620_firmwarewcd9341qca6431qca6696_firmwareqln5020wcd9371sd750gpmm855au_firmwarewcn3910_firmwaresa8150pqpm5657pm6350qdm5621wsa8830_firmwaresd855_firmwareqdm5650wcn3988sdr052sa8195p_firmwaresmb1390wcn6750_firmwareqat5516_firmwarepm6150lpm855l_firmwareqpa8686_firmwareqpm6585wcn3991wcd9380_firmwaresmb1355qln4650qpa8801sdr735g_firmwareqet5100qdm5671_firmwareqpa8801_firmwarepm8150l_firmwareqat5533_firmwaresdx55m_firmwaresdxr25gqpa8673_firmwarepm6150qet4101_firmwareqca6574pm7250bqln4642_firmwareqpa8842sdr052_firmwarewcd9380smb1355_firmwarepm7250b_firmwaresmb1381pm855p_firmwaresdx50m_firmwaresdr735pm7250smb1395qpa8803smr526qca6430_firmwarepmk8003qtc801s_firmwarewcn3980sdxr25g_firmwareqdm2301wcd9340_firmwarewsa8815wcn6850wcn3910qdm5621_firmwareqdm2301_firmwareqca6426_firmwarepm8009wcn3980_firmwaresd730sdr051_firmwaresdx55mqca6421_firmwarepm8008qtm525_firmwareqat3518_firmwaresd6905g_firmwareqpm5621_firmwarepm855lwcn6851_firmwareqdm5670_firmwareqpa6560_firmwaresd8655gqpa8802_firmwarepm7150a_firmwarepm8150b_firmwareqpm5621qpm6582pmc1000h_firmwarepm8009_firmwareqdm2310_firmwareqfs2580_firmwarepm8150lqdm5677qsm8250sa6145ppm855_firmwarepmm6155aupm855b_firmwareqpm6582_firmwareqca6391_firmwarepm8150wcd9370_firmwareqln4650_firmwareqat3516_firmwaresdx55sa8155pqet4101qat3555_firmwareqat3516qpa8803_firmwareqpm5658pm855bsmb2351qsm8250_firmwareqpm5658_firmwarewcn3991_firmwareqdm5652_firmwarewsa8830pmm8155au_firmwaresdr051qet6110_firmwareqln5030qbt1500qpa5581qpa2625_firmwarepmr735b_firmwareqbt1500_firmwareqet5100_firmwareqet6100_firmwareqet6100pmm855ausd765g_firmwareqpa8686qca6420_firmwareqca6390_firmwaresmb1396sd730_firmwarepm7150awcd9370pmr525_firmwareqca6426wcn3990_firmwarewcd9385_firmwareqdm5650_firmwareqat5516pm7250_firmwareqdm5620qpa8821_firmwarepmk8002_firmwarepm3003asa8155sdx55_firmwarepmm6155au_firmwareqat5533qca6595ausm7250p_firmwareqca6436_firmwareqsm7250_firmwarepm7150l_firmwareqdm2305sa6155p_firmwareqpm8820qat5515_firmwareqln5020_firmwarepm855qpm8830_firmwarepm8250qfs2530_firmwarewcn3988_firmwarepmx55sa6145p_firmwarepm8150c_firmwareqca6421qdm3301qpa8842_firmwareqat3519_firmwaresa8195psdr735_firmwarewsa8810_firmwareqpm5677qat5515sd765_firmwareqdm5677_firmwarepm6350_firmwarepm8004_firmwaresdr8150_firmwarewcd9385qtc800h_firmwareqpm5620pmm8155auqln5040_firmwareqca6390wcd9375sd750g_firmwareaqt1000qpa8673qdm2310pmm8195auqln5030_firmwareqln4642qpm5677_firmwarewsa8815_firmwaresmb1396_firmwaresmr525_firmwarewcn6850_firmwarewsa8835_firmwareqpm8820_firmwareqet6110qln5040qpm8895qpm5670wcn3990pmx55_firmwarepm8150_firmwareqpm8830qdm2307_firmwareqat5522wsa8835pm8150cpmr735bqpm5657_firmwarepmk8003_firmwaresdr660_firmwaresc8180xqca6574asmb1390_firmwareqdm5679_firmwaresmr525wcn6750pm6150l_firmwarepmr525pm8150a_firmwareqpm4650qtm525qca6574_firmwaresd855sd8cxpm6150a_firmwarepm6150_firmwaresd765qca6574a_firmwaresd768g_firmwaresdr865_firmwareqat3555pm8250_firmwareqca6391sd8cx_firmwareaqt1000_firmwaresd8c_firmwareqpm8895_firmwaresdx50msdr8150qtc801ssmb1395_firmwaresc8180x_firmwareqca6574ausa8155p_firmwarepm8008_firmwaresd8655g_firmwarewcd9341_firmwarewsa8810pmr735a_firmwareqdm2308pmx50qdm5679sdr8250sd768gpm3003a_firmwareqca6696smb1381_firmwarepm8004pmk8002qpa2625sa6150ppmm8195au_firmwaresm7250pqpa5580Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CVE-2020-11181
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.80%
||
7 Day CHG~0.00%
Published-21 Jan, 2021 | 09:41
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound access issue while handling cvp process control command due to improper validation of buffer pointer received from HLOS in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfs2580wcd9380_firmwaresmb1355pmx55_firmwaresd865_5gqca6431_firmwarepm8150l_firmwareqfs2530sdx55m_firmwareqbt2000_firmwarepm8150cpm8150awcd9380qtc800hsdr8250_firmwaresmb1355_firmwareqca6390_firmwaresmb1390_firmwarepmr525_firmwareqca6426smr525smr526wcn6750qtc801s_firmwaresmr526_firmwarewcd9385_firmwaresdxr2_5g_firmwarepmr525pm8150a_firmwarewsa8815wcn6850pmk8002_firmwarepm3003aqca6426_firmwaresdx55_firmwaresdr865_firmwarepm8009qbt2000pm8250_firmwareqca6391sdx55mqca6436_firmwareqca6421_firmwarepm8150bsdxr2_5gpm8250wcn6851_firmwareqtc801sqfs2530_firmwarepmx55pm8150b_firmwarepm8150c_firmwareqca6421pm8009_firmwarewsa8810_firmwareqfs2580_firmwarewsa8810qca6436wcn6851pm8150lqsm8250sdr865wcd9385qtc800h_firmwaresdr8250qca6431pm3003a_firmwareqca6391_firmwareqca6390sdx55pmk8002sd865_5g_firmwarewsa8815_firmwarewcn6850_firmwaresmr525_firmwaresmb1390wcn6750_firmwareqsm8250_firmwareSnapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-11204
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.51%
||
7 Day CHG~0.00%
Published-22 Feb, 2021 | 06:25
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for parameters that are read from shared MSG RAM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfe3100qfe2080fc_firmwareqca9377_firmwareqpm5679_firmwarepmd9607_firmwareqfs2530qpm8870_firmwareqln1030pm6125mdm9645wcn3950_firmwarepm8150aqdm5670qpm5541_firmwareqpa5581_firmwareqpa8821qcs6125_firmwarepm456_firmwaremsm8108sa415mwcn3998wcd9371_firmwaremsm8108_firmwarewcn3950mdm9206_firmwareqsw8573_firmwarewcn3660bsd450_firmwareqsm8350_firmwareqsm8350smb2351_firmwarepm855pwtr4605_firmwarepm6150aqca9367_firmwareipq8072_firmwaresa8155_firmwareqca4004_firmwareqat3522qfe4455fcpmr735asdm830_firmwaresd765gsdr660qfe1045_firmwareqfe3345qfs2630_firmwaresdr865mdm9250_firmwareqdm5620_firmwaresmr545qca6696_firmwareqln5020pmm855au_firmwaresa8150pqfe3340sd660sd712pm640p_firmwareqcn5121wcn6750_firmwarepm6150lsd450sd8885gpm855l_firmwareqca6428_firmwareqtc410sqfe3335_firmwareqpa8801ipq8078qat5533_firmwareipq8173sdx55m_firmwareqpa8673_firmwaresd670_firmwaresd632_firmwareqfs2630pmm8996auqpm5579_firmwaresmb1380_firmwareqfe4309_firmwarepmk8350_firmwareqcn5024pm855p_firmwaresmb1381pm7250wtr4905sdx24_firmwareqcn9012_firmwaresd439_firmwareqdm2301qfe2101_firmwareqdm5621_firmwareqpm6375msm8937_firmwareipq6028pmp8074qca1990wcn3980_firmwaresd730qfe3320_firmwarepm8008pm8350b_firmwarepme605_firmwarewtr1605l_firmwarepme605apq8064au_firmwareipq8078_firmwareqcn5054qln1021aq_firmwareqcs603qln4640_firmwareqpm6582qcn9024_firmwareqfe4303qcs610_firmwareapq8084_firmwarepm215ar8031wtr2965qca6391_firmwarepmx20_firmwareqca4024pmi8937_firmwareqat3516_firmwareapq8053qcn5021_firmwarewcn3660qca9379pm855bsmb2351qsm8250_firmwaremdm9150_firmwareqpa5581qfe1040_firmwarecsrb31024mdm9628_firmwaremdm9650fsm10055_firmwareqbt1500_firmwareqpm5870_firmwarepmk8001qcs4290qet6100smb1394_firmwareapq8009_firmwaremsm8916_firmwaresd675_firmwareipq8072qca6426qca9984_firmwareqca9377qpm5641qpa5373_firmwarewtr2955rgr7640au_firmwarepm7250_firmwareqdm5620ipq8074aqcn5122_firmwareqat5533qcn6023_firmwaresm7250p_firmwarewcn3610_firmwareqsm7250_firmwaremdm9207qpm6670pm7150l_firmwareqca6584aupm855pm8250qcn5052mdm9607_firmwaremdm9655_firmwareqfs2530_firmwaresa415m_firmwareqat3519_firmwareqpm5677qat5515qcs4290_firmwareqtc800h_firmwarepmk7350_firmwareqpm5620sd750g_firmwareaqt1000sm6250_firmwarepmm8195auqln4642ipq5010_firmwareipq8074a_firmwarewsa8815_firmwarepmi8937smr525_firmwareqpm8820_firmwareqfe4301_firmwareapq8017qpm6621_firmwarewtr2955_firmwareqbt1000_firmwarepm8019qca6595smb1398_firmwarepm8150cpmr735bsd665_firmwareqcn5154qpm5577_firmwareqdm5679_firmwareqca6310_firmwarepm6150l_firmwareqca6574_firmwaresd665pm6150a_firmwarepmd9607sd8c_firmwarewtr2965_firmwarecsrb31024_firmwareqfs2608qcn9070_firmwareqln1036aqipq6028_firmwareipq8072a_firmwarepmi8940_firmwaresc8180x_firmwareqca9889_firmwaresd710mdm9607mdm9645_firmwareqln1035bd_firmwaresdx20m_firmwarepmw3100qca6564_firmwarewcn6740smb1350_firmwarepmk8002apq8096au_firmwareqcn9022sdm830smb1357qpa5580qpm5579fsm10055qfe2550qcn5550qdm2307qca6431_firmwareqpa8802wcd9360_firmwareqpm6585_firmwareqat3519qbt2000_firmwareipq8078asa8150p_firmwaresdr8250_firmwareqcn5064csra6620_firmwareqln1020csra6640_firmwarepmc1000hqat3518smr526_firmwareipq8076apm640a_firmwarewgr7640_firmwareqca4020qca6428qdm5652qcn5164_firmwareipq8071sa6155_firmwarewcd9360sdx20mqca6438_firmwareqpa8675_firmwareqpa5460_firmwarewcn3999pm8940_firmwareqsm7250pm8996apq8016_firmwareipq6010sd662_firmwareqdm2308_firmwareqca4020_firmwareqca6436wcn6851sa6155pqcs603_firmwarepmc7180wcn3660_firmwarepmi8952mdm9655qca6431qfe4320_firmwarewcn3910_firmwaresd855_firmwareqdm5650qfe2080fcsdr052sa8195p_firmwaresmb1390msm8208_firmwaremsm8608qpa8686_firmwarewcd9380_firmwarepm8350bhs_firmwarewgr7640qat5568qpa8801_firmwareqdm5671_firmwaresd636qtm527_firmwarepm8005_firmwarepm7250b_firmwarepmd9655_firmwaresmb1351_firmwarepm8996_firmwarear8151smr526qca8072_firmwareqca6430_firmwarepmk8003qtc801s_firmwarewcn3980qat3522_firmwareqsw8573qcs605qbt1000sd7cwcn3910smb1394qca6426_firmwarepm8350_firmwarepm8009qfe4373fcmsm8953qat3518_firmwarepmi8998qfe2520sd821_firmwarear8031_firmwarepm855lqfe4302pm8150b_firmwaresmr545_firmwareqca6694au_firmwarepm670sd210_firmwarepm8005qdm2302sdxr1apq8096auqcs405_firmwarepmi8996_firmwareqln4650_firmwareqet5100msd439qat3516qpm5658ar8035_firmwareqcm2290qpm5658_firmwareqcn5024_firmwarewcn3991_firmwareqdm5652_firmwareqfe4465fcqcn9070fsm10056pmi632pm8350bh_firmwarepmr735b_firmwaresmb1360_firmwarepm670l_firmwaresdr660gqfe2340sd455sd730_firmwarewcd9370sdr425qcn9000_firmwareipq5018ar8151_firmwareqpm5541qat5516qfe4308qcn5124_firmwarepm8350bhapq8037qca6320_firmwarewcn3680b_firmwareqca6595auipq5010qdm2305sa6155p_firmwareqca6310pm8937qpm2630smb1398sa6145p_firmwaresdr675ipq8071aipq8071a_firmwarewcd9385qat3550_firmwareqln5040_firmwarepm4125_firmwarear8035pm8019_firmwareapq8064auqca6694_firmwareqdm2310qfe2550_firmwareqcn9100_firmwareqln5030_firmwaresda429wwcn3620_firmwaresd820smb1396_firmwarewcn3620smr546pmx24qln5040qca8072qpm8895sdr845qtm527qfe3440fc_firmwarepmk8350qdm3302_firmwarepmc7180_firmwaremsm8996auqfe1035qpm5657_firmwarepmi8940sm6250pqln1035bdpm855asdr660_firmwarepm8909_firmwareqca6574aqfe4303_firmwareqpm4640qet5100m_firmwareipq8076_firmwaremdm9205qpm4650sa515msd8cxqfe4305ipq8076sdr865_firmwareqfe4465fc_firmwarepm8250_firmwaresd460qca6391sdxr1_firmwarepm215_firmwaremsm8920pm660asdx50mpm640apm8916pmd9655auqdm4650ipq8074_firmwareqca6574ausa8155p_firmwaresd205_firmwareqsw6310qcm6125qpm2630_firmwaresmb231_firmwareqdm2308qat3550wcn6856sd835_firmwareqtc800s_firmwaresa6150pqcn9022_firmwareqpa8688_firmwareapq8037_firmwareipq8070apmm8195au_firmwareqcn9072_firmwaresm7250psd720g_firmwareqpm4621_firmwaresd850qln4640sd636_firmwareqfs2580mdm9640_firmwaresm6250p_firmwareqfe4455fc_firmwareqca8337qdm5579ipq8173_firmwareqfs2608_firmwareqpa8688qcn5124qat5522_firmwareqca6595au_firmwaresa6155pm7150lpm8998_firmwarewtr5975_firmwareqpa5580_firmwareqcn6024_firmwaresd720gsm4125wtr1605qfe4320qcc112qsw8574_firmwaresd460_firmwarepm8953_firmwaresd6905gqpa4360_firmwareqca8081_firmwareqfe2520_firmwarewcn3998_firmwareqca6420apq8053_firmwareqpm6670_firmwareipq8070_firmwareipq8078a_firmwaremdm8207pm660_firmwarepm8150bqfe2101qca6430wcd9306_firmwarewcd9340msm8209_firmwaresmb1358qca9888_firmwarewcd9371smb1350qcn5154_firmwaresm4350_firmwarewtr3950pm6350qdm5621qtc800sqca4004qat3514_firmwaresd660_firmwareqcn5022_firmwareqat5516_firmwarewcn3991sdm429wpm8150l_firmwaresdxr25gpm6150smb1354_firmwareqca6574qpa8842csr8811_firmwaresdr052_firmwarewcd9380qualcomm215qcs410qfe3100_firmwareqca9379_firmwareqpa8803sdxr25g_firmwarepmd9645ipq6018_firmwarewcd9340_firmwarewsa8815wcn6850pmp8074_firmwareqdm2301_firmwaresd835pm660l_firmwarepm6250_firmwarewcn6740_firmwareqtm525_firmwareqcn5064_firmwareqpm5621_firmwareqca6234rsw8577qpa6560_firmwareqpa8802_firmwareqfe4308_firmwareqpm5621sd670ipq8174_firmwarepm8009_firmwareqfs2580_firmwareqcm4290_firmwarepm8150lpmi8998_firmwaresa6145ppm660a_firmwaresdr105pm4250qpm5577mdm8207_firmwaresdm630_firmwaremdm9205_firmwaresd820_firmwarepm8150wcd9370_firmwaresdx55csra6640pm8350bhsqat3555_firmwarepmi8994qpa8803_firmwareqca6234_firmwareqln1031qpm5870pm8909qfe1040wsa8830pm660qet6110_firmwareqdm5579_firmwareqpm6325pm6125_firmwareqbt1500qfe2340_firmwarepmx24_firmwarepmm855aumdm9250qca6420_firmwaresmb1396pm7150apm8350qca6564qpa4361_firmwarepm8350c_firmwareqpa5461_firmwarewcn3990_firmwarewcd9385_firmwareqdm5650_firmwareqpa4340_firmwarewcd9326_firmwarewhs9410wcn3615_firmwaresdr845_firmwareqln1021aqsmb1380pmk8002_firmwareqsw6310_firmwaresa8155qln1031_firmwareqdm4650_firmwaresdx55_firmwarepmm6155au_firmwarewcn3615pm8940wcd9306msm8208qpm4641qat5515_firmwareipq8174qpm8830_firmwaresd429qca9367qfe2082fc_firmwaresdm630qdm4643wcn3988_firmwarepmx55qpm4641_firmwareqcn9074sd205sd429_firmwarepm8150c_firmwareqca6421qdm3301qpa8842_firmwaresa8195psdr735_firmwarepm8953qca6694qat3514wcd9326wcd9335pm6350_firmwareqcn6023pm8004_firmwaresdr8150_firmwarepm439qpm4630qca6390wcd9375msm8917_firmwareqpm5677_firmwaresdx20_firmwarewtr3925_firmwarepm8998pmk7350msm8916qcc112_firmwareqln1020_firmwarepm670a_firmwareqcm6125_firmwarepmx55_firmwareqfe4373fc_firmwarepm8150_firmwareqpm8830pmm8996au_firmwareqat5522qpa4360pmk8003_firmwareqca8075_firmwaresc8180xqpa4361ipq6005_firmwaremdm9206qpm4640_firmwarepm8350csmr525qca9888qfe4305_firmwareipq8070a_firmwarepmr525pm8150a_firmwarewtr3950_firmwareqln1036aq_firmwarepm6150_firmwareqca6175asd765pmx20qca6574a_firmwareqpm4630_firmwareqat3555sd850_firmwareapq8009qpa5461qfe2082fcpm670_firmwareqtc801sqpm5641_firmwareqfe3320qcn5122pm8008_firmwareqpm6621pmr735a_firmwarepmx50qfe3345_firmwareqcn5022sdr8250sd768gqln1030_firmwarepmw3100_firmwarepm8004pm640lmsm8940qca8075qcn6024sd845sd455_firmwareipq6000_firmwarepmd9655au_firmwareqcs410_firmwareqca6175a_firmwaresa6150p_firmwareqcs610pmi8996qpm5620_firmwareqfe1045qca4024_firmwarepm855a_firmwareqtc800hqcs2290qca6335msm8917qcs605_firmwaresmr546_firmwarewtr3905qdm5671qpm4650_firmwaresd8csd632sdr425_firmwaremdm9628qpa5460qdm2305_firmwareqpm5670_firmwaresd710_firmwareqca6574au_firmwareqpm8870wcd9375_firmwareqpm5679qbt2000pmx50_firmwarewhs9410_firmwaresdr735gqdm3301_firmwareqcs6125smb1360qcs405qca1990_firmwarequalcomm215_firmwareqfe3440fcrsw8577_firmwarefsm10056_firmwarepm439_firmwareqpa6560msm8937sdr675_firmwarewcd9341sm7350_firmwareqdm4643_firmwarepm8937_firmwareqet4100_firmwaresd750gqdm3302qpm5657wtr1605_firmwaremdm9207_firmwareqpm5875_firmwarewsa8830_firmwarewcn3988qca6438wtr3925qet4100wcn3610mdm9640ipq5018_firmwareqpm6585qca8337_firmwaresda429w_firmwaresmb1355ipq8072aqln4650qtc800t_firmwaremsm8996au_firmwaresdr735g_firmwarewcd9330ipq8076a_firmwareqet5100qca6564auwcn6856_firmwareqcn5164msm8940_firmwareqet4101_firmwarepm7250bqln4642_firmwarepmk8001_firmwaresmb1355_firmwareqcn5054_firmwareqet4200aq_firmwaresdx50m_firmwaresdr735smb1395pm660lwtr5975wcd9335_firmwareqcn5052_firmwarepm7350c_firmwareqca6335_firmwareqca6320mdm9650_firmwarewcn3660b_firmwarewcn3680qca9984qfe4309qcn9024qpa8675qcn5550_firmwaresdr051_firmwaresdx55mwcd9330_firmwarepm670aqca6421_firmwarewtr3905_firmwareqsw8574sd6905g_firmwarewcn3680_firmwarewcn6851_firmwareqdm5670_firmwareipq8070sd8655gpm7150a_firmwarepmc1000h_firmwareqca6564a_firmwareqdm2310_firmwarepm4250_firmwaresdr105_firmwarepmd9645_firmwareqcn5121_firmwaresd8885g_firmwarewtr1605lqdm5677qsm8250ipq6018pm855_firmwarepmm6155aupm855b_firmwareqca6595_firmwareqpm6582_firmwareqpm6375_firmwarepm640l_firmwareqpm5875sa8155psd675wtr4605qet4101pm670lpmm8155au_firmwaresdr051qln5030qcs2290_firmwarepm4125qpa2625_firmwarepm456sd7c_firmwareqfe2081fc_firmwarecsra6620qet5100_firmwareqpa5373qpm4621qcn9072qet6100_firmwaresd765g_firmwareqpa8686smb1358_firmwareqca6390_firmwareipq6000qcn5152_firmwarepmr525_firmwareqca6584au_firmwareqfe3340_firmwarepmi632_firmwaresmb358_firmwaresd662qpa8821_firmwaresdr660g_firmwarepm3003awcn3999_firmwareqca6436_firmwareqtc800tsm7350smb1354qca6564au_firmwareqpm8820qfe2081fcqln5020_firmwaresa515m_firmwareapq8084sd821sm6250sd712_firmwareapq8017_firmwarewsa8810_firmwaresmb231sd765_firmwareqdm5677_firmwareqca8081qet4200aqqca6174a_firmwareqpm6325_firmwareqdm2302_firmwarepmm8155aucsr8811qpa8673msm8953_firmwareqca6694ausd210qfe4302_firmwarewcn6850_firmwarewsa8835_firmwaresmb358qca6564aqet6110pmi8952_firmwareqcm2290_firmwareqpm5670wcn3990qcn9000sdx24qcn9012pmi8994_firmwarepm8350bqdm2307_firmwarewsa8835sdm429w_firmwarergr7640aupm8916_firmwareqca9889qca6174asmb1390_firmwareipq8074wcn6750pm7350cqtm525wtr6955qfe3335sd855sm4125_firmwarewtr6955_firmwarepm640pqcn5021qcn5152sd768g_firmwaremsm8209smb1351smb1357_firmwaresd8cx_firmwareipq6005aqt1000_firmwareqcn9100qpm8895_firmwareqpa4340qfe1035_firmwareqcm4290sdr8150sdx20msm8920_firmwaresmb1395_firmwarepmd9655sd8655g_firmwarewcd9341_firmwarewsa8810qtc410s_firmwareqat5568_firmwarewtr4905_firmwaremdm9150qdm5679wcn3680bipq6010_firmwarepm3003a_firmwareqca6696qfe4301sm4350apq8016msm8608_firmwaresd845_firmwaresmb1381_firmwareqpa2625ipq8071_firmwareqcn9074_firmwarepm6250Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CVE-2020-11261
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.29% / 51.69%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 05:00
Updated-30 Jul, 2025 | 01:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-01||Apply updates per vendor instructions.

Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-pmm855auqcm2290_firmwaresd855_firmwarepmk8001_firmwarewcn6850_firmwarepmw3100pm8909_firmwaresd_636_firmwarepm8150c_firmwareqdm2302wcn3990qdm5679qpa8821sa6145pqln5030sd675_firmwareqca6430qpa8842qca9379_firmwareqpa5580_firmwaresmb1380_firmwareqpa8673pm8996_firmwarepm640aqpa8686wcd9340_firmwaresd720gcsrb31024qpm4650_firmwarepm8350b_firmwareqet6110_firmwareqpa8803_firmwarepmx50_firmwareqca6574au_firmwarepmi8952qca6696sd_636sm4125_firmwaresmb1395_firmwaresdr8150_firmwaresmb2351qpm4641apq8009_firmwarepm4125_firmwarecsrb31024_firmwareqcm4290qfs2530_firmwaresa515msmb1381_firmwarepmi8996qtc800tqtm527sdr845pm670l_firmwareqpa6560sm6250_firmwarepm8005_firmwareqdm2301_firmwareqfe4303wtr3905wcn6856_firmwaresd205pm8150qfe4303_firmwarepmk8350qat5522_firmwareqln1030_firmwaresd675qpa8821_firmwaresd662_firmwareqdm5579_firmwareqfe4302qat5533_firmwareqpa8675_firmwarepm6150l_firmwaresmb1396_firmwareqpm8895wcn3910_firmwaresd439_firmwareqca6574auwcn3610_firmwarepm855b_firmwarepmr735asdr735sdr660_firmwareqln1036aq_firmwareaqt1000_firmwaresmb1380sd670_firmwarepmx55pm8009smb1355qca6420_firmwarepm6150aqpm6582qpm6585_firmwaresd_675_firmwarewcd9326sdx50m_firmwaresda429w_firmwaresd205_firmwareqca6431_firmwareqca6421_firmwaresd_455qsw6310apq8096au_firmwaresd820qsm7250_firmwaresdr425qca6564awcn3998sdr735g_firmwareqpm5677qpm5870_firmwareqca4020_firmwaresmr525pm8350bhs_firmwareqat3522wcn3980sm4350qpa5373sd865_5g_firmwaresmb1394_firmwareqln5020_firmwareqpm5875_firmwaresmb1360_firmwarewcn3988pm7250_firmwarepmc1000h_firmwaresd765g_firmwarewcn3660bqtc410sqca6574a_firmwareqpm4630_firmwareapq8017_firmwarewcd9375_firmwaremsm8917_firmwarepmk7350_firmwarepmr525qdm5670_firmwarepm8150bqca6420pme605qat5568_firmwarepmk8350_firmwarepm7150l_firmwareqpa4360_firmwarewcn3998_firmwareqdm4643_firmwarepmw3100_firmwaresd888_5gmdm9650_firmwareqat5522qcs2290_firmwareqca9377sd450_firmwarepm8150_firmwarepmi8994pm6125_firmwareqdm5621sdw2500_firmwaremsm8996au_firmwarepm660l_firmwarecsra6640_firmwareqca6310_firmwareqfe2520qsw8574_firmwarepm8998sdm830_firmwareqpa4340qdm5671_firmwarepmk8003qtc801s_firmwaresa515m_firmwarewgr7640_firmwarepm6150_firmwarepm6250sdm830pmi8996_firmwarepm8998_firmwarepm855qpm5621_firmwaresmb1390_firmwaresdx55qet4101sd210_firmwareqtc410s_firmwareqfe4373fc_firmwaresmb1354wcn6856qpm6325_firmwaresd460_firmwarepm8350c_firmwareqcs610_firmwarewtr4905wcn3610qet5100mwcd9341qfe2550_firmwareqdm2310_firmwarewcn6750_firmwaresd632_firmwareqln1020qcm6125qpa5373_firmwarepmi632_firmwareqfe4305_firmwaresmb1351_firmwaresd_675qdm5652pmx24wcd9385qfs2608_firmwareqca6564aumsm8909wsd888_5g_firmwaresdm429w_firmwarefsm10055wcd9371qpm6325qca6564au_firmwarear8031wtr5975qpm6670qpm5679_firmwareqpm4641_firmwarepm8909qcs605wcn6851sd855qcs6125sa6155pwtr2955sdr425_firmwareqcs2290qcs4290_firmwarepme605_firmwarewtr2965wcn3980_firmwaresm7350sd690_5gwcd9335qpa5461sd820_firmwareapq8037_firmwaresd845qca6310wtr3925qpm8895_firmwarecsra6620_firmwarepm3003awcd9380qpm8830_firmwareqln4642qcs405sdr735gar8031_firmwarepm8940qln5020rgr7640ausdxr1wtr2965_firmwareqat3522_firmwaresd665_firmwaremdm9650sdr660gwcn3615_firmwaresd662msm8917qfs2580pmi8937_firmwareqpm5679qcm4290_firmwareqdm5670qpm5657sdx55mpmk8003_firmwareqdm5677qpm5641_firmwareqtm525_firmwareqpm5579_firmwareqpm5677_firmwareqpm5657_firmwarepm660lsd710qpa2625_firmwarepm8008pm670asd750g_firmwarewcn3991_firmwareqat3550_firmwaresd865_5gsdx55m_firmwareqcs410sa6155_firmwarersw8577sd765wsa8830qpm5577_firmwarepmm6155au_firmwaresd632pmi8994_firmwaresa415mqln4640_firmwaresd429msm8920pmm8155au_firmwareqpm5658_firmwareqca4020qln5040qca6174asa8155_firmwarewsa8835pm456qpm5577pm7250b_firmwarewcn6740_firmwarepmr735b_firmwareqdm2305qpm4630qat3555fsm10056_firmwareqpa8801msm8996ausd665qat5516_firmwarepmm8996ausa8155pmr525_firmwaresm6250qfs2630_firmwarear8035_firmwaresm7350_firmwareqca8337_firmwareqcm2290pm640l_firmwaresdm630_firmwaremsm8920_firmwaresdr660sd670qcm6125_firmwarepm8350_firmwaresdw2500fsm10056qfs2580_firmwareqca6574asmr525_firmwareqdm5579sdx24_firmwaresd845_firmwaresd_8c_firmwarewcd9335_firmwaresd450qpm2630wcn3660_firmwaresmb1395aqt1000pmi632pm7150lsdx20pm670lsd768g_firmwarewtr4905_firmwaremsm8953_firmwareqdm3301qca9377_firmwareqfe2520_firmwarepm6250_firmwareqdm3302_firmwareqfe4309qfe2101pm456_firmwarewtr3950pm855l_firmwarepm8250qet4101_firmwarewcd9370pmi8937pmm8996au_firmwareqdm4650sa415m_firmwarequalcomm215_firmwarear8035qln5030_firmwarewcn3680qcs603_firmwareqfe4373fcpmd9655_firmwareqpm4621_firmwarewcn3620pm6150lwcn3660b_firmwaresd720g_firmwareqtm527_firmwarewcd9385_firmwarepm660_firmwaresd710_firmwareqdm3302pm7150apmx24_firmwareqca6174a_firmwareapq8009wqet5100qpm8820_firmwareqat5568rgr7640au_firmwarewcn3620_firmwareqca6320_firmwareqln4640qpa4340_firmwaresdr052_firmwaresdw3100_firmwaresmb1394qca6436qbt2000sdr675sa6145p_firmwarepm640lqtm525pm8009_firmwarepm8350cpm855lqfe4301_firmwarewcn3990_firmwareqet6100_firmwaresmb231_firmwareqet6110pm3003a_firmwarepmr735bqpm6670_firmwareqtc800hsm7250pqpm5620_firmwaresdx24qpm6621_firmwaremsm8953qat3519_firmwaresd750gsdx55_firmwaresm4350_firmwareqdm5650qat3555_firmwareqsw8573_firmwareqpm4621sd821_firmwarewsa8810sd_8cqca6391qca6436_firmwareqfe2550wcn6750wcd9340sdr8250pm8350bh_firmwareqpm5670_firmwarepm8350qdm5620qpa2625sdr051_firmwareapq8064au_firmwareqbt2000_firmwaresd730sm7250p_firmwarewtr3905_firmwarepm8350bhsqpm5658qca6320sd730_firmwareqca6426_firmwaresmb1350_firmwarepm670_firmwaresdxr2_5g_firmwareqcs410_firmwareqat5515_firmwareqet5100m_firmwarepmx20smb1358pm640a_firmwarear8151_firmwareqpa8686_firmwareqdm5679_firmwaresmb1357_firmwarepm8150l_firmwarepm855pqfe4301sd765gpm8150a_firmwarepm6350sm6250p_firmwareqfe4320_firmwareqpm6582_firmwaresmb1390qca6584au_firmwarepm439_firmwareqpm4640_firmwarecsra6640qca6574qpm6621pm6150a_firmwaresdx20m_firmwareqca9379qsm7250qca6564a_firmwareqcc1110qat3519sdr735_firmwarepmi8952_firmwarepmd9655pm8004wsa8835_firmwarepm8150b_firmwarewgr7640qln1031_firmwaresdr865_firmwareapq8096aupm670a_firmwaresmb1398_firmwarepmk7350wcn6850qca6430_firmwareqdm5650_firmwarewcd9341_firmwarewcn3950qca6421qpa8842_firmwarepm8953qpm5541pm855bsd_8cxqpa8673_firmwareapq8017fsm10055_firmwareqpm5620qln1020_firmwareqca6390qat5515smb1381qpm5870wcd9380_firmwareqfe4309_firmwareqcs610qdm3301_firmwarewtr6955pmk8002_firmwareqat5516apq8064aupm8150lpmm6155aupm8350bhqcc1110_firmwareqpa5581qualcomm215wsa8810_firmwareqpm5621sdw3100sdr052pmx20_firmwarepm855a_firmwaresdr865qpa5580pm8937_firmwaresmb1358_firmwareapq8053_firmwareqtc801ssdxr1_firmwarewcn6851_firmwareqpa8675qdm5677_firmwareqln4650_firmwarepmx55_firmwaresdx50mwcn6740qdm4650_firmwareqfe4308qbt1000qdm4643pm855aqpa8802_firmwareqca6574_firmwareqdm5620_firmwaresd210smb1398qfs2608qca6584auqpa5581_firmwareqtc800s_firmwareqsw8574qpm4650qat3514_firmwarepmr735a_firmwareqln1036aqwsa8815_firmwareqpm5579sd_8cx_firmwarepmc1000hqet5100_firmwarewcn3988_firmwarepmk8002wtr6955_firmwareqdm5671wcn3999_firmwarepm8250_firmwarepm215qat3550csra6620qcs605_firmwaresd765_firmwareqpm6375qpm2630_firmwaresd429_firmwarepm660qpa5461_firmwareqtc800h_firmwareqca6595auqcs6125_firmwarewcd9371_firmwaresdr845_firmwareapq8053sd660_firmwarewtr2955_firmwareqdm2308_firmwarewsa8830_firmwareqln1021aqwsa8815msm8937_firmwareqdm2307_firmwareqet4100_firmwareqet6100qfe2101_firmwaresmb1357pm8940_firmwarepmm8155auapq8009w_firmwareqfe3340smb1350qfe4305qca6391_firmwareqpm5641smb2351_firmwareqbt1500_firmwareqfe4320pmi8998sda429wpm6350_firmwareqsw6310_firmwareqca6564_firmwareqca6390_firmwarepm4125qat3514pm670qfs2530qpa5460qsm8250_firmwarewcn3910pm8937qcs603pm7250wcn3999sd835_firmwareqca6696_firmwareqdm5652_firmwareqat3516_firmwareqpa6560_firmwareqpm6375_firmwaresm6250pmsm8940sdxr2_5gsmb1354_firmwareqln4650qca6595au_firmwarepm855_firmwaresdr051qca6426sm4125qpa4361wcn3950_firmwarepm8916_firmwarewtr5975_firmwaresd439qln1021aq_firmwareqpa4360qpm8820pm660a_firmwarepm8008_firmwaresd_455_firmwarersw8577_firmwareqpa4361_firmwareqtc800spm660asmb1396wcn3680b_firmwareqpa5460_firmwareqln1031wcd9370_firmwareqdm2305_firmwareqpa8802qca6335sd460apq8009sa6155qln1030pmk8001qat3516smb1351sa6155p_firmwarepm7350csd768gsmr526qat3518_firmwarear8151qpm6585qbt1000_firmwareqpm8870pm8150cqdm2302_firmwareqpm8870_firmwarepmm855au_firmwarewtr3950_firmwarewtr3925_firmwarepm439pm8996pm8953_firmwareqpm8830qpa8803wcd9375qca8337msm8940_firmwaresd690_5g_firmwareqdm2308pm6150pmi8998_firmwareqca6335_firmwareqln4642_firmwaresd821wcn3615pm8004_firmwarepm855p_firmwareqln5040_firmwareqdm5621_firmwareqdm2310qfe3340_firmwareqfs2630smb1355_firmwareqcs405_firmwareqsw8573qat3518pm6125smb231msm8937qat5533sdr8150wcn3660pm8150asdr660g_firmwarepm8005qtc800t_firmwarewcn3680bwcn3991qpm5541_firmwaresdx20_firmwaresa8155pqdm2307qsm8250pmx50sdm429wqfe4308_firmwarepm7150a_firmwarepm7350c_firmwareqca6564pm7250bpm8350bpm640pqfe4302_firmwarewcd9326_firmwareqpm5670sa8155p_firmwaresmr526_firmwaresd835pm8916qpm5875sdm630msm8909w_firmwaresdr675_firmwareqpa8801_firmwarewcn3680_firmwareqet4100pm215_firmwareqdm2301qbt1500pm640p_firmwaresdr8250_firmwaresd660smb1360qpm4640qcs4290qca6431sdx20mapq8037Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon WearablesSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-11194
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.80%
||
7 Day CHG~0.00%
Published-22 Feb, 2021 | 06:25
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible out of bound access in TA while processing a command from NS side due to improper length check of response buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfs2580qpm5679_firmwaresa6150p_firmwareqpm5620_firmwareqdm2307qca6431_firmwareqfs2608_firmwareqfs2530qpm8870_firmwareqpa8802qpm6585_firmwarepm6125qat3519qbt2000_firmwareqat5522_firmwarewcn3950_firmwarepm8150aqtc800hqdm5670sa8150p_firmwareqca6595au_firmwareqcs2290qpa5581_firmwaresa6155sdr8250_firmwarepm7150lqpa8821smr546_firmwareqdm5671qpm4650_firmwareqat3518pm456_firmwareqpa5580_firmwaresdr425_firmwarewcn3998smr526_firmwarewcn3950sm4125sd720gwgr7640_firmwareqdm2305_firmwareqsm8350_firmwareqpm5670_firmwaresd710_firmwareqsm8350sd460_firmwareqdm5652qca6574au_firmwareqpm8870wcd9375_firmwarewcn3998_firmwareqpm5679qbt2000sa6155_firmwarepm855pqca6420pm6150aqpm6670_firmwarepmx50_firmwaresdr735gpm660_firmwarewcn3999pm8150bqdm3301_firmwareqsm7250sa8155_firmwaresd662_firmwareqcs405qca6430pmr735asd765gqdm2308_firmwaresdr660qca6436wcn6851sa6155pqpa6560qfs2630_firmwaresdr675_firmwaresdr865qdm5620_firmwarewcd9341smr545qdm4643_firmwareqca6696_firmwareqca6431qln5020sd750gpmm855au_firmwarewcn3910_firmwaresm4350_firmwaresa8150pqpm5657pm6350qdm5621qtc800sqpm5875_firmwarewsa8830_firmwaresd855_firmwaresd865_5g_firmwareqdm5650wcn3988wtr3925sdr052sa8195p_firmwaresmb1390wcn6750_firmwareqat5516_firmwarepm6150lpm855l_firmwareqpa8686_firmwareqpm6585qtc410swcn3991wcd9380_firmwaresmb1355qln4650qpa8801sdr735g_firmwarewgr7640qat5568qet5100qdm5671_firmwareqpa8801_firmwarepm8150l_firmwareqat5533_firmwaresdx55m_firmwareqpa8673_firmwarepm6150qet4101_firmwaresmb1354_firmwaresd670_firmwareqca6574pm7250bqln4642_firmwareqfs2630qpa8842sdr052_firmwarewcd9380smb1355_firmwarepm7250b_firmwarepmd9655_firmwaresmb1351_firmwarepmk8350_firmwaresmb1381pm855p_firmwaresd690_5g_firmwaresdx50m_firmwaresdr735pm7250smb1395pm660lqpa8803smr526qca6430_firmwarepmk8003qtc801s_firmwarewcn3980qdm2301wsa8815wcn6850wcn3910qdm5621_firmwareqdm2301_firmwareqca6426_firmwarepm8350_firmwareqca9984pm8009wcn3980_firmwaresd730sdr051_firmwarepm660l_firmwaresdx55mpm6250_firmwareqca6421_firmwarepm8008pm8350b_firmwareqtm525_firmwareqat3518_firmwareqpm5621_firmwarepm855lwcn6851_firmwareqdm5670_firmwareqpa6560_firmwareqpa8802_firmwarepm7150a_firmwarepm8150b_firmwareqpm5621qpm6582sd670pm8009_firmwaresmr545_firmwareqdm2310_firmwareqfs2580_firmwarepm4250_firmwareqcm4290_firmwarepm8150lqdm5677qsm8250sa6145ppm855_firmwarepm4250pmm6155aupm855b_firmwareqcs405_firmwareqpm6582_firmwarewtr2965qca6391_firmwarewcd9370_firmwareqln4650_firmwareqat3516_firmwareqpm5875sdx55qet5100msa8155psd675qet4101qat3555_firmwareqat3516qpa8803_firmwareqpm5658pm855bar8035_firmwareqcm2290qsm8250_firmwareqpm5658_firmwareqpm5870wcn3991_firmwareqdm5652_firmwarewsa8830pmm8155au_firmwarepm660qet6110_firmwaresdr051qln5030pm6125_firmwareqcs2290_firmwareqbt1500pm4125qpa5581pmi632qpa2625_firmwarepm456pm8350bh_firmwarepmr735b_firmwareqbt1500_firmwareqet5100_firmwareqpm5870_firmwareqpm4621qet6100_firmwareqcs4290qet6100pmm855ausd765g_firmwareqpa8686qca6420_firmwareqca6390_firmwaresd690_5gsmb1396pm7150asd730_firmwarewcd9370sd675_firmwarepm8350qpa5461_firmwaresdr425pm8350c_firmwarepmr525_firmwareqca6426wcn3990_firmwareqca9984_firmwareqpm5641pmi632_firmwarewcd9385_firmwareqdm5650_firmwaresdxr2_5g_firmwarewcd9326_firmwareqat5516pm7250_firmwareqdm5620sd662qpa8821_firmwarepm8350bhpmk8002_firmwarepm3003asa8155qdm4650_firmwaresdx55_firmwarepmm6155au_firmwareqat5533qca6595auwcn3999_firmwaresm7250p_firmwareqca6436_firmwareqsm7250_firmwareqpm6670smb1354pm7150l_firmwareqdm2305sa6155p_firmwareqpm8820qpm4641qat5515_firmwareqln5020_firmwarepm855qpm8830_firmwaresdxr2_5gpm8250smb1398qdm4643qfs2530_firmwarewcn3988_firmwarepmx55qpm4641_firmwaresa6145p_firmwaresdr675pm8150c_firmwareqca6421qdm3301qpa8842_firmwareqat3519_firmwaresa8195psdr735_firmwaresm6250qpm5677qat5515wsa8810_firmwaresd765_firmwarewcd9326qdm5677_firmwarepm6350_firmwarepm8004_firmwaresdr8150_firmwareqcs4290_firmwarewcd9385qtc800h_firmwareqpm5620pmm8155auqln5040_firmwareqpm4630pm4125_firmwareqca6390wcd9375sd750g_firmwareaqt1000ar8035qpa8673sm6250_firmwarepmm8195auqdm2310qln5030_firmwareqln4642qpm5677_firmwarewsa8815_firmwaresd888_5g_firmwaresmr525_firmwarewtr3925_firmwaresmb1396_firmwarewcn6850_firmwareqpm8820_firmwarewsa8835_firmwareqpm6621_firmwaresmr546qet6110qln5040qcm2290_firmwareqpm8895qpm5670wcn3990pmx55_firmwaresd865_5gpmk8350smb1398_firmwareqpm8830pm8350bqat5522qdm2307_firmwarewsa8835pm8150cpmr735bsd665_firmwareqpm5657_firmwaresd888_5gpmk8003_firmwaresdr660_firmwareqca6574aqpm4640_firmwaresmb1390_firmwareqdm5679_firmwarepm8350csmr525qpm4640wcn6750pm6150l_firmwarepmr525pm8150a_firmwareqet5100m_firmwareqpm4650qtm525qca6574_firmwaresd855sm4125_firmwaresd665pm6150a_firmwarepm6150_firmwaresd765qca6574a_firmwareqpm4630_firmwaresd768g_firmwaresdr865_firmwareqat3555pm8250_firmwaresd460qca6391smb1351qpa5461aqt1000_firmwareqpm8895_firmwarewtr2965_firmwareqcm4290sdx50msdr8150qfs2608qtc801ssmb1395_firmwareqdm4650pmd9655qca6574auqpm5641_firmwaresd710sa8155p_firmwarepm8008_firmwarewcd9341_firmwareqpm6621wsa8810qtc410s_firmwarepmr735a_firmwareqat5568_firmwareqdm2308pmx50qdm5679sdr8250sd768gpm3003a_firmwareqca6696qtc800s_firmwaresm4350smb1381_firmwarepm8004pmk8002qpa2625sa6150ppmm8195au_firmwaresm7250psd720g_firmwareqpm4621_firmwarepm6250qpa5580Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CVE-2020-11195
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.80%
||
7 Day CHG~0.00%
Published-22 Feb, 2021 | 06:25
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound write and read in TA while processing command from NS side due to improper length check on command and response buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfe3100qfe2080fc_firmwareqca9377_firmwareqfs2580qpm5679_firmwaremdm9640_firmwaresm6250p_firmwarepmd9607_firmwareqfe4455fc_firmwareqca8337qfs2608_firmwareqfs2530qpm8870_firmwareqln1030qpa8688pm6125qat5522_firmwarewcn3950_firmwarepm8150aqdm5670qca6595au_firmwareqpm5541_firmwareqpa5581_firmwaresa6155pm7150lqpa8821pm8998_firmwarewtr5975_firmwareqcs6125_firmwarepm456_firmwareqpa5580_firmwaremsm8108sa415mwcn3998wcd9371_firmwaremsm8108_firmwarewcn3950sm4125sd720gwtr1605mdm9206_firmwareqsw8573_firmwarewcn3660bqsm8350_firmwareqsw8574_firmwareqsm8350sd460_firmwaresmb2351_firmwareqpa4360_firmwarewcn3998_firmwarepm855pqca6420wtr4605_firmwarepm6150aqpm6670_firmwareqca9367_firmwaremdm8207pm660_firmwarepm8150bsa8155_firmwareqca4004_firmwareqfe2101qca6430qat3522qfe4455fcpmr735awcd9306_firmwarewcd9340sdm830_firmwaresd765gsdr660msm8209_firmwareqfs2630_firmwaresdr865mdm9250_firmwareqdm5620_firmwaresmr545qca6696_firmwareqln5020wcd9371smb1350pmm855au_firmwaresm4350_firmwaresd_8cxwtr3950sa8150ppm6350qdm5621qtc800sqca4004sd865_5g_firmwaresd712pm640p_firmwarewcn6750_firmwareqat5516_firmwarepm6150lpm855l_firmwareqtc410swcn3991qpa8801pm8150l_firmwareqat5533_firmwaresdx55m_firmwareqpa8673_firmwarepm6150smb1354_firmwaresd670_firmwareqca6574qfs2630qpa8842sdr052_firmwarepmm8996auwcd9380qln4640qcs410qpm5579_firmwaresmb1380_firmwarepmk8350_firmwaresmb1381pm855p_firmwaresd690_5g_firmwareqfe3100_firmwarepm7250qca9379_firmwarewtr4905qpa8803sdx24_firmwareqdm2301wcd9340_firmwarewsa8815wcn6850qfe2101_firmwareqdm5621_firmwareqdm2301_firmwareqpm6375sd_8c_firmwaresd835qca1990wcn3980_firmwaresd730qfe3320_firmwarepm660l_firmwarepm6250_firmwarepm8008pm8350b_firmwareqtm525_firmwarepme605_firmwarewtr1605l_firmwarepme605apq8064au_firmwareqpm5621_firmwareqca6234qln1021aq_firmwareqcs603qpa6560_firmwareqpa8802_firmwareqln4640_firmwareqpm5621qpm6582sd670pm8009_firmwareqfs2580_firmwareqcm4290_firmwarepm8150lpmi8998_firmwareqcs610_firmwaresa6145psdr105pm4250ar8031qpm5577mdm8207_firmwarewtr2965mdm9205_firmwareqca6391_firmwaresd820_firmwarepm8150wcd9370_firmwareqat3516_firmwaresdx55csra6640qat3555_firmwarepmi8994qpa8803_firmwareqca9379pm855bqca6234_firmwareqln1031qsm8250_firmwaresmb2351qpm5870pm8909mdm9150_firmwarewsa8830pm660qet6110_firmwareqpm6325pm6125_firmwareqbt1500qpa5581csrb31024mdm9628_firmwaremdm9650pmx24_firmwarefsm10055_firmwareqbt1500_firmwareqpm5870_firmwarepmk8001qcs4290qet6100pmm855aumdm9250qca6420_firmwareapq8009_firmwaresd690_5gsmb1396pm7150amsm8916_firmwaresd675_firmwarepm8350qca6564qpa4361_firmwarepm8350c_firmwareqpa5461_firmwareqca6426wcn3990_firmwareqca9377qpm5641wcd9385_firmwareqdm5650_firmwaresdxr2_5g_firmwarewcd9326_firmwarewhs9410wcn3615_firmwarewtr2955rgr7640au_firmwarepm7250_firmwaresdr845_firmwareqdm5620qln1021aqsmb1380pmk8002_firmwareqsw6310_firmwaresa8155qln1031_firmwareqdm4650_firmwaresdx55_firmwarepmm6155au_firmwareqat5533wcn3615sm7250p_firmwarewcn3610_firmwareqsm7250_firmwaremdm9207qpm6670pm7150l_firmwarewcd9306qca6584aumsm8208qpm4641qat5515_firmwarepm855qpm8830_firmwarepm8250qca9367qfe2082fc_firmwaremdm9607_firmwaremdm9655_firmwareqdm4643qfs2530_firmwaresa415m_firmwarepmx55qpm4641_firmwarewcn3988_firmwaresd205pm8150c_firmwareqca6421qdm3301qpa8842_firmwareqat3519_firmwaresa8195psdr735_firmwareqpm5677qat5515qca6694wcd9326wcd9335pm6350_firmwarepm8004_firmwaresdr8150_firmwareqcs4290_firmwareqtc800h_firmwareqpm5620qpm4630qca6390wcd9375sd750g_firmwareaqt1000sm6250_firmwarepmm8195auqln4642qpm5677_firmwarewsa8815_firmwaresd888_5g_firmwaresmr525_firmwarepm8998wtr3925_firmwareqpm8820_firmwaremsm8916qln1020_firmwareqpm6621_firmwarepm670a_firmwareqcm6125_firmwarepmx55_firmwarewtr2955_firmwareqbt1000_firmwaresd865_5gpm8019qca6595pm8150_firmwaresmb1398_firmwareqpm8830pmm8996au_firmwareqat5522pm8150cpmr735bsd665_firmwareqpa4360pmk8003_firmwaresc8180xqpa4361qpm4640_firmwaremdm9206qpm5577_firmwareqdm5679_firmwarepm8350csmr525qca6310_firmwarepm6150l_firmwarepmr525pm8150a_firmwareqca6574_firmwarewtr3950_firmwareqln1036aq_firmwaresd665pm6150a_firmwarepm6150_firmwareqca6175asd765qca6574a_firmwarepmd9607qpm4630_firmwareqat3555sd850_firmwareapq8009qpa5461qfe2082fcwtr2965_firmwarepm670_firmwarecsrb31024_firmwareqfs2608qln1036aqqtc801ssc8180x_firmwareqpm5641_firmwareqfe3320sd710mdm9607pm8008_firmwareqln1035bd_firmwareqpm6621pmr735a_firmwarepmx50qca6564_firmwaresdr8250sd768gqln1030_firmwaresmb1350_firmwarepm8004pm640lpmk8002apq8096au_firmwaresd845sdm830pmd9655au_firmwareqcs410_firmwareqca6175a_firmwareqpa5580qpm5579fsm10055qfe2550sa6150p_firmwareqcs610pmi8996qpm5620_firmwareqdm2307qca6431_firmwareqpa8802wcd9360_firmwareqpm6585_firmwareqat3519qbt2000_firmwarepm855a_firmwareqtc800hsa8150p_firmwareqcs2290sdr8250_firmwareqca6335csra6620_firmwareqcs605_firmwareqln1020sd_675_firmwaresmr546_firmwareqdm5671csra6640_firmwarepmc1000hqpm4650_firmwarewtr3905qat3518sdr425_firmwaresmr526_firmwaremdm9628pm640a_firmwareqpa5460wgr7640_firmwareqdm2305_firmwareqpm5670_firmwaresd710_firmwareqca4020qdm5652qca6574au_firmwareqpm8870wcd9375_firmwareqpm5679qbt2000sa6155_firmwarewcd9360pmx50_firmwareqpa8675_firmwarewhs9410_firmwaresdr735gqpa5460_firmwarewcn3999qdm3301_firmwarepm8996qsm7250qcs6125apq8016_firmwaresd662_firmwaresmb1360qcs405qca1990_firmwareqfe3440fcqdm2308_firmwarefsm10056_firmwareqca4020_firmwareqca6436wcn6851sa6155pqcs603_firmwareqpa6560sdr675_firmwarewcd9341qdm4643_firmwaremdm9655qca6431qet4100_firmwaresd750gwcn3910_firmwareqpm5657wtr1605_firmwaremdm9207_firmwareqpm5875_firmwarewsa8830_firmwaresd855_firmwareqdm5650wcn3988wtr3925qfe2080fcsdr052sa8195p_firmwaresmb1390msm8208_firmwareqet4100wcn3610msm8608mdm9640qpa8686_firmwareqpm6585qca8337_firmwarewcd9380_firmwaresmb1355qln4650qtc800t_firmwarewcd9330msm8996au_firmwaresdr735g_firmwarewgr7640qat5568qet5100qdm5671_firmwareqpa8801_firmwareqca6564auqtm527_firmwarepm8005_firmwareqet4101_firmwarepm7250bqln4642_firmwarepmk8001_firmwaresmb1355_firmwarepm7250b_firmwarepmd9655_firmwaresmb1351_firmwarepm8996_firmwareqet4200aq_firmwaresdx50m_firmwaresdr735smb1395pm660lsmr526wtr5975qca6430_firmwarepmk8003qtc801s_firmwarewcd9335_firmwareqat3522_firmwarewcn3980qca6335_firmwareqsw8573qcs605qbt1000sd7cqca6320wcn3910mdm9650_firmwareqca6426_firmwarepm8350_firmwarewcn3660b_firmwarepm8009qpa8675sdr051_firmwarewcd9330_firmwaresdx55mpm670aqca6421_firmwarewtr3905_firmwareqat3518_firmwareqsw8574pmi8998sd821_firmwarear8031_firmwarepm855lwcn6851_firmwareqdm5670_firmwarepm7150a_firmwarepm8150b_firmwaresmr545_firmwarepmc1000h_firmwareqca6564a_firmwareqdm2310_firmwareqca6694au_firmwarepm4250_firmwaresdr105_firmwarepm670sd210_firmwarewtr1605lqdm5677pm8005qsm8250pm855_firmwareqdm2302pmm6155ausdxr1pm855b_firmwareapq8096auqca6595_firmwareqcs405_firmwareqpm6582_firmwareqpm6375_firmwarepm640l_firmwarepmi8996_firmwareqln4650_firmwareqpm5875qet5100msa8155psd675wtr4605qet4101qat3516pm670lqpm5658ar8035_firmwareqcm2290qpm5658_firmwarewcn3991_firmwareqdm5652_firmwarepmm8155au_firmwareqfe4465fcsdr051qln5030qcs2290_firmwarepm4125fsm10056pmi632qpa2625_firmwarepm456sd7c_firmwareqfe2081fc_firmwarepm8350bh_firmwarecsra6620pmr735b_firmwareqet5100_firmwareqpm4621smb1360_firmwareqet6100_firmwarepm670l_firmwaresdr660gsd765g_firmwareqpa8686qca6390_firmwaresd730_firmwarewcd9370sdr425pmr525_firmwareqca6584au_firmwarepmi632_firmwaresd_8cx_firmwareqpm5541qat5516smb358_firmwaresd662qpa8821_firmwaresdr660g_firmwarepm8350bhpm3003aqca6320_firmwarewcn3680b_firmwareqca6595auwcn3999_firmwareqca6436_firmwareqtc800tsmb1354qca6564au_firmwareqdm2305sa6155p_firmwareqca6310qpm8820qpm2630qfe2081fcqln5020_firmwaresdxr2_5gsmb1398sd821sa6145p_firmwaresdr675sm6250sd712_firmwarewsa8810_firmwaresmb231sd765_firmwareqdm5677_firmwareqet4200aqqca6174a_firmwarewcd9385qpm6325_firmwareqdm2302_firmwareqat3550_firmwarepmm8155auqln5040_firmwarepm4125_firmwarear8035pm8019_firmwareapq8064auqca6694_firmwareqpa8673qdm2310qfe2550_firmwareqln5030_firmwareqca6694ausd210wcn3620_firmwaresd820smb1396_firmwarewcn6850_firmwarewcn3620wsa8835_firmwaresmb358qca6564asmr546pmx24qet6110qln5040qcm2290_firmwareqpm8895sdr845qpm5670wcn3990sd_675qtm527qfe3440fc_firmwarepmk8350sdx24pmi8994_firmwarepm8350bqdm2307_firmwarewsa8835msm8996auqpm5657_firmwaresd888_5gsm6250prgr7640auqln1035bdpm855asdr660_firmwarepm8909_firmwareqca6574apm8916_firmwaresmb1390_firmwareqca6174aqpm4640wcn6750qet5100m_firmwareqpm4650mdm9205qtm525wtr6955sd855sm4125_firmwarewtr6955_firmwarepm640psd768g_firmwaresdr865_firmwaremsm8209qfe4465fc_firmwarepm8250_firmwaresd460qca6391sdxr1_firmwaresmb1351aqt1000_firmwareqpm8895_firmwareqcm4290sdx50mpm640asdr8150pm8916pmd9655ausmb1395_firmwareqdm4650pmd9655qca6574ausa8155p_firmwaresd205_firmwareqsw6310wcd9341_firmwareqcm6125wsa8810qtc410s_firmwareqpm2630_firmwaresmb231_firmwareqat5568_firmwareqdm2308qat3550mdm9150wtr4905_firmwareqdm5679sd_8cwcn3680bsd835_firmwarepm3003a_firmwareqca6696qtc800s_firmwaresm4350apq8016msm8608_firmwaresd845_firmwaresmb1381_firmwareqpa2625sa6150pqpa8688_firmwarepmm8195au_firmwaresm7250psd720g_firmwareqpm4621_firmwaresd850pm6250Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-20
Improper Input Validation
CVE-2020-11178
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.80%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 05:00
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trusted APPS to overwrite the CPZ memory of another use-case as TZ only checks the physical address not overlapping with its memory and its RoT memory in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfs2580qca9377_firmwareqpm5679_firmwaresm6250p_firmwareqca8337qfs2530qpm8870_firmwareqpa8688pm6125qat5522_firmwarewcn3950_firmwarepm8150asc8180x\+sdx55qdm5670qca6595au_firmwareqpm5541_firmwareqpa5581_firmwaresa6155pm7150lqpa8821pm8998_firmwarewtr5975_firmwarepm456_firmwareqpa5580_firmwaresa415mwcn3998wcd9371_firmwarewcn3950sm4125sd720gqsw8573_firmwareqsw8574_firmwaresd460_firmwaresmb2351_firmwareqpa4360_firmwarewcn3998_firmwarepm855pqca6420pm6150apm660_firmwarepm8150bsa8155_firmwareqca4004_firmwareqca6430qat3522pmr735awcd9306_firmwarewcd9340sdm830_firmwaresd765gsdr660sdr865qdm5620_firmwareqca6696_firmwareqln5020wcd9371pmm855au_firmwaresm4350_firmwaresd_8cxsa8150ppm6350qdm5621qtc800sqca4004sd865_5g_firmwaresd712pm640p_firmwarewcn6750_firmwareqat5516_firmwarepm6150lpm855l_firmwareqtc410swcn3991qpa8801pm8150l_firmwareqat5533_firmwaresdx55m_firmwareqpa8673_firmwarepm6150smb1354_firmwaresd670_firmwareqca6574qpa8842sdr052_firmwarewcd9380qcs410qpm5579_firmwaresmb1380_firmwaresmb1381pm855p_firmwaresd690_5g_firmwarepm7250qpa8803sdx24_firmwareqdm2301wcd9340_firmwarewsa8815wcn6850qdm5621_firmwareqdm2301_firmwareqpm6375sd_8c_firmwarewcn3980_firmwaresd730pm660l_firmwarepm6250_firmwarepm8008qtm525_firmwarepme605_firmwarepme605qpm5621_firmwareqln1021aq_firmwareqcs603qpa6560_firmwareqpa8802_firmwareqln4640_firmwareqpm5621qpm6582sd670pm8009_firmwareqfs2580_firmwareqcm4290_firmwarepm8150lpmi8998_firmwareqcs610_firmwaresa6145psdr105ar8031qpm5577wtr2965mdm9205_firmwareqca6391_firmwarepm8150wcd9370_firmwareqat3516_firmwaresdx55csra6640qat3555_firmwareqpa8803_firmwarepm855bsmb2351qln1031qsm8250_firmwarewsa8830pm660qet6110_firmwareqpm6325pm6125_firmwareqbt1500qpa5581csrb31024pmx24_firmwarefsm10055_firmwareqbt1500_firmwareqcs4290qet6100pmm855auqca6420_firmwaresd690_5gsmb1396pm7150asd675_firmwareqca6564qpa4361_firmwareqca6426wcn3990_firmwareqca9984_firmwareqca9377wcd9385_firmwareqdm5650_firmwaresdxr2_5g_firmwarewcd9326_firmwarewhs9410pm7250_firmwareqdm5620qln1021aqsmb1380pmk8002_firmwareqsw6310_firmwaresa8155qln1031_firmwaresdx55_firmwarepmm6155au_firmwareqat5533sm7250p_firmwareqsm7250_firmwarepm7150l_firmwarewcd9306qca6584auqat5515_firmwarepm855qpm8830_firmwarepm8250qfs2530_firmwaresa415m_firmwarepmx55wcn3988_firmwarepm8150c_firmwareqca6421qdm3301qpa8842_firmwareqat3519_firmwaresa8195psdr735_firmwareqpm5677qat5515wcd9326wcd9335pm6350_firmwarepm8004_firmwaresdr8150_firmwareqcs4290_firmwareqtc800h_firmwareqpm5620qca6390wcd9375sd750g_firmwareaqt1000sc8180x\+sdx55_firmwarepmm8195ausm6250_firmwareqln4642qpm5677_firmwarewsa8815_firmwarewtr3925_firmwaresmr525_firmwarepm8998qpm8820_firmwarepm670a_firmwarepmx55_firmwaresd865_5gqca6595pm8150_firmwareqpm8830qat5522pm8150cpmr735bsd665_firmwareqpa4360pmk8003_firmwareqpa4361qpm5577_firmwareqdm5679_firmwaresmr525qca6310_firmwarepm6150l_firmwarepmr525pm8150a_firmwareqca6574_firmwareqln1036aq_firmwaresd665pm6150a_firmwarepm6150_firmwareqca6175asd765qca6574a_firmwareqat3555sd850_firmwarewtr2965_firmwarepm670_firmwarecsrb31024_firmwareqln1036aqqtc801ssd710pm8008_firmwarepmr735a_firmwarepmx50qca6564_firmwaresdr8250sd768gpm8004pm640lpmk8002sd845sdm830qcs410_firmwareqca6175a_firmwareqpa5580qpm5579fsm10055sa6150p_firmwareqcs610qpm5620_firmwareqdm2307qca6431_firmwareqpa8802wcd9360_firmwareqpm6585_firmwareqat3519qbt2000_firmwareqtc800hsa8150p_firmwareqcs2290sdr8250_firmwareqca6335csra6620_firmwareqcs605_firmwaresd_675_firmwareqdm5671csra6640_firmwarepmc1000hqpm4650_firmwareqat3518sdr425_firmwaresmr526_firmwareqpa5460pm640a_firmwarewgr7640_firmwareqdm2305_firmwareqpm5670_firmwaresd710_firmwareqdm5652qca6574au_firmwareqpm8870wcd9375_firmwareqpm5679qbt2000sa6155_firmwarewcd9360pmx50_firmwareqpa8675_firmwarewhs9410_firmwaresdr735gqpa5460_firmwarewcn3999qdm3301_firmwareqsm7250sd662_firmwareqcs405qdm2308_firmwarefsm10056_firmwareqca6436wcn6851sa6155pqcs603_firmwareqpa6560sdr675_firmwarewcd9341qca6431qet4100_firmwaresd750gwcn3910_firmwareqpm5657wsa8830_firmwaresd855_firmwareqdm5650wcn3988wtr3925sdr052sa8195p_firmwaresmb1390qet4100qpa8686_firmwareqpm6585qca8337_firmwarewcd9380_firmwaresmb1355qln4650sdr735g_firmwarewgr7640qet5100qdm5671_firmwareqpa8801_firmwareqca6564auqtm527_firmwarepm8005_firmwareqet4101_firmwarepm7250bqln4642_firmwaresmb1355_firmwarepm7250b_firmwarepmd9655_firmwaresmb1351_firmwareqet4200aq_firmwaresdx50m_firmwaresdr735smb1395pm660lsmr526wtr5975qca6430_firmwarepmk8003qtc801s_firmwarewcd9335_firmwareqat3522_firmwarewcn3980qca6335_firmwareqsw8573qcs605sd7cwcn3910qca6426_firmwareqca9984pm8009qpa8675sdr051_firmwaresdx55mpm670aqca6421_firmwareqat3518_firmwareqsw8574pmi8998ar8031_firmwarepm855lwcn6851_firmwareqdm5670_firmwarepm7150a_firmwarepm8150b_firmwarepmc1000h_firmwareqca6564a_firmwareqdm2310_firmwaresdr105_firmwarepm670qdm5677pm8005qsm8250pm855_firmwareqdm2302pmm6155ausdxr1pm855b_firmwareqca6595_firmwareqcs405_firmwareqpm6582_firmwareqpm6375_firmwarepm640l_firmwareqln4650_firmwareqet5100msa8155psd675qet4101qat3516pm670lqpm5658ar8035_firmwareqcm2290qpm5658_firmwarewcn3991_firmwareqdm5652_firmwarepmm8155au_firmwaresdr051qln5030qcs2290_firmwarepm4125fsm10056pmi632qpa2625_firmwarepm456sd7c_firmwarepmr735b_firmwarecsra6620qet5100_firmwareqet6100_firmwarepm670l_firmwaresdr660gsd765g_firmwareqpa8686qca6390_firmwaresd730_firmwarewcd9370sdr425pmr525_firmwareqca6584au_firmwarepmi632_firmwaresd_8cx_firmwareqpm5541qat5516sd662qpa8821_firmwaresdr660g_firmwarepm3003aqca6595auwcn3999_firmwareqca6436_firmwaresmb1354qca6564au_firmwareqdm2305sa6155p_firmwareqca6310qpm8820qln5020_firmwaresdxr2_5gsa6145p_firmwaresdr675sm6250sd712_firmwarewsa8810_firmwaresmb231sd765_firmwareqdm5677_firmwareqet4200aqqca6174a_firmwarewcd9385qpm6325_firmwareqdm2302_firmwareqat3550_firmwarepmm8155auqln5040_firmwarepm4125_firmwarear8035qpa8673qdm2310qln5030_firmwaresmb1396_firmwarewcn6850_firmwarewsa8835_firmwareqca6564apmx24qet6110qln5040qcm2290_firmwareqpm8895qpm5670wcn3990sd_675qtm527sdx24qdm2307_firmwarewsa8835qpm5657_firmwaresm6250psdr660_firmwareqca6574asmb1390_firmwareqca6174awcn6750qet5100m_firmwareqpm4650mdm9205qtm525sd855sm4125_firmwarepm640psd768g_firmwaresdr865_firmwarepm8250_firmwarepm6250sd460qca6391sdxr1_firmwaresmb1351aqt1000_firmwareqpm8895_firmwareqcm4290sdx50mpm640asdr8150smb1395_firmwarepmd9655qca6574ausa8155p_firmwareqsw6310wcd9341_firmwarewsa8810qtc410s_firmwaresmb231_firmwareqdm2308qat3550qdm5679sd_8cpm3003a_firmwareqca6696qtc800s_firmwaresm4350sd845_firmwaresmb1381_firmwareqpa2625sa6150pqpa8688_firmwarepmm8195au_firmwaresm7250psd720g_firmwaresd850qln4640Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-20
Improper Input Validation
CVE-2020-11289
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.80%
||
7 Day CHG~0.00%
Published-07 May, 2021 | 09:10
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound write can occur in TZ command handler due to lack of validation of command ID in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfe3100qfe2080fc_firmwareqca9377_firmwareqfs2580qpm5679_firmwaremdm9640_firmwaresm6250p_firmwarepmd9607_firmwareqfe4455fc_firmwareqca8337ipq8173_firmwareqfs2608_firmwareqfs2530qpm8870_firmwareqln1030qpa8688pm6125qcn5124qat5522_firmwarewcn3950_firmwarepm8150asc8180x\+sdx55qdm5670qca6595au_firmwareqpm5541_firmwareqpa5581_firmwaresa6155pm7150lqpa8821pm8998_firmwarewtr5975_firmwareqcs6125_firmwarepm456_firmwareqpa5580_firmwaremsm8108sa415mwcn3998wcd9371_firmwaremsm8108_firmwarewcn3950qcn6024_firmwaresd720gsm4125mdm9206_firmwareqsw8573_firmwarewcn3660bsd450_firmwareqsm8350_firmwareqfe4320qcc112qsw8574_firmwareqsm8350sd460_firmwaresmb2351_firmwarepm8953_firmwareqpa4360_firmwareqca8081_firmwareqfe2520_firmwarewcn3998_firmwarepm855pqca6420apq8053_firmwarewtr4605_firmwarepm6150aqpm6670_firmwareipq8070_firmwareqca9367_firmwareipq8078a_firmwaremdm8207pm660_firmwarepm8150bipq8072_firmwaresa8155_firmwareqca4004_firmwareqfe2101qca6430qat3522qfe4455fcpmr735awcd9306_firmwarewcd9340sd765gsdr660msm8209_firmwareqfs2630_firmwaresdr865mdm9250_firmwareqdm5620_firmwareqca9888_firmwaresmb1358smr545qca6696_firmwareqln5020wcd9371sd870_firmwaresmb1350qcn5154_firmwarepmm855au_firmwarewtr3950sa8150ppm6350qdm5621qfe3340qtc800sqca4004qat3514_firmwaresd660qet6105sd712pm640p_firmwaresd660_firmwareqcn5121qcn5022_firmwarewcn6750_firmwareqat5516_firmwarepm6150lsd450sd8885gpm855l_firmwareqca6428_firmwareqtc410swcn3991qpa8801sdm429wipq8078pm8150l_firmwareipq8173qat5533_firmwaresdx55m_firmwaresdxr25gqpa8673_firmwarepm6150smb1354_firmwaresd670_firmwareqca6574sd632_firmwareqfs2630qpa8842csr8811_firmwarepmm8996ausdr052_firmwarewcd9380sd850qualcomm215qln4640qcs410qpm5579_firmwaresmb1380_firmwareqfe4309_firmwarepmk8350_firmwareqcn5024pm855p_firmwaresd690_5g_firmwaresmb1381qfe3100_firmwarepm7250qca9379_firmwarewtr4905qpa8803sdx24_firmwareqcn9012_firmwaresd439_firmwaresdxr25g_firmwareqdm2301ipq6018_firmwarewcd9340_firmwarewsa8815wcn6850qfe2101_firmwarepmp8074_firmwareqdm5621_firmwareqdm2301_firmwaremsm8937_firmwareqpm6375ipq6028sd835pmp8074wcn3980_firmwaresd730qfe3320_firmwarepm660l_firmwarepm6250_firmwarepm8008pm8350b_firmwareqtm525_firmwarepme605_firmwareqcn5064_firmwarepme605sd678_firmwareapq8064au_firmwareipq8078_firmwareqpm5621_firmwareqca6234qcn5054qln1021aq_firmwareqcs603rsw8577qpa6560_firmwareqpa8802_firmwareqln4640_firmwareqfe4308_firmwareqpm5621qpm6582qcn9024_firmwareipq8174_firmwarepm8009_firmwaresd670qfe4303qfs2580_firmwareqcm4290_firmwarewcn6855pm8150lpmi8998_firmwareqcs610_firmwaresa6145ppm660a_firmwarepm215pm4250sdr105ar8031qpm5577mdm8207_firmwaresdm630_firmwarewtr2965mdm9205_firmwareqca6391_firmwaresa2150psd820_firmwarepm8150qca4024pmi8937_firmwarewcd9370_firmwareqat3516_firmwaresdx55apq8053qcn5021_firmwarecsra6640qat3555_firmwarepmi8994qpa8803_firmwarewcn3660qca9379pm855bqca6234_firmwareqln1031qsm8250_firmwaresmb2351qpm5870pm8909mdm9150_firmwarewsa8830pm660qet6110_firmwareqpm6325pm6125_firmwareqbt1500qpa5581csrb31024mdm9628_firmwaremdm9650pmx24_firmwarefsm10055_firmwareqbt1500_firmwareqpm5870_firmwarepmk8001qcs4290qet6100pmm855aumdm9250qca6420_firmwareapq8009_firmwaresd690_5gsmb1396pm7150asd675_firmwareipq8072pm8350qca6564qpa4361_firmwarepm8350c_firmwareqpa5461_firmwareqca6426wcn3990_firmwareqca9984_firmwareqca9377qpm5641qpa5373_firmwarewcd9385_firmwareqdm5650_firmwareqpa4340_firmwarewcd9326_firmwarewcn3615_firmwarewtr2955rgr7640au_firmwarepm7250_firmwaresdr845_firmwareqdm5620qln1021aqipq8074asmb1380pmk8002_firmwareqsw6310_firmwaresa8155qln1031_firmwareqdm4650_firmwareqcn5122_firmwarepmm6155au_firmwareqat5533sdx55_firmwareqcn6023_firmwarewcn3615sm7250p_firmwarewcn3610_firmwarepm8940mdm9207qpm6670pm7150l_firmwareqsm7250_firmwarewcd9306qca6584aumsm8208qpm4641qat5515_firmwareipq8174pm855qpm8830_firmwaresd429pm8250qcn5052qca9367qfe2082fc_firmwaresdm630mdm9607_firmwaremdm9655_firmwareqdm4643qfs2530_firmwaresa415m_firmwarepmx55qpm4641_firmwareqcn9074sd205sd429_firmwarepm8150c_firmwareqca6421qdm3301qpa8842_firmwareqat3519_firmwaresa8195psdr735_firmwarepm8953qat5515qca6694qpm5677qat3514wcd9326wcd9335pm6350_firmwareqcn6023pm8004_firmwaresdr8150_firmwareqcs4290_firmwarepm439qtc800h_firmwareqpm5620qpm4630qca6390wcd9375sd750g_firmwareaqt1000sc8180x\+sdx55_firmwarepmm8195ausm6250_firmwareqln4642msm8917_firmwareqpm5677_firmwareipq5010_firmwareipq8074a_firmwarewsa8815_firmwarepmi8937pm8998smr525_firmwarewtr3925_firmwareqpm8820_firmwareqfe4301_firmwareapq8017qcc112_firmwareqln1020_firmwareqpm6621_firmwarepm670a_firmwareqcm6125_firmwarepmx55_firmwarewtr2955_firmwareqbt1000_firmwareqfe4373fc_firmwarepm8019qca6595pm8150_firmwaresmb1398_firmwareqpm8830pmm8996au_firmwareqat5522pm8150cpmr735bsd665_firmwareqpa4360pmk8003_firmwareqcn5154qca8075_firmwareqpa4361ipq6005_firmwaremdm9206qpm4640_firmwareqpm5577_firmwarewcn6855_firmwareqdm5679_firmwarepm8350csmr525qca9888qca6310_firmwareqfe4305_firmwareipq8070a_firmwarepm6150l_firmwarepmr525pm8150a_firmwareqca6574_firmwarewtr3950_firmwareqln1036aq_firmwaresd665pm6150a_firmwarepm6150_firmwareqca6175asd765qca6574a_firmwarepmd9607qpm4630_firmwareqat3555sd850_firmwareapq8009qpa5461qfe2082fcsd8c_firmwarewtr2965_firmwarepm670_firmwarecsrb31024_firmwareqfs2608qcn9070_firmwaresd480_firmwareqln1036aqqtc801sipq6028_firmwareipq8072a_firmwarepmi8940_firmwareqpm5641_firmwareqca9889_firmwareqfe3320mdm9607qcn5122sd710pm8008_firmwareqln1035bd_firmwareqpm6621pmr735a_firmwarepmw3100pmx50qcn5022qca6564_firmwaresdr8250sd768gqln1030_firmwaresmb1350_firmwarepmw3100_firmwarepm8004pm640lmsm8940pmk8002apq8096au_firmwareqca8075qcn6024qcn9022sd845sd455_firmwareipq6000_firmwarepmd9655au_firmwareqcs410_firmwareqca6175a_firmwareqpa5580qpm5579fsm10055qfe2550sa6150p_firmwareqcs610qcn5550pmi8996qpm5620_firmwareqdm2307qca6431_firmwareqpa8802wcd9360_firmwareqpm6585_firmwareqat3519qbt2000_firmwareqca4024_firmwarepm855a_firmwareipq8078aqtc800hsa8150p_firmwareqcs2290sdr8250_firmwareqca6335msm8917qcn5064csra6620_firmwareqcs605_firmwareqln1020smr546_firmwarewtr3905qdm5671csra6640_firmwarepmc1000hqpm4650_firmwareqat3518sd8csd632sdr425_firmwaresmr526_firmwareipq8076amdm9628pm640a_firmwareqpa5460wgr7640_firmwareqdm2305_firmwareqpm5670_firmwaresd710_firmwareqca4020qca6428qdm5652qca6574au_firmwareqcn5164_firmwareipq8071qpm8870wcd9375_firmwareqpm5679qbt2000sa6155_firmwarewcd9360qca6438_firmwarepmx50_firmwareqpa8675_firmwaresdr735gqpa5460_firmwarewcn3999pm8940_firmwareqdm3301_firmwarepm8996qsm7250qcs6125ipq6010sd662_firmwaresmb1360qcs405qualcomm215_firmwareqfe3440fcqdm2308_firmwarersw8577_firmwarefsm10056_firmwarepm439_firmwareqca4020_firmwareqca6436sa6155pwcn6851qcs603_firmwareqpa6560msm8937sdr675_firmwarewcn3660_firmwarewcd9341pmi8952qdm4643_firmwaremdm9655pm8937_firmwareqca6431qet4100_firmwaresd750gqfe4320_firmwarewcn3910_firmwareqpm5657mdm9207_firmwareqpm5875_firmwarewsa8830_firmwaresd855_firmwareqdm5650wcn3988qca6438wtr3925qfe2080fcsdr052sa8195p_firmwaresmb1390msm8208_firmwareqet4100wcn3610mdm9640msm8608ipq5018_firmwareqpa8686_firmwareqpm6585qca8337_firmwaresda429w_firmwarewcd9380_firmwaresmb1355ipq8072aqln4650qtc800t_firmwaremsm8996au_firmwaresdr735g_firmwarewcd9330wgr7640ipq8076a_firmwareqat5568qdm5671_firmwareqet5100qca6564auqpa8801_firmwareqtm527_firmwaresd636wcn6856_firmwarepm8005_firmwareqcn5164msm8940_firmwareqet4101_firmwarepm7250bqln4642_firmwarepmk8001_firmwaresmb1355_firmwarepm7250b_firmwarepmd9655_firmwaresmb1351_firmwareqcn5054_firmwarepm8996_firmwareqet4200aq_firmwaresdx50m_firmwaresdr735smb1395pm660lar8151smr526qca8072_firmwarewtr5975qca6430_firmwarepmk8003qcn5052_firmwareqtc801s_firmwareqat3522_firmwarewcd9335_firmwarewcn3980qca6335_firmwareqsw8573qcs605qbt1000sd7cqca6320wcn3910mdm9650_firmwareqca6426_firmwarepm8350_firmwarewcn3660b_firmwarewcn3680qca9984qfe4309qcn9024pm8009qpa8675qcn5550_firmwaresdr051_firmwaresdx55mwcd9330_firmwarepm670aqca6421_firmwarewtr3905_firmwareqfe4373fcmsm8953qat3518_firmwarepmi8998qfe2520qsw8574sd821_firmwarear8031_firmwarewcn3680_firmwarepm855lwcn6851_firmwareqdm5670_firmwareipq8070sd8655gpm7150a_firmwarepm8150b_firmwareqfe4302smr545_firmwarepmc1000h_firmwareqca6564a_firmwareqdm2310_firmwareqca6694au_firmwarepm4250_firmwaresdr105_firmwaresd480sd870qcn5121_firmwaresd8885g_firmwarepm670sd210_firmwareqdm5677pm8005qsm8250ipq6018pm855_firmwareqdm2302pmm6155ausdxr1pm855b_firmwareapq8096auqca6595_firmwareqcs405_firmwareqpm6582_firmwareqpm6375_firmwarepm640l_firmwarepmi8996_firmwareqln4650_firmwareqpm5875qet5100msd888_firmwaresa8155psd675wtr4605sd439qet4101qat3516pm670lqpm5658ar8035_firmwareqcm2290qpm5658_firmwareqcn5024_firmwarewcn3991_firmwareqdm5652_firmwarepmm8155au_firmwareqfe4465fcqcn9070sd678sdr051qln5030qcs2290_firmwarepm4125fsm10056pmi632qpa2625_firmwarepm456sd7c_firmwareqfe2081fc_firmwarepm8350bh_firmwarecsra6620pmr735b_firmwareqet5100_firmwareqpa5373qpm4621qcn9072smb1360_firmwareqet6100_firmwarepm670l_firmwaresdr660gsd455sd765g_firmwareqpa8686smb1358_firmwareqca6390_firmwareipq6000sd730_firmwarewcd9370qcn5152_firmwaresdr425pmr525_firmwareqca6584au_firmwareqcn9000_firmwareqfe3340_firmwareipq5018ar8151_firmwarepmi632_firmwareqpm5541qat5516smb358_firmwaresd662qpa8821_firmwareqfe4308qcn5124_firmwaresdr660g_firmwarepm8350bhapq8037pm3003aqca6320_firmwarewcn3680b_firmwareqca6595auwcn3999_firmwareqca6436_firmwareqtc800tsmb1354ipq5010qca6564au_firmwareqdm2305sa6155p_firmwareqca6310qpm8820pm8937qpm2630qfe2081fcqln5020_firmwaresa515m_firmwaresmb1398sd821sa6145p_firmwaresdr675sm6250sd712_firmwareapq8017_firmwarewsa8810_firmwaresmb231sd765_firmwareqdm5677_firmwareqca8081qet4200aqipq8071aqca6174a_firmwareipq8071a_firmwarewcd9385qpm6325_firmwareqdm2302_firmwareqat3550_firmwarepmm8155auqln5040_firmwarepm4125_firmwarear8035csr8811pm8019_firmwareapq8064auqca6694_firmwareqpa8673qdm2310qfe2550_firmwaremsm8953_firmwareqcn9100_firmwareqca6694auqln5030_firmwaresda429wsd210wcn3620_firmwareqfe4302_firmwaresd820smb1396_firmwarewcn6850_firmwarewcn3620wsa8835_firmwaresmb358qca6564asmr546pmx24qet6110pmi8952_firmwareqca8072qcm2290_firmwareqln5040qpm8895sdr845qpm5670wcn3990qcn9000qtm527qfe3440fc_firmwarepmk8350sdx24qcn9012sd888pmi8994_firmwarepm8350bqdm2307_firmwarewsa8835msm8996ausdm429w_firmwareqpm5657_firmwarepmi8940sm6250prgr7640auqln1035bdpm855asdr660_firmwarepm8909_firmwareqca6574apm8916_firmwareqca9889qca6174asmb1390_firmwareipq8074qfe4303_firmwareqpm4640wcn6750qet5100m_firmwareipq8076_firmwaremdm9205qpm4650qtm525sa2150p_firmwaresa515msd855sm4125_firmwaresd8cxwtr6955qfe4305ipq8076wtr6955_firmwarepm640pqcn5021qcn5152sd768g_firmwaresdr865_firmwaremsm8209qfe4465fc_firmwarepm8250_firmwaresd460qca6391sd8cx_firmwaresdxr1_firmwaresmb1351ipq6005aqt1000_firmwarepm215_firmwaremsm8920qcn9100qpm8895_firmwarepm660aqpa4340qcm4290sdx50mpm640asdr8150pm8916pmd9655aumsm8920_firmwareqdm4650smb1395_firmwarepmd9655ipq8074_firmwareqca6574ausa8155p_firmwaresd205_firmwareqsw6310qet6105_firmwaresd8655g_firmwarewcd9341_firmwareqcm6125wsa8810qtc410s_firmwareqpm2630_firmwaresmb231_firmwareqat5568_firmwareqdm2308qat3550mdm9150wcn6856qdm5679wtr4905_firmwarewcn3680bsd835_firmwareipq6010_firmwarepm3003a_firmwareqca6696qfe4301qtc800s_firmwaresmb1381_firmwaresd845_firmwaremsm8608_firmwareqpa2625sa6150pqcn9022_firmwareqpa8688_firmwareapq8037_firmwareipq8070apmm8195au_firmwareqcn9072_firmwaresm7250psd720g_firmwareipq8071_firmwareqcn9074_firmwareqpm4621_firmwarewcn3988_firmwaresd636_firmwarepm6250Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-11288
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.80%
||
7 Day CHG~0.00%
Published-07 May, 2021 | 09:10
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound write can occur in playready while processing command due to lack of input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfs2580qca9377_firmwareqpm5679_firmwaresm6250p_firmwareqca8337qfs2608_firmwareqfs2530qpm8870_firmwareqpa8688pm6125qat5522_firmwarewcn3950_firmwarepm8150asc8180x\+sdx55qdm5670qca6595au_firmwareqpm5541_firmwareqpa5581_firmwaresa6155pm7150lqpa8821pm8998_firmwarewtr5975_firmwareqcs6125_firmwarepm456_firmwareqpa5580_firmwaresa415mwcn3998wcd9371_firmwarewcn3950sm4125sd720gqsw8573_firmwareqsm8350_firmwareqsw8574_firmwareqsm8350sd460_firmwaresmb2351_firmwaresd6905gqpa4360_firmwarewcn3998_firmwarepm855pqca6420pm6150aqpm6670_firmwarepm660_firmwarepm8150bsa8155_firmwareqca4004_firmwareqca6430qat3522pmr735awcd9306_firmwarewcd9340sd765gsdr660qfs2630_firmwaresdr865qdm5620_firmwaresmr545qca6696_firmwareqln5020wcd9371sd870_firmwarepmm855au_firmwaresa8150ppm6350qdm5621qtc800sqca4004qet6105sd712pm640p_firmwarewcn6750_firmwareqat5516_firmwarepm6150lsd8885gpm855l_firmwareqtc410swcn3991qpa8801pm8150l_firmwareqat5533_firmwaresdx55m_firmwaresdxr25gqpa8673_firmwarepm6150smb1354_firmwaresd670_firmwareqca6574qfs2630qpa8842sdr052_firmwarewcd9380qcs410qpm5579_firmwaresmb1380_firmwarepmk8350_firmwaresmb1381pm855p_firmwarepm7250qpa8803sdx24_firmwaresdxr25g_firmwareqdm2301wcd9340_firmwarewsa8815wcn6850qdm5621_firmwareqdm2301_firmwareqpm6375wcn3980_firmwaresd730pm660l_firmwarepm6250_firmwarepm8008pm8350b_firmwareqtm525_firmwarepme605_firmwarepme605sd678_firmwareqpm5621_firmwareqln1021aq_firmwareqcs603qpa6560_firmwareqpa8802_firmwareqln4640_firmwareqpm5621qpm6582sd670pm8009_firmwareqfs2580_firmwareqcm4290_firmwarewcn6855pm8150lpmi8998_firmwareqcs610_firmwaresa6145psdr105pm4250ar8031qpm5577wtr2965mdm9205_firmwareqca6391_firmwaresa2150ppm8150wcd9370_firmwareqat3516_firmwaresdx55csra6640qat3555_firmwareqpa8803_firmwarepm855bsmb2351qln1031qsm8250_firmwareqpm5870wsa8830pm660qet6110_firmwareqpm6325pm6125_firmwareqbt1500qpa5581csrb31024pmx24_firmwarefsm10055_firmwareqbt1500_firmwareqpm5870_firmwareqcs4290qet6100pmm855auqca6420_firmwaresmb1396pm7150asd675_firmwarepm8350qca6564qpa4361_firmwarepm8350c_firmwareqpa5461_firmwareqca6426wcn3990_firmwareqca9377qpm5641wcd9385_firmwareqdm5650_firmwarewcd9326_firmwarepm7250_firmwareqdm5620qln1021aqsmb1380pmk8002_firmwareqsw6310_firmwaresa8155qln1031_firmwareqdm4650_firmwaresdx55_firmwarepmm6155au_firmwareqat5533sm7250p_firmwareqsm7250_firmwareqpm6670pm7150l_firmwarewcd9306qca6584auqpm4641qat5515_firmwarepm855qpm8830_firmwarepm8250qdm4643qfs2530_firmwaresa415m_firmwarepmx55qpm4641_firmwarewcn3988_firmwarepm8150c_firmwareqca6421qdm3301qpa8842_firmwareqat3519_firmwaresa8195psdr735_firmwareqpm5677qat5515wcd9326wcd9335pm6350_firmwarepm8004_firmwaresdr8150_firmwareqcs4290_firmwareqtc800h_firmwareqpm5620qpm4630qca6390wcd9375sd750g_firmwareaqt1000sc8180x\+sdx55_firmwarepmm8195ausm6250_firmwareqln4642qpm5677_firmwarewsa8815_firmwarewtr3925_firmwaresmr525_firmwarepm8998qpm8820_firmwareqpm6621_firmwarepm670a_firmwareqcm6125_firmwarepmx55_firmwareqca6595pm8150_firmwaresmb1398_firmwareqpm8830qat5522pm8150cpmr735bsd665_firmwareqpa4360pmk8003_firmwareqpa4361qpm4640_firmwarewcn6855_firmwareqpm5577_firmwareqdm5679_firmwarepm8350csmr525qca6310_firmwarepm6150l_firmwarepmr525pm8150a_firmwareqca6574_firmwareqln1036aq_firmwaresd665pm6150a_firmwarepm6150_firmwareqca6175asd765qca6574a_firmwareqpm4630_firmwareqat3555sd850_firmwareqpa5461sd8c_firmwarewtr2965_firmwarepm670_firmwarecsrb31024_firmwareqfs2608sd480_firmwareqln1036aqqtc801sqpm5641_firmwaresd710pm8008_firmwareqpm6621pmr735a_firmwarepmx50qca6564_firmwaresdr8250sd768gpm8004pm640lpmk8002sd845qcs410_firmwareqca6175a_firmwareqpa5580qpm5579fsm10055sa6150p_firmwareqcs610qpm5620_firmwareqdm2307qca6431_firmwareqpa8802wcd9360_firmwareqpm6585_firmwareqat3519qbt2000_firmwareqtc800hsa8150p_firmwareqcs2290sdr8250_firmwareqca6335csra6620_firmwareqcs605_firmwaresmr546_firmwareqdm5671csra6640_firmwarepmc1000hqpm4650_firmwareqat3518sd8csdr425_firmwaresmr526_firmwarepm640a_firmwarewgr7640_firmwareqdm2305_firmwareqpm5670_firmwaresd710_firmwareqdm5652qca6574au_firmwareqpm8870wcd9375_firmwareqpm5679qbt2000sa6155_firmwarewcd9360pmx50_firmwareqpa8675_firmwaresdr735gwcn3999qdm3301_firmwareqsm7250qcs6125sd662_firmwareqcs405qdm2308_firmwarefsm10056_firmwareqca6436wcn6851sa6155pqcs603_firmwareqpa6560sdr675_firmwarewcd9341qdm4643_firmwareqca6431qet4100_firmwaresd750gwcn3910_firmwareqpm5657qpm5875_firmwarewsa8830_firmwaresd855_firmwareqdm5650wcn3988wtr3925sdr052sa8195p_firmwaresmb1390qet4100qpa8686_firmwareqpm6585qca8337_firmwarewcd9380_firmwaresmb1355qln4650sdr735g_firmwarewgr7640qat5568qet5100qdm5671_firmwareqpa8801_firmwareqca6564auqtm527_firmwarewcn6856_firmwarepm8005_firmwareqet4101_firmwarepm7250bqln4642_firmwaresmb1355_firmwarepm7250b_firmwarepmd9655_firmwaresmb1351_firmwareqet4200aq_firmwaresdx50m_firmwaresdr735smb1395pm660lsmr526wtr5975qca6430_firmwarepmk8003qtc801s_firmwarewcd9335_firmwareqat3522_firmwarewcn3980qca6335_firmwareqsw8573qcs605sd7cwcn3910qca6426_firmwarepm8350_firmwarepm8009qpa8675sdr051_firmwaresdx55mpm670aqca6421_firmwareqat3518_firmwareqsw8574pmi8998sd6905g_firmwarear8031_firmwarepm855lwcn6851_firmwareqdm5670_firmwaresd8655gpm7150a_firmwarepm8150b_firmwaresmr545_firmwarepmc1000h_firmwareqca6564a_firmwareqdm2310_firmwarepm4250_firmwaresdr105_firmwaresd480sd870sd8885g_firmwarepm670qdm5677pm8005qsm8250pm855_firmwareqdm2302pmm6155ausdxr1pm855b_firmwareqca6595_firmwareqcs405_firmwareqpm6582_firmwareqpm6375_firmwarepm640l_firmwareqln4650_firmwareqpm5875qet5100msd888_firmwaresa8155psd675qet4101qat3516pm670lqpm5658ar8035_firmwareqcm2290qpm5658_firmwarewcn3991_firmwareqdm5652_firmwarepmm8155au_firmwaresd678sdr051qln5030qcs2290_firmwarepm4125fsm10056pmi632qpa2625_firmwarepm456sd7c_firmwarepm8350bh_firmwarecsra6620pmr735b_firmwareqet5100_firmwareqpm4621qet6100_firmwarepm670l_firmwaresdr660gsd765g_firmwareqpa8686qca6390_firmwaresd730_firmwarewcd9370sdr425pmr525_firmwareqca6584au_firmwarepmi632_firmwareqpm5541qat5516sd662qpa8821_firmwaresdr660g_firmwarepm8350bhpm3003aqca6595auwcn3999_firmwareqca6436_firmwaresmb1354qca6564au_firmwareqdm2305sa6155p_firmwareqca6310qpm8820qln5020_firmwaresa515m_firmwaresmb1398sa6145p_firmwaresdr675sm6250sd712_firmwarewsa8810_firmwaresmb231sd765_firmwareqdm5677_firmwareqet4200aqqca6174a_firmwarewcd9385qpm6325_firmwareqdm2302_firmwareqat3550_firmwarepmm8155auqln5040_firmwarepm4125_firmwarear8035qpa8673qdm2310qln5030_firmwaresmb1396_firmwarewcn6850_firmwarewsa8835_firmwareqca6564asmr546pmx24qet6110qln5040qcm2290_firmwareqpm8895qpm5670wcn3990qtm527pmk8350sdx24sd888pm8350bqdm2307_firmwarewsa8835qpm5657_firmwaresm6250psdr660_firmwareqca6574asmb1390_firmwareqca6174aqpm4640wcn6750qet5100m_firmwareqpm4650mdm9205qtm525sa515msa2150p_firmwaresd855sm4125_firmwaresd8cxpm640psd768g_firmwaresdr865_firmwarepm8250_firmwarepm6250sd460qca6391sd8cx_firmwaresdxr1_firmwaresmb1351aqt1000_firmwareqpm8895_firmwareqcm4290sdx50mpm640asdr8150smb1395_firmwareqdm4650pmd9655qca6574ausa8155p_firmwareqsw6310qet6105_firmwaresd8655g_firmwarewcd9341_firmwareqcm6125wsa8810qtc410s_firmwaresmb231_firmwareqat5568_firmwareqdm2308qat3550wcn6856qdm5679pm3003a_firmwareqca6696qtc800s_firmwaresmb1381_firmwaresd845_firmwareqpa2625sa6150pqpa8688_firmwarepmm8195au_firmwaresm7250psd720g_firmwareqpm4621_firmwaresd850qln4640Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-11256
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-8.8||HIGH
EPSS-0.04% / 10.51%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 05:00
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption due to lack of check of validation of pointer to buffer passed to trustzone in Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-ar9580_firmwareipq4018_firmwareqfe1952ipq4028_firmwareqca7500_firmwareqca7520qca7500ipq4029_firmwareqca7550_firmwareqca9994qca4024_firmwareqca9889_firmwareqca9880_firmwareqca10901qca9992wcd9340csr8811_firmwareqca7520_firmwareqca9880wsa8810_firmwareqca7550wsa8810qcn3018_firmwareqca8075_firmwareipq4019_firmwareipq4018qcn3018qca9886_firmwareqca9889qca9888_firmwareqca9888qca9984_firmwareqca9994_firmwarear9580qca9898_firmwareqca4024csr8811ipq4019ar7420qca9886wcd9340_firmwarear7420_firmwareqca8075qfe1922qfe1922_firmwareqca9992_firmwareqfe1952_firmwareqca9984qca9898ipq4029ipq4028qca10901_firmwareSnapdragon Wired Infrastructure and Networking
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-11258
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-8.8||HIGH
EPSS-0.04% / 10.51%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 05:00
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption due to lack of validation of pointer arguments passed to Trustzone BSP in Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-ar9580_firmwareipq4018_firmwareqfe1952ipq4028_firmwareqca7500_firmwareqca7520qca7500ipq4029_firmwareqca7550_firmwareqca9994qca4024_firmwareqca9889_firmwareqca9880_firmwareqca10901qca9992wcd9340csr8811_firmwareqca7520_firmwareqca9880wsa8810_firmwareqca7550wsa8810qcn3018_firmwareqca8075_firmwareipq4019_firmwareipq4018qcn3018qca9886_firmwareqca9889qca9888_firmwareqca9888qca9984_firmwareqca9994_firmwarear9580qca9898_firmwareqca4024csr8811ipq4019ar7420qca9886wcd9340_firmwarear7420_firmwareqca8075qfe1922qfe1922_firmwareqca9992_firmwareqfe1952_firmwareqca9984qca9898ipq4029ipq4028qca10901_firmwareSnapdragon Wired Infrastructure and Networking
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-4738
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.11% / 30.27%
||
7 Day CHG~0.00%
Published-03 Feb, 2014 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges via (1) a crafted VIDIOC_MSM_VPE_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/vpe/msm_vpe.c, or (2) a crafted VIDIOC_MSM_CPP_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c.

Action-Not Available
Vendor-codeauroran/aQualcomm Technologies, Inc.
Product-quic_mobile_station_modem_kernelandroid-msmn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-2248
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.92%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 16:44
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow can occur if invalid header tries to overwrite the existing buffer which fix size allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 820, SD 820A, SD 845 / SD 850, SDM439, SDM660, SDX20

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9150_firmwaresd_632sd_820amsm8996au_firmwaresd_439sd_429sdm439mdm9650sd_636sd_615_firmwaremsm8909w_firmware215_firmwaremsm8996ausd_820sd_650sd_450_firmwaresd_845_firmwaresd_820a_firmwaremdm9206sd_652sd_425_firmwaresd_625_firmwaresd_450sd_845mdm9206_firmwaresd_632_firmwaremdm9650_firmwaresd_210_firmwaresd_415_firmwaresd_652_firmwaremsm8909wsd_616_firmwaresd_205_firmwaresd_415sd_650_firmwaresd_212sd_427_firmwaresdx20sd_616sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435sd_615sd_625sd_210mdm9607sd_636_firmwaresd_820_firmwareqm215215sd_439_firmwaremdm9150sd_429_firmwaresd_212_firmwaresd_850_firmwaresdm439_firmwareqm215_firmwaresd_427sd_430sd_435_firmwaresdx20_firmwaresd_205sdm660_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-2272
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.92%
||
7 Day CHG~0.00%
Published-25 Jul, 2019 | 16:33
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow can occur in display function due to lack of validation of header block size set by user. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SDM660, SDX20

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_427_firmwaresd_712sd_850sd_820amsm8996au_firmwaresdx20sd_415sd_616sd_425sd_670_firmwaresdm660sd_430_firmwaremdm9607_firmwaresd_435mdm9650sd_615sd_636sd_650_firmwaresd_625sd_615_firmwaresd_710_firmwaremsm8909w_firmwaremdm9607msm8996ausd_210sd_636_firmwaresd_650sd_450_firmwaresd_845_firmwaresd_820a_firmwaremdm9206sd_652sd_425_firmwaresd_212_firmwaresd_850_firmwaresd_625_firmwaresd_450sd_712_firmwaresd_845mdm9206_firmwaresd_427sd_430sd_670sd_435_firmwaremdm9650_firmwaresd_710sdx20_firmwaresd_205sd_210_firmwaresd_415_firmwaresd_652_firmwaremsm8909wsd_616_firmwaresd_205_firmwaresdm660_firmwaresd_212Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-18303
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.26%
||
7 Day CHG~0.00%
Published-23 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

While processing the sensors registry configuration file, if inputs are not validated a buffer overflow will occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MMDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SDA660, SDX20.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_820amsm8996au_firmwaresdx20sd_415sd_616sd_425sd_430_firmwaremdm9607_firmwaresd_615mdm9650sd_650_firmwaresd_625sd_615_firmwaremsm8909w_firmwaremdm9607msm8996ausd_210sd_650sd_820_firmwaresd_820sd_450_firmwaresd_800sd_617sd_820a_firmwaremdm9206sd_652sd_425_firmwaresd_212_firmwaresd_800_firmwaresd_625_firmwaresd_450sda660_firmwaremdm9206_firmwaresd_430sd_810sd_835_firmwaremdm9650_firmwaresdx20_firmwaresd_600_firmwaresd_205sd_835sda660sd_210_firmwaresd_600sd_415_firmwaresd_652_firmwaremsm8909wsd_810_firmwaresd_616_firmwaresd_205_firmwaresd_212sd_617_firmwareSnapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-18329
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.05%
||
7 Day CHG~0.00%
Published-03 Jan, 2019 | 15:00
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible Buffer overflow when transmitting an RTP packet in snapdragon automobile and snapdragon wear in versions MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 810, SD 820, SD 835, SD 845 / SD 850, SDA660, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9635m_firmwaremdm9640_firmwaremsm8996au_firmwaresd_670_firmwaremdm9650sd_636sd_615_firmwaresnapdragon_high_med_2016_firmwaremsm8909w_firmwaremsm8996aumdm9645sd_650sd_820sd_450_firmwaresd_845_firmwaresd_652sd_425_firmwaresd_625_firmwaresd_450mdm9635mmdm9615sd_845sd_835_firmwaremdm9650_firmwaresd_835sda660sxr1130_firmwaresd_210_firmwaresd_415_firmwaresd_652_firmwaresxr1130msm8909wsd_616_firmwaresd_205_firmwaresd_415sd_650_firmwaresd_212sd_427_firmwaresd_712sd_616sd_425sdm660sd_430_firmwaresd_615sd_435mdm9655_firmwaresd_710_firmwaresdm630sd_625sd_210sd_820_firmwaresd_636_firmwaremdm9645_firmwaremdm9625_firmwaresnapdragon_high_med_2016sd_212_firmwaresd_850_firmwaremdm9655sd_712_firmwaresdm630_firmwaresda660_firmwaremdm9625sd_427sd_430sd_670sd_810sd_435_firmwaremdm9615_firmwaresd_710sd_205sd_810_firmwaresdm660_firmwaremdm9640Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-18295
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.26%
||
7 Day CHG~0.00%
Published-23 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer overflow if input is not null terminated in DSP Service module in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDX20.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_820amsm8996au_firmwaresdx20sd_415sd_616mdm9607_firmwaresd_615mdm9650sd_650_firmwaresd_625sd_615_firmwaremsm8909w_firmwaremdm9607msm8996ausd_210sd_650sd_820_firmwaresd_820sd_450_firmwaresd_820a_firmwaremdm9206sd_652sd_212_firmwaresd_625_firmwaresd_450mdm9206_firmwaresd_835_firmwaremdm9650_firmwaresdx20_firmwaresd_835sd_205sd_210_firmwaresd_415_firmwaresd_652_firmwaremsm8909wsd_616_firmwaresd_205_firmwaresd_212Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-18317
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.12%
||
7 Day CHG~0.00%
Published-28 Nov, 2018 | 15:00
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Restrictions related to the modem (sim lock, sim kill) can be bypassed by manipulating the system to issue a deactivation flow sequence in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU,SD 410/12,SD 820,SD 820A.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_820_firmwaremsm8996ausd_412sd_820sd_410_firmwaresd_820asd_412_firmwaremsm8996au_firmwaresd_410sd_820a_firmwareSnapdragon Automobile, Snapdragon Mobile
CWE ID-CWE-20
Improper Input Validation
CVE-2017-18158
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.07%
||
7 Day CHG~0.00%
Published-06 Jul, 2018 | 17:00
Updated-16 Sep, 2024 | 23:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer overflows and array out of bounds accesses in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05 while flashing images.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-18154
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.62%
||
7 Day CHG~0.00%
Published-06 Jun, 2018 | 21:00
Updated-17 Sep, 2024 | 03:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A crafted binder request can cause an arbitrary unmap in MediaServer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-18155
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.43%
||
7 Day CHG~0.00%
Published-12 Jul, 2018 | 14:00
Updated-16 Sep, 2024 | 23:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

While playing HEVC content using HD DMB in Snapdragon Automobile and Snapdragon Mobile in version MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, an uninitialized variable can be used leading to a kernel fault.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_625sd_820_firmwaresd_835_firmwaremsm8996ausd_820sd_625_firmwaresd_450sd_820amsm8996au_firmwaresd_835sd_450_firmwaresd_820a_firmwareSnapdragon Automobile, Snapdragon Mobile
CWE ID-CWE-20
Improper Input Validation
CVE-2017-18320
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.12%
||
7 Day CHG~0.00%
Published-03 Jan, 2019 | 15:00
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

QSEE unload attempt on a 3rd party TEE without previously loading results in a data abort in snapdragon automobile and snapdragon mobile in versions MSM8996AU, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016, SXR1130.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_632sd_820amsm8996au_firmwaresd_439sd_670_firmwaresd_429sdx24sdm439sd_636sd_615_firmwaresnapdragon_high_med_2016_firmwaremsm8996ausd_820sd_650sd_450_firmwaresd_410sd_820a_firmwaresd_652sd_425_firmwaresdx24_firmwaresd_625_firmwaresd_450sd_632_firmwaresd_835_firmwaresd_835sda660sxr1130_firmwaresd_415_firmwaresd_652_firmwaresxr1130sd_616_firmwaresd_650_firmwaresd_415sd_427_firmwaresd_712sd_412sd_616sd_425sdm660sd_430_firmwaresd_615sd_435sd_710_firmwaresdm630sd_625sd_820_firmwaresd_636_firmwaresd_439_firmwaresd_429_firmwaresnapdragon_high_med_2016sdm439_firmwaresd_412_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaresd_427sd_430sd_670sd_810sd_435_firmwaresd_710sd_410_firmwaresd_810_firmwaresdm660_firmwareSnapdragon Automobile, Snapdragon Mobile
CWE ID-CWE-20
Improper Input Validation
CVE-2017-18070
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.05%
||
7 Day CHG~0.00%
Published-12 Jun, 2018 | 20:00
Updated-17 Sep, 2024 | 01:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wma_ndp_end_response_event_handler(), the variable len_end_rsp is a uint32 which can be overflowed if the value of variable "event->num_ndp_end_rsp_per_ndi_list" is very large which can then lead to a heap overwrite of the heap object end_rsp in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-17767
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.23%
||
7 Day CHG~0.00%
Published-23 Feb, 2018 | 23:00
Updated-17 Sep, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all Qualcomm products with Android releases from CAF using the Linux kernel, the IL client may free a buffer OMX Video Encoder Component and then subsequently access the already freed buffer.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15855
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.39%
||
7 Day CHG~0.00%
Published-17 May, 2018 | 22:00
Updated-17 Sep, 2024 | 03:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, the camera application triggers "user-memory-access" issue as the Camera CPP module Linux driver directly accesses the application provided buffer, which resides in user space. An unchecked userspace value (ioctl_ptr->len) is used to copy contents to a kernel buffer which can lead to kernel buffer overflow.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-129
Improper Validation of Array Index
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15823
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.75%
||
7 Day CHG~0.00%
Published-30 Mar, 2018 | 21:00
Updated-17 Sep, 2024 | 03:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In spectral_create_samp_msg() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-11, some values from firmware are not properly validated potentially leading to a buffer overflow.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-15854
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.39%
||
7 Day CHG~0.00%
Published-12 Jun, 2018 | 20:00
Updated-17 Sep, 2024 | 02:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The value of fix_param->num_chans is received from firmware and if it is too large, an integer overflow can occur in wma_radio_chan_stats_event_handler() for the derived length len leading to a subsequent buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-15848
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.76%
||
7 Day CHG~0.00%
Published-10 Jan, 2018 | 22:00
Updated-16 Sep, 2024 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the fastrpc kernel driver, a buffer overflow vulnerability from userspace may potentially exist.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-14898
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.42%
||
7 Day CHG~0.00%
Published-05 Dec, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE contains fewer than 1 byte, a buffer overrun occurs.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-14884
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.53%
||
7 Day CHG~0.00%
Published-23 Feb, 2018 | 23:00
Updated-16 Sep, 2024 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all Qualcomm products with Android releases from CAF using the Linux kernel, due to lack of bounds checking on the variable "data_len" from the function WLANQCMBR_McProcessMsg, a buffer overflow may potentially occur in WLANFTM_McProcessMsg.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-14896
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.42%
||
7 Day CHG~0.00%
Published-05 Dec, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a memory allocation without a length field validation in the mobicore driver which can result in an undersize buffer allocation. Ultimately this can result in a kernel memory overwrite.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-14899
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.42%
||
7 Day CHG~0.00%
Published-05 Dec, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE_DECR_DB vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE_DECR_DB contains fewer than 1 byte, a buffer overrun occurs.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-14901
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.42%
||
7 Day CHG~0.00%
Published-05 Dec, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE contains fewer than 1 byte, a buffer overrun occurs.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-14897
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.23%
||
7 Day CHG~0.00%
Published-05 Dec, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while handling the QSEOS_RPMB_CHECK_PROV_STATUS_COMMAND, a userspace buffer is directly accessed in kernel space.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-14892
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.42%
||
7 Day CHG~0.00%
Published-30 Mar, 2018 | 21:00
Updated-16 Sep, 2024 | 23:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the function msm_pcm_hw_params() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-09-19, the return value of q6asm_open_shared_io() is not checked properly potentially leading to a possible dangling pointer access.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-20
Improper Input Validation
CVE-2017-14900
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.42%
||
7 Day CHG~0.00%
Published-05 Dec, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCA_NL80211_VENDOR_SUBCMD_GET_CHAIN_RSSI vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_MAC_ADDR contains fewer than 6 bytes, a buffer overrun occurs.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-14873
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.69%
||
7 Day CHG~0.00%
Published-10 Jan, 2018 | 22:00
Updated-16 Sep, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the pp_pgc_get_config() graphics driver function, a kernel memory overwrite can potentially occur.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-14888
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.75%
||
7 Day CHG~0.00%
Published-07 Dec, 2018 | 14:00
Updated-05 Aug, 2024 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Userspace can pass IEs to the host driver and if multiple append commands are received, then the integer variable that stores the length can overflow and the subsequent copy of the IE data may potentially lead to a heap buffer overflow.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11047
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.42%
||
7 Day CHG~0.00%
Published-05 Dec, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a graphics driver ioctl handler, the lack of copy_from_user() function calls may result in writes to kernel memory.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11085
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.75%
||
7 Day CHG~0.00%
Published-16 Nov, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an integer overflow leading to a buffer overflow due to improper bound checking in msm_audio_effects_virtualizer_handler, file msm-audio-effects-q6-v2.c

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-11029
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.75%
||
7 Day CHG~0.00%
Published-16 Nov, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, camera application triggers "user-memory-access" issue as the Camera CPP module Linux driver directly accesses the application provided buffer, which resides in user space. An unchecked userspace value (ioctl_ptr->len) is used to copy contents to a kernel buffer which can lead to kernel buffer overflow.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11019
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.42%
||
7 Day CHG~0.00%
Published-05 Dec, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the fd allocated during the get_metadata was not closed even though the buffer allocated to the fd was freed. This resulted in a failure during exit sequence.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 42
  • 43
  • Next
Details not found