Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-2289

Summary
Assigner-qualcomm
Assigner Org ID-2cfc7d3e-20d3-47ac-8db7-1b7285aff15f
Published At-21 Nov, 2019 | 14:38
Updated At-04 Aug, 2024 | 18:42
Rejected At-
Credits

Lack of integrity check allows MODEM to accept any NAS messages which can result into authentication bypass of NAS in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:qualcomm
Assigner Org ID:2cfc7d3e-20d3-47ac-8db7-1b7285aff15f
Published At:21 Nov, 2019 | 14:38
Updated At:04 Aug, 2024 | 18:42
Rejected At:
▼CVE Numbering Authority (CNA)

Lack of integrity check allows MODEM to accept any NAS messages which can result into authentication bypass of NAS in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130

Affected Products
Vendor
Qualcomm Technologies, Inc.Qualcomm, Inc.
Product
Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Versions
Affected
  • APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130
Problem Types
TypeCWE IDDescription
textN/AImproper Authentication in NAS
Type: text
CWE ID: N/A
Description: Improper Authentication in NAS
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin
x_refsource_CONFIRM
Hyperlink: https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@qualcomm.com
Published At:21 Nov, 2019 | 15:15
Updated At:24 Aug, 2020 | 17:37

Lack of integrity check allows MODEM to accept any NAS messages which can result into authentication bypass of NAS in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Qualcomm Technologies, Inc.
qualcomm
>>apq8009_firmware>>-
cpe:2.3:o:qualcomm:apq8009_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>apq8009>>-
cpe:2.3:h:qualcomm:apq8009:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>apq8017_firmware>>-
cpe:2.3:o:qualcomm:apq8017_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>apq8017>>-
cpe:2.3:h:qualcomm:apq8017:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>apq8053_firmware>>-
cpe:2.3:o:qualcomm:apq8053_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>apq8053>>-
cpe:2.3:h:qualcomm:apq8053:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>apq8096au_firmware>>-
cpe:2.3:o:qualcomm:apq8096au_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>apq8096au>>-
cpe:2.3:h:qualcomm:apq8096au:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>apq8098_firmware>>-
cpe:2.3:o:qualcomm:apq8098_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>apq8098>>-
cpe:2.3:h:qualcomm:apq8098:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm915_firmware>>-
cpe:2.3:o:qualcomm:mdm915_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm915>>-
cpe:2.3:h:qualcomm:mdm915:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9205_firmware>>-
cpe:2.3:o:qualcomm:mdm9205_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9205>>-
cpe:2.3:h:qualcomm:mdm9205:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9206_firmware>>-
cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9206>>-
cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9607_firmware>>-
cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9607>>-
cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9615_firmware>>-
cpe:2.3:o:qualcomm:mdm9615_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9615>>-
cpe:2.3:h:qualcomm:mdm9615:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9625_firmware>>-
cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9625>>-
cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9635m_firmware>>-
cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9635m>>-
cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9640_firmware>>-
cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9640>>-
cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9650_firmware>>-
cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9650>>-
cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9655_firmware>>-
cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9655>>-
cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>msm8905_firmware>>-
cpe:2.3:o:qualcomm:msm8905_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>msm8905>>-
cpe:2.3:h:qualcomm:msm8905:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>msm8909_firmware>>-
cpe:2.3:o:qualcomm:msm8909_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>msm8909>>-
cpe:2.3:h:qualcomm:msm8909:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>msm8909w_firmware>>-
cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>msm8909w>>-
cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>msm8917_firmware>>-
cpe:2.3:o:qualcomm:msm8917_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>msm8917>>-
cpe:2.3:h:qualcomm:msm8917:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>msm8920_firmware>>-
cpe:2.3:o:qualcomm:msm8920_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>msm8920>>-
cpe:2.3:h:qualcomm:msm8920:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>msm8937_firmware>>-
cpe:2.3:o:qualcomm:msm8937_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>msm8937>>-
cpe:2.3:h:qualcomm:msm8937:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>msm8940_firmware>>-
cpe:2.3:o:qualcomm:msm8940_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>msm8940>>-
cpe:2.3:h:qualcomm:msm8940:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>msm8953_firmware>>-
cpe:2.3:o:qualcomm:msm8953_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>msm8953>>-
cpe:2.3:h:qualcomm:msm8953:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>msm8976_firmware>>-
cpe:2.3:o:qualcomm:msm8976_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>msm8976>>-
cpe:2.3:h:qualcomm:msm8976:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>msm8996au_firmware>>-
cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>msm8996au>>-
cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-345Primarynvd@nist.gov
CWE ID: CWE-345
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletinproduct-security@qualcomm.com
Vendor Advisory
Hyperlink: https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin
Source: product-security@qualcomm.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

599Records found
CVE-2015-9180
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.22% / 44.33%
||
7 Day CHG~0.00%
Published-18 Apr, 2018 | 14:00
Updated-17 Sep, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, the response pointer passed from user space to SDMX_process is not checked before it is used. If the given response buffer length is smaller than 16 bytes, the response values will be written to a memory outside the buffer, possibly in the secure memory area.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850sd_820asd_412sd_808_firmwaresd_415sd_616sd_425sd_430_firmwaresd_615mdm9650sd_650_firmwaresd_625sd_615_firmwaresd_210sd_820_firmwaresd_820sd_650sd_808sd_450_firmwaresd_800sd_845_firmwaresd_410sd_617sd_820a_firmwaremdm9206sd_652sd_425_firmwaresd_212_firmwaresd_800_firmwaresd_850_firmwaresd_625_firmwaresd_450sd_412_firmwaresd_845mdm9206_firmwaresd_430sd_810sd_835_firmwaremdm9650_firmwaresd_410_firmwaresd_835sd_205sd_600_firmwaresd_210_firmwaresd_415_firmwaresd_652_firmwaresd_600sd_810_firmwaresd_616_firmwaresd_205_firmwaresd_212sd_617_firmwareSnapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-9173
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.22% / 44.33%
||
7 Day CHG~0.00%
Published-18 Apr, 2018 | 14:00
Updated-16 Sep, 2024 | 23:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 410/12, SD 617, SD 650/52, SD 800, SD 808, and SD 810, missing of return value check in memscpy can cause memory corruption in TQS App.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_652sd_800_firmwaresd_412sd_808_firmwaresd_412_firmwaresd_810sd_650sd_410_firmwaresd_808sd_800sd_652_firmwaresd_410sd_617sd_810_firmwaresd_650_firmwaresd_617_firmwareSnapdragon Mobile
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2001-1046
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.96% / 75.49%
||
7 Day CHG~0.00%
Published-25 Jun, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in qpopper (aka qpop or popper) 4.0 through 4.0.2 allows remote attackers to gain privileges via a long username.

Action-Not Available
Vendor-n/aQualcomm Technologies, Inc.
Product-qpoppern/a
CVE-1999-0006
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-8.24% / 91.87%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows remote attackers to gain root access using a long PASS command.

Action-Not Available
Vendor-n/aQualcomm Technologies, Inc.
Product-qpoppern/aqpopper
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-21480
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.3||HIGH
EPSS-0.10% / 27.96%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 14:32
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Audio

Memory corruption while playing audio file having large-sized input buffer.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca6678aq_firmwareqcm8550_firmwaresa6150p_firmwaresd865_5gsw5100pwsa8832wsa8845_firmwaresnapdragon_480_5g_mobileqca6595srv1mqca6678aqqca8081_firmwarewcd9370snapdragon_x35_5g_modem-rfar8035_firmwareqca6696wcd9340_firmwaresa8530psa4150p_firmwarewcd9395_firmwareqcn6024qcc710_firmwaresnapdragon_8\+_gen_1_mobilewcn6740_firmwarefastconnect_6700snapdragon_685_4g_mobilesa4150pwsa8815_firmwarewsa8832_firmwaresa8195p_firmwareqca8337_firmwareqca8337wcd9395sg8275p_firmwareqcm6490_firmwareqca6574au_firmwaresnapdragon_x72_5g_modem-rfqam8295pqcm4490_firmwareqca6574auwcd9390sa8620p_firmwarewcn3950wsa8810_firmwarewsa8845h_firmwaresa9000p_firmwaresrv1hqca6797aq_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaretalynplus_firmwareqcs5430sa8295p_firmwareqcn6024_firmwaresa4155p_firmwareqcm5430qcm5430_firmwaresa4155psa8770pqca6584auqcn6274_firmwaressg2115pqcc710snapdragon_xr2_5g_firmwaresw5100_firmwaresa8540pwcn6740snapdragon_8_gen_3_mobile_firmwareqfw7114_firmwareqca6595_firmwarefastconnect_7800_firmwarefastconnect_6900snapdragon_w5\+_gen_1_wearable_firmwareqep8111sa7255pqfw7114wcd9385_firmwarefastconnect_6900_firmwareqam8255p_firmwarewcd9380sa6145p_firmwareqam8255psxr2230psnapdragon_xr2_5gsnapdragon_x65_5g_modem-rfsa8150pqcs4490snapdragon_680_4g_mobilewsa8845sa6155psxr1230pwsa8810qam8650psa9000psrv1h_firmwaresw5100qca6595auvideo_collaboration_vc3_platformsnapdragon_4_gen_1_mobile_firmwaresxr2250p_firmwaresa6155p_firmwaresnapdragon_685_4g_mobile_firmwarewsa8840qam8295p_firmwaresrv1m_firmwareqcs8550_firmwaresnapdragon_x35_5g_modem-rf_firmwaresnapdragon_8_gen_2_mobile_firmwareqfw7124_firmwareqca6698aq_firmwaresnapdragon_4_gen_2_mobile_firmwarewcd9385snapdragon_8_gen_1_mobilesnapdragon_695_5g_mobile_firmwareqcs4490_firmwaresnapdragon_680_4g_mobile_firmwaresa8255psxr1230p_firmwarewcd9390_firmwaresnapdragon_8_gen_2_mobileqep8111_firmwaresg8275pwcd9370_firmwaressg2125psa7255p_firmwareqca6574asnapdragon_8\+_gen_2_mobilesnapdragon_x72_5g_modem-rf_firmwareqcm4490qca6174asa8195psnapdragon_x65_5g_modem-rf_firmwarewcd9340snapdragon_480\+_5g_mobile_firmwareqamsrv1msnapdragon_auto_5g_modem-rf_gen_2talynplusqca6174a_firmwareqcm6490sa8540p_firmwareqam8650p_firmwaresm8550p_firmwaresxr2250pqcm8550wcn3988qcs6490_firmwareqcn9024qca6584au_firmwarewcn3980_firmwareqcn6274qca6574qfw7124sa8775psnapdragon_w5\+_gen_1_wearableqca6595au_firmwaresxr2230p_firmwarewsa8835wsa8840_firmwaresw5100p_firmwaresa8775p_firmwareqamsrv1hqca6696_firmwareqcn9024_firmwarewsa8845hwcd9380_firmwaresa6150pqca6574_firmwaresa8155p_firmwareqca8081wsa8815sg4150psa8155psd_8_gen1_5gwsa8830qam8775pqca6797aqsnapdragon_ar2_gen_1_firmwaresm8550psa6145psnapdragon_x75_5g_modem-rfqcm4325_firmwaresa8620psa8255p_firmwarear8035qca6574a_firmwareqamsrv1m_firmwaresnapdragon_4_gen_1_mobilesnapdragon_4_gen_2_mobilesa8650p_firmwareqcm4325sd_8_gen1_5g_firmwarewcd9375_firmwareqcn6224qcs5430_firmwareqca6698aqsg4150p_firmwaressg2125p_firmwarewcn3950_firmwaresa8530p_firmwaresa8295psa8770p_firmwareqcs8550snapdragon_480\+_5g_mobilefastconnect_6200fastconnect_7800sa8145p_firmwaresa8650pqam8775p_firmwaresd865_5g_firmwaresnapdragon_480_5g_mobile_firmwaresnapdragon_8\+_gen_2_mobile_firmwarewcd9375sa8150p_firmwaresnapdragon_ar2_gen_1wcn3988_firmwarefastconnect_6700_firmwareqamsrv1h_firmwarevideo_collaboration_vc3_platform_firmwaresa8145psnapdragon_8\+_gen_1_mobile_firmwaresnapdragon_x75_5g_modem-rf_firmwarewsa8835_firmwaressg2115p_firmwareqcs6490snapdragon_695_5g_mobilesnapdragon_8_gen_3_mobilewcn3980fastconnect_6200_firmwarewsa8830_firmwareqcn6224_firmwaresnapdragon_8_gen_1_mobile_firmwareSnapdragonqam8255p_firmwaresa6155p_firmwareqca8337_firmwareqcm4490_firmwareqcm8550_firmwaresa6150p_firmwareqca6678aq_firmwareqcn6274_firmwareqcs4490_firmwareqcm6490_firmwaresa4155p_firmwarefastconnect_6900_firmwareqcs8550_firmwareqca6797aq_firmwareqcn6224_firmwaresa6145p_firmwarefastconnect_6700_firmwareqcn9024_firmwaresa7255p_firmwarefastconnect_7800_firmwareqca6595au_firmwareqamsrv1m_firmwareqca6698aq_firmwareqcm5430_firmwareqca6174a_firmwareqam8650p_firmwareqam8775p_firmwareqca6584au_firmwareqep8111_firmwareqca6696_firmwareqca6595_firmwareqcs6490_firmwareqfw7114_firmwareqcs5430_firmwarequalcomm_video_collaboration_vc3_platform_firmwareqcn6024_firmwaresa4150p_firmwareqcm4325_firmwareqamsrv1h_firmwareqca6574_firmwareqcc710_firmwareqam8295p_firmwareqca6574a_firmwarefastconnect_6200_firmwareqca6574au_firmwareqca8081_firmwareqfw7124_firmwarear8035_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-21463
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.3||HIGH
EPSS-0.08% / 25.16%
||
7 Day CHG+0.02%
Published-01 Apr, 2024 | 15:06
Updated-13 Jan, 2025 | 21:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy Without Checking Size of Input in Audio

Memory corruption while processing Codec2 during v13k decoder pitch synthesis.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfw7124_firmwarewcn6740_firmwaresnapdragon_685_4g_mobile_firmwareqcn6274wsa8840_firmwareqam8255p_firmwareqca6797aq_firmwaresa4155p_firmwaresnapdragon_888\+_5g_mobilesrv1hsa7255psnapdragon_8_gen_3_mobile_firmwarewcd9370snapdragon_4_gen_2_mobileqca6595au_firmwaresa8145p_firmwareqfw7114sxr1230pqcn6024snapdragon_4_gen_1_mobile_firmwarewsa8810_firmwareqam8650p_firmwareqca6574_firmwaresnapdragon_8\+_gen_2_mobilesnapdragon_8_gen_1_mobileqcc710_firmwaresa8650p_firmwareqcm4490_firmwareqca6595auar8035sa7255p_firmwarewcd9340sa6145pwcn3950wcd9395_firmwarewsa8845h_firmwaretalynplus_firmwareqca6696qcm4325qca8337ssg2115pqca6584au_firmwareqca6574au_firmwaresnapdragon_685_4g_mobilewsa8845wcd9375_firmwaresxr1230p_firmwaresnapdragon_680_4g_mobile_firmwareqcm4325_firmwaresa6150p_firmwaresnapdragon_888_5g_mobile_firmwarewsa8835_firmwaresnapdragon_4_gen_1_mobilesd_8_gen1_5gqamsrv1hsg4150p_firmwaresnapdragon_x75_5g_modem-rfwcd9390_firmwaresnapdragon_888_5g_mobilewsa8815_firmwaresnapdragon_8_gen_2_mobileqca6574asw5100talynplussnapdragon_8\+_gen_2_mobile_firmwarewsa8815sm8550p_firmwarewcd9385_firmwaresw5100p_firmwaresa8620p_firmwarewcn3950_firmwarewcd9395sw5100pqam8650psa8770psnapdragon_xr2_5g_firmwareqca6574a_firmwaresa8620psa8145psnapdragon_480_5g_mobile_firmwareqca6696_firmwaresnapdragon_w5\+_gen_1_wearable_firmwaresa6155pqep8111sa8150pwsa8830_firmwaresnapdragon_ar2_gen_1qca6698aqqamsrv1h_firmwarewcn3980_firmwareqcs8550qam8775pwcd9380_firmwaresnapdragon_x65_5g_modem-rfsxr2250p_firmwareqca6174a_firmwareqca8081snapdragon_695_5g_mobilewsa8840wcn3988_firmwareqca6574auqcn9024ssg2125par8035_firmwaresa8195psnapdragon_8_gen_3_mobileqca8337_firmwareqamsrv1msxr2230psa8770p_firmwarefastconnect_6700_firmwarewsa8832qcc710qcs4490snapdragon_x35_5g_modem-rffastconnect_7800_firmwaresa8155pqam8255pqfw7124qcm4490srv1h_firmwaresnapdragon_auto_5g_modem-rf_gen_2sg8275p_firmwarewsa8845_firmwareqcn6224sa8255p_firmwarewcn3980snapdragon_4_gen_2_mobile_firmwaresnapdragon_ar2_gen_1_firmwareqcm8550snapdragon_auto_5g_modem-rf_gen_2_firmwaresnapdragon_480\+_5g_mobilewcd9390snapdragon_w5\+_gen_1_wearablewsa8835qca6678aq_firmwaresnapdragon_680_4g_mobilesw5100_firmwarefastconnect_7800qcn6274_firmwaresxr2250pwsa8830sa8295p_firmwareqfw7114_firmwaresa8295pwcd9375qcs8550_firmwarefastconnect_6900snapdragon_xr2_5gsnapdragon_x35_5g_modem-rf_firmwaresa6150psnapdragon_695_5g_mobile_firmwarefastconnect_6200_firmwaresrv1m_firmwaresnapdragon_8_gen_2_mobile_firmwareqca6584auqca6595sa8155p_firmwarewcn6740qca6595_firmwaresnapdragon_480\+_5g_mobile_firmwareqep8111_firmwarefastconnect_6700qcn6224_firmwareqca6174asa8255psnapdragon_480_5g_mobilesnapdragon_x65_5g_modem-rf_firmwarewcn3988sa4155pqcn6024_firmwaressg2115p_firmwareqca6797aqwsa8845hqam8775p_firmwareqamsrv1m_firmwarefastconnect_6900_firmwareqam8295p_firmwaressg2125p_firmwarewcd9380wsa8832_firmwaresa8650pwcd9385sd865_5g_firmwaresm8550pwcd9340_firmwaresg4150psa8195p_firmwaresa4150p_firmwaresnapdragon_x75_5g_modem-rf_firmwareqca6574sa8150p_firmwaresa8775pqca8081_firmwaresa9000p_firmwaresnapdragon_8\+_gen_1_mobile_firmwareqcn9024_firmwareqcs4490_firmwaresa4150psa6155p_firmwaresrv1mqam8295psnapdragon_888\+_5g_mobile_firmwaresa9000psnapdragon_8_gen_1_mobile_firmwaresxr2230p_firmwaresa8775p_firmwareqca6698aq_firmwarefastconnect_6200sd865_5gqca6678aqsg8275pqcm8550_firmwaresa6145p_firmwarewcd9370_firmwaresd_8_gen1_5g_firmwaresnapdragon_8\+_gen_1_mobilewsa8810Snapdragonqam8255p_firmwaretalynplus_firmwareqca8337_firmwarewcd9380_firmwaresa6150p_firmwaresa8145p_firmwaresxr2230p_firmwaresg8275p_firmwarear8035_firmwareqcn6224_firmwaresxr1230p_firmwarewcn3950_firmwaresnapdragon_888_5g_mobile_platform_firmwaresa8150p_firmwareqca6595au_firmwaresnapdragon_4_gen_1_mobile_platform_firmwaresnapdragon_4_gen_2_mobile_platform_firmwaressg2125p_firmwaresnapdragon_480_5g_mobile_platform_firmwareqca6584au_firmwareqep8111_firmwareqfw7114_firmwarewcd9385_firmwareqcn6024_firmwareqcm4325_firmwareqamsrv1h_firmwareqca6574_firmwaresd_8_gen1_5g_firmwarewcd9340_firmwarewsa8845_firmwareqam8295p_firmwaresnapdragon_xr2_5g_platform_firmwaresa9000p_firmwareqca6574a_firmwaresnapdragon_695_5g_mobile_platform_firmwareqca6574au_firmwarefastconnect_6200_firmwarewcd9375_firmwareqca8081_firmwarewsa8845h_firmwarewcn3980_firmwaresnapdragon_680_4g_mobile_platform_firmwarewcn6740_firmwaresa8620p_firmwaresa6155p_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqcm8550_firmwareqcm4490_firmwaresnapdragon_x35_5g_modem-rf_system_firmwareqca6678aq_firmwareqcn6274_firmwareqcs4490_firmwaresa8775p_firmwarewsa8840_firmwaresa4155p_firmwaresa8650p_firmwarewsa8832_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarefastconnect_6900_firmwaresrv1h_firmwareqcs8550_firmwarewcn3988_firmwareqca6797aq_firmwaresa6145p_firmwaresa8155p_firmwarefastconnect_6700_firmwareqcn9024_firmwaresa7255p_firmwarewsa8810_firmwarefastconnect_7800_firmwaresnapdragon_ar2_gen_1_platform_firmwaresa8255p_firmwarewcd9395_firmwaresw5100p_firmwaresnapdragon_8_gen_1_mobile_platform_firmwareqca6698aq_firmwareqamsrv1m_firmwaresrv1m_firmwareqca6174a_firmwareqam8650p_firmwaresa8770p_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwareqam8775p_firmwareqca6696_firmwareqca6595_firmwaresa4150p_firmwarewcd9370_firmwaresm8550p_firmwareqcc710_firmwaresnapdragon_8_gen_3_mobile_platform_firmwarewcd9390_firmwarewsa8830_firmwaresd865_5g_firmwarewsa8815_firmwaresxr2250p_firmwarewsa8835_firmwaresa8195p_firmwaressg2115p_firmwaresw5100_firmwareqfw7124_firmwaresa8295p_firmwaresg4150p_firmwaresnapdragon_8_gen_2_mobile_platform_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-1972
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 49.34%
||
7 Day CHG~0.00%
Published-08 Sep, 2021 | 11:25
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaresm7250mdm9640_firmwaresm6250p_firmwareipq4028_firmwareqca8337ar9380ipq8173_firmwareqcn5124wcn3950_firmwareqca6595au_firmwaresa6155mdm8215sd_455_firmwareapq8076qcs6125_firmwaresa415mwcn3998wcd9371_firmwarewcn3950qcn6024_firmwaresd720gsm4125mdm9206_firmwarewcn3660bsd450_firmwaresd460_firmwaremdm9230_firmwaremdm8215mqca8081_firmwarewcn3998_firmwareapq8009w_firmwareqca6420apq8053_firmwareqca9986ipq8070_firmwareqca9367_firmwareipq8065ipq8078a_firmwareipq8072_firmwaresa8155_firmwareipq8068mdm9615mqca6430wcd9306_firmwarewcd9340sdm830_firmwaresd765gmdm9250_firmwareqca9888_firmwareqcn6122qca6696_firmwarewcd9371sd870_firmwareqcn5154_firmwaremdm8215_firmwaresd_8cxsa8150par7420_firmwaremdm9330_firmwareqca9992_firmwaresd660sd865_5g_firmwaresd660_firmwareqcn5121qcn5022_firmwarewcn6750_firmwaresd450qca6428_firmwareqca9985_firmwarewcn3991ipq4018_firmwareqca9980_firmwaresdm429wipq8078sdx55m_firmwareipq8173sd670_firmwareqca6574sd632_firmwarecsr8811_firmwarewcd9380qualcomm215qcs410qcn5024sd690_5g_firmwareqca9379_firmwaresdx24_firmwareqca9985qcn9012_firmwaresd439_firmwareipq6018_firmwarewcd9340_firmwarewsa8815wcn6850pmp8074_firmwareqca6584_firmwaresd_8c_firmwaremdm9215_firmwareipq6028ipq8064sd835pmp8074wcn3980_firmwaresd730wcn6740_firmwarear6003_firmwareqcn5064_firmwaresd678_firmwareapq8064au_firmwareipq8078_firmwareqcn5054qcs603qca9994qca9980sd670qcn9024_firmwareipq8174_firmwareapq8009wqcm4290_firmwareqcs610_firmwaresa6145pqca9886_firmwarear8031sdm630_firmwareqca6391_firmwareqca4024wcd9370_firmwaresdx55apq8053qcn5021_firmwarecsra6640wcn3660qca9379mdm9150_firmwareqcn5500wsa8830qca9561csrb31024qca9563_firmwaremdm9628_firmwaremdm9650sd_636fsm10055_firmwareqca9992qcs4290mdm9250qca6420_firmwareapq8009_firmwaresd690_5gmdm9310_firmwaresd675_firmwareipq8072qca6564qca6426wcn3990_firmwareqca9984_firmwareqca9377sdw2500_firmwarewcd9385_firmwaresdxr2_5g_firmwarewcd9326_firmwaremdm9615m_firmwarewcn3615_firmwareipq8074aqca9982sa8155qca6584qcn5122_firmwaresdx55_firmwarewcn3615qcn6023_firmwarewcn3610_firmwarewcd9306qca6584ausd778gqfe1952ipq8174sd429qcn5052qca9367sdm630mdm9607_firmwaresa415m_firmwarewcn3988_firmwareqcn9074sd205sd429_firmwareqca6421sd778g_firmwaresa8195pqca6694qca7550wcd9326wcd9335qca9982_firmwareqcn6023qcs4290_firmwareqca6390qca9898_firmwaresd750g_firmwareaqt1000wcd9375sm6250_firmwaremsm8917_firmwareipq5010_firmwareipq8074a_firmwaresd888_5g_firmwaresdx20_firmwarewsa8815_firmwareapq8017qcx315ar6003mdm9630_firmwareqcm6125_firmwareqca9882sd780gsd865_5gqca6595qca9896_firmwareipq8065_firmwareqcx315_firmwaresd665_firmwareqcn5154qca8075_firmwareipq6005_firmwaremdm9206qca9888qca6310_firmwaresm7325ipq8070a_firmwaremdm9615qca6574_firmwareqca9886qcn5502_firmwaresd665sd765qca6574a_firmwareapq8009mdm9310csrb31024_firmwareqcn9070_firmwaresd480_firmwareipq6028_firmwareipq8072a_firmwaremdm9626_firmwareqca9531qca9889_firmwaremdm8215m_firmwaremdm9607qcn5122sd710sdx20m_firmwareqcn5022qca6564_firmwaresd768gwcn6740sdw2500qca8075apq8096au_firmwareqcn6024qcn9022sd845mdm9615_firmwaresdm830ipq6000_firmwaresdx12qcs410_firmwaremdm9330sm7325_firmwarefsm10055sa6150p_firmwareqcs610qcn5550qca6431_firmwareqca9561_firmwareqca4024_firmwareipq8078aipq5028_firmwaresa8150p_firmwareqcs2290qca6335msm8917qcn5064csra6620_firmwareqcs605_firmwaresd_675_firmwarecsra6640_firmwaremdm8615m_firmwareqca9987_firmwaresd632ipq8076amdm9628sd710_firmwareqca4020qca6428qca6574au_firmwareqcn5164_firmwareipq8071mdm9630wcd9375_firmwaresa6155_firmwaresdx12_firmwaremsm8909wsdx20mqca6438_firmwarewcn3999qrb5165_firmwareipq5028qca7500ipq4029_firmwareqcs6125ipq6010sd662_firmwareqcs405qualcomm215_firmwarefsm10056_firmwareqca4020_firmwareqca6436wcn6851qcn3018_firmwaresa6155pqcs603_firmwarewcn3660_firmwarewcd9341ipq8068_firmwareqca6431sd750gqca9988_firmwarewcn3910_firmwareqfe1922wsa8830_firmwaresd855_firmwarewcn3988qca6438sa8195p_firmwareqca9898ipq4028wcn3610mdm9640ipq5018_firmwareqca8337_firmwarewcd9380_firmwareipq8072aqca7500_firmwarewcd9330msm8996au_firmwarecsr6030ipq8076a_firmwareqca7550_firmwareqca6564auipq4029wcn6856_firmwareqcn5164qca9558qca7520_firmwaremdm9230qcn5054_firmwareipq4019_firmwaresdx50m_firmwareqca8072_firmwareqca6174qca6430_firmwareqcn5052_firmwarewcd9335_firmwarewcn3980qca6335_firmwareqcs605wcn3910qca6320mdm9650_firmwareqca9986_firmwareqca6426_firmwarewcn3660b_firmwarewcn3680qca9984qcn9024qcn5550_firmwarewcd9330_firmwaresdx55mipq8064_firmwareqca6421_firmwaremsm8953ar8031_firmwarewcn3680_firmwareqrb5165wcn6851_firmwareipq8070qcn5502qca9887_firmwaresd_636_firmwareqca6564a_firmwareqca9880sd480sd870qcn5121_firmwaresd210_firmwareipq6018qcn3018sdxr1apq8096auqca6595_firmwareqcs405_firmwaresa8145psd780g_firmwaresd888_firmwaresa8155psd675sd439qca9531_firmwarear8035_firmwareqcm2290qcn5024_firmwarewcn3991_firmwaresd678qcn9070sa8145p_firmwareqca7520qcs2290_firmwarefsm10056sm7250_firmwarecsra6620qca9987qcn9072qca9880_firmwaresd765g_firmwareipq8069_firmwareqca6390_firmwareipq6000qca6174_firmwaresd730_firmwarewcd9370qcn5152_firmwareqca6584au_firmwareapq8076_firmwareqcn9000_firmwareipq5018sd_8cx_firmwareqca9563sd662qcn5124_firmwareqfe1952_firmwareqca6320_firmwarewcn3680b_firmwareqca6595auwcn3999_firmwareqca6436_firmwareipq5010qca6564au_firmwaresa6155p_firmwareqca6310sa515m_firmwareqca9990sdxr2_5gsa6145p_firmwaresm6250apq8017_firmwarewsa8810_firmwaresd765_firmwareqca8081ipq8071aqca6174a_firmwareipq8071a_firmwarewcd9385mdm8615mar8035csr8811apq8064auipq4019qca6694_firmwaremsm8953_firmwareqcn9100_firmwaresd210wcn3620_firmwarewcn6850_firmwarewsa8835_firmwarewcn3620csr6030_firmwareqca6564aqca9988qca8072qcm2290_firmwarewcn3990qcn9000sd_675ar9380_firmwaresdx24qcn9012sd888qca9558_firmwaremsm8909w_firmwareqcn6122_firmwaremsm8996ausdm429w_firmwarewsa8835sd888_5gsm6250pipq4018qca6574aqca9889qca6174aipq8074qca9994_firmwarewcn6750ipq8076_firmwaresa515mar7420sd855sm4125_firmwareipq8076qfe1922_firmwareqca9887qcn5021ipq8069qcn5152sd768g_firmwaresd460qca6391sdxr1_firmwareipq6005aqt1000_firmwareqcn9100mdm9626qcm4290sdx50mqca9882_firmwaresdx20mdm9215sd_455ipq8074_firmwareqca6574ausa8155p_firmwaresd205_firmwarewcd9341_firmwareqcm6125wsa8810qcn5500_firmwaremdm9150wcn6856sd_8cwcn3680bsd835_firmwareipq6010_firmwareqca6696sd845_firmwaresa6150pqcn9022_firmwareqca9990_firmwareipq8070aqcn9072_firmwaresd720g_firmwareipq8071_firmwareqcn9074_firmwareqca9896Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-2271
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.37% / 58.26%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 14:38
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer over read can happen while parsing downlink session management OTA messages if network sends un-intended values in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9635m_firmwareqcm2150_firmwaremdm9640_firmwaresdm632_firmwaremsm8996au_firmwaresdm845sdm450_firmwaresdm632sdx24sdm439mdm9650sdm429msm8940_firmwaresm7150_firmwaresnapdragon_high_med_2016_firmwaresm6150msm8909w_firmwaremsm8976_firmwaremsm8996aumdm915_firmwaresm7150apq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwaresc8180xmdm9206sdm670_firmwaresdx24_firmwaresdm636sda845_firmwaremdm9635mapq8098mdm9615mdm9205mdm9206_firmwaremsm8939qcs605mdm915msm8937_firmwaremdm9650_firmwaresdm429_firmwaremsm8905_firmwaresda660sdx55_firmwaresxr1130_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwaresda845nicobarsdm850_firmwaremsm8920msm8953sdm450sdm636_firmwaresdm845_firmwareapq8098_firmwaresdx20msm8998_firmwareqcm2150msm8920_firmwaresdm630mdm9607_firmwaresm8250_firmwaremdm9655_firmwaresdm660sc8180x_firmwaresdm710qm215mdm9607apq8017_firmwaremdm9625_firmwaresdm710_firmwaremsm8939_firmwaremsm8937msm8905snapdragon_high_med_2016sm8150_firmwaremsm8909sxr2130_firmwaremdm9655apq8096ausdm439_firmwaresdm630_firmwaremdm9205_firmwaresda660_firmwaremdm9625qm215_firmwaremsm8976sdx55msm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaresm8250msm8998sm8150sdx20_firmwaresdm850mdm9615_firmwareapq8017nicobar_firmwaresdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-1910
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.3||HIGH
EPSS-0.23% / 45.88%
||
7 Day CHG~0.00%
Published-07 May, 2021 | 09:10
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free in video due to lack of input buffer length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfs2580qca9377_firmwareqpm5679_firmwaresm6250p_firmwarepmd9607_firmwareqdm5579qfs2608_firmwareqfs2530qpm8870_firmwareqln1030pm6125qat5522_firmwarewcn3950_firmwarepm8150aqdm5670qca6595au_firmwareqpa5581_firmwaresa6155pm7150lqpa8821pm8998_firmwarewtr5975_firmwareqcs6125_firmwarepm456_firmwareqpa5580_firmwarewcn3998wcd9371_firmwarewcn3950sm4125sd720gmdm9206_firmwareqsw8573_firmwarewcn3660bsd450_firmwareqfe4320qsw8574_firmwaresd460_firmwarepm8953_firmwaresd6905gqpa4360_firmwarewcn3998_firmwareqfe2520_firmwareapq8009w_firmwarepm855papq8053_firmwareqca6420pm6150aqpm6670_firmwareqca9367_firmwarepm660_firmwarepm8150bsa8155_firmwareqfe2101qca6430qat3522pmr735awcd9340sdm830_firmwaresd765gsdr660qfs2630_firmwaresdr865qdm5620_firmwaresmb1358smr545qca6696_firmwareqln5020wcd9371sd870_firmwaresmb1350pmm855au_firmwaresa8150ppm6350qdm5621qfe3340qtc800sqat3514_firmwaresd660qet6105pm640p_firmwaresd660_firmwarewcn6750_firmwareqat5516_firmwarepm6150lsd450sd8885gpm855l_firmwareqtc410swcn3991qpa8801sdm429wpm8150l_firmwareqat5533_firmwaresdx55m_firmwaresdxr25gqpa8673_firmwarepm6150smb1354_firmwaresd670_firmwareqca6574sd632_firmwareqfs2630qpa8842sdr052_firmwarepmm8996auwcd9380qualcomm215qln4640qcs410smb1380_firmwareqfe4309_firmwarepmk8350_firmwaresmb1381pm855p_firmwarepm7250qca9379_firmwarewtr4905qpa8803sd439_firmwaresdxr25g_firmwareqdm2301wcd9340_firmwarewsa8815wcn6850qfe2101_firmwareqdm5621_firmwareqdm2301_firmwaresd835wcn3980_firmwaresd730pm660l_firmwarepm6250_firmwarewcn6740_firmwarepm8008pm8350b_firmwareqtm525_firmwarepme605_firmwarepme605sd678_firmwareapq8064au_firmwareqpm5621_firmwareqcs603rsw8577qpa6560_firmwareqpa8802_firmwareqln4640_firmwareqfe4308_firmwareqpm5621qpm6582sd670pm8009_firmwareapq8009wqfe4303qfs2580_firmwareqcm4290_firmwarewcn6855pm8150lpmi8998_firmwareqcs610_firmwaresa6145ppm660a_firmwarepm215pm4250ar8031wtr2965sdm630_firmwareqca6391_firmwarepmx20_firmwarepmi8937_firmwarewcd9370_firmwareqat3516_firmwaresdx55apq8053csra6640pm8350bhsqat3555_firmwareqpa8803_firmwarewcn3660qca9379pm855bqpm5870pm8909wsa8830pm660qet6110_firmwareqdm5579_firmwarepm6125_firmwareqbt1500qpa5581mdm9650fsm10055_firmwareqbt1500_firmwareqpm5870_firmwareqcs4290qet6100pmm855auqca6420_firmwaresmb1394_firmwareapq8009_firmwaresmb1396pm7150asd675_firmwarepm8350qca6564qpa4361_firmwarepm8350c_firmwareqpa5461_firmwareqca6426wcn3990_firmwareqca9377qpm5641qpa5373_firmwaresdw2500_firmwarewcd9385_firmwareqdm5650_firmwareqpa4340_firmwarewcd9326_firmwarewcn3615_firmwarewtr2955rgr7640au_firmwarepm7250_firmwaresdr845_firmwareqdm5620smb1380pmk8002_firmwareqsw6310_firmwaresa8155qdm4650_firmwaresdx55_firmwarepmm6155au_firmwareqat5533wcn3615sm7250p_firmwarewcn3610_firmwareqsm7250_firmwareqpm6670pm7150l_firmwareqpm4641qat5515_firmwarepm855qpm8830_firmwaresd429pm8250qca9367sdm630qdm4643qfs2530_firmwarewcn3988_firmwarepmx55qpm4641_firmwaresd205sd429_firmwarepm8150c_firmwareqca6421qdm3301qpa8842_firmwareqat3519_firmwaresa8195psdr735_firmwarepm8953qat5515qpm5677qat3514wcd9326wcd9335pm6350_firmwarepm8004_firmwaresdr8150_firmwareqcs4290_firmwarepm439qtc800h_firmwarepmk7350_firmwareqpm5620qpm4630qca6390wcd9375sd750g_firmwareaqt1000sm6250_firmwarepmm8195auqln4642msm8917_firmwareqpm5677_firmwaresdx20_firmwarewsa8815_firmwarewtr3925_firmwarepmi8937pm8998pmk7350smr525_firmwareqpm8820_firmwareqfe4301_firmwareapq8017qln1020_firmwareqpm6621_firmwarepm670a_firmwareqcm6125_firmwarepmx55_firmwarewtr2955_firmwareqfe4373fc_firmwaresmb1398_firmwareqpm8830pmm8996au_firmwareqat5522pm8150cpmr735bsd665_firmwareqpa4360pmk8003_firmwareqpa4361qpm4640_firmwaremdm9206wcn6855_firmwareqdm5679_firmwarepm8350csmr525qca6310_firmwareqfe4305_firmwarepm6150l_firmwarepmr525pm8150a_firmwareqca6574_firmwaresd665pm6150a_firmwarepm6150_firmwaresd765pmx20pmd9607qca6574a_firmwareqpm4630_firmwareqat3555apq8009qpa5461wtr2965_firmwarepm670_firmwareqfs2608sd480_firmwareqtc801sqpm5641_firmwaresd710pm8008_firmwaresdx20m_firmwareqpm6621pmr735a_firmwarepmw3100pmx50qca6564_firmwaresdr8250sd768gqln1030_firmwaresmb1350_firmwarewcn6740pmw3100_firmwarepm8004pm640lpmk8002sdw2500apq8096au_firmwaresd845sd455_firmwaresdm830smb1357qcs410_firmwareqpa5580fsm10055qfe2550sa6150p_firmwareqcs610qpm5620_firmwareqdm2307qca6431_firmwareqpa8802qpm6585_firmwareqat3519qbt2000_firmwareqtc800hsa8150p_firmwareqcs2290sdr8250_firmwareqca6335msm8917csra6620_firmwareqcs605_firmwareqln1020smr546_firmwareqdm5671csra6640_firmwareqpm4650_firmwareqat3518sd632sdr425_firmwaresmr526_firmwareqpa5460pm640a_firmwarewgr7640_firmwareqdm2305_firmwareqpm5670_firmwaresd710_firmwareqca4020qdm5652qca6574au_firmwareqpm8870wcd9375_firmwareqpm5679qbt2000sa6155_firmwaremsm8909wsdx20mpmx50_firmwareqpa8675_firmwaresdr735gqpa5460_firmwarewcn3999qdm3301_firmwareqsm7250qcs6125sd662_firmwaresmb1360qcs405qualcomm215_firmwarersw8577_firmwareqdm2308_firmwarefsm10056_firmwarepm439_firmwareqca4020_firmwareqca6436sa6155pwcn6851qcs603_firmwareqpa6560sdr675_firmwarewcn3660_firmwarewcd9341pmi8952qdm4643_firmwarepm8937_firmwareqca6431sm7350_firmwareqet4100_firmwaresd750gqfe4320_firmwareqdm3302wcn3910_firmwareqpm5657qpm5875_firmwarewsa8830_firmwaresd855_firmwareqdm5650wcn3988wtr3925sdr052sa8195p_firmwaresmb1390qet4100wcn3610qpa8686_firmwareqpm6585sda429w_firmwarewcd9380_firmwaresmb1355qln4650wcd9330msm8996au_firmwaresdr735g_firmwarepm8350bhs_firmwarewgr7640qat5568qet5100qdm5671_firmwareqpa8801_firmwareqca6564ausd636wcn6856_firmwarepm8005_firmwareqet4101_firmwarepm7250bqln4642_firmwaresmb1355_firmwarepm7250b_firmwarepmd9655_firmwaresmb1351_firmwaresdx50m_firmwaresdr735smb1395pm660lar8151smr526wtr5975qca6430_firmwarepmk8003qtc801s_firmwarewcd9335_firmwareqat3522_firmwarewcn3980pm7350c_firmwareqca6335_firmwareqsw8573qcs605wcn3910qca6320mdm9650_firmwaresmb1394qca6426_firmwarepm8350_firmwarewcn3660b_firmwarewcn3680qfe4309pm8009qpa8675sdr051_firmwarewcd9330_firmwaresdx55mpm670aqca6421_firmwareqfe4373fcmsm8953qat3518_firmwarepmi8998qfe2520qsw8574sd6905g_firmwarear8031_firmwarewcn3680_firmwarepm855lwcn6851_firmwareqdm5670_firmwaresd8655gpm7150a_firmwarepm8150b_firmwareqfe4302smr545_firmwareqca6564a_firmwareqdm2310_firmwarepm4250_firmwaresd480sd870sd8885g_firmwarepm670sd210_firmwareqdm5677pm8005pm855_firmwareqdm2302pmm6155ausdxr1pm855b_firmwareapq8096auqcs405_firmwareqpm6582_firmwarepm640l_firmwareqln4650_firmwareqpm5875qet5100msd888_firmwaresa8155psd675sd439qet4101qat3516pm670lqpm5658qcm2290qpm5658_firmwarewcn3991_firmwareqdm5652_firmwarepmm8155au_firmwaresd678sdr051qln5030qcs2290_firmwarepm4125fsm10056pmi632qpa2625_firmwarepm456pm8350bh_firmwarecsra6620pmr735b_firmwareqet5100_firmwareqpa5373qpm4621smb1360_firmwareqet6100_firmwarepm670l_firmwaresdr660gsd455sd765g_firmwareqpa8686smb1358_firmwareqca6390_firmwaresd730_firmwarewcd9370sdr425pmr525_firmwareqfe3340_firmwarear8151_firmwarepmi632_firmwareqat5516sd662qpa8821_firmwareqfe4308sdr660g_firmwarepm8350bhpm3003aqca6320_firmwarewcn3680b_firmwareqca6595auwcn3999_firmwareqca6436_firmwaresm7350smb1354qca6564au_firmwareqdm2305sa6155p_firmwareqca6310qpm8820pm8937qpm2630qln5020_firmwaresmb1398sa6145p_firmwaresdr675sm6250apq8017_firmwarewsa8810_firmwaresmb231sd765_firmwareqdm5677_firmwareqca6174a_firmwarewcd9385qdm2302_firmwareqat3550_firmwarepmm8155auqln5040_firmwarepm4125_firmwareapq8064auqpa8673qdm2310qfe2550_firmwaremsm8953_firmwareqln5030_firmwaresda429wsd210wcn3620_firmwareqfe4302_firmwaresmb1396_firmwarewcn6850_firmwarewcn3620wsa8835_firmwareqca6564asmr546qet6110pmi8952_firmwareqcm2290_firmwareqln5040qpm8895sdr845qpm5670wcn3990pmk8350qdm3302_firmwaresd888pm8350bqdm2307_firmwaremsm8909w_firmwarewsa8835msm8996ausdm429w_firmwareqpm5657_firmwaresm6250prgr7640ausdr660_firmwarepm8909_firmwareqca6574apm8916_firmwaresmb1390_firmwareqca6174aqfe4303_firmwareqpm4640wcn6750pm7350cqet5100m_firmwareqpm4650qtm525wtr6955sd855sm4125_firmwareqfe4305wtr6955_firmwarepm640psd768g_firmwaresdr865_firmwarepm8250_firmwaresd460qca6391sdxr1_firmwaresmb1351smb1357_firmwareaqt1000_firmwarepm215_firmwareqpm8895_firmwarepm660aqpa4340qcm4290sdx50mpm640asdr8150sdx20pm8916smb1395_firmwareqdm4650pmd9655qca6574ausa8155p_firmwaresd205_firmwareqsw6310qet6105_firmwaresd8655g_firmwarewcd9341_firmwareqcm6125wsa8810qtc410s_firmwareqpm2630_firmwaresmb231_firmwareqat5568_firmwareqdm2308qat3550wtr4905_firmwarewcn6856qdm5679wcn3680bsd835_firmwarepm3003a_firmwareqca6696qfe4301qtc800s_firmwaresmb1381_firmwaresd845_firmwareqpa2625sa6150ppmm8195au_firmwaresm7250psd720g_firmwareqpm4621_firmwaresd636_firmwarepm6250Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-415
Double Free
CVE-2021-1916
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.24% / 47.45%
||
7 Day CHG~0.00%
Published-08 Sep, 2021 | 11:25
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer underflow due to lack of check for negative indices values when processing user provided input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaresm7250mdm9640_firmwaresm6250p_firmwaresa6150p_firmwareqcs610qca6431_firmwarewcd9360_firmwaremdm9645wcn3950_firmwaresa8150p_firmwareqca6595au_firmwaresa6155qca6335msm8917mdm8215sd_455_firmwareqcs605_firmwaresd_675_firmwareqcs6125_firmwaremdm8615m_firmwaresd632msm8108sa415mwcn3998wcd9371_firmwaremsm8108_firmwarewcn3950sd720gmdm9628mdm9206_firmwareqsw8573_firmwarewcn3660bsd450_firmwaremdm9230_firmwaremdm8215mqca6574au_firmwaremdm9630wcd9375_firmwarewcn3998_firmwaresa6155_firmwaresdx12_firmwaremsm8909wapq8009w_firmwareqca6420apq8053_firmwarewcd9360qca9367_firmwarewhs9410_firmwaremdm8207qcs6125sa8155_firmwareqca4004_firmwaremdm9615mqca6430wcd9306_firmwarewcd9340mdm9625_firmwaresd765gqca1990_firmwarequalcomm215_firmwareqca6436wcn6851sa6155pqcs603_firmwaremsm8937msm8209_firmwaremdm9250_firmwarewcn3660_firmwaremdm9655qca6696_firmwareqca6431wcd9371sd870_firmwaresd750gmdm8215_firmwarewcn3910_firmwaresd_8cxsa8150pmdm9207_firmwareqca4004wsa8830_firmwaremdm9330_firmwaresd855_firmwaresd865_5g_firmwaresd712wcn3988sa8195p_firmwaremsm8208_firmwarewcn6750_firmwaresd450wcn3610mdm9640msm8608wcn3991sda429w_firmwarewcd9380_firmwaresdm429wwcd9330msm8996au_firmwarecsr6030qca6564ausdx55m_firmwarewcn6856_firmwaremsm8940_firmwaremsm8976_firmwareqca6574sd632_firmwaresd670_firmwarewcd9380qualcomm215mdm9230qcs410sd690_5g_firmwaresdx50m_firmwareqca9379_firmwaresdx24_firmwareqca6174qca6430_firmwaresd439_firmwareqca6335_firmwareqsw8573qcs605wcd9340_firmwarewsa8815wcn6850wcn3910qca6320qca6584_firmwaremsm8937_firmwaremdm9650_firmwaresd_8c_firmwaremdm9215_firmwareqca6426_firmwarewcn3660b_firmwarewcn3680sd835qca1990sd730wcd9330_firmwaresdx55mqca6421_firmwarewcn6740_firmwarear6003_firmwaremsm8953sd821_firmwaresd678_firmwarewcn3680_firmwarewcn6851_firmwareqcs603sd670sd_636_firmwareqca6564a_firmwareapq8009wqca6694au_firmwaremsm8976sg_firmwareqcm4290_firmwaresd480sd870wcn6855sd210_firmwareqcs610_firmwareapq8084_firmwaresa6145psdxr1apq8096ausa8145pmdm8207_firmwaresdm630_firmwaremdm9205_firmwareqca6391_firmwaresd820_firmwarewcd9370_firmwaresd780g_firmwaresdx55apq8053sa8155psd675sd439wcn3660qca9379wcn3991_firmwaremdm9150_firmwarewsa8830sd678sa8145p_firmwaresm7250_firmwarecsrb31024mdm9628_firmwaremdm9650sd_636qcs4290mdm9250sd765g_firmwareqca6420_firmwareqca6390_firmwareapq8009_firmwaresd690_5gqca6174_firmwaresd730_firmwaremdm9310_firmwarewcd9370sd675_firmwareqca6426qca6584au_firmwareqca9377sdw2500_firmwaresd_8cx_firmwarewcd9385_firmwaresdxr2_5g_firmwarewhs9410mdm9615m_firmwarewcn3615_firmwareapq8037sa8155qca6320_firmwareqca6584wcn3680b_firmwaresdx55_firmwarewcn3615qca6595auwcn3610_firmwareqca6436_firmwaremdm9207wcd9306qca6584ausd778gqca6564au_firmwaremsm8208sa6155p_firmwareqca6310sa515m_firmwaresd429sdxr2_5gqca9367apq8084sdm630mdm9607_firmwaresd821mdm9655_firmwaremsm8976sgsa415m_firmwarewcn3988_firmwaresd205sd429_firmwareqca6421sd778g_firmwaresa6145p_firmwaresm6250sa8195psd712_firmwareapq8017_firmwarewsa8810_firmwareqca6694sd765_firmwareqca6174a_firmwareqcs4290_firmwarewcd9385mdm8615mmdm9625qca6390wcd9375sd750g_firmwareaqt1000msm8976qca6694_firmwaresm6250_firmwaremsm8953_firmwareqca6694ausda429wmsm8917_firmwaresd210wcn3620_firmwaresdx20_firmwarewsa8815_firmwaresd888_5g_firmwaresd820wcn6850_firmwarewsa8835_firmwarewcn3620apq8017qcx315ar6003csr6030_firmwareqca6564amdm9630_firmwareqcm6125_firmwaremdm9635m_firmwaresd_675sd780gsd865_5gsdx24msm8909w_firmwareqcx315_firmwarewsa8835msm8996ausdm429w_firmwaresd665_firmwaresd888_5gsm6250psc8180xqca6574amdm9206wcn6855_firmwareqca6174aqca6310_firmwarewcn6750mdm9635mmdm9615mdm9205sa515mqca6574_firmwaresd855sd665sd765qca6574a_firmwaresd768g_firmwaremsm8209sd850_firmwareapq8009qca6391sdxr1_firmwaremdm9310aqt1000_firmwaremsm8920qcm4290csrb31024_firmwaresdx50msdx20sd480_firmwaremsm8920_firmwaremdm9215sc8180x_firmwaresd_455qca6574ausa8155p_firmwaremdm8215m_firmwaremdm9607sd205_firmwaremdm9645_firmwareqcm6125wsa8810mdm9150wcn6856sd_8cwcn3680bsd835_firmwaresd768gwcn6740qca6696sd845_firmwaremsm8608_firmwaresdw2500sa6150pmsm8940apq8096au_firmwaresd845mdm9615_firmwareapq8037_firmwaresd720g_firmwaresdx12qcs410_firmwaremdm9330sd850Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1976
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.29% / 51.60%
||
7 Day CHG~0.00%
Published-17 Sep, 2021 | 07:05
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwarefsm10055sm7250mdm9640_firmwaresm6250p_firmwaresa6150p_firmwareqcs610ipq4028_firmwareqcn5550qca8337ar9380ipq8173_firmwareqca9561_firmwareqcn5124qca4024_firmwarewcn3950_firmwareipq8078aipq5028_firmwaresa8150p_firmwareqcs2290qca6595au_firmwaresa6155qca6335msm8917qcn5064sd_455_firmwarecsra6620_firmwareqcs605_firmwaresd_675_firmwarecsra6640_firmwareqcs6125_firmwareqca9987_firmwaresd632sa415mwcn3998wcd9371_firmwarewcn3950qcn6024_firmwaresd720gsm4125mdm9206_firmwareipq8076amdm9628wcn3660bsd450_firmwaresd460_firmwareqca6428qca6574au_firmwareqcn5164_firmwareipq8071wcd9375_firmwareqca8081_firmwarewcn3998_firmwaresa6155_firmwaresdx12_firmwaremsm8909wapq8009w_firmwareqca6420apq8053_firmwaresdx20mqca6438_firmwareqca9986ipq8070_firmwareqca9367_firmwareipq8065ipq8078a_firmwarewcn3999qrb5165_firmwareipq5028qca7500ipq8072_firmwareipq4029_firmwareqcs6125sa8155_firmwareipq6010sd662_firmwareipq8068qcs405qca6430wcd9340sdm830_firmwaresd765gqualcomm215_firmwarefsm10056_firmwareqca6436wcn6851qcn3018_firmwaresa6155pqcs603_firmwaremdm9250_firmwarewcn3660_firmwareqca9888_firmwareqcn6122ipq8068_firmwareqca6696_firmwarewcd9371sd870_firmwaresd750gqca9988_firmwareqcn5154_firmwarewcn3910_firmwaresa8150par7420_firmwarewsa8830_firmwareqca9992_firmwaresd865_5g_firmwaresd855_firmwarewcn3988qca6438sa8195p_firmwareqcn5121qcn5022_firmwarewcn6750_firmwareqca9898sd450ipq4028wcn3610mdm9640qca6428_firmwareipq5018_firmwareqca9985_firmwarewcn3991ipq4018_firmwareqca8337_firmwarewcd9380_firmwareipq8072aqca7500_firmwareqca9980_firmwaresdm429wwcd9330msm8996au_firmwareipq8076a_firmwareqca7550_firmwareipq8078qca6564ausdx55m_firmwareipq8173wcn6856_firmwareqcn5164qca9558sd670_firmwareqca6574sd632_firmwarecsr8811_firmwareqca7520_firmwarewcd9380qualcomm215qcn5054_firmwareqcs410qcn5024sd690_5g_firmwareipq4019_firmwaresdx50m_firmwaresdx24_firmwareqca8072_firmwareqca9985qcn9012_firmwareqca6174qca6430_firmwaresd439_firmwareqcn5052_firmwareqca6335_firmwareipq6018_firmwareqcs605wcd9340_firmwarewsa8815wcn6850pmp8074_firmwarewcn3910qca6320mdm9650_firmwareqca9986_firmwareqca6426_firmwarewcn3660b_firmwarewcn3680qca9984ipq6028ipq8064sd835pmp8074qcn9024sd730qcn5550_firmwarewcd9330_firmwaresdx55mipq8064_firmwarewcn6740_firmwaremsm8953qcn5064_firmwaresd678_firmwareapq8064au_firmwarear8031_firmwarewcn3680_firmwareipq8078_firmwareqcn5054qrb5165wcn6851_firmwareqcs603ipq8070qca9896qcn5502qca9994qca9887_firmwareqca9980sd670qcn9024_firmwareipq8174_firmwareapq8009wsd_636_firmwareqca6564a_firmwareqca9880qcm4290_firmwaresd480sd870qcn5121_firmwaresd210_firmwareqcs610_firmwaresa6145pipq6018qcn3018qca9886_firmwaresdxr1ar8031apq8096auqca6595_firmwareqcs405_firmwaresa8145psdm630_firmwareqca6391_firmwareqca4024wcd9370_firmwaresd780g_firmwaresdx55sd888_firmwareapq8053qcn5021_firmwarecsra6640sa8155psd675sd439qca9531_firmwarewcn3660ar8035_firmwareqcm2290qcn5024_firmwarewcn3991_firmwaremdm9150_firmwareqcn5500wsa8830qca9561sd678qcn9070sa8145p_firmwareqca7520qcs2290_firmwarefsm10056sm7250_firmwarecsrb31024qca9563_firmwaremdm9628_firmwaremdm9650sd_636csra6620fsm10055_firmwareqca9987qcn9072qca9880_firmwareqca9992qcs4290mdm9250sd765g_firmwareqca6420_firmwareipq8069_firmwareapq8009_firmwareqca6390_firmwaresd690_5gipq6000qca6174_firmwaresd730_firmwarewcd9370sd675_firmwareipq8072qcn5152_firmwareqca6564qca6426qca6584au_firmwareqcn9000_firmwareqca9984_firmwareqca9377ipq5018sdw2500_firmwarewcd9385_firmwaresdxr2_5g_firmwarewcn3615_firmwareqca9563ipq8074asd662qcn5124_firmwareqca9982sa8155qca6320_firmwarewcn3680b_firmwareqcn5122_firmwaresdx55_firmwarewcn3615qcn6023_firmwareqca6595auwcn3999_firmwarewcn3610_firmwareqca6436_firmwareipq5010qca6564au_firmwareqca6584ausd778gsa6155p_firmwareqca6310ipq8174sd429sa515m_firmwareqca9990sdxr2_5gqcn5052qca9367sdm630mdm9607_firmwaresa415m_firmwarewcn3988_firmwareqcn9074sd205sd429_firmwaresa6145p_firmwaresd778g_firmwaresm6250sa8195papq8017_firmwarewsa8810_firmwareqca6694qca7550sd765_firmwareqca8081qca9982_firmwareqcn6023ipq8071aqca6174a_firmwareipq8071a_firmwareqcs4290_firmwarewcd9385qca6390qca9898_firmwaresd750g_firmwareaqt1000wcd9375ar8035sm6250_firmwarecsr8811apq8064auipq4019qca6694_firmwaremsm8953_firmwareqcn9100_firmwaremsm8917_firmwaresd210wcn3620_firmwareipq5010_firmwareipq8074a_firmwaresd888_5g_firmwaresdx20_firmwarewsa8815_firmwarewcn6850_firmwarewsa8835_firmwarewcn3620apq8017qcx315qca6564aqca9988qcm6125_firmwareqca9882qca8072qcm2290_firmwareqcn9000sd_675sd780gsd865_5gqca6595ar9380_firmwaresdx24qcn9012sd888qca9558_firmwareqca9896_firmwaremsm8909w_firmwareipq8065_firmwareqcx315_firmwareqcn6122_firmwaremsm8996ausd665_firmwaresdm429w_firmwarewsa8835sd888_5gsm6250pqcn5154qca8075_firmwareipq4018qca6574aipq6005_firmwaremdm9206qca9889qca6174aqca9888qca6310_firmwaresm7325ipq8074qca9994_firmwarewcn6750ipq8070a_firmwareipq8076_firmwaresa515mqca6574_firmwareqca9886qcn5502_firmwarear7420sd855sm4125_firmwaresd665ipq8076sd765qca9887qca6574a_firmwareqcn5021ipq8069qcn5152sd768g_firmwareapq8009sd460qca6391sdxr1_firmwareipq6005aqt1000_firmwareqcn9100mdm9626qcm4290csrb31024_firmwaresdx50mqca9882_firmwareqcn9070_firmwaresdx20sd480_firmwareipq6028_firmwareipq8072a_firmwaresd_455mdm9626_firmwareqca9531ipq8074_firmwareqca6574auqca9889_firmwaresa8155p_firmwaremdm9607qcn5122sd205_firmwaresdx20m_firmwareqcm6125wsa8810qcn5500_firmwaremdm9150wcn6856qcn5022wcn3680bsd835_firmwareqca6564_firmwaresd768gipq6010_firmwarewcn6740qca6696sd845_firmwaresdw2500sa6150pqca8075qcn9022_firmwareapq8096au_firmwareqcn6024qcn9022sd845qca9990_firmwareipq8070aqcn9072_firmwaresdm830ipq6000_firmwaresd720g_firmwaresdx12ipq8071_firmwareqcs410_firmwareqcn9074_firmwareipq4029sm7325_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-416
Use After Free
CVE-2021-1965
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-27.45% / 96.23%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 05:31
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcn5024_firmwarewcn3991_firmwarewsa8830sd678qcn9070sa6150p_firmwaresa8145p_firmwareipq4028_firmwareqcn5550ar9380ipq8173_firmwareqcn5124qca4024_firmwareqcn9072qca9880_firmwareqca9992wcn3950_firmwareipq8078aipq5028_firmwaresa8150p_firmwareqca6420_firmwareqca6595au_firmwareqca6390_firmwareipq6000sd730_firmwarewcd9370sd_675_firmwaresd675_firmwareqcn5152_firmwareqca6426qcn9000_firmwareqca9984_firmwareipq5018wcn3998wcd9385_firmwaresdxr2_5g_firmwarewcn3950ipq8076aqcn6024_firmwaresd720gipq8074aqcn5124_firmwaresm7315_firmwareqca6574au_firmwareqcn5122_firmwareqcn5164_firmwaresdx55_firmwareqca6595auqca8081_firmwareqcn6023_firmwarewcd9375_firmwarewcn3998_firmwareqca6420qca6436_firmwareipq5010sd778gipq8070_firmwaresa6155p_firmwareipq8065ipq8078a_firmwareipq8174qca9990ipq5028qca7500ipq4029_firmwareqcn5052sdxr2_5gipq6010ipq8068wcn3988_firmwareqca6430qcn9074sa6145p_firmwaresm6250sd778g_firmwaresa8195pwsa8810_firmwareqca6436wcn6851sa6155pqca8081ipq8071aqcn6023ipq8071a_firmwarewcd9385qca9888_firmwareqcn6122ipq8068_firmwarewcd9341qca6696_firmwaresd870_firmwareqcn5154_firmwareqca6390csr8811qca9898_firmwareaqt1000ipq4019sa8150psm6250_firmwarewcd9375qcn9100_firmwarewcn3910_firmwarewsa8830_firmwareqca9992_firmwaresd855_firmwaresd865_5g_firmwareipq5010_firmwareipq8074a_firmwaresd888_5g_firmwarewcn3988wcn6850_firmwarewsa8815_firmwarewsa8835_firmwaresa8195p_firmwareqcn5121qca9898qcn5022_firmwarewcn6750_firmwareipq4028qca8072ipq5018_firmwareqca9985_firmwarewcn3991ipq4018_firmwarewcd9380_firmwareqcn9000ipq8072aqca7500_firmwareqca9980_firmwaresd_675sd780gipq8076a_firmwaresd865_5gar9380_firmwareipq8078sdx55m_firmwareipq8173wcn6856_firmwareqcn9012sd888qcn5164qcn6122_firmwareipq8065_firmwarewsa8835csr8811_firmwarewcd9380sd888_5gqcn5054_firmwareqcn5154qca8075_firmwareipq4019_firmwareipq4018ipq6005_firmwareqca6574aqcn5024sdx50m_firmwareqca9889wcn6855_firmwaresm7325pqca9888qca8072_firmwareqca9985qca6430_firmwareqca9994_firmwareqcn5052_firmwareqcn9012_firmwareipq8070a_firmwarewcn3980wcn6750ipq6018_firmwareipq8076_firmwareqca9886sd855wsa8815sm7325p_firmwarewcn6850pmp8074_firmwarewcn3910ipq8076qca6426_firmwareqca6574a_firmwareqca9984ipq6028ipq8064qcn5021pmp8074qcn5152qcn9024wcn3980_firmwaresm7315qcn5550_firmwareqca6391sd730sdx55mipq8064_firmwareipq6005aqt1000_firmwarewcn6740_firmwareqcn9100sd678_firmwaresdx50mipq8078_firmwareqcn5054qcn9070_firmwarewcn6851_firmwareipq8070ipq6028_firmwareipq8072a_firmwareqca9994qca6574auqca9889_firmwaresa8155p_firmwaresdx55qca9980qcn5122qcn9024_firmwareipq8174_firmwareqca9880wcd9341_firmwarewsa8810sd870qcn5121_firmwarewcn6855wcn6856ipq6018qcn5022sa6145pqca9886_firmwareipq6010_firmwaresa8145pwcn6740qca6696qca6391_firmwareqca4024sd780g_firmwarewcd9370_firmwaresa6150psd888_firmwareqca8075qcn5021_firmwareqcn9022_firmwareqcn6024qcn9022sa8155pqca9990_firmwareipq8070asd675qcn9072_firmwareipq6000_firmwaresd720g_firmwareqcn9074_firmwareipq4029Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-1933
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.25% / 48.31%
||
7 Day CHG~0.00%
Published-09 Sep, 2021 | 07:35
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UE assertion is possible due to improper validation of invite message with SDP body in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwarewcn3991_firmwaresd678sm6250p_firmwareqcs610csrb31024wcd9360_firmwaresd_636qcs4290wcn3950_firmwaresc8180x\+sdx55qca6420_firmwareqca6595au_firmwareqca6390_firmwareqca6335msm8917sd730_firmwaresd_455_firmwarewcd9370qcs605_firmwaresd_675_firmwaresd675_firmwareqcs6125_firmwareqca6584au_firmwaresd632qca9377sa415mwcn3998sd_8cx_firmwarewcd9371_firmwarewhs9410wcn3950sd720gwcn3660bsd450_firmwaresa8155qca6574au_firmwaresdx55_firmwareqca6595auwcd9375_firmwarewcn3998_firmwarewcn3610_firmwareqca6420apq8053_firmwarewcd9360qca6564au_firmwareqca6584auqca6310whs9410_firmwaresd429qcs6125sa8155_firmwaresdm630sa415m_firmwarewcn3988_firmwareqca6430sd429_firmwaresm6250sd712_firmwarewcd9340apq8017_firmwarequalcomm215_firmwareqcs603_firmwareqca6174a_firmwareqcs4290_firmwarewcn3660_firmwareqca6696_firmwarewcd9371qca6390wcd9375sd_8cxaqt1000wcn3910_firmwaresc8180x\+sdx55_firmwaresm6250_firmwaremsm8953_firmwaresda429wmsm8917_firmwaresd855_firmwarewcn3620_firmwaresd712wcn3988wcn6850_firmwarewcn3620wsa8815_firmwareapq8017sd450wcn3610qcm6125_firmwarewcn3991sda429w_firmwarewcd9380_firmwaresd_675sdm429wqca6564ausdx24sdx55m_firmwaremsm8940_firmwaresd670_firmwaresd632_firmwaresdm429w_firmwaresd665_firmwarewcd9380sm6250pqualcomm215qcs410qca6574asdx50m_firmwareqca6174asdx24_firmwareqca6310_firmwareqca6430_firmwareqca6335_firmwareqcs605wcd9340_firmwaresd855wsa8815wcn6850sd665wcn3910sd_8c_firmwarewcn3660b_firmwarewcn3680qca6574a_firmwaresd850_firmwaresd730sdxr1_firmwaresdx55maqt1000_firmwaremsm8920msm8953sd678_firmwareqcm4290csrb31024_firmwaresdx50mwcn3680_firmwareqcs603msm8920_firmwaresd_455qca6574ausa8155p_firmwaresd_636_firmwaresd670qcm6125qcm4290_firmwareqcs610_firmwaresd_8csdxr1qca6696sdm630_firmwaresd845_firmwarewcd9370_firmwaresdx55msm8940apq8053sa8155psd675sd845sd720g_firmwareqcs410_firmwarewcn3660sd850Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2019-2244
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.33% / 55.32%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 16:44
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible integer underflow can happen when calculating length of elementary stream info from invalid section length which is later used to read from input buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearable in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850sd_632sd_820amsm8996au_firmwaresd_439sd_670_firmwaresd_429sdm439mdm9650sd_636sd_615_firmwaresnapdragon_high_med_2016_firmwaremsm8909w_firmwaremsm8996ausd_820sd_650sd_450_firmwaresd_845_firmwaresd_820a_firmwareqcs605_firmwaremdm9206sd_652sd_425_firmwaresd_625_firmwaresd_450sd_845mdm9206_firmwareqcs605sd_632_firmwaresd_835_firmwaremdm9650_firmwaresd_835sda660sd_210_firmwaresd_600sd_652_firmwaresd_415_firmwaremsm8909wsd_616_firmwaresd_205_firmwaresd_415sd_212sd_650_firmwaresd_427_firmwaresd_712sd_855sdx20sd_616sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435sd_615sd_710_firmwaresdm630sd_625qm215sd_820_firmwaresd_210mdm9607sd_636_firmwaresd_439_firmwaresd_429_firmwaresnapdragon_high_med_2016sd_212_firmwaresd_850_firmwaresdm439_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwareqm215_firmwaresd_430sd_427sd_670sd_435_firmwaresdx20_firmwaresd_710sd_600_firmwaresd_205sdm660_firmwaresd_855_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearable
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2019-2255
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.66% / 70.08%
||
7 Day CHG~0.00%
Published-14 Jun, 2019 | 17:02
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unprivileged user can craft a bitstream such that the payload encoded in the bitstream gains code execution in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850sd_632sd_820asd_675msm8996au_firmwaresd_439sd_670_firmwaresd_429sdm439sd_636snapdragon_high_med_2016_firmwaremsm8909w_firmwaremsm8996ausd_820sd_450_firmwaresd_845_firmwaresd_820a_firmwareqcs605_firmwaresd_675_firmwaresd_425_firmwaresd_625_firmwaresd_450sd_8cx_firmwaresd_845qcs605sd_632_firmwaresd_835_firmwaresd_835sda660sxr1130_firmwaresd_210_firmwaresxr1130msm8909wsd_205_firmwaresd_212sd_427_firmwaresd_712sd_855sd_730_firmwaresd_425sdm660sd_430_firmwaresd_710_firmwaresd_435sdm630sd_625qm215sd_210sd_636_firmwaresd_820_firmwaresd_439_firmwaresd_429_firmwaresd_730snapdragon_high_med_2016sd_212_firmwaresd_850_firmwaresdm439_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwareqm215_firmwaresd_427sd_430sd_8cxsd_670sd_435_firmwaresd_710sd_205sdm660_firmwaresd_855_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CVE-2014-10048
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.22% / 44.33%
||
7 Day CHG~0.00%
Published-18 Apr, 2018 | 14:00
Updated-16 Sep, 2024 | 23:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, while setting the offsets, time-services allows the user to set bases greater than valid base value which will lead to array index out-of-bound.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_412sd_808_firmwaresd_400sdx20sd_415sd_616sd_425sd_430_firmwaremdm9607_firmwaresd_615mdm9650sd_650_firmwaresd_625sd_615_firmwaremsm8909w_firmwaremdm9607sd_210sd_820_firmwaresd_650sd_820sd_808sd_450_firmwaresd_800sd_410sd_617sd_400_firmwaremdm9206sd_652sd_425_firmwaresd_212_firmwaresd_800_firmwaresd_625_firmwaresd_450sd_412_firmwaremdm9206_firmwaresd_430sd_810sd_835_firmwaremdm9650_firmwaresdx20_firmwaresd_410_firmwaresd_835sd_205sd_600_firmwaresd_210_firmwaresd_415_firmwaresd_652_firmwaresd_600msm8909wsd_810_firmwaresd_616_firmwaresd_205_firmwaresd_212sd_617_firmwareSnapdragon Mobile, Snapdragon Wear
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2023-43553
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.38% / 58.67%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 10:48
Updated-09 Jan, 2025 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use of Out-of-range Pointer Offset in WLAN HOST

Memory corruption while parsing beacon/probe response frame when AP sends more supported links in MLIE.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wsa8830qcn6422wcd9395ipq8078sm8550p_firmwareqcn9022wsa8832_firmwareqca8084_firmwareqcn9013qca6678aq_firmwarewcd9390_firmwareqcc710qcn6224qamsrv1m_firmwareqca4024ipq6028srv1m_firmwareipq8074a_firmwareqca6698aqipq5312qam8650pqfw7124wcd9340_firmwareqcn6132qcn9274_firmwareimmersive_home_316qcn5164_firmwareqcn5052qca6564au_firmwareqcn9012ar8035_firmwareimmersive_home_326sa8155pqcn9072sa8255p_firmwareqca6595qcs8550_firmwareqcn9100sa8195psa9000p_firmwaressg2125p_firmwareipq8076asa8255pqcc2073ipq8070a_firmwaresnapdragon_x65_5g_modem-rf_firmwarewcd9380qcn9072_firmwareqcn6432_firmwarecsr8811_firmwareipq6018_firmwarear8035qam8775p_firmwareqca6797aqqcn6422_firmwareqca8085_firmwareimmersive_home_326_firmwaresnapdragon_ar2_gen_1_firmwaresa8650pqca6584ausrv1mqcs8550qca9889_firmwareqca8337srv1h_firmwareqca9889qca8386qcn5024qcn6402_firmwaresa6155pqcn5024_firmwarecsr8811ipq8078aqca6574aqca6574qcn9100_firmwareqcn5052_firmwarefastconnect_7800immersive_home_214_firmwarewcd9340sxr1230pipq6018qca6574au_firmwareqcn9012_firmwareipq8078a_firmwaresa9000pqca8075sxr2230p_firmwarewsa8832fastconnect_6900ipq5028_firmwareipq8072a_firmwareqcn9024fastconnect_6900_firmwareqcc710_firmwareipq8174_firmwareqcn9274qca6584au_firmwareqcn9074_firmwarefastconnect_7800_firmwareipq5312_firmwarewcd9390qcn5122qcn6023_firmwareqfw7124_firmwareqcc2076wcd9385_firmwareqca8337_firmwaresa7255p_firmwareqcn9074qamsrv1h_firmwareipq8076a_firmwarewsa8845h_firmwaresdx65m_firmwareqcn6024_firmwaresxr1230p_firmwareqcn6122_firmwareimmersive_home_216ipq9570snapdragon_ar2_gen_1ipq8072aqam8255pqcn6122sm8550pipq5302_firmwaresnapdragon_8\+_gen_2_mobile_firmwaresnapdragon_8\+_gen_2_mobileimmersive_home_214ipq6010_firmwareqcn9022_firmwarewsa8830_firmwareipq8173ipq9574qcn5152ipq5332_firmwaresdx55snapdragon_x75_5g_modem-rfsnapdragon_x65_5g_modem-rfqcn5124_firmwareipq8074aqcf8000_firmwareqam8775pipq6000_firmwareipq5302qcn5154qca4024_firmwareqca8084qcn5122_firmwaresa8155p_firmwaresa8195p_firmwareqca6696ipq5332sxr2230pwsa8835ipq8078_firmwareqcc2073_firmwareipq9574_firmwaresnapdragon_8_gen_2_mobile_firmwaresa6155p_firmwareipq6028_firmwareqca6595au_firmwareqcn5164ipq9008_firmwareipq6000ipq8076qcn9024_firmwareqcn6224_firmwareqfw7114sa7255pqca9888_firmwareqcf8001sa8775p_firmwareqcn6112_firmwareipq5010_firmwareqcn6274qcn5152_firmwareqca9888qcn5154_firmwareqcn6274_firmwareqca0000_firmwaresrv1hsa8775pipq8071a_firmwareqca0000ssg2115p_firmwareqcn9000immersive_home_3210_firmwaressg2125pwcd9385immersive_home_316_firmwareipq8174qca6554a_firmwareqfw7114_firmwareipq6010immersive_home_216_firmwareqca6574auqcn5022_firmwareqcn6432qca6574_firmwareqca6698aq_firmwarewsa8840sdx65mipq8071aqcf8001_firmwareqcn5124wsa8840_firmwareqcc2076_firmwaresdx55_firmwaressg2115pipq5010qcn6132_firmwareqam8650p_firmwareqca6554asnapdragon_x75_5g_modem-rf_firmwareqcf8000qca8075_firmwareqca6595auipq5028wcd9380_firmwaresa8770p_firmwarewsa8835_firmwareipq8070asnapdragon_8_gen_2_mobileqca8082_firmwaresa8770pqcn6402qcn9070wcd9395_firmwareipq9570_firmwareqcn6023qca8081qcn6412ipq8173_firmwareqam8255p_firmwareqca8386_firmwareqcn5022qcn6112sa8650p_firmwareqca6595_firmwareimmersive_home_3210qca6564auqca6696_firmwareqca8081_firmwarewsa8845_firmwareimmersive_home_318wsa8845hqcn9000_firmwarewsa8845qca6574a_firmwareqca6678aqqamsrv1mqcn9013_firmwareipq9008qcn6024qca8082qca8085qcn6412_firmwareqca6797aq_firmwareqcn9070_firmwareqamsrv1himmersive_home_318_firmwareipq8076_firmwareSnapdragonqcn6412_firmwareqca6574a_firmwarewsa8832_firmwareqcn5124_firmwareqcn9024_firmwareqcn9070_firmwaresrv1h_firmwareqcn6422_firmwarewsa8835_firmwarecsr8811_firmwaresa8255p_firmwareipq8076a_firmwareqcn9022_firmwareipq8076_firmwareipq8074a_firmwaresa8155p_firmwareqcn6224_firmwareqca8386_firmwareqcn5164_firmwareqcn5052_firmwareimmersive_home_3210_platform_firmwareqca6698aq_firmwareqca8081_firmwareqcn6402_firmwaresa8770p_firmwarewcd9385_firmwarefastconnect_7800_firmwarewsa8845h_firmwareipq8078_firmwaressg2125p_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqcn6024_firmwareqamsrv1m_firmwareipq8070a_firmwareqca6595_firmwareipq5302_firmwareqca0000_firmwareqcn5152_firmwareqam8650p_firmwareqcn6274_firmwaresa7255p_firmwareqcn6432_firmwaresrv1m_firmwareimmersive_home_316_platform_firmwaresnapdragon_8_gen_2_mobile_platform_firmwareqcn5024_firmwaresa8195p_firmwareqcc2073_firmwareqca9889_firmwareipq8173_firmwareqcn9012_firmwareipq6018_firmwareqcn9100_firmwaresa9000p_firmwarewcd9340_firmwarear8035_firmwareqca8084_firmwareqcn5022_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewsa8845_firmwareqcf8001_firmwareqcc710_firmwareqca8075_firmwareqca6574au_firmwareqcf8000_firmwaresa6155p_firmwareqcn9274_firmwareipq8071a_firmwareqcn9074_firmwareqca6678aq_firmwareqcn5122_firmwareqcs8550_firmwareipq5312_firmwaresdx65m_firmwareqca6564au_firmwareqca4024_firmwareqcn9000_firmwareqca6696_firmwareimmersive_home_326_platform_firmwareqcn6122_firmwaresa8775p_firmwareimmersive_home_318_platform_firmwareqcn9013_firmwareqca8337_firmwareipq6000_firmwareqcn5154_firmwareqca6595au_firmwarewcd9390_firmwareqamsrv1h_firmwaresm8550p_firmwareqca6554a_firmwaresnapdragon_ar2_gen_1_platform_firmwareipq9570_firmwareipq8078a_firmwarewcd9395_firmwaresxr1230p_firmwareqcn9072_firmwareqfw7124_firmwareqcc2076_firmwareipq8174_firmwareipq6010_firmwarefastconnect_6900_firmwarewsa8840_firmwareqca9888_firmwarewcd9380_firmwareqca6584au_firmwareqam8775p_firmwareimmersive_home_216_platform_firmwareipq9008_firmwareqfw7114_firmwarewsa8830_firmwareqca8085_firmwaresxr2230p_firmwaressg2115p_firmwareqca6574_firmwareqcn6112_firmwareqcn6023_firmwareipq5028_firmwareipq6028_firmwareipq8072a_firmwareipq9574_firmwareqca6797aq_firmwareipq5010_firmwaresdx55_firmwareqca8082_firmwareipq5332_firmwareimmersive_home_214_platform_firmwareqam8255p_firmwaresa8650p_firmwareqcn6132_firmware
CWE ID-CWE-823
Use of Out-of-range Pointer Offset
CVE-2019-2331
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.33% / 55.32%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 17:11
Updated-04 Aug, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible Integer overflow because of subtracting two integers without checking if the result would overflow or not in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9150_firmwaresd_632mdm9640_firmwaresd_820asd_675msm8996au_firmwaresd_439sd_670_firmwaresd_429sdx24sdm439mdm9650sd_636sd_615_firmwaremsm8909w_firmwaremsm8996ausd_820sd_450_firmwaresd_845_firmwaresd_820a_firmwareqcs605_firmwaresd_675_firmwaremdm9206sd_425_firmwaresd_665sdx24_firmwaresd_625_firmwaresd_450mdm9615sd_845mdm9206_firmwareqcs605sd_632_firmwaresd_835_firmwaremdm9650_firmwaresd_835sda660sd_210_firmwaresd_600sd_415_firmwaremsm8909wsd_665_firmwaresd_616_firmwaresd_205_firmwaresd_415sd_212sd_427_firmwaresd_712sd_855sd_730_firmwarequalcomm_215sdx20sd_616sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435sd_615sd_710_firmwaresdm630qcs405sd_625sd_820_firmwaresd_210mdm9607sd_636_firmwaresd_439_firmwarequalcomm_215_firmwaremdm9150sd_429_firmwaresd_730sd_212_firmwaresd_850_firmwaresd_855_firmwaresdm439_firmwareqcs405_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaresd_430sd_427sd_670sd_435_firmwaremdm9615_firmwaresdx20_firmwaresd_710sd_600_firmwaresd_205sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-2320
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.33% / 55.32%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 08:30
Updated-04 Aug, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible out of bounds write in a MT SMS/SS scenario due to improper validation of array index in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwaremdm9635m_firmwareqcm2150_firmwaremdm9640_firmwaresdm632_firmwaremsm8996au_firmwaresdm845sdm450_firmwaresdm632sdx24sdm439mdm9650sdm429msm8940_firmwaresm7150_firmwaresnapdragon_high_med_2016_firmwaresm6150msm8909w_firmwaremsm8976_firmwaremsm8996ausm7150apq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwaremdm9206sdm670_firmwaresdx24_firmwaresdm636sda845_firmwaremdm9635mapq8098mdm9615mdm9205mdm9206_firmwaremsm8939qcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaremsm8905_firmwaresda660sdx55_firmwaresxr1130_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwaresda845nicobarsdm850_firmwaremsm8920msm8953sdm450sdm636_firmwaresdm845_firmwareapq8098_firmwaresdx20msm8998_firmwareqcm2150msm8920_firmwaresdm630mdm9607_firmwaresm8250_firmwaremdm9655_firmwaresdm660sdm710qm215mdm9607apq8017_firmwaremdm9625_firmwaresdm710_firmwaremsm8939_firmwaremdm9150msm8937msm8905snapdragon_high_med_2016sm8150_firmwaremsm8909sxr2130_firmwaremdm9655apq8096ausdm439_firmwaresdm630_firmwaremdm9205_firmwaresda660_firmwaremdm9625qm215_firmwaremsm8976sdx55msm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaresm8250msm8998sm8150sdx20_firmwaresdm850mdm9615_firmwareapq8017nicobar_firmwaresdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-129
Improper Validation of Array Index
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-43548
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.3||HIGH
EPSS-0.14% / 35.35%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 10:48
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy Without Checking Size of Input in Video

Memory corruption while parsing qcp clip with invalid chunk data size.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sw5100pqcs410_firmwaresa6150p_firmwaresd865_5gsxr1120qca6595qcs610_firmwarewcd9335wcd9370snapdragon_670_mobileqca6696wcd9340_firmwarewcd9341_firmwaresnapdragon_8\+_gen_1_mobilewcn6740_firmwarefastconnect_6700wcn3610snapdragon_780g_5g_mobilesnapdragon_685_4g_mobilesa4150psnapdragon_782g_mobile_firmwaresnapdragon_wear_4100\+_firmwarewsa8832_firmwaresnapdragon_665_mobile_firmwareqca6574au_firmwaresnapdragon_690_5g_mobile_firmwareqcn7606_firmwareqam8295pwcd9341qca6574ausnapdragon_888\+_5g_mobile_firmwarewsa8810_firmwaresd730_firmwaresnapdragon_778g_5g_mobile_firmwaresa9000p_firmwaresrv1hwcn3660b_firmwaresd730snapdragon_690_5g_mobilefastconnect_6800_firmwaresd835_firmwarevideo_collaboration_vc1_platform_firmwaresa4155psa8770psnapdragon_678_mobile_firmwaressg2115psnapdragon_xr2_5g_firmwaresnapdragon_xr1_firmwaresxr1120_firmwaresnapdragon_wear_4100\+fastconnect_6900snapdragon_w5\+_gen_1_wearable_firmwarevideo_collaboration_vc1_platformsnapdragon_730_mobile_firmwarewcd9385_firmwareqca6310qam8255p_firmwareqcs4490snapdragon_730_mobilesnapdragon_680_4g_mobilesa6155pwsa8810qam8650psnapdragon_835_mobilesa9000psrv1h_firmwaresnapdragon_888_5g_mobile_firmwareqca6595ausnapdragon_888_5g_mobilesm7315_firmwaresnapdragon_662_mobile_firmwaresa6155p_firmwaresnapdragon_685_4g_mobile_firmwaresnapdragon_845_mobile_firmwarewcd9326_firmwaresrv1m_firmwaresnapdragon_730g_mobilesnapdragon_782g_mobilesd835snapdragon_x55_5g_modem-rfsnapdragon_4_gen_2_mobile_firmwaresnapdragon_695_5g_mobile_firmwareqcs4490_firmwaresnapdragon_x55_5g_modem-rf_firmwaresnapdragon_7c\+_gen_3_compute_firmwarewcn3910_firmwaresnapdragon_460_mobileqca6420wcn3910wcd9370_firmwaresnapdragon_835_mobile_firmwarewcn3660bqca6574asa8195pwcd9340qcm2290qcm6490wcn3988snapdragon_765_5g_mobile_firmwaresnapdragon_662_mobilesa8775pqca6574sxr2230p_firmwaresnapdragon_855_mobile_firmwareqca6430_firmwaresa8775p_firmwareqamsrv1hsa6150pwcd9326qcs410qcm2290_firmwaresa8155p_firmwaresa8155psnapdragon_765g_5g_mobile_firmwarewsa8830sa6145psnapdragon_768g_5g_mobile_firmwaresa8255p_firmwareqamsrv1m_firmwaresnapdragon_4_gen_2_mobilesa8650p_firmwaresnapdragon_865\+_5g_mobile_firmwareqca6698aqssg2125p_firmwaresm6250wcn3950_firmwaresnapdragon_480\+_5g_mobilefastconnect_6200sd670wcn3680bsa8145p_firmwaresm7325p_firmwaresnapdragon_480_5g_mobile_firmwaresnapdragon_660_mobile_firmwaresa8150p_firmwarefastconnect_6700_firmwaresnapdragon_710_mobile_firmwarevideo_collaboration_vc3_platform_firmwarewcn3990sd670_firmwareqcs6490snapdragon_695_5g_mobilesnapdragon_855_mobilesnapdragon_778g_5g_mobilefastconnect_6200_firmwarewsa8830_firmwaresnapdragon_460_mobile_firmwareqca6678aq_firmwaresd660_firmwarewsa8832snapdragon_480_5g_mobilesrv1mqca6678aqsnapdragon_860_mobile_firmwaresnapdragon_778g\+_5g_mobileqca6320sa4150p_firmwaresd888_firmwarewsa8815_firmwaresa8195p_firmwareqcm4290snapdragon_xr2\+_gen_1qcm6490_firmwaresnapdragon_665_mobilesm7250p_firmwareqcm4490_firmwarewcn3950snapdragon_870_5g_mobile_firmwaresnapdragon_730g_mobile_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_732g_mobilesnapdragon_778g\+_5g_mobile_firmwaresa8295p_firmwaresnapdragon_870_5g_mobilesnapdragon_678_mobilesa4155p_firmwaresnapdragon_720g_mobilesm6250_firmwaresm7250pqca6320_firmwaresd888snapdragon_675_mobile_firmwaresw5100_firmwarewcn6740snapdragon_768g_5g_mobilesnapdragon_780g_5g_mobile_firmwareqca6310_firmwaresnapdragon_845_mobilefastconnect_6800qca6595_firmwarefastconnect_7800_firmwaresnapdragon_675_mobilesnapdragon_865_5g_mobile_firmwarefastconnect_6900_firmwarewcd9380sa6145p_firmwareqam8255psxr2230psnapdragon_xr2_5gsa8150psxr1230psw5100video_collaboration_vc3_platformaqt1000snapdragon_4_gen_1_mobile_firmwareqam8295p_firmwaresd855wcn3990_firmwaresm7315snapdragon_660_mobileqca6698aq_firmwareqcs2290snapdragon_888\+_5g_mobileqcn7606wcd9385qcs2290_firmwaresnapdragon_8_gen_1_mobilesnapdragon_xr2\+_gen_1_firmwaresnapdragon_680_4g_mobile_firmwarewcn3610_firmwaresa8255pqcs4290sxr1230p_firmwaresnapdragon_865\+_5g_mobileqca6430snapdragon_855\+_mobilesnapdragon_765_5g_mobilesnapdragon_860_mobilessg2125pqcm4490snapdragon_480\+_5g_mobile_firmwareqamsrv1msm7325psnapdragon_732g_mobile_firmwareqam8650p_firmwaresnapdragon_670_mobile_firmwareqca6420_firmwareaqt1000_firmwareqcs6490_firmwaresd855_firmwarewcd9335_firmwarewcn3980_firmwarewsa8835qca6595au_firmwareqca6391_firmwareqcs610sw5100p_firmwareqca6696_firmwareqcs4290_firmwarewcd9380_firmwareqca6574_firmwarewsa8815sd660sd_8_gen1_5gqam8775pqca6574a_firmwaresnapdragon_4_gen_1_mobileqcm4290_firmwaresnapdragon_720g_mobile_firmwaresnapdragon_865_5g_mobilesnapdragon_855\+_mobile_firmwaresd_8_gen1_5g_firmwarewcd9375_firmwareqca6391snapdragon_710_mobilesa8770p_firmwaresa8295pfastconnect_7800sa8650pqam8775p_firmwaresd865_5g_firmwaresnapdragon_xr1wcd9375snapdragon_765g_5g_mobilewcn3988_firmwareqamsrv1h_firmwaresa8145psnapdragon_8\+_gen_1_mobile_firmwarewsa8835_firmwaressg2115p_firmwarewcn3980wcn3680b_firmwaresnapdragon_w5\+_gen_1_wearablesnapdragon_8_gen_1_mobile_firmwareSnapdragonqca6574a_firmwaresnapdragon_4_gen_1_mobile_platform_firmwarewcn3980_firmwaresnapdragon_720g_mobile_platform_firmwarequalcomm_video_collaboration_vc1_platform_firmwaresnapdragon_xr2_5g_platform_firmwarewsa8832_firmwareqcs4490_firmwarewcn3660b_firmwareqca6696_firmwaresa8150p_firmwaresa8775p_firmwaresd888_firmwaresrv1h_firmwaresd855_firmwaresd670_firmwaresnapdragon_780g_5g_mobile_platform_firmwarewsa8835_firmwaresnapdragon_xr1_platform_firmwaresa8255p_firmwaresm7325p_firmwarewcn3988_firmwarefastconnect_6700_firmwareqca6595au_firmwaresnapdragon_660_mobile_platform_firmwaresnapdragon_855_mobile_platform_firmwareqcm6490_firmwareaqt1000_firmwareqamsrv1h_firmwareqcs6490_firmwaresa8155p_firmwarefastconnect_6200_firmwaresa4155p_firmwaresa6145p_firmwaresnapdragon_835_mobile_pc_platform_firmwaresa8295p_firmwaresm6250_firmwareqca6420_firmwaresnapdragon_845_mobile_platform_firmwaresa4150p_firmwaresnapdragon_888_5g_mobile_platform_firmwaresa6150p_firmwaresxr1230p_firmwaresm7250p_firmwareqca6391_firmwaresnapdragon_675_mobile_platform_firmwaresm7315_firmwareqca6698aq_firmwaresnapdragon_680_4g_mobile_platform_firmwarefastconnect_6900_firmwaresa8770p_firmwaresd835_firmwarewcd9385_firmwarewcd9370_firmwarewcd9380_firmwareqam8775p_firmwaresnapdragon_8_gen_1_mobile_platform_firmwarewsa8810_firmwaresnapdragon_710_mobile_platform_firmwarewcn3610_firmwarefastconnect_7800_firmwaresxr1120_firmwaresw5100p_firmwarewcd9341_firmwaresd730_firmwaresnapdragon_865_5g_mobile_platform_firmwarewsa8830_firmwaresxr2230p_firmwaressg2125p_firmwareqam8295p_firmwaressg2115p_firmwareqca6320_firmwareqca6574_firmwarewcd9335_firmwareqamsrv1m_firmwareqca6595_firmwaresa8145p_firmwarewcd9326_firmwareqam8650p_firmwareqcm4490_firmwareqcm2290_firmwarequalcomm_video_collaboration_vc3_platform_firmwarewcn3950_firmwaresnapdragon_480_5g_mobile_platform_firmwaresnapdragon_670_mobile_platform_firmwaresnapdragon_4_gen_2_mobile_platform_firmwaresnapdragon_778g_5g_mobile_platform_firmwaresnapdragon_662_mobile_platform_firmwareqcs4290_firmwaresnapdragon_x55_5g_modem-rf_system_firmwaresrv1m_firmwareqcs610_firmwarewsa8815_firmwareqcs2290_firmwaresnapdragon_460_mobile_platform_firmwarewcn3990_firmwaresa8195p_firmwarewcn3680b_firmwarewcn3910_firmwareqcn7606_firmwaresnapdragon_690_5g_mobile_platform_firmwaresw5100_firmwaresa9000p_firmwarewcd9340_firmwaresnapdragon_695_5g_mobile_platform_firmwareqca6430_firmwaresd865_5g_firmwarefastconnect_6800_firmwaresnapdragon_665_mobile_platform_firmwaresd660_firmwareqca6574au_firmwareqcs410_firmwareqam8255p_firmwaresa6155p_firmwareqca6310_firmwareqcm4290_firmwaresa8650p_firmwareqca6678aq_firmwarewcn6740_firmwaresd_8_gen1_5g_firmwarewcd9375_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-43518
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.3||HIGH
EPSS-0.11% / 29.58%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 05:47
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Untrusted Pointer Dereference in Video

Memory corruption in video while parsing invalid mp2 clip.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcm8550_firmwareqcs410_firmwaresa6150p_firmwaresd865_5gsw5100psxr1120qca6595snapdragon_xr1_platformqcs610_firmwarewcd9335wcd9370qca6696wcd9340_firmwarewcd9341_firmwarewcd9395_firmwaresnapdragon_730_mobile_platformwcn6740_firmwarefastconnect_6700wcn3610snapdragon_768g_5g_mobile_platform_firmwaresa4150pwsa8832_firmwarewcd9395snapdragon_460_mobile_platformqca6574au_firmwareqcn7606_firmwareqam8295pwcd9341qca6574auwcd9390wsa8810_firmwaresd730_firmwarewsa8845h_firmwaresa9000p_firmwaresnapdragon_835_mobile_pc_platform_firmwarewcn3660b_firmwaresd730snapdragon_730g_mobile_platform_firmwarefastconnect_6800_firmwaresd835_firmwaresnapdragon_4_gen_2_mobile_platform_firmwaresnapdragon_695_5g_mobile_platformsnapdragon_4_gen_1_mobile_platform_firmwarevideo_collaboration_vc1_platform_firmwaresa4155psnapdragon_778g\+_5g_mobile_platformsa8770pqcm6125_firmwaressg2115psnapdragon_480\+_5g_mobile_platform_firmwaresxr1120_firmwaresnapdragon_695_5g_mobile_platform_firmwarefastconnect_6900snapdragon_765g_5g_mobile_platformvideo_collaboration_vc1_platformwcd9385_firmwaresnapdragon_x55_5g_modem-rf_systemqca6310qam8255p_firmwaresnapdragon_888_5g_mobile_platform_firmwareqcs4490snapdragon_8_gen_1_mobile_platform_firmwaresnapdragon_685_4g_mobile_platformsnapdragon_8\+_gen_2_mobile_platform_firmwarewsa8845sa6155pqcm6125snapdragon_768g_5g_mobile_platformwsa8810video_collaboration_vc5_platform_firmwaresa9000psnapdragon_8\+_gen_2_mobile_platformqca6595ausm7315_firmwarewcd9326_firmwaresa6155p_firmwarewsa8840qcs8550_firmwaresd835snapdragon_870_5g_mobile_platform_firmwaresnapdragon_wear_4100\+_platform_firmwaresnapdragon_8\+_gen_1_mobile_platformqcs4490_firmwaresnapdragon_8_gen_2_mobile_platformwcn3910_firmwaresnapdragon_7c\+_gen_3_compute_firmwaresnapdragon_855\+\/860_mobile_platform_firmwareqca6420wcn3910wcd9370_firmwaresnapdragon_845_mobile_platformsnapdragon_x55_5g_modem-rf_system_firmwaresnapdragon_660_mobile_platformwcn3660bqca6574asa8195pwcd9340qcs8250_firmwareqcm2290qcm6490sm8550p_firmwareqcm8550wcn3988sa8775pqca6574snapdragon_460_mobile_platform_firmwaresxr2230p_firmwareqca6430_firmwaresnapdragon_870_5g_mobile_platformsa8775p_firmwarewsa8845hsa6150pwcd9326qcs410qcm2290_firmwaresa8155p_firmwaresa8155psnapdragon_675_mobile_platformwsa8830snapdragon_662_mobile_platformsm8550psa6145psnapdragon_8\+_gen_1_mobile_platform_firmwaresnapdragon_765_5g_mobile_platformsa8255p_firmwaresnapdragon_665_mobile_platformsnapdragon_678_mobile_platform_firmwareqcm4325ssg2125p_firmwarewcn3950_firmwareqca6698aqsm6250snapdragon_8_gen_1_mobile_platformfastconnect_6200sd670snapdragon_710_mobile_platformsa8145p_firmwaresm7325p_firmwarewcn3680bsnapdragon_730g_mobile_platformsnapdragon_888\+_5g_mobile_platformsa8150p_firmwaresnapdragon_855\+\/860_mobile_platformsnapdragon_w5\+_gen_1_wearable_platformfastconnect_6700_firmwarevideo_collaboration_vc3_platform_firmwarewcn3990sd670_firmwaresnapdragon_680_4g_mobile_platform_firmwareqcs6490qcs8250fastconnect_6200_firmwarewsa8830_firmwarewsa8845_firmwaresd660_firmwarewsa8832snapdragon_675_mobile_platform_firmwaresnapdragon_730_mobile_platform_firmwaresnapdragon_888_5g_mobile_platformsnapdragon_w5\+_gen_1_wearable_platform_firmwareqca6320sa4150p_firmwaresd888_firmwaresnapdragon_662_mobile_platform_firmwareqcs6125_firmwarewsa8815_firmwaresa8195p_firmwareqcm4290snapdragon_680_4g_mobile_platformqcm6490_firmwaresm7250p_firmwareqcm4490_firmwaresnapdragon_855_mobile_platformwcn3950snapdragon_xr2_5g_platformqcs6125snapdragon_7c\+_gen_3_computesnapdragon_765g_5g_mobile_platform_firmwaresnapdragon_xr2\+_gen_1_platform_firmwaresnapdragon_670_mobile_platform_firmwaresnapdragon_780g_5g_mobile_platformsnapdragon_710_mobile_platform_firmwaresa8295p_firmwaresa4155p_firmwaresnapdragon_720g_mobile_platformsm6250_firmwaresm7250psnapdragon_780g_5g_mobile_platform_firmwaresnapdragon_845_mobile_platform_firmwareqca6320_firmwaresd888snapdragon_4_gen_2_mobile_platformsw5100_firmwaresnapdragon_765_5g_mobile_platform_firmwarewcn6740qca6310_firmwarefastconnect_6800qca6595_firmwareqcs7230fastconnect_7800_firmwaresnapdragon_685_4g_mobile_platform_firmwaresnapdragon_782g_mobile_platform_firmwarefastconnect_6900_firmwarewcd9380sa6145p_firmwareqam8255psxr2230psnapdragon_732g_mobile_platform_firmwaresnapdragon_xr2_5g_platform_firmwaresnapdragon_4_gen_1_mobile_platformsa8150psnapdragon_778g_5g_mobile_platformsnapdragon_665_mobile_platform_firmwaresnapdragon_835_mobile_pc_platformsxr1230psnapdragon_865\+_5g_mobile_platformsw5100video_collaboration_vc3_platformaqt1000snapdragon_865_5g_mobile_platform_firmwareqam8295p_firmwaresd855wcn3990_firmwaresm7315qca6698aq_firmwareqcs2290wcd9385qcn7606qcs2290_firmwarewcn3615wcn3610_firmwaresnapdragon_678_mobile_platformsa8255pqcs7230_firmwareqcs4290snapdragon_720g_mobile_platform_firmwaresxr1230p_firmwarewcd9390_firmwaresnapdragon_778g\+_5g_mobile_platform_firmwaresnapdragon_865\+_5g_mobile_platform_firmwaresnapdragon_690_5g_mobile_platformqca6430wcn3615_firmwaressg2125pqcm4490snapdragon_xr2\+_gen_1_platformsm7325pvideo_collaboration_vc5_platformsnapdragon_855_mobile_platform_firmwareqca6420_firmwareaqt1000_firmwareqcs6490_firmwaresd855_firmwarewcd9335_firmwarewcn3980_firmwaresnapdragon_480_5g_mobile_platform_firmwarewsa8835qca6595au_firmwareqca6391_firmwarewsa8840_firmwaresw5100p_firmwaresnapdragon_732g_mobile_platformsnapdragon_782g_mobile_platformqca6696_firmwareqcs4290_firmwaresnapdragon_865_5g_mobile_platformwcd9380_firmwareqca6574_firmwarewsa8815sd660sg4150psd_8_gen1_5gqam8775pqcm4325_firmwareqca6574a_firmwareqcm4290_firmwaresnapdragon_480\+_5g_mobile_platformsd_8_gen1_5g_firmwarewcd9375_firmwareqca6391qualcomm_215_mobile_platformsnapdragon_778g_5g_mobile_platform_firmwaresg4150p_firmwaresnapdragon_480_5g_mobile_platformsa8770p_firmwaresa8295psnapdragon_670_mobile_platformsnapdragon_8_gen_2_mobile_platform_firmwaresnapdragon_xr1_platform_firmwareqcs8550fastconnect_7800qam8775p_firmwaresd865_5g_firmwarequalcomm_215_mobile_platform_firmwarewcd9375wcn3988_firmwaresa8145psnapdragon_wear_4100\+_platformsnapdragon_888\+_5g_mobile_platform_firmwarewsa8835_firmwaressg2115p_firmwaresnapdragon_660_mobile_platform_firmwarewcn3980snapdragon_690_5g_mobile_platform_firmwarewcn3680b_firmwareqcs610Snapdragonqam8255p_firmwaresnapdragon_662_mobile_platform_firmwaresa6150p_firmwaresa8145p_firmwaresxr2230p_firmwareqcs2290_firmwarewcn3950_firmwaresnapdragon_888_5g_mobile_platform_firmwaresa8150p_firmwareqca6420_firmwareqca6595au_firmwaresd730_firmwaresnapdragon_460_mobile_platform_firmwareqcs6125_firmwaresnapdragon_480_5g_mobile_platform_firmwarewcn3990_firmwarequalcomm_video_collaboration_vc3_platform_firmwarewcd9385_firmwarewcd9326_firmwarewcn3615_firmwaresd_8_gen1_5g_firmwaresnapdragon_660_mobile_platform_firmwareqam8295p_firmwaresa9000p_firmwareqca6320_firmwaresm7315_firmwareqca6574au_firmwaresnapdragon_695_5g_mobile_platform_firmwaresnapdragon_835_mobile_pc_platform_firmwarewcn3680b_firmwarewcd9375_firmwarewsa8845h_firmwaresm7250p_firmwarewcn3610_firmwaresnapdragon_680_4g_mobile_platform_firmwaresa6155p_firmwareqcm8550_firmwaresa8775p_firmwarewsa8840_firmwaresa4155p_firmwareqcs8550_firmwarewcn3988_firmwaresa6145p_firmwarefastconnect_6700_firmwarewsa8810_firmwarewcd9395_firmwaresa8255p_firmwareqca6698aq_firmwareqcs4290_firmwaresa8770p_firmwareqam8775p_firmwareqca6696_firmwareqcs6490_firmwaresnapdragon_665_mobile_platform_firmwarewcn3910_firmwaresnapdragon_855_mobile_platform_firmwaresm6250_firmwarewsa8830_firmwaresd855_firmwaresd865_5g_firmwarewsa8815_firmwarewsa8835_firmwaresd660_firmwaresnapdragon_780g_5g_mobile_platform_firmwaresa8195p_firmwaresnapdragon_865_5g_mobile_platform_firmwarefastconnect_6800_firmwaresxr1120_firmwaresa8295p_firmwareqcn7606_firmwaresg4150p_firmwaresnapdragon_8_gen_2_mobile_platform_firmwareqcm6125_firmwaresnapdragon_675_mobile_platform_firmwareqcm2290_firmwarequalcomm_video_collaboration_vc1_platform_firmwarewcd9380_firmwaresnapdragon_778g_5g_mobile_platform_firmwareqcs7230_firmwaresnapdragon_670_mobile_platform_firmwaresd670_firmwaresxr1230p_firmwaresnapdragon_4_gen_1_mobile_platform_firmwaresnapdragon_4_gen_2_mobile_platform_firmwaressg2125p_firmwareqca6310_firmwareqca6430_firmwarewcd9335_firmwareqcm4325_firmwareqca6574_firmwarewcd9340_firmwaresm7325p_firmwarewsa8845_firmwaresnapdragon_xr2_5g_platform_firmwarewcn3660b_firmwareqca6574a_firmwarefastconnect_6200_firmwarewcn3980_firmwaresnapdragon_x55_5g_modem-rf_system_firmwareaqt1000_firmwarewcn6740_firmwareqcm4490_firmwaresnapdragon_690_5g_mobile_platform_firmwaresnapdragon_845_mobile_platform_firmwareqcs4490_firmwareqcm6490_firmwarewsa8832_firmwarefastconnect_6900_firmwaresa8155p_firmwareqcs8250_firmwarewcd9341_firmwarefastconnect_7800_firmwareqcm4290_firmwaresw5100p_firmwareqcs610_firmwaresnapdragon_8_gen_1_mobile_platform_firmwarequalcomm_215_mobile_platform_firmwaresd835_firmwareqca6595_firmwareqca6391_firmwaresnapdragon_710_mobile_platform_firmwaresa4150p_firmwarewcd9370_firmwaresm8550p_firmwarequalcomm_video_collaboration_vc5_platform_firmwaresd888_firmwarewcd9390_firmwaressg2115p_firmwaresw5100_firmwareqcs410_firmwaresnapdragon_720g_mobile_platform_firmwaresnapdragon_xr1_platform_firmware
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2023-43520
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-8.6||HIGH
EPSS-0.20% / 42.65%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 05:47
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack-based Buffer Overflow in WLAN HOST

Memory corruption when AP includes TID to link mapping IE in the beacons and STA is parsing the beacon TID to link mapping IE.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcm8550_firmwaresa6150p_firmwarewsa8845_firmwarewsa8832qcc2076_firmwareqca6595srv1mqca8081_firmwarear8035_firmwareqca6696wcd9340_firmwarewcd9395_firmwareqcc2073_firmwareqcc710_firmwareqca6564auwsa8832_firmwaresa8195p_firmwareqca8337_firmwareqca8337wcd9395qca6574au_firmwareqca6574auwcd9390flight_rb5_5g_platformwsa8845h_firmwaresa9000p_firmwaresrv1hqca6554asa8770pqca6584auqcn6274_firmwaressg2115pqcc710qfw7114_firmwareqca6595_firmwareqcs7230fastconnect_6900fastconnect_7800_firmwareqfw7114wcd9385_firmwarefastconnect_6900_firmwareqam8255p_firmwarewcd9380sa6145p_firmwareqam8255psxr2230psa8150psnapdragon_ar2_gen_1_platform_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwarewsa8845sa6155pqca6564au_firmwaresxr1230pqam8650pvideo_collaboration_vc5_platform_firmwaresa9000psnapdragon_8\+_gen_2_mobile_platformsrv1h_firmwareqca6595ausa6155p_firmwarewsa8840qca6688aqsrv1m_firmwareqcs8550_firmwareqfw7124_firmwarewcd9385snapdragon_8_gen_2_mobile_platformsa8255pqcs7230_firmwaresxr1230p_firmwarewcd9390_firmwareqcc2076ssg2125pqca6554a_firmwareqca6574asa8195pwcd9340qcs8250_firmwareqamsrv1mqam8650p_firmwarevideo_collaboration_vc5_platformsm8550p_firmwareqcm8550qca6584au_firmwareqcn6274qca6574qfw7124qrb5165n_firmwaresa8775pqca6595au_firmwareqca6391_firmwaresnapdragon_x75_5g_modem-rf_systemsxr2230p_firmwarewsa8835wsa8840_firmwaresa8775p_firmwaresnapdragon_ar2_gen_1_platformqamsrv1hqca6696_firmwarewsa8845hwcd9380_firmwaresa6150pqca6574_firmwaresa8155p_firmwareqca8081sa8155pwsa8830qam8775psm8550psa6145psa8255p_firmwareflight_rb5_5g_platform_firmwareqcc2073ar8035qca6574a_firmwareqamsrv1m_firmwaresa8650p_firmwarerobotics_rb5_platformqca6391qcn6224ssg2125p_firmwareqrb5165nsa8770p_firmwaresnapdragon_8_gen_2_mobile_platform_firmwarerobotics_rb5_platform_firmwareqcs8550fastconnect_7800sa8145p_firmwaresa8650pqam8775p_firmwareqca6688aq_firmwaresa8150p_firmwareqamsrv1h_firmwaresa8145pwsa8835_firmwaressg2115p_firmwaresnapdragon_x75_5g_modem-rf_system_firmwareqcs8250wsa8830_firmwareqcn6224_firmwareSnapdragon
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2325
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.33% / 55.32%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 17:11
Updated-04 Aug, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of boundary access due to token received from ADSP and is used without validation as an index into the array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9150_firmwaresd_632mdm9640_firmwaresd_820asd_675msm8996au_firmwaresd_439sd_670_firmwaresd_429sdx24sdm439mdm9650sd_636sd_615_firmwaremsm8909w_firmwaremsm8996ausd_820sd_450_firmwaresd_845_firmwaresd_820a_firmwareqcs605_firmwaresd_675_firmwaremdm9206sd_425_firmwaresd_665sdx24_firmwaresd_625_firmwaresd_450sd_845mdm9206_firmwareqcs605sd_632_firmwaresd_835_firmwaremdm9650_firmwaresd_835sda660sd_210_firmwaresd_415_firmwaremsm8909wsd_665_firmwaresd_616_firmwaresd_205_firmwaresd_415sd_212sd_427_firmwaresd_712sd_855sd_730_firmwarequalcomm_215sdx20sd_616sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435sd_615sd_710_firmwaresdm630qcs405sd_625sd_820_firmwaresd_210mdm9607sd_636_firmwaresd_439_firmwarequalcomm_215_firmwaremdm9150sd_429_firmwaresd_730sd_212_firmwaresd_850_firmwaresd_855_firmwaresdm439_firmwareqcs405_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaresd_430sd_427sd_670sd_435_firmwaresdx20_firmwaresd_710sd_205sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2019-2317
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.24% / 47.68%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 08:56
Updated-04 Aug, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The secret key used to make the Initial Sequence Number in the TCP SYN packet could be brute forced and therefore can be predicted in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, Nicobar, QCM2150, QM215, SC8180X, SDM429, SDM439, SDM450, SDM632, SDX24, SDX55, SM6150, SM7150, SM8150

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-msm8920qcm2150_firmwaremsm8953sdm450sdm632_firmwaresdm450_firmwaresdm632qcm2150msm8920_firmwaresdm439sdx24sc8180x_firmwaresdm429msm8940_firmwaresm7150_firmwaresm6150qm215sm7150msm8917msm8937sc8180xmsm8905sm8150_firmwaremsm8909sdx24_firmwaresdm439_firmwareqm215_firmwaresdx55msm8940msm8953_firmwaresm6150_firmwaremsm8917_firmwaremsm8937_firmwaresdm429_firmwaresm8150msm8905_firmwaresdx55_firmwarenicobar_firmwaremsm8909_firmwarenicobarSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2019-2332
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.33% / 55.32%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 17:11
Updated-04 Aug, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption while accessing the memory as payload size is not validated before access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9150_firmwaresd_632mdm9640_firmwaresd_820asd_675msm8996au_firmwaresd_439sd_670_firmwaresd_429sdx24sdm439mdm9650sd_636sd_615_firmwaremsm8909w_firmwaremsm8996ausd_820sd_450_firmwaresd_845_firmwaresd_820a_firmwareqcs605_firmwaresd_675_firmwaremdm9206sd_425_firmwaresd_665sdx24_firmwaresd_625_firmwaresd_450mdm9615sd_845mdm9206_firmwareqcs605sd_632_firmwaresd_835_firmwaremdm9650_firmwaresd_835sda660sd_210_firmwaresd_600sd_415_firmwaremsm8909wsd_665_firmwaresd_616_firmwaresd_205_firmwaresd_415sd_212sd_427_firmwaresd_712sd_855sd_730_firmwarequalcomm_215sdx20sd_616sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435sd_615sd_710_firmwaresdm630qcs405sd_625sd_820_firmwaresd_210mdm9607sd_636_firmwaresd_439_firmwarequalcomm_215_firmwaremdm9150sd_429_firmwaresd_730sd_212_firmwaresd_850_firmwaresd_855_firmwaresdm439_firmwareqcs405_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaresd_430sd_427sd_670sd_435_firmwaremdm9615_firmwaresdx20_firmwaresd_710sd_600_firmwaresd_205sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2294
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.33% / 55.32%
||
7 Day CHG~0.00%
Published-30 Sep, 2019 | 15:40
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Usage of hard-coded magic number for calculating heap guard bytes can allow users to corrupt heap blocks without heap algorithm knowledge in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850sd_632mdm9635m_firmwaresd_820asd_675msm8996au_firmwaresd_439sd_670_firmwaresd_429sdm439sd_636snapdragon_high_med_2016_firmwaremsm8909w_firmwaremsm8996ausd_820sd_650sd_450_firmwaresd_845_firmwaresd_410sd_820a_firmwareqcs605_firmwaresd_675_firmwaremdm9206sd_652sd_425_firmwaresd_665sd_625_firmwaresd_450mdm9635msd_8cx_firmwaremdm9615mdm9205mdm9206_firmwaresd_845qcs605sd_632_firmwaresd_835_firmwaresd_835sda660sxr1130_firmwaresd_210_firmwaresd_652_firmwaresxr1130msm8909wsd_665_firmwaresd_205_firmwaresd_212sd_650_firmwaresd_427_firmwaresd_712sd_855sd_730_firmwaresd_412qualcomm_215sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435mdm9655_firmwaresd_710_firmwaresdm630sd_625sd_820_firmwaresd_210mdm9607sd_636_firmwaremdm9625_firmwaresd_439_firmwarequalcomm_215_firmwaresd_429_firmwaresd_730snapdragon_high_med_2016sd_212_firmwaresd_850_firmwaremdm9655sdm439_firmwaresd_412_firmwaresd_712_firmwaresdm630_firmwaremdm9205_firmwaresda660_firmwaremdm9625sd_8cxsd_430sd_427sd_670sd_435_firmwaremdm9615_firmwaresd_710sd_410_firmwaresd_205sdm660_firmwaresd_855_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2019-2307
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.64% / 69.53%
||
7 Day CHG~0.00%
Published-25 Jul, 2019 | 16:33
Updated-04 Aug, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible integer underflow due to lack of validation before calculation of data length in 802.11 Rx management configuration in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX20, SDX24

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaresd_850mdm9150_firmwaremdm9640_firmwaresd_820asd_675msm8996au_firmwaresd_670_firmwaresdx24mdm9650sd_636msm8996ausd_820sd_450_firmwaresd_845_firmwaresd_820a_firmwareqcs605_firmwaresd_675_firmwaremdm9206sd_425_firmwareqca9379_firmwareqca6174asd_665sdx24_firmwaresd_625_firmwaresd_450qca9377sd_845mdm9206_firmwareqcs605sd_835_firmwaremdm9650_firmwaresd_835qca6574au_firmwaresd_210_firmwaresd_600sd_665_firmwaresd_205_firmwaresd_212sd_427_firmwaresd_712sd_855sd_730_firmwaresdx20sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435sd_710_firmwaresdm630qcs405sd_625qca6574ausd_820_firmwaresd_210mdm9607sd_636_firmwaremdm9150qca6174a_firmwaresd_730sd_212_firmwaresd_850_firmwaresd_855_firmwareqcs405_firmwaresd_712_firmwaresdm630_firmwaresd_430sd_427sd_670sd_435_firmwaresdx20_firmwaresd_710sd_600_firmwaresd_205qca9379sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2019-2245
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.33% / 55.32%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 16:44
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible integer underflow can happen when calculating length of elementary stream map from invalid packet length which is later used to read from input buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SM7150, Snapdragon_High_Med_2016

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850sd_632sd_820asd_675msm8996au_firmwaresd_439sd_670_firmwaresd_429sdm439mdm9650sd_636sm7150_firmwaresd_615_firmwaresnapdragon_high_med_2016_firmwaremsm8909w_firmwaremsm8996ausd_820sd_450_firmwaresd_845_firmwaresm7150sd_820a_firmwareqcs605_firmwaresd_675_firmwaremdm9206sd_425_firmwaresd_625_firmwaresd_450sd_845mdm9206_firmwareqcs605sd_632_firmwaresd_835_firmwaremdm9650_firmwaresd_835sda660sd_210_firmwaresd_600sd_415_firmwaremsm8909wsd_616_firmwaresd_205_firmwaresd_415sd_212sd_427_firmwaresd_712sd_855sdx20sd_616sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435sd_615sd_710_firmwaresdm630sd_625qm215sd_820_firmwaresd_210mdm9607sd_636_firmwaresd_439_firmwaresd_429_firmwaresnapdragon_high_med_2016sd_212_firmwaresd_850_firmwaresdm439_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwareqm215_firmwaresd_430sd_427sd_670sd_435_firmwaresdx20_firmwaresd_710sd_600_firmwaresd_205sdm660_firmwaresd_855_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2019-2311
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.13%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 08:56
Updated-04 Aug, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer overflow in WLAN handler due to lack of validation of destination buffer size before copying it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996, MSM8996AU, MSM8998, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9886, QCS605, SA6155P, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwareapq8096_firmwaremdm9640_firmwaremsm8996au_firmwaresdm845apq8096sdx24mdm9650sm7150_firmwaresm6150qca6574msm8996ausm7150apq8009_firmwaresdm670qcs605_firmwaremdm9206qca9379_firmwareqca6174asdm670_firmwaresdx24_firmwareqca6584au_firmwareipq8074sdm636sda845_firmwareqca9377apq8098mdm9206_firmwareqca6574_firmwareqca9886qcs605qca6584_firmwaremdm9650_firmwareqca6584qca6574au_firmwaresda660sxr1130_firmwareqca8081_firmwaresxr1130apq8009apq8053_firmwaresda845sdm850_firmwareqca6584ausa6155p_firmwaresdm636_firmwaresdm845_firmwareapq8098_firmwaresdx20msm8998_firmwaresdm660sdm630mdm9607_firmwareipq8074_firmwareqca6574ausdm710mdm9607apq8017_firmwaresdm710_firmwaresa6155pqca8081mdm9207c_firmwaremsm8996_firmwaremdm9207cqca6174a_firmwareqca9886_firmwaresm8150_firmwareapq8096ausdm630_firmwaresda660_firmwareapq8053sm6150_firmwareapq8096au_firmwaremsm8998sm8150sdx20_firmwaresdm850apq8017msm8996qca9379sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-2268
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.34% / 55.81%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 14:38
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible OOB read issue in P2P action frames while handling WLAN management frame in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8996AU, MSM8998, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS405, QCS605, SDA660, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaresdm636_firmwaremsm8996au_firmwareapq8098_firmwaresdm845sdx20msm8998_firmwaresdm660sdm630mdm9607_firmwaremdm9650qcs405qca6574ausdm710sm6150mdm9607msm8996auapq8017_firmwaresdm710_firmwareapq8009_firmwaresdm670qcs605_firmwaremdm9207c_firmwaremdm9206mdm9207cqca6174a_firmwareqca6174aqca9379_firmwaresdm670_firmwareapq8096ausdm636qcs405_firmwareqca9377sdm630_firmwareapq8098sda660_firmwaremdm9206_firmwareqcs605apq8053apq8096au_firmwaresm6150_firmwaremdm9650_firmwaremsm8998sdx20_firmwareqca6574au_firmwaresda660apq8017apq8009qca9379apq8053_firmwaresdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-2242
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.38% / 58.57%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 05:25
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Device memory may get corrupted because of buffer overflow/underflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8016, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SM6150, SM7150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwaremdm9635m_firmwareapq8096_firmwaremdm9640_firmwareqcm2150_firmwaresdm632_firmwaremsm8996au_firmwaresdm845sdm450_firmwaresdm632apq8096sdm439mdm9650sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996aumdm9645sm7150apq8009_firmwaremsm8917sdm670qcs605_firmwaresdm670_firmwaresdm636sda845_firmwaremdm9635mapq8098mdm9615msm8939qcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaremsm8905_firmwaresda660sxr1130_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwaresda845nicobarsdm850_firmwaremsm8920msm8953sdm450sdm636_firmwaresdm845_firmwareapq8098_firmwaresdx20msm8998_firmwareqcm2150apq8016_firmwaresdm630mdm9607_firmwaremsm8920_firmwaremdm9655_firmwaresdm660sdm710qm215mdm9607mdm9645_firmwareapq8017_firmwaremdm9625_firmwaresdm710_firmwaremsm8939_firmwaremdm9150msm8937msm8905msm8909mdm9655apq8096ausdm439_firmwaresdm630_firmwaresda660_firmwaremdm9625apq8016qm215_firmwaremsm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaremdm9615_firmwaremsm8998sdx20_firmwaresdm850apq8017nicobar_firmwaresdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-2324
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.25% / 48.31%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 17:11
Updated-04 Aug, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When ADSP is compromised, the audio port index that`s returned from ADSP might be out of the valid range and leads to out of boundary access in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 845 / SD 850, SD 855, SDX20, SDX24

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9150_firmwaremdm9640_firmwaresd_820asd_675sd_670_firmwaresdx24mdm9650sd_615_firmwaremsm8909w_firmwaresd_820sd_450_firmwaresd_845_firmwaresd_820a_firmwaresd_675_firmwaremdm9206sd_425_firmwaresd_665sdx24_firmwaresd_625_firmwaresd_450mdm9615sd_845mdm9206_firmwaremdm9640mdm9650_firmwaresd_210_firmwaresd_600sd_415_firmwaremsm8909wsd_665_firmwaresd_616_firmwaresd_205_firmwaresd_415sd_212sd_427_firmwaresd_712sd_855sd_730_firmwaresdx20sd_616sd_425sd_430_firmwaremdm9607_firmwaresd_435sd_615sd_710_firmwaresd_625sd_210mdm9607sd_820_firmwaremdm9150sd_730sd_212_firmwaresd_850_firmwaresd_712_firmwaresd_427sd_430sd_670sd_435_firmwaremdm9615_firmwaresd_710sdx20_firmwaresd_600_firmwaresd_205sd_855_firmwareSnapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-2327
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.13%
||
7 Day CHG~0.00%
Published-25 Jul, 2019 | 16:33
Updated-04 Aug, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer overflow can occur when playing clip with incorrect element size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9150_firmwaresd_632sd_820asd_675msm8996au_firmwaresd_439sd_670_firmwaresd_429sdm439mdm9650sd_636sd_615_firmwaresnapdragon_high_med_2016_firmwaremsm8996ausd_820sd_450_firmwaresd_845_firmwaresd_820a_firmwareqcs605_firmwaresd_675_firmwaremdm9206sd_425_firmwaresd_665sd_625_firmwaresd_450sd_845mdm9206_firmwareqcs605sd_632_firmwaresd_835_firmwaremdm9650_firmwaresd_835sda660sd_210_firmwaresd_600sd_415_firmwaremsm8909_firmwaresd_665_firmwaresd_616_firmwaresd_205_firmwaresd_415sd_212sd_427_firmwaresd_712sd_855sd_730_firmwarequalcomm_215sdx20sd_616sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435sd_615sd_710_firmwaresdm630qcs405sd_625sd_820_firmwaresd_210mdm9607sd_636_firmwaresd_439_firmwarequalcomm_215_firmwaremdm9150sd_429_firmwaresd_730snapdragon_high_med_2016sd_212_firmwaresd_850_firmwaremsm8909sdm439_firmwareqcs405_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaresd_430sd_427sd_670sd_435_firmwaresdx20_firmwaresd_710sd_600_firmwaresd_205sdm660_firmwaresd_855_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-2276
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.27% / 49.77%
||
7 Day CHG~0.00%
Published-25 Jul, 2019 | 16:33
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible out of bound read occurs while processing beaconing request due to lack of check on action frames received from user controlled space in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS405, QCS605, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX24

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_712qca9377_firmwaresd_850sd_855sd_730_firmwaresd_820asd_675msm8996au_firmwaresd_670_firmwaresdm660sdx24sdm630mdm9607_firmwaresd_710_firmwaresd_636qcs405qca6574aumdm9607msm8996ausd_636_firmwaresd_845_firmwaresd_820a_firmwareqcs605_firmwaresd_675_firmwareqca6174a_firmwareqca6174aqca9379_firmwaresd_665sd_730sd_850_firmwaresdx24_firmwareqcs405_firmwareqca9377sd_712_firmwaresdm630_firmwaresd_845qcs605sd_670sd_710qca6574au_firmwareqca9379sd_665_firmwaresdm660_firmwaresd_855_firmwareSnapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-2285
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.33% / 55.32%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 17:11
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound write issue is observed while giving information about properties that have been set so far for playing video in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850sd_632sd_820asd_675msm8996au_firmwaresd_439sd_670_firmwaresd_429sdm439sd_636snapdragon_high_med_2016_firmwaremsm8909w_firmwaremsm8996ausd_820sd_450_firmwaresd_845_firmwaresd_820a_firmwareqcs605_firmwaresd_675_firmwaresd_425_firmwaresd_665sd_625_firmwaresd_450sd_8cx_firmwaresd_845qcs605sd_632_firmwaresd_835_firmwaresd_835sda660sxr1130_firmwaresd_210_firmwaresxr1130msm8909wsd_665_firmwaresd_205_firmwaresd_212sd_427_firmwaresd_712sd_855sd_730_firmwarequalcomm_215sd_425sdm660sd_430_firmwaresd_710_firmwaresd_435sdm630sd_625sd_210sd_820_firmwaresd_636_firmwaresd_439_firmwarequalcomm_215_firmwaresd_429_firmwaresd_730snapdragon_high_med_2016sd_212_firmwaresd_850_firmwaresdm439_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaresd_8cxsd_427sd_430sd_670sd_435_firmwaresd_710sd_205sdm660_firmwaresd_855_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2258
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.25% / 48.31%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 17:11
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation of array index causes OOB write and then leads to memory corruption in MMCP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9150_firmwaresd_632mdm9635m_firmwaremdm9640_firmwaresd_820asd_675msm8996au_firmwaresd_439sd_670_firmwaresd_429sdm439mdm9650sd_636sd_615_firmwaresnapdragon_high_med_2016_firmwaremsm8909w_firmwaremsm8996ausd_820sd_650sd_450_firmwaresd_845_firmwaresd_820a_firmwareqcs605_firmwaresd_675_firmwaresd_652sd_425_firmwaresd_665sd_625_firmwaresd_450mdm9635msd_8cx_firmwaremdm9615sd_845qcs605sd_632_firmwaresd_835_firmwaremdm9650_firmwaresd_835sda660sxr1130_firmwaresd_210_firmwaresd_415_firmwaresd_652_firmwaresxr1130msm8909wsd_665_firmwaresd_616_firmwaresd_205_firmwaresd_415sd_212sd_650_firmwaresd_427_firmwaresd_712sd_855sd_730_firmwarequalcomm_215sdx20sd_616sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435mdm9655_firmwaresd_615sd_710_firmwaresdm630sd_625sd_820_firmwaresd_210mdm9607sd_636_firmwaremdm9625_firmwaresd_439_firmwarequalcomm_215_firmwaremdm9150sd_429_firmwaresd_730snapdragon_high_med_2016sd_212_firmwaresd_850_firmwaremdm9655sdm439_firmwaresd_855_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaremdm9625sd_8cxsd_430sd_427sd_670sd_435_firmwaremdm9615_firmwaresdx20_firmwaresd_710sd_205sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-129
Improper Validation of Array Index
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2303
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.29% / 52.31%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 14:38
Updated-04 Aug, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SNDCP module may access array out side its boundary when it receives malformed XID message. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwaremdm9635m_firmwareqcm2150_firmwaremdm9640_firmwaresdm632_firmwaremsm8996au_firmwaresdm845sdm450_firmwaresdm632sdx24sdm439mdm9650sdm429msm8940_firmwaresm7150_firmwaresnapdragon_high_med_2016_firmwaresm6150msm8909w_firmwaremsm8976_firmwaremsm8996ausm7150apq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwaresc8180xmdm9206sdm670_firmwaresdx24_firmwaresdm636sda845_firmwaremdm9635mapq8098mdm9615mdm9205mdm9206_firmwaremsm8939qcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaremsm8905_firmwaresda660sdx55_firmwaresxr1130_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwaresda845nicobarsdm850_firmwaremsm8920msm8953sdm450sdm636_firmwaresdm845_firmwareapq8098_firmwaresdx20msm8998_firmwareqcm2150msm8920_firmwaresdm630mdm9607_firmwaresm8250_firmwaremdm9655_firmwaresdm660sc8180x_firmwaresdm710qm215mdm9607apq8017_firmwaremdm9625_firmwaresdm710_firmwaremsm8939_firmwaremdm9150msm8937msm8905snapdragon_high_med_2016sm8150_firmwaremsm8909sxr2130_firmwaremdm9655apq8096ausdm439_firmwaresdm630_firmwaremdm9205_firmwaresda660_firmwaremdm9625qm215_firmwaremsm8976sdx55msm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaresm8250msm8998sm8150sdx20_firmwaresdm850mdm9615_firmwareapq8017nicobar_firmwaresdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-2283
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.31% / 53.80%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 17:11
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation of read and write index of tx and rx fifo`s before calculating pointer can lead to out-of-bound access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9150_firmwaresd_632mdm9640_firmwaresd_820asd_675msm8996au_firmwaresd_439sd_670_firmwaresd_429sdx24sdm439mdm9650sd_636msm8909w_firmwaremsm8996ausd_820sd_450_firmwaresd_845_firmwaresd_820a_firmwareqcs605_firmwaresd_675_firmwaremdm9206sd_425_firmwaresdx24_firmwaresd_625_firmwaresd_450sd_845mdm9206_firmwareqcs605sd_632_firmwaresd_835_firmwaremdm9650_firmwaresd_835sda660sd_210_firmwaremsm8909wsd_205_firmwaresd_212sd_427_firmwaresd_712sd_855sd_730_firmwarequalcomm_215sdx20sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435sd_710_firmwaresdm630sd_625sd_820_firmwaresd_210mdm9607sd_636_firmwaresd_439_firmwarequalcomm_215_firmwaremdm9150sd_429_firmwaresd_730sd_212_firmwaresd_850_firmwaresd_855_firmwaresdm439_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaresd_430sd_427sd_670sd_435_firmwaresdx20_firmwaresd_710sd_205sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-2249
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.48% / 64.26%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 17:11
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Kernel can do a memory read from arbitrary address passed by user during execution of a syscall in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9205, MDM9650, QCA8081, QCS605, SD 427, SD 435, SD 450, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_427_firmwaresd_712sd_850sd_855sd_730_firmwaresd_675sdx20sd_670_firmwaresdm660sdm630sd_710_firmwaresd_435mdm9650sd_636sd_625ipq8074_firmwaresnapdragon_high_med_2016_firmwaresd_636_firmwaresd_450_firmwaresd_845_firmwareqca8081qcs605_firmwaresd_675_firmwaresd_730snapdragon_high_med_2016sd_665sd_850_firmwaresd_625_firmwareipq8074sd_450sd_712_firmwaresdm630_firmwaremdm9205_firmwaresd_8cx_firmwaresda660_firmwaremdm9205sd_845sd_427qcs605sd_8cxsd_670sd_435_firmwaresd_835_firmwaremdm9650_firmwaresd_710sdx20_firmwaresd_835sda660sxr1130_firmwareqca8081_firmwaresxr1130sd_665_firmwaresdm660_firmwaresd_855_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-2252
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.20% / 78.10%
||
7 Day CHG~0.00%
Published-30 Sep, 2019 | 15:40
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Classic buffer overflow vulnerability while playing the specific video whose Decode picture buffer size is more than 16 in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850sd_632sd_820asd_675msm8996au_firmwaresd_439sd_670_firmwaresd_429sdm439mdm9650sd_636snapdragon_high_med_2016_firmwaremsm8909w_firmwaremsm8996ausd_820sd_450_firmwaresd_845_firmwaresd_820a_firmwareqcs605_firmwaresd_675_firmwaresd_425_firmwaresd_665sd_625_firmwaresd_450sd_8cx_firmwaresd_845qcs605sd_632_firmwaresd_835_firmwaremdm9650_firmwaresd_835sda660sxr1130_firmwaresd_210_firmwaresxr1130msm8909wsd_665_firmwaresd_205_firmwaresd_212sd_427_firmwaresd_712sd_855qualcomm_215sd_425sdm660sd_430_firmwaresd_710_firmwaresd_435sdm630sd_625sd_210sd_820_firmwaresd_636_firmwaresd_439_firmwarequalcomm_215_firmwaresd_429_firmwaresnapdragon_high_med_2016sd_212_firmwaresd_850_firmwaresdm439_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaresd_8cxsd_427sd_430sd_670sd_435_firmwaresd_710sd_205sdm660_firmwaresd_855_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-14004
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.13%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 06:30
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow occurs while processing invalid MKV clip, which has invalid EBML size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632sdm439sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996ausdm429w_firmwaresm7150apq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwaremdm9206sdm670_firmwaresdm636sda845_firmwareapq8098mdm9206_firmwaremsm8939qcs605msm8937_firmwaresdm429_firmwaremsm8905_firmwaresda660sxr1130_firmwareapq8064_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwaresda845nicobarsa6155p_firmwaremsm8920msm8953sdm450sdm636_firmwareapq8064apq8098_firmwaresdx20msm8998_firmwaresdm660msm8920_firmwaresdm630mdm9607_firmwaresm8250_firmwaresdm710qm215mdm9607apq8017_firmwaresdm710_firmwaremsm8939_firmwaresa6155pmsm8937mdm9207c_firmwaremsm8996_firmwaremsm8905mdm9207csm8150_firmwaremsm8909sxr2130_firmwareapq8096ausdm439_firmwarerennellsdm630_firmwaresda660_firmwarerennell_firmwareqm215_firmwaremsm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaresm8250msm8998sm8150sdx20_firmwareapq8017msm8996nicobar_firmwaresdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-2302
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.40% / 60.01%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 17:11
Updated-04 Aug, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

While processing vendor command which contains corrupted channel count, an integer overflow occurs and finally will lead to heap overflow. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8976, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS405, QCS605, SDA845, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM8150

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaremdm9640_firmwaresdm636_firmwaresdm845_firmwaremsm8996au_firmwaresdm845sdx20sdm660sdx24mdm9607_firmwaremdm9650qcs405qca6574ausdm710msm8909w_firmwaremdm9607msm8976_firmwaremsm8996ausm6150apq8017_firmwaresdm710_firmwareqcn7605_firmwaresdm670qcs605_firmwaremdm9207c_firmwaremdm9206msm8905mdm9207cqca6174a_firmwareqca6174aqca9379_firmwaresdm670_firmwaresm8150_firmwaremsm8909sdx24_firmwareapq8096ausdm636qcs405_firmwareqca9377sda845_firmwareqcn7605mdm9206_firmwareqcs605msm8976apq8053apq8096au_firmwaresm6150_firmwaremdm9650_firmwaresm8150sdx20_firmwaremsm8905_firmwareqca6574au_firmwareapq8017msm8909wqca9379msm8909_firmwareapq8053_firmwaresdm660_firmwaresda845mdm9640Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-20607
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.23% / 45.79%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 19:20
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (MSM8996, MSM8998, Exynos7420, Exynos7870, Exynos8890, and Exynos8895 chipsets) software. A heap overflow in the keymaster Trustlet allows attackers to write to TEE memory, and achieve arbitrary code execution. The Samsung ID is SVE-2019-14126 (May 2019).

Action-Not Available
Vendor-n/aGoogle LLCQualcomm Technologies, Inc.Samsung
Product-msm8998androidexynos_7870msm8996exynos_8890exynos_8895exynos_7420n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20556
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 35.76%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 18:23
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with P(9.0) (SM6150, SM8150, SM8150_FUSION, exynos7885, exynos9610, and exynos9820 chipsets) software. RKP memory corruption allows attackers to control the effective address in EL2. The Samsung ID is SVE-2019-15221 (October 2019).

Action-Not Available
Vendor-n/aGoogle LLCQualcomm Technologies, Inc.Samsung
Product-exynos_9610sm6150sm8150androidexynos_7885sm8150_fusionexynos_9820n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-11010
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.58% / 68.09%
||
7 Day CHG~0.00%
Published-30 Mar, 2018 | 15:00
Updated-17 Sep, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 625, SD 650/52, SD 835, access control left a configuration space unprotected.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidSnapdragon IoT, Snapdragon Mobile
CVE-2019-20553
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 35.76%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 18:20
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with P(9.0) (SM6150, SM8150, SM8150_FUSION, exynos7885, exynos9610, and exynos9820 chipsets) software. Arbitrary memory read and write operations can occur in RKP. The Samsung ID is SVE-2019-15143 (October 2019).

Action-Not Available
Vendor-n/aGoogle LLCQualcomm Technologies, Inc.Samsung
Product-exynos_9610sm6150sm8150androidexynos_7885sm8150_fusionexynos_9820n/a
CVE-2019-20590
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 35.76%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 19:01
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with O(8.x) (Qualcomm chipsets) software. There is an integer underflow in the Secure Storage Trustlet. The Samsung ID is SVE-2019-13952 (July 2019).

Action-Not Available
Vendor-n/aQualcomm Technologies, Inc.Google LLC
Product-sdm660androidn/a
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2017-11006
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 32.36%
||
7 Day CHG~0.00%
Published-05 Dec, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Use After Free condition can occur during positioning.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-416
Use After Free
CVE-2017-11005
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 32.36%
||
7 Day CHG~0.00%
Published-05 Dec, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Use After Free condition can occur during a deinitialization path.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-416
Use After Free
CVE-2019-14052
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.33% / 55.32%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Accessing an uninitialized data structure could result in partially copying of contents and thus incorrect processing' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QCS610, QM215, SA415M, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwaremdm9635m_firmwareqcm2150_firmwaremdm9640_firmwareqcs610sdm632_firmwaremsm8996au_firmwaresdm845sdm450_firmwaresdm632sdx24sdm439mdm9650sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996aumdm9645sm7150apq8009_firmwaremsm8917sdm670qcs605_firmwaresc8180xmdm9206sdm670_firmwaresdx24_firmwaresdm636sda845_firmwaresa415mmdm9635mapq8098mdm9615mdm9206_firmwareqcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaremsm8905_firmwaresda660sxr1130_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwaresda845nicobarsdm850_firmwaremsm8920msm8953sdm450sdm636_firmwaresdm845_firmwareapq8098_firmwaresdx20msm8998_firmwareqcm2150msm8920_firmwaresdm630mdm9607_firmwaresdm660mdm9655_firmwaresc8180x_firmwaresa415m_firmwaresdm710qm215mdm9607mdm9645_firmwareapq8017_firmwaremdm9625_firmwaresdm710_firmwareqcs610_firmwaremdm9150msm8937msm8905sm8150_firmwaremsm8909mdm9655apq8096ausdm439_firmwaresdm630_firmwaresda660_firmwaremdm9625qm215_firmwaremsm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaremdm9615_firmwaremsm8998sm8150sdx20_firmwaresdm850apq8017nicobar_firmwaresdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-908
Use of Uninitialized Resource
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 11
  • 12
  • Next
Details not found