Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-11208

Summary
Assigner-qualcomm
Assigner Org ID-2cfc7d3e-20d3-47ac-8db7-1b7285aff15f
Published At-12 Nov, 2020 | 10:00
Updated At-04 Aug, 2024 | 11:28
Rejected At-
Credits

Out of Bound issue in DSP services while processing received arguments due to improper validation of length received as an argument' in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:qualcomm
Assigner Org ID:2cfc7d3e-20d3-47ac-8db7-1b7285aff15f
Published At:12 Nov, 2020 | 10:00
Updated At:04 Aug, 2024 | 11:28
Rejected At:
▼CVE Numbering Authority (CNA)

Out of Bound issue in DSP services while processing received arguments due to improper validation of length received as an argument' in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439

Affected Products
Vendor
Qualcomm Technologies, Inc.Qualcomm, Inc.
Product
Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile
Versions
Affected
  • SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439
Problem Types
TypeCWE IDDescription
textN/ABuffer Overflow in DSP Process
Type: text
CWE ID: N/A
Description: Buffer Overflow in DSP Process
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin
x_refsource_CONFIRM
https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/
x_refsource_MISC
https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/
x_refsource_MISC
Hyperlink: https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin
Resource:
x_refsource_CONFIRM
Hyperlink: https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/
Resource:
x_refsource_MISC
Hyperlink: https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin
x_refsource_CONFIRM
x_transferred
https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/
x_refsource_MISC
x_transferred
https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/
x_refsource_MISC
x_transferred
Hyperlink: https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@qualcomm.com
Published At:12 Nov, 2020 | 10:15
Updated At:19 Oct, 2022 | 15:43

Out of Bound issue in DSP services while processing received arguments due to improper validation of length received as an argument' in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.07.2HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.2
Base severity: HIGH
Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Qualcomm Technologies, Inc.
qualcomm
>>sd820_firmware>>-
cpe:2.3:o:qualcomm:sd820_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd820>>-
cpe:2.3:h:qualcomm:sd820:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd821_firmware>>-
cpe:2.3:o:qualcomm:sd821_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd821>>-
cpe:2.3:h:qualcomm:sd821:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qcs603_firmware>>-
cpe:2.3:o:qualcomm:qcs603_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qcs603>>-
cpe:2.3:h:qualcomm:qcs603:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qcs605_firmware>>-
cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qcs605>>-
cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sda855_firmware>>-
cpe:2.3:o:qualcomm:sda855_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sda855>>-
cpe:2.3:h:qualcomm:sda855:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sa6155p_firmware>>-
cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sa6155p>>-
cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sa6145p_firmware>>-
cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sa6145p>>-
cpe:2.3:h:qualcomm:sa6145p:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sa6155_firmware>>-
cpe:2.3:o:qualcomm:sa6155_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sa6155>>-
cpe:2.3:h:qualcomm:sa6155:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sa6155p_firmware>>-
cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sa6155p>>-
cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd855_firmware>>-
cpe:2.3:o:qualcomm:sd855_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd855>>-
cpe:2.3:h:qualcomm:sd855:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd675_firmware>>-
cpe:2.3:o:qualcomm:sd675_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd675>>-
cpe:2.3:h:qualcomm:sd675:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd660_firmware>>-
cpe:2.3:o:qualcomm:sd660_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd660>>-
cpe:2.3:h:qualcomm:sd660:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd429_firmware>>-
cpe:2.3:o:qualcomm:sd429_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd429>>-
cpe:2.3:h:qualcomm:sd429:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd439_firmware>>-
cpe:2.3:o:qualcomm:sd439_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd439>>-
cpe:2.3:h:qualcomm:sd439:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-191Primarynvd@nist.gov
CWE ID: CWE-191
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/product-security@qualcomm.com
Third Party Advisory
https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/product-security@qualcomm.com
Exploit
Third Party Advisory
https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletinproduct-security@qualcomm.com
Vendor Advisory
Hyperlink: https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/
Source: product-security@qualcomm.com
Resource:
Third Party Advisory
Hyperlink: https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/
Source: product-security@qualcomm.com
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin
Source: product-security@qualcomm.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1088Records found
CVE-2023-33059
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.11%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 05:26
Updated-16 Dec, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy Without Checking Size of Input in Audio

Memory corruption in Audio while processing the VOC packet data from ADSP.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm429w_firmwaresnapdragon_x20_lte_modemsd865_5gqca6595snapdragon_xr1_platformqca8081_firmwaresnapdragon_653_mobile_platformsm7250-absnapdragon_x50_5g_modem-rf_systemwcd9340_firmwareapq8056wcd9395_firmwaresdm845qcc710_firmwareqca6426wcn3610sa4150psm7325-ae_firmwareqca8337qca6426_firmwarewcd9395qca6574au_firmwarewcn785x-5qca6564_firmwareqam8295pwcd9341sd626_firmwaresnapdragon_x12_lte_modemwsa8810_firmwaresd730_firmwarewsa8845h_firmwareapq8052sdm670sm8150-acsm6375_firmwaresd835_firmwaresm7150-acvideo_collaboration_vc1_platform_firmwaresa4155psd821sm6375msm8108sm7250-aa_firmwareqsm8250_firmwarevideo_collaboration_vc1_platformwcd9385_firmwareqca6421qca6310snapdragon_630_mobile_platformqcs603_firmwarewcd9360apq8053-aa_firmwaresd821_firmwaresa6155psm7150-ac_firmwareqca6564au_firmwaresd820qam8650pvideo_collaboration_vc5_platform_firmwareapq8052_firmwaresm7325_firmwaresa6155p_firmwaremdm9640_firmwaresdm429_firmwareqca6390_firmwaresd835snapdragon_632_mobile_platform_firmwaresdm429qca6436_firmwaresnapdragon_wear_4100\+_platform_firmwaresnapdragon_8_gen_2_mobile_platformsnapdragon_7c\+_gen_3_compute_firmwaresm4125_firmwaresm8250-ac_firmwareqca6420qca6174_firmwarewcn3910apq8064au_firmwarecsrb31024qca9367snapdragon_wear_3100_platform_firmwaresnapdragon_845_mobile_platformmdm9250_firmwaresnapdragon_x55_5g_modem-rf_system_firmwarewcn3660bqca6574asm7325-aewcn3620_firmwareqca6174aqca6584_firmwarewcd9340qcs8250_firmwareqcm2290snapdragon_630_mobile_platform_firmwaresm6150-acsm6225sm8150-ac_firmwaresm8550p_firmwarewcn3998_firmwareqcm8550snapdragon_x20_lte_modem_firmwarewcn3988apq8076qca6574sm7325-afsnapdragon_x75_5g_modem-rf_systemsdm710_firmwareqcs410qcm2290_firmwaresa8155pwsa8830sm8550psa6145papq8056_firmwaresa8255p_firmwarewcn785x-1_firmwaremsm8996auqrb5165m_firmwarewcn3620snapdragon_208_processor_firmwaresnapdragon_x5_lte_modemapq8064auqm215_firmwarewcn3950_firmwaresnapdragon_632_mobile_platformqrb5165nsm7325p_firmwarewcd9360_firmwaresmart_audio_400_platforms820a_firmwarevideo_collaboration_vc3_platform_firmwaresd670_firmwaresm7150-aaqcn6224_firmwareqca6431sd660_firmwareqca4020_firmwareqca9379_firmwaresm6350sxr2130_firmwarear8035_firmwareapq8009_firmwaresnapdragon_653_mobile_platform_firmwareqrb5165msnapdragon_w5\+_gen_1_wearable_platform_firmwareqca6320qca4024_firmwaresd888_firmwaresnapdragon_662_mobile_platform_firmwareqcs6125_firmwareqcn9074wsa8815_firmwaresm8250-abqca8337_firmwaresnapdragon_x12_lte_modem_firmwaresm7325sm8350-ac_firmwaresm7250p_firmwarewcn3680_firmwarewcn785x-5_firmwarewcn3950sm4250-aaqca6797aq_firmwaresm4350_firmwaresm7350-ab_firmwaresnapdragon_617_processorwcn3991sa8295p_firmwaresd_675_firmwaresa4155p_firmwaresm7250pcsrb31024_firmwaresa8155sm7150-aa_firmwaresnapdragon_845_mobile_platform_firmwaresd888wcn685x-5qca6310_firmwaresd626qcs7230sm8250-acs820awcd9371snapdragon_xr2_5g_platform_firmwaresm7350-abqrb5165_firmwaresm8350_firmwarevideo_collaboration_vc3_platformsnapdragon_212_mobile_platformqca6431_firmwaresm7225_firmwaresm6125qca6698aq_firmwareqcs22908998_firmwareqcs2290_firmwarewcn3615qca9367_firmwarewcn3680sa8255pqcs7230_firmwarewcd9390_firmwarewcn6750qca6430wcn6750_firmwaremdm9650snapdragon_auto_5g_modem-rfsnapdragon_208_processorsm7250-ab_firmware9206_lte_modem_firmwaremsm8108_firmwarecsra6640_firmwaresm4350qam8650p_firmwarewcn3998video_collaboration_vc5_platformqca6420_firmwareqcs6490_firmwaresd855_firmwarewcd9335_firmwaremdm9640qca6436qrb5165n_firmwaresnapdragon_1200_wearable_platformsnapdragon_x24_lte_modem_firmwarewcn3980_firmwareqca6391_firmwarewsa8835wsa8840_firmwaresm4250-aa_firmwaremsm8905_firmwareqcs4290_firmwarecsra6620qca8081sd660mdm9628sm4375sdm670_firmwareqam8775pqca9377wsa8815qcm4325_firmwaresm7125_firmwareqcm4290_firmwaresnapdragon_425_mobile_platform_firmwareqrb5165smart_audio_400_platform_firmwaresg4150p_firmwarecsra6620_firmwaresnapdragon_820_mobile_platform_firmwareqcs8550qam8775p_firmwaresd865_5g_firmwarewcd9375apq8076_firmwaresnapdragon_wear_2100_platformsa8145psd_675sm4350-ac_firmwareapq8053-aasm7250-ac_firmwarewcn685x-1_firmwarewcn3680b_firmwareqcm8550_firmwareapq8017qcs410_firmwaresa6150p_firmwaresw5100pmsm8905sxr1120qcs610_firmwarewcd9335wcd9370qca6696wcd9341_firmware8998qca6390wcn6740_firmwaresnapdragon_650_mobile_platformsnapdragon_auto_4g_modemsm8150_firmwareqca6574auwcd9390csra6640msm8209_firmwarewcn3660b_firmwaresd730sdx20msm8350snapdragon_210_processor_firmwareqcm6125_firmwarec-v2x_9150snapdragon_wear_3100_platformqcc710snapdragon_625_mobile_platform_firmwaresxr1120_firmwaresnapdragon_x5_lte_modem_firmware315_5g_iot_modem_firmwaresdm439_firmwaresda845snapdragon_wear_2100_platform_firmwareqfw7114315_5g_iot_modemsnapdragon_x55_5g_modem-rf_systemqam8255p_firmwaresnapdragon_821_mobile_platform_firmwaresa8155_firmwaresm7150-abqca6335mdm9250snapdragon_8\+_gen_2_mobile_platform_firmwarewsa8845qca6421_firmwareqcm6125mdm9230sm7125wsa8810qsm8250snapdragon_8\+_gen_2_mobile_platformsm8350-acqca6595ausm7315_firmwarewcd9326_firmwarewsa8840mdm9230_firmwareqcs8550_firmwareqfw7124_firmwareqcn9012mdm9650_firmwaresnapdragon_821_mobile_platformwcd9371_firmwarewcn3910_firmwareapq8009snapdragon_212_mobile_platform_firmwarewcd9370_firmwaresa8195pqca6335_firmwareqcm64908953pro_firmwaresnapdragon_wear_2500_platformqca9379sd675_firmwareqca6430_firmwareqcn9011qcs605wsa8845hsa6150psm7250-aawcd9326sa8155p_firmwareqca6564asnapdragon_675_mobile_platformsnapdragon_617_processor_firmwaresnapdragon_662_mobile_platformqcn9074_firmwarear8035qca6564sa6155qcm4325qcn6224qca6698aqsm6250sm7250-acsd670wcn685x-1sa8145p_firmwarewcn3680bsnapdragon_820_mobile_platformsa8150p_firmwaresnapdragon_w5\+_gen_1_wearable_platformsnapdragon_636_mobile_platform_firmwarewcn3990qcs6490qcs8250ar8031_firmwaresnapdragon_652_mobile_platform_firmwarewsa8830_firmwarewsa8845_firmwaremdm9330_firmwaresnapdragon_auto_4g_modem_firmwareqcs603snapdragon_675_mobile_platform_firmwaremdm9630sm8250-ab_firmwaresa4150p_firmwaremsm8608_firmwaremsm8209qca6564ausm6225_firmwaresm7325-af_firmwaresa8195p_firmwareapq8053-ac_firmwareqcm4290sm6125_firmwaremsm8608ar8031sg8275p_firmwareqca9377_firmwareqcm6490_firmwaresnapdragon_1200_wearable_platform_firmware8953prosm4125snapdragon_xr2_5g_platformqcs6125sda845_firmwareapq5053-aa_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_xr2\+_gen_1_platform_firmwareapq5053-aasdm710sm6250_firmwareqca6584auqca6320_firmwareqcn6274_firmwareqcn9011_firmwaresw5100_firmwarewcn6740snapdragon_425_mobile_platformsm6225-ad_firmwareqfw7114_firmwareqcs605_firmwareqca4024qca6595_firmwaresm8250_firmwaremdm9630_firmwaresm7225apq8017_firmwarewcd9380sa6145p_firmwareqam8255psa6155_firmwaresa8150psnapdragon_x24_lte_modemmsm8996au_firmwaresnapdragon_auto_5g_modem-rf_firmwaresm6225-adsm4350-acsdm660_firmwaresw5100aqt1000c-v2x_9150_firmwaresm8150wcn3991_firmwareqam8295p_firmwaresd855sdm660wcd9330_firmwareqca6174wcn3990_firmwaresm7315qca6564a_firmwaresdx20m_firmwarewcd9385msm8909w_firmwarewcd9330wcn3610_firmwareqcs4290sd820_firmwaresg8275psdx55_firmwarewcn3615_firmwaresnapdragon_210_processorsxr2130snapdragon_wear_2500_platform_firmware8098_firmwaresnapdragon_636_mobile_platformsm7150-ab_firmwareqca4020snapdragon_xr2\+_gen_1_platformqca6174a_firmwaresm7325paqt1000_firmwaresm6150-ac_firmwaresdm429wqca6584au_firmwareqcn6274qfw7124qca6595au_firmwaresw5100p_firmwaresm8250qca6696_firmwareapq8053-acwcd9380_firmwareqca6574_firmwaresg4150pqca6797aqmdm9628_firmwaresm4375_firmware9206_lte_modemqca6574a_firmwaresdx55sdm439sdm845_firmwaresm6350_firmwaresd675wcd9375_firmwareqca6391wcn785x-1qcn9012_firmwareqca6584snapdragon_8_gen_2_mobile_platform_firmwaresa8295p8098snapdragon_xr1_platform_firmwaresnapdragon_x50_5g_modem-rf_system_firmwaresnapdragon_625_mobile_platformqm215snapdragon_652_mobile_platformsnapdragon_650_mobile_platform_firmwarewcn685x-5_firmwarewcn3988_firmwaresnapdragon_wear_4100\+_platformwsa8835_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewcn3980mdm9330msm8909wqcs610Snapdragon
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-14085
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.19%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 08:56
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible Integer underflow in WLAN function due to lack of check of data received from user side in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCN7605, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM8150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm850_firmwaresdm670_firmwaresm8150_firmwaresda845_firmwaresdm845qcn7605qcs605sdm710sm8150sdm850sdm710_firmwaresxr1130_firmwareqcn7605_firmwaresxr1130sdm670qcs605_firmwaresda845sdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2018-5852
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.04% / 12.03%
||
7 Day CHG~0.00%
Published-26 Nov, 2024 | 13:56
Updated-09 Jan, 2025 | 19:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in IPA

An unsigned integer underflow vulnerability in IPA driver result into a buffer over-read while reading NAT entry using debugfs command 'cat /sys/kernel/debug/ipa/ip4_nat'

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_615sd_820sd_652_firmwaremsm8909w_firmwaresd_210_firmwaresd_625sd_616_firmwaresd_810sd_450mdm9640sd_425sd_210sd_820asd_652sd_625_firmwaresd_415_firmwaresd_205mdm9650_firmwaremdm9206mdm9650sd_650sd_820_firmwaresd_835sd_616mdm9206_firmwaresd_810_firmwaresd_845sd_212_firmwaresd_820a_firmwaresd_835_firmwaresd_450_firmwaresd_617_firmwaresd_617mdm9640_firmwaresd_205_firmwaresd_212sd_425_firmwaremsm8909wmdm9607sd_415sd_650_firmwaremdm9607_firmwaresd_430sd_615_firmwaresd_430_firmwaresd_845_firmwareSnapdragonsd_820a_firmwaresd_835_firmwaresd_425_firmwaremdm9607_firmwaremsm8909w_firmwaresd_810_firmwaremdm9206_firmwaresd_450_firmwaremdm9650_firmwaresd_625_firmwaresd_845_firmwaresd_430_firmwaresd_617_firmwaresd_820_firmwaremdm9640_firmware
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2023-21630
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.07% / 21.63%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 04:46
Updated-02 Aug, 2024 | 09:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer Overflow in Multimedia Framework

Memory Corruption in Multimedia Framework due to integer overflow when synx bind is called along with synx signal.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wsa8830sm7325-ae_firmwarewcd9380_firmwaresw5100pwcn785x-5sm8350-ac_firmwaresd888wsa8835qca6574wcn3950_firmwarewcd9380qca6595au_firmwaresm8350wcd9370qca6574awcn685x-5_firmwaresm7325psm7350-ab_firmwarewcn685x-1sm7325sm8450wcn3980wcn6750wcd9385_firmwarewcn3950qca6574_firmwaresm7325p_firmwaresm7325-afsm7315_firmwaresm7325-aeqca6574a_firmwareqca6574au_firmwareqca6595ausm6225-adsm7325-af_firmwarewcd9375_firmwarewcn3980_firmwaresm7315wcn785x-5_firmwareqca6391sm8475_firmwarewcn6740_firmwaresd680_firmwaresd778gsa6155p_firmwaresm6225-ad_firmwaresm8350_firmwarewcn685x-5wcn3988_firmwareqca6574auwcn785x-1_firmwaresa8155p_firmwaresd778g_firmwaresa8195pwsa8810_firmwaresm8450_firmwaresw5100wsa8810sd680sa6155psg4150psw5100p_firmwaresm8350-acwcn685x-1_firmwarewcd9385qca6696_firmwarewcn6740qca6696qca6391_firmwarewcd9375wcd9370_firmwaresd888_firmwaresa8155pwsa8830_firmwarewcn3988wsa8835_firmwaresa8195p_firmwaresm7350-absw5100_firmwaresm8475wcn6750_firmwaresg4150p_firmwarewcn785x-1sm7325_firmwareSnapdragonwcn6740_firmwaresa6155p_firmwarewcd9380_firmwaresnapdragon_778g_5g_mobile_platform_firmwarefastconnect_6900_firmwarewcn3988_firmwaresa8155p_firmwaresd778g_firmwarefastconnect_6700_firmwarewcn3950_firmwarewsa8810_firmwaresnapdragon_888_5g_mobile_platform_firmwarefastconnect_7800_firmwareqca6595au_firmwaresw5100p_firmwaresnapdragon_8_gen_1_mobile_platform_firmwareqca6696_firmwareqca6391_firmwarewcd9385_firmwarewcd9370_firmwareqca6574_firmwaresd_8_gen1_5g_firmwaresd888_firmwaresm7325p_firmwarewsa8830_firmwaresm7315_firmwareqca6574a_firmwaresnapdragon_780g_5g_mobile_platform_firmwareqca6574au_firmwaresa8195p_firmwarewsa8835_firmwaresw5100_firmwarewcd9375_firmwarewcn3980_firmwaresg4150p_firmwaresnapdragon_680_4g_mobile_platform_firmware
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-18278
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.00%
||
7 Day CHG~0.00%
Published-06 May, 2019 | 22:54
Updated-05 Aug, 2024 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer underflow may occur due to lack of check when received data length from font_mgr_qsee_request_service is bigger than the minimal value of the segment header, which may result in a buffer overflow, in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850sd_820asd_425sd_430_firmwaremdm9607_firmwaremdm9650sd_650_firmwaresd_625sd_210mdm9607sd_820_firmwaresd_820sd_650sd_450_firmwaresd_845_firmwaresd_820a_firmwaremdm9206sd_652sd_425_firmwaresd_212_firmwaresd_850_firmwaresd_625_firmwaresd_450sd_845mdm9206_firmwaresd_430sd_835_firmwaremdm9650_firmwaresd_835sd_205sd_210_firmwaresd_652_firmwaresd_205_firmwaresd_212Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2024-49832
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.73%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 16:51
Updated-05 Feb, 2025 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Validation of Array Index in Camera

Memory corruption in Camera due to unusually high number of nodes passed to AXI port.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fastconnect_7800_firmwarewsa8840fastconnect_6900sdm429wwcn7860snapdragon_429_mobilewsa8845h_firmwaresnapdragon_8_gen_1_mobile_firmwarewcn3620_firmwarewcn7881_firmwarewsa8845wsa8832wcn7881wcd9390_firmwarewcd9380_firmwaresnapdragon_8_gen_3_mobile_firmwaresm8750wcn3660bsnapdragon_8_gen_3_mobilesdm429w_firmwarewcn7861video_collaboration_vc3_platform_firmwarewsa8845_firmwaresm8750_firmwarewcd9380video_collaboration_vc3_platformwsa8830snapdragon_429_mobile_firmwaresm8750pwsa8832_firmwarewcn7860_firmwarewcn7861_firmwarewsa8835sm8750p_firmwarewsa8845hwsa8830_firmwarewcn3620fastconnect_7800snapdragon_8_gen_1_mobilefastconnect_6900_firmwareqcs6490wcn7880_firmwareqcs6490_firmwarewcn7880wcd9395_firmwarewcd9390wsa8840_firmwarewcd9395wcn3660b_firmwarewsa8835_firmwareSnapdragon
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2018-13918
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.90%
||
7 Day CHG~0.00%
Published-04 Apr, 2019 | 15:09
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

kernel could return a received message length higher than expected, which leads to buffer overflow in a subsequent operation and stops normal operation in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 675, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM439, SDX24, SM7150

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_712sd_850mdm9150_firmwaresd_632sd_855sd_820asd_675sd_439sd_670_firmwaresd_425sd_429sdx24sdm439mdm9607_firmwaresd_710_firmwaremdm9650sm7150_firmwaresd_625msm8909w_firmwaremdm9607qm215sd_450_firmwaresd_845_firmwaresm7150sd_439_firmwaresd_820a_firmwaremdm9150sd_429_firmwareqcs605_firmwaresd_675_firmwaremdm9206sd_425_firmwaresd_850_firmwaresdx24_firmwaresd_625_firmwaresd_450sdm439_firmwaresd_712_firmwaresd_845qm215_firmwareqcs605mdm9206_firmwaresd_670sd_632_firmwaresd_835_firmwaremdm9650_firmwaresd_710sd_835msm8909wsd_855_firmwareSnapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables,
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-24844
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.03% / 6.96%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 05:00
Updated-27 Feb, 2025 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Core

Memory Corruption in Core while invoking a call to Access Control core library with hardware protected address range.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wsa8830qca8337_firmwarewcd9380_firmwareqca8337sg8275p_firmwareqru1032qcm8550qdu1010_firmwareqru1052ar8035_firmwareqdx1011qdu1000wsa8840wsa8835qdu1110_firmwarewcn3950_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwarewcd9380fastconnect_6700snapdragon_x70_modem-rf_systemwcd9370snapdragon_4_gen_2_mobile_platform_firmwareqdu1110sg8275psnapdragon_8_gen_2_mobile_platformqru1062wcd9385_firmwarewsa8845wcn3950qcn6024_firmwarewsa8815qru1032_firmwarewsa8845_firmwaresnapdragon_4_gen_2_mobile_platformqcn9024wsa8845h_firmwareqca8081_firmwarefastconnect_7800snapdragon_x65_5g_modem-rf_system_firmwareqcm8550_firmwareqcm4490_firmwareqcs4490_firmwaresnapdragon_x70_modem-rf_system_firmwaresnapdragon_x65_5g_modem-rf_systemwsa8840_firmwarewsa8832_firmwarefastconnect_6900fastconnect_6900_firmwareqcs8550_firmwarewcn3988_firmwareqru1062_firmwareqdu1010qdx1011_firmwarefastconnect_6700_firmwareqcn9024_firmwarewsa8810_firmwarefastconnect_7800_firmwaresnapdragon_8\+_gen_2_mobile_platformwsa8810wsa8845hwsa8832wcd9395_firmwareqdx1010_firmwareqdu1000_firmwareqca8081sm8550pqcm4490wcd9385qcs4490wcd9395qcs8550ar8035qru1052_firmwarewcd9370_firmwaresm8550p_firmwareqdx1010wcd9390wcd9390_firmwarewsa8830_firmwareqcn6024qdu1210wcn3988wsa8815_firmwarewsa8835_firmwareqdu1210_firmwaresnapdragon_8_gen_2_mobile_platform_firmwareSnapdragon
CWE ID-CWE-284
Improper Access Control
CVE-2024-53012
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.73%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 10:07
Updated-05 Mar, 2025 | 04:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Automotive OS Platform

Memory corruption may occur due to improper input validation in clock device.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-Snapdragon
CWE ID-CWE-20
Improper Input Validation
CVE-2024-53032
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.81%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 10:07
Updated-07 Mar, 2025 | 11:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Time-of-check Time-of-use (TOCTOU) Race Condition in Automotive OS Platform

Memory corruption may occur in keyboard virtual device due to guest VM interaction.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa9000pqca6595au_firmwaresa8650p_firmwareqam8775psa8255pqamsrv1m_firmwareqca6595qca6688aq_firmwaresa8770psa8775psrv1h_firmwaresa8620p_firmwareqam8650p_firmwareqca6595_firmwaresrv1mqam8620psa8775p_firmwareqamsrv1msa9000p_firmwaresrv1hqca6574ausa7255psrv1m_firmwaresa8620psa7775psa8650pqam8620p_firmwaresa8540p_firmwaresa7255p_firmwareqam8775p_firmwareqam8295p_firmwareqam8255pqca6688aqqca6698aqsa7775p_firmwaresa8255p_firmwaresa8770p_firmwaresa8295p_firmwareqca6696_firmwareqam8295pqamsrv1hsrv1l_firmwareqca6574au_firmwareqamsrv1h_firmwareqca6595auqam8255p_firmwaresa8295psrv1lqca6698aq_firmwareqam8650pqca6696sa8540pSnapdragon
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2024-53031
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.73%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 10:07
Updated-07 Mar, 2025 | 11:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Automotive OS Platform

Memory corruption while reading a type value from a buffer controlled by the Guest Virtual Machine.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa9000pqca6595au_firmwaresa8650p_firmwareqam8775psa8255pqamsrv1m_firmwareqca6595qca6688aq_firmwaresa8770psa8775psrv1h_firmwaresa8620p_firmwareqam8650p_firmwareqca6595_firmwaresrv1mqam8620psa8775p_firmwareqamsrv1msa9000p_firmwaresrv1hqca6574ausa7255psrv1m_firmwaresa8620psa7775psa8650pqam8620p_firmwaresa8540p_firmwaresa7255p_firmwareqam8775p_firmwareqam8295p_firmwareqam8255pqca6688aqqca6698aqsa7775p_firmwaresa8255p_firmwaresa8770p_firmwaresa8295p_firmwareqca6696_firmwareqam8295pqamsrv1hsrv1l_firmwareqca6574au_firmwareqamsrv1h_firmwareqca6595auqam8255p_firmwaresa8295psrv1lqca6698aq_firmwareqam8650pqca6696sa8540pSnapdragon
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-53022
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.73%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 10:07
Updated-06 Mar, 2025 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Automotive OS Platform

Memory corruption may occur during communication between primary and guest VM.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca6696sa7775psa8775psa8540p_firmwaresa8775p_firmwareqam8255p_firmwaresrv1m_firmwaresrv1mqamsrv1h_firmwareqam8295p_firmwaresrv1l_firmwaresa8620pqam8775pqam8255pqca6696_firmwaresa9000p_firmwareqca6595_firmwaresa8540psa8620p_firmwaresa8770p_firmwaresa8255p_firmwareqca6595au_firmwaresrv1lqam8620p_firmwaresa7255psa8770psa8650p_firmwaresa9000psrv1hqam8775p_firmwareqamsrv1hsa7775p_firmwareqam8650p_firmwaresa8295pqamsrv1mqam8295pqca6595qamsrv1m_firmwaresa8295p_firmwareqam8650psa8255psa8650psrv1h_firmwareqam8620pqca6595ausa7255p_firmwareSnapdragon
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-53028
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.81%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 10:07
Updated-05 Mar, 2025 | 04:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Time-of-check Time-of-use (TOCTOU) Race Condition in Automotive Vehicle Networks

Memory corruption may occur while processing message from frontend during allocation.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-Snapdragon
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2024-53034
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.73%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 10:07
Updated-07 Mar, 2025 | 11:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Untrusted Pointer Dereference in DSP_Services

Memory corruption occurs during an Escape call if an invalid Kernel Mode CPU event and sync object handle are passed with the DriverKnownEscape flag reset.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9380_firmwaresc8380xpsc8380xp_firmwarefastconnect_6900fastconnect_6900_firmwarefastconnect_7800_firmwarewsa8840_firmwarewcd9385_firmwarefastconnect_7800wsa8845h_firmwarewcd9380wsa8845hwsa8845_firmwarewsa8840wcd9385wsa8845Snapdragon
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2024-53014
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.73%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 10:07
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Validation of Array Index in Audio

Memory corruption may occur while validating ports and channels in Audio driver.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm429w_firmwaresw5100pqcm8550_firmwaresd865_5gqcs410_firmwarewcn6650sa6150p_firmwaresm8735qca6595qcs610_firmwaresnapdragon_8\+_gen_1wcd9335wcd9370qca8081_firmwaresnapdragon_730gsnapdragon_429_firmwareqca6696qam8620p_firmwarewcn7880_firmwarewcd9340_firmwaresa8530pwcd9341_firmwaresxr2330p_firmwarewcd9395_firmwarewcn7881_firmwareqcn6024wcn7750wcn6450qcc710_firmwareqca6426snapdragon_auto_4gwcn6740_firmwaresnapdragon_720g_firmwarefastconnect_6700snapdragon_695_5gsa4150psnapdragon_888_5gwsa8832_firmwareqca8337qca6426_firmwarewcd9395snapdragon_4_gen_2_firmwareqca6574au_firmwaresm6370qca6564_firmwareqam8295psnapdragon_x12_lte_firmwarewcd9341qca6574auwcd9390sa8620p_firmwarewsa8810_firmwaresd730_firmwarewsa8845h_firmwaresnapdragon_429csra6640sa9000p_firmwaresnapdragon_690_5gsnapdragon_778g\+_5g_firmwaresnapdragon_865\+_5gsrv1hsm8650q_firmwaresnapdragon_765_5gwcn3660b_firmwaresd730snapdragon_8\+_gen_2fastconnect_6800_firmwareqcs5430wcn7860snapdragon_865\+_5g_firmwareqcn6024_firmwaresnapdragon_x65_5gqcm5430qcm5430_firmwarevideo_collaboration_vc1_platform_firmwaresnapdragon_888\+_5g_firmwaresa4155psa8770pqcm6125_firmwarec-v2x_9150ssg2115pqcc710snapdragon_x50_5gsnapdragon_xr2_5g_firmwaresa8540psnapdragon_730qsm8250_firmwaresnapdragon_765g_5g_firmware315_5g_iot_modem_firmwaresnapdragon_660_firmwaresnapdragon_4_gen_2fastconnect_6900robotics_rb2snapdragon_w5\+_gen_1_wearable_firmwaresnapdragon_8_gen_2_firmwaresnapdragon_x72_5gvideo_collaboration_vc1_platformqep8111sm8635sa7255pqfw7114wcd9385_firmware315_5g_iot_modemqam8255p_firmwaresnapdragon_778g_5gsnapdragon_678_firmwaresa8155_firmwarewcd9360sdx61qcs4490snapdragon_732g_firmwaresnapdragon_662_firmwaresnapdragon_x50_5g_firmwarewsa8845sa6155pqcm6125qca6564au_firmwarewsa8810qam8650pvideo_collaboration_vc5_platform_firmwaresnapdragon_855_firmwaresa9000psrv1h_firmwareqsm8250snapdragon_678qca6595ausxr2250p_firmwaresm7315_firmwaresnapdragon_865_5g_firmwarewcd9326_firmwaresa6155p_firmwaresnapdragon_730g_firmwaresnapdragon_ar1_gen_1wsa8840srv1m_firmwareqcs8550_firmwareqfw7124_firmwareqca6436_firmwaresm8750psnapdragon_x35_5g_firmwareqcn9012wcd9371_firmwareqcs4490_firmwarewcn3910_firmwaresnapdragon_7c\+_gen_3_compute_firmwaresnapdragon_675_firmwaresm4125_firmwaresm8635psnapdragon_680_4gqmp1000qca6420wcn3910wcd9370_firmwareqca9367robotics_rb2_firmwaresnapdragon_8_gen_2snapdragon_480\+_5g_firmwaresnapdragon_765_5g_firmwarewcn3660bqca6574asa7255p_firmwarewcn3620_firmwareqca6174asnapdragon_695_5g_firmwaresa8195psnapdragon_750g_5g_firmwarewcd9340qcs8250_firmwareqcm2290talynplusqcm6490215sa8540p_firmwaresm8550p_firmwaresnapdragon_x55_5g_firmwareqcm8550sxr2250pwcn3988sm6370_firmwareqcn9024sdm429wsa8775pqca6574sxr2230p_firmwaresd675_firmwareqca6430_firmwareqcn9011sa8775p_firmwaresnapdragon_439_firmwareqamsrv1hsmart_audio_400qcn9024_firmwarewsa8845hwcd9326sa6150psm8650qqcm2290_firmwareqcs410sa8155p_firmwareqca6564asa8155psnapdragon_855\+wsa8830snapdragon_870_5g_firmwaresm8550psnapdragon_x65_5g_firmwaresa6145pqcn9074_firmwaresm7675_firmwaresa8255p_firmwaresnapdragon_888\+_5gsnapdragon_x75_5gsnapdragon_720gar8035sm7635_firmwareqamsrv1m_firmwareqca6564wcn7750_firmwareqrb5165m_firmwaresa8650p_firmwarewcn3620wcn6450_firmwaresa6155qcm4325snapdragon_860snapdragon_x72_5g_firmwaresrv1l_firmwareqcn6224snapdragon_782gqca6698aqwcn3950_firmwaressg2125p_firmwaresm7635qrb5165nsa7775p_firmwaresa8530p_firmwaresm6250fastconnect_6200wcn3680bsm7325p_firmwaresa8145p_firmwarewcd9360_firmwarewcd9378sm8635p_firmwaresa8150p_firmwaresnapdragon_768g_5gfastconnect_6700_firmwarevideo_collaboration_vc3_platform_firmwarewcn3990snapdragon_778g_5g_firmwaresnapdragon_780g_5gqcs6490qcs8250snapdragon_778g\+_5gfastconnect_6200_firmwarear8031_firmwarewsa8830_firmwareqcn6224_firmwareqca6678aq_firmwarewsa8845_firmwaresd660_firmwarewsa8832sdx61_firmwarewcd9378_firmwaresrv1lsxr2130_firmwaresm7675psrv1mqca6678aqar8035_firmwarewcn7860_firmwareqrb5165msnapdragon_680_4g_firmwaresa4150p_firmwaresd888_firmwaresnapdragon_439qca6564auqcs6125_firmwaresm4635snapdragon_460qcn9074wsa8815_firmwaresnapdragon_865_5gsa8195p_firmwareqca8337_firmwaresnapdragon_auto_4g_firmwareqcm4290snapdragon_480_5g_firmwaresnapdragon_4_gen_1_firmwaresnapdragon_x12_ltesnapdragon_685_4gar8031qca9377_firmwaresnapdragon_x62_5gsnapdragon_xr2\+_gen_1qcm6490_firmwaresg8275p_firmwaresm7250p_firmwarewcn3680_firmwaresm4635_firmwaresa2150p_firmwaresm4125qcm4490_firmwarevision_intelligence_400_firmwarewcn3950qcs6125flight_rb5_5gsnapdragon_690_5g_firmwaresm8750qca6797aq_firmwaresnapdragon_7c\+_gen_3_computetalynplus_firmwaresmart_audio_400_firmwaresnapdragon_460_firmwaresnapdragon_855\+_firmwaresa8295p_firmwaresd_675_firmwaresa4155p_firmwaresnapdragon_auto_5g_firmwaresm7250psm6250_firmwaresa8155snapdragon_768g_5g_firmwareqca6584ausd888qcn6274_firmwarewcn6755_firmwareqcn9011_firmwaresa2150psw5100_firmwarewcn6740wcn6650_firmwaresnapdragon_732gfastconnect_6800qfw7114_firmwaresnapdragon_662qcs7230qca6595_firmwarefastconnect_7800_firmwarewcd9371sm8635_firmwarefastconnect_6900_firmwarerobotics_rb5_firmwarewcd9380sa6145p_firmwareqam8255psxr2230psa6155_firmwareqmp1000_firmwaresnapdragon_xr2_5gwcn7880sa8150psxr2330pwcn6755snapdragon_888_5g_firmware215_firmwaresnapdragon_765g_5gsnapdragon_8\+_gen_2_firmwaresxr1230pwcn7881sm6650sw5100video_collaboration_vc3_platformaqt1000qcm2150_firmwarec-v2x_9150_firmwareqca6688aqqam8295p_firmwaresd855snapdragon_8_gen_1_firmwarewcn3990_firmwaresm7315snapdragon_750g_5gqca6698aq_firmwareqcs2290qca6564a_firmwarewcd9385qcs2290_firmwaresnapdragon_xr2\+_gen_1_firmwarewcn3615qca9367_firmwarewcn3680snapdragon_8_gen_1sa8255pqcs7230_firmwareqcs4290sxr1230p_firmwarewcd9390_firmwaresnapdragon_x62_5g_firmwaresnapdragon_8_gen_3qep8111_firmwareqca6430sg8275psnapdragon_782g_firmwaresnapdragon_855sdx55_firmwaresnapdragon_x55_5gsm8750_firmwarewcn3615_firmwareflight_rb5_5g_firmwaressg2125psxr2130snapdragon_4_gen_1qcm4490snapdragon_870_5gcsra6640_firmwareqamsrv1mrobotics_rb5snapdragon_480\+_5gsm7325psnapdragon_685_4g_firmwarewcn7861qca6174a_firmwareqam8650p_firmwarevideo_collaboration_vc5_platformwcn7861_firmwareqca6420_firmwareaqt1000_firmwareqcs6490_firmwaresm6650_firmwaresnapdragon_480_5gqam8620pwcd9335_firmwareqrb5165n_firmwareqca6436wcn3980_firmwaresd855_firmwarewsa8835wsa8840_firmwareqca6391_firmwareqca6584au_firmwareqcn6274qfw7124qca6595au_firmwaresw5100p_firmwareqca6696_firmwareqcs4290_firmwarewcd9380_firmwareqca6574_firmwarecsra6620qca8081sd660mdm9628wsa8815sg4150pqam8775pqca9377snapdragon_ar2_gen_1_firmwaresnapdragon_auto_5gsd_8_gen1_5gqca6797aqsnapdragon_730_firmwaremdm9628_firmwaresnapdragon_860_firmwareqcm4325_firmwaresnapdragon_x35_5gsa8620psnapdragon_660qca6574a_firmwaresdx55qcm4290_firmwaresnapdragon_8\+_gen_1_firmwaresd675wcd9375_firmwaresnapdragon_8_gen_3_firmwaresa7775pqca6391snapdragon_ar1_gen_1_firmwaresnapdragon_x75_5g_firmwaresd_8_gen1_5g_firmwareqcn9012_firmwareqcs5430_firmwaresg4150p_firmwaresnapdragon_780g_5g_firmwaresa8770p_firmwarecsra6620_firmwaresa8295pqcs8550snapdragon_675sm8735_firmwarefastconnect_7800sa8650pqam8775p_firmwaresd865_5g_firmwaresm8750p_firmwarewcd9375qca6688aq_firmwaresnapdragon_ar2_gen_1wcn3988_firmwareqamsrv1h_firmwaresm7675sa8145psd_675vision_intelligence_400wsa8835_firmwaressg2115p_firmwarewcn3980sm7675p_firmwareqcm2150wcn3680b_firmwaresnapdragon_w5\+_gen_1_wearableqcs610Snapdragon
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2024-53030
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.73%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 10:07
Updated-07 Mar, 2025 | 11:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Automotive OS Platform

Memory corruption while processing input message passed from FE driver.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa9000pqca6595au_firmwaresa8650p_firmwareqca6678aqsa8255psa8155p_firmwareqamsrv1m_firmwareqcs9100msm8996aumsm8996au_firmwaresa8620p_firmwaresa8155pqam8650p_firmwareqca6574a_firmwareqca6595_firmwaresnapdragon_820_automotive_firmwareqca6584au_firmwaresa6155_firmwareqam8620psrv1hqca6564auqca6564a_firmwaresa7255psa8620pqam8620p_firmwaresa7255p_firmwareqam8775p_firmwareqam8295p_firmwareqca6797aqqam8255pqca6688aqsa7775p_firmwaresa8255p_firmwaresa8155_firmwaresa8770p_firmwaresa8295p_firmwaresa6150pqca6696_firmwareqam8295psa8150pqca6595ausa6150p_firmwareqcs9100_firmwaresa8295psa8145psa8150p_firmwaresrv1lsa6145psa6155p_firmwareqca6698aq_firmwareqam8650pqam8775pqca6595qca6688aq_firmwaresa8770psrv1h_firmwaresa8775psrv1msnapdragon_820_automotivesa8775p_firmwaresa9000p_firmwareqamsrv1mqca6564au_firmwareqca6574auqca6797aq_firmwaresrv1m_firmwaresa7775psa8650psa8540p_firmwaresa8145p_firmwaresa6155sa8195p_firmwareqca6698aqsa8195pqca6584ausa6155pqamsrv1hqca6564aqca6574au_firmwareqamsrv1h_firmwareqca6678aq_firmwareqca6574aqam8255p_firmwaresa6145p_firmwaresa8155srv1l_firmwareqca6696sa8540pSnapdragon
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-9217
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.06%
||
7 Day CHG~0.00%
Published-18 Apr, 2018 | 14:00
Updated-17 Sep, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, certain malformed HVEC clips could cause an assertion to fail.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_427_firmwaresd_412sdm636_firmwaresd_808_firmwaresd_400sd_425sdm660sd_430_firmwaresdm630sd_435sd_650_firmwaresd_625sd_210msm8909w_firmwaresd_820_firmwaresd_820sd_650sd_808sd_450_firmwaresd_800sd_845_firmwaresd_410sd_400_firmwaresd_652sd_425_firmwaresd_212_firmwaresd_800_firmwaresd_625_firmwaresd_450sdm636sd_412_firmwaresdm630_firmwaresd_845sd_430sd_427sd_810sd_435_firmwaresd_835_firmwaresd_410_firmwaresd_835sd_205sd_210_firmwaresd_652_firmwaremsm8909wsd_810_firmwaresd_205_firmwaresdm660_firmwaresd_212Snapdragon Mobile, Snapdragon Wear
CVE-2023-33034
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.33%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 05:00
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Signed-to-unsigned conversion error in Audio

Memory corruption while parsing the ADSP response command.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcs410_firmwaresa6150p_firmwareqca6595qcs610_firmwarewcd9335wcd9370qca6696qrb5165mwcd9341_firmwaresa4150p_firmwaresd888_firmwarewcn6740_firmwaresa4150psm7325-af_firmwarewsa8815_firmwaresm7325-ae_firmwaresa8195p_firmwaresm7325qcm6490_firmwareqca6574au_firmwaresm8350-ac_firmwareqam8295pwcd9341qca6574auflight_rb5_5g_platformwcn3950wsa8810_firmwarecsra6640apq5053-aa_firmwaresnapdragon_7c\+_gen_3_computesm7350-ab_firmwarewcn3991sa8295p_firmwaresm6375_firmwareapq5053-aasa4155p_firmwarevideo_collaboration_vc1_platform_firmwaresa4155psm8350sd888qcn9011_firmwaresm6375wcn685x-5wcn6740qca6595_firmwarevideo_collaboration_vc1_platformwcd9385_firmwarewcd9380sa6145p_firmwaresa8150psa6155psm7350-absm8350_firmwarewsa8810sm4350-acsm8350-acvideo_collaboration_vc3_platformqca6595ausm7315_firmwaresm7325_firmwaresa6155p_firmwarewcn3991_firmwareqam8295p_firmwaresm7315qca6698aq_firmwarewcd9385qcn9012snapdragon_7c\+_gen_3_compute_firmwarewcn6750wcn6750_firmwarewcd9370_firmwaresm7325-aesa8195pcsra6640_firmwaresm7325pqcm6490wcn3998wcn3998_firmwarewcn3988qcs6490_firmwarewcd9335_firmwarewcn3980_firmwareqrb5165n_firmwaresm7325-afwsa8835qca6595au_firmwareqca6391_firmwareqcn9011qca6696_firmwarewcd9380_firmwaresa6150pqcs410sa8155p_firmwarecsra6620wsa8815sa8155psm4375wsa8830sm4375_firmwaresa6145pflight_rb5_5g_platform_firmwareqrb5165m_firmwarewcd9375_firmwarerobotics_rb5_platformqca6391qcn9012_firmwareqca6698aqwcn3950_firmwareqrb5165ncsra6620_firmwaresa8295probotics_rb5_platform_firmwarewcn685x-1sa8145p_firmwaresm7325p_firmwarewcd9375wcn685x-5_firmwaresa8150p_firmwarewcn3988_firmwarevideo_collaboration_vc3_platform_firmwaresa8145psm4350-ac_firmwarewsa8835_firmwareqcs6490wcn3980wsa8830_firmwarewcn685x-1_firmwareqcs610Snapdragon
CWE ID-CWE-195
Signed to Unsigned Conversion Error
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-49842
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 5.12%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 08:32
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Hypervisor

Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qdx1010_firmwaresdm429w_firmwareqcm8550_firmwarerobotics_rb3sd865_5gqca6595sm8735wcd9370qca8081_firmwaresnapdragon_670_mobileqca6696qam8620p_firmwarewcn7880_firmwarewcd9340_firmwarewcd9341_firmwaresxr2330p_firmwarewcd9395_firmwarewcn7881_firmwarewcn7750qcc710_firmwareqca6426fastconnect_6700snapdragon_x50_5g_modem-rf_firmwarewsa8832_firmwaresnapdragon_wear_4100\+_firmwareqca8337qdu1110qca6426_firmwarewcd9395sc8180xp-aaabqca6574au_firmwaresnapdragon_x72_5g_modem-rfqam8295pwcd9341qca6574auwcd9390snapdragon_888\+_5g_mobile_firmwaresa8620p_firmwarewsa8810_firmwarewsa8845h_firmwaresa9000p_firmwaresc8180xp-acafsrv1hsnapdragon_850_mobile_computewcn3660b_firmwareqcs9100sdx80mfastconnect_6800_firmwareqcs5430wcn7860qcm5430qcm5430_firmwaresa8770psnapdragon_678_mobile_firmwaressg2115pqcc710snapdragon_x32_5g_modem-rf_firmwaresnapdragon_xr2_5g_firmwaresa8540pqsm8350_firmwaresnapdragon_wear_4100\+fastconnect_6900qru1032_firmwareqep8111sa7255pqfw7114wcd9385_firmwareqca6421qca6310qam8255p_firmwaresa8155_firmwareqca6335snapdragon_x65_5g_modem-rfwsa8845sa6155pqca6421_firmwaresc8180x-adqca6564au_firmwaresnapdragon_429_mobile_firmwarewsa8810qam8650pqdu1000_firmwaresa9000psrv1h_firmwaresnapdragon_888_5g_mobile_firmwareqca6595ausnapdragon_888_5g_mobileqdu1010wcd9326_firmwaresa6155p_firmwaresnapdragon_845_mobile_firmwarewsa8840snapdragon_ar1_gen_1srv1m_firmwareqcs8550_firmwaresnapdragon_x35_5g_modem-rf_firmwareqdu1210_firmwaresnapdragon_x55_5g_modem-rfqfw7124_firmwareqca6436_firmwaresm8750psnapdragon_x55_5g_modem-rf_firmwaresnapdragon_x62_5g_modem-rf_firmwareqmp1000qca6420wcd9370_firmwareqdu1110_firmwareqdu1000wcn3660bqca6574asnapdragon_x72_5g_modem-rf_firmwaresa7255p_firmwarewcn3620_firmwareqca6174awcd9340qdu1210snapdragon_auto_5g_modem-rf_gen_2qca6335_firmwareqcm6490sa8540p_firmwareqcm8550snapdragon_765_5g_mobile_firmwareqcn9274vision_intelligence_300_firmwaresa8775pqca6574sd675_firmwaresnapdragon_855_mobile_firmwareqca6430_firmwaresa8775p_firmwareqamsrv1hsdx57mwsa8845hwcd9326sa8155p_firmwareqca6564asa8155psnapdragon_765g_5g_mobile_firmwarewsa8830sa6145psnapdragon_768g_5g_mobile_firmwaresa8255p_firmwarear8035qamsrv1m_firmwarewcn7750_firmwaresa8650p_firmwaresa6155wcn3620srv1l_firmwareqcs9100_firmwaresnapdragon_865\+_5g_mobile_firmwareqcn6224snapdragon_429_mobileqca6698aqwcn3950_firmwaresa7775p_firmwaressg2125p_firmwarefastconnect_6200sd670wcn3680bsc8180x-acaf_firmwarewcd9378qdx1011sa8150p_firmwarefastconnect_6700_firmwarevideo_collaboration_vc3_platform_firmwarewcn3990robotics_rb3_firmwaresnapdragon_x75_5g_modem-rf_firmwaresd670_firmwaresnapdragon_8_gen_3_mobilesnapdragon_855_mobileqcs6490sc8180xp-acaf_firmwarefastconnect_6200_firmwarewsa8830_firmwareqcn6224_firmwareqca6431qca6678aq_firmwarewsa8845_firmwarewsa8832wcd9378_firmwaresdx57m_firmwaresrv1lsxr2130_firmwaresrv1mqca6678aqsnapdragon_860_mobile_firmwaresnapdragon_x35_5g_modem-rfar8035_firmwaresc8180xp-aaab_firmwarewcn7860_firmwaresc8380xpsnapdragon_x62_5g_modem-rfqca6564ausc8180xp-adsc8280xp-abbbwsa8815_firmwareqca8337_firmwareqca9377_firmwareqcm6490_firmwaresm7250p_firmwareqru1032vision_intelligence_400_firmwarewcn3950snapdragon_870_5g_mobile_firmwaresm8750qca6797aq_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresa8295p_firmwaresnapdragon_870_5g_mobilesd_675_firmwaresnapdragon_678_mobilesm7250psc8180x-acafsa8155sd_8cx_firmwaresc8180x-ad_firmwareqca6584auqcn6274_firmwareqru1062_firmwaresnapdragon_850_mobile_compute_firmwaresnapdragon_675_mobile_firmwaresnapdragon_768g_5g_mobilesc8380xp_firmwareqru1062qca6310_firmwaresnapdragon_845_mobilesnapdragon_8_gen_3_mobile_firmwarefastconnect_6800qfw7114_firmwareqca6595_firmwarefastconnect_7800_firmwaresnapdragon_675_mobilesnapdragon_865_5g_mobile_firmwarefastconnect_6900_firmwarewcd9380sa6145p_firmwareqam8255psa6155_firmwareqmp1000_firmwaresnapdragon_xr2_5gwcn7880sa8150psxr2330psnapdragon_x24_lte_modemsc8180x-aaabsxr1230psc8180x-aaab_firmwarewcn7881video_collaboration_vc3_platformaqt1000qca6688aqqam8295p_firmwaresd855qca6431_firmwarewcn3990_firmwareqca6698aq_firmwareqca6564a_firmwarewcd9385snapdragon_888\+_5g_mobileqsm8350snapdragon_8_gen_1_mobilesa8255psxr1230p_firmwarewcd9390_firmwaresnapdragon_865\+_5g_mobileqep8111_firmwareqca6430snapdragon_855\+_mobilesnapdragon_765_5g_mobileqdx1011_firmwaresnapdragon_860_mobilesc8180xp-ad_firmwaresm8750_firmwaresdx55_firmwaressg2125pqru1052sxr2130snapdragon_x65_5g_modem-rf_firmwareqamsrv1mqca6174a_firmwarewcn7861_firmwarewcn7861snapdragon_x50_5g_modem-rfqam8650p_firmwaresnapdragon_670_mobile_firmwareqca6420_firmwareaqt1000_firmwareqcs6490_firmwaresdm429wqam8620psd855_firmwarewcn3980_firmwareqca6436qca6584au_firmwareqcn6274snapdragon_x24_lte_modem_firmwarewsa8835qca6391_firmwarewsa8840_firmwareqfw7124qca6595au_firmwareqdu1010_firmwareqcs8300_firmwareqca6696_firmwareqcs8300wcd9380_firmwareqca6574_firmwareqca8081wsa8815sd_8_gen1_5gqam8775pqca9377snapdragon_ar2_gen_1_firmwareqca6797aqsnapdragon_x75_5g_modem-rfsa8620pqca6574a_firmwaresdx55snapdragon_865_5g_mobilesnapdragon_855\+_mobile_firmwaresd675sd_8_gen1_5g_firmwarewcd9375_firmwaresa7775pqca6391snapdragon_ar1_gen_1_firmwareqcn9274_firmwareqcs5430_firmwaresnapdragon_x32_5g_modem-rfqru1052_firmwaresa8770p_firmwaresa8295pqcs8550sm8735_firmwaresc8280xp-abbb_firmwarefastconnect_7800sa8650pqam8775p_firmwaresd865_5g_firmwaresm8750p_firmwarewcd9375qca6688aq_firmwarevision_intelligence_300snapdragon_ar2_gen_1snapdragon_765g_5g_mobileqamsrv1h_firmwaresd_675wsa8835_firmwaresdx80m_firmwaresd_8cxssg2115p_firmwarevision_intelligence_400wcn3980qdx1010wcn3680b_firmwaresnapdragon_8_gen_1_mobile_firmwareSnapdragon
CWE ID-CWE-284
Improper Access Control
CVE-2024-49841
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.47%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 08:32
Updated-19 Dec, 2025 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Detection of Error Condition Without Action in Hypervisor

Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_8cxqamsrv1m_firmwaresa6155p_firmwarewcn3950_firmwareqam8775p_firmwarear8035_firmwareqamsrv1mqcs9100_firmwaresxr2330p_firmwaresnapdragon_x72_5g_modem-rf_firmwareqca8081_firmwaresnapdragon_x24_lte_modem_firmwareqca8337_firmwareqca6430snapdragon_670_mobilewcd9326qca6698aq_firmwareqcm5430sa8650p_firmwaresa8650psdx57m_firmwaresnapdragon_ar1_gen_1_firmwareqca6678aq_firmwareqca6431qmp1000_firmwaresa8770pqdu1010sa8775pfastconnect_7800snapdragon_xr2_5g_firmwarerobotics_rb3_firmwaresnapdragon_675_mobileqca6564a_firmwareqep8111_firmwareqcm6490snapdragon_x72_5g_modem-rfwcd9340snapdragon_x55_5g_modem-rf_firmwaresa6145pqca6436_firmwareqcs5430_firmwarewcd9380_firmwareqfw7124snapdragon_850_mobile_computeqam8255pwcn3990sxr1230psrv1lwcn7881_firmwaresa8770p_firmwaresa7255p_firmwaresd670_firmwareqca6426_firmwarewsa8815_firmwareqdx1010sa8540p_firmwareqsm8350qru1052_firmwareqamsrv1h_firmwarewcd9385_firmwarewcn7861_firmwaresdx55srv1h_firmwareqmp1000wsa8835wcd9395qca6678aqvision_intelligence_400_firmwaresd670snapdragon_765_5g_mobile_firmwaresa8255pqru1062_firmwaresnapdragon_855\+_mobilefastconnect_6900wcd9378wcd9380wsa8810_firmwaresm7250p_firmwaresm7250psc8180x-acaf_firmwareqru1032sxr2130_firmwaresd_675_firmwareqca6574_firmwarewsa8810qca6431_firmwareqca6574a_firmwareqcm8550_firmwarewcn3990_firmwareqca6391_firmwareqcn6224snapdragon_x32_5g_modem-rfwsa8840snapdragon_auto_5g_modem-rf_gen_2_firmwarefastconnect_6800sd865_5g_firmwaresc8180xp-acaf_firmwaresa8155p_firmwareqamsrv1hqcn6274_firmwareqca6696_firmwaresnapdragon_765g_5g_mobilesnapdragon_860_mobile_firmwareqfw7114_firmwaresnapdragon_8_gen_3_mobilesnapdragon_x24_lte_modemwsa8845h_firmwaresdx55_firmwaresnapdragon_x32_5g_modem-rf_firmwaresnapdragon_855_mobilewcd9370qdx1011wcn7880qca6595au_firmwareqca6595wcd9375qcs5430snapdragon_865_5g_mobilevision_intelligence_300sm8750_firmwaresa8775p_firmwaresm8750qca6595_firmwaresdx80mwcd9326_firmwaresc8380xpwsa8845snapdragon_x75_5g_modem-rf_firmwareqca6421ssg2125p_firmwareqcs8550qru1032_firmwaresm8735_firmwareqcn9274_firmwareqcm8550qcs6490_firmwarewsa8832_firmwaresc8180x-acafqca9377qca6797aq_firmwareqdu1210sa9000p_firmwaresa8295psrv1m_firmwareqep8111sd855_firmwaresc8280xp-abbb_firmwaresnapdragon_860_mobilesnapdragon_ar1_gen_1sa8155qdu1210_firmwareqca6688aqsnapdragon_768g_5g_mobile_firmwareqcm6490_firmwareqam8650psrv1mfastconnect_6200snapdragon_x35_5g_modem-rfsa6145p_firmwaresa8150psdx57msnapdragon_8_gen_1_mobileqam8295p_firmwareqdu1000wcd9340_firmwarewsa8845hsnapdragon_x65_5g_modem-rf_system_firmwaresd855sc8180x-ad_firmwaresnapdragon_ar2_gen_1sa8540psa8155_firmwaresrv1hfastconnect_6800_firmwareqca6595ausnapdragon_x75_5g_modem-rfvideo_collaboration_vc3_platformvision_intelligence_300_firmwaresnapdragon_870_5g_mobilesnapdragon_auto_5g_modem-rf_gen_2sxr2130qca6696ssg2125pqca6310_firmwaresnapdragon_855\+_mobile_firmwarewsa8830qdu1110sxr2330pqca6430_firmwaresnapdragon_x65_5g_modem-rf_systemqca6335sa8155pqdu1010_firmwaresm8735wcn3980_firmwarewsa8815sa9000psnapdragon_765_5g_mobileqam8295psd_675wcd9378_firmwaresdx80m_firmwaresc8180xp-adqca6698aqqcs8300sa8150p_firmwaresd865_5gqca6335_firmwaresnapdragon_x62_5g_modem-rf_system_firmwareqcm5430_firmwaresnapdragon_865\+_5g_mobilewcd9390_firmwareqca6174aqam8255p_firmwaresnapdragon_x50_5g_modem-rfsnapdragon_865_5g_mobile_firmwaresd_8cx_firmwareqcc710qcs8300_firmwarewcd9370_firmwareaqt1000_firmwaresa7775psnapdragon_x50_5g_modem-rf_firmwareqca6584auqca6584au_firmwarevideo_collaboration_vc3_platform_firmwarewcn7860_firmwaresnapdragon_888\+_5g_mobilesa7775p_firmwareqca6564asnapdragon_8_gen_3_mobile_firmwareqca6574au_firmwarefastconnect_6200_firmwareqfw7124_firmwaresnapdragon_670_mobile_firmwaresnapdragon_678_mobile_firmwaresnapdragon_870_5g_mobile_firmwaresc8180xp-aaabsm8750psa6155qcn9274snapdragon_888_5g_mobilewcd9395_firmwareqcs9100snapdragon_x62_5g_modem-rf_systemqca6420sc8180xp-aaab_firmwaresnapdragon_845_mobileqam8620psd_8_gen1_5gsnapdragon_888_5g_mobile_firmwarerobotics_rb3qca6574ssg2115psnapdragon_ar2_gen_1_firmwaresrv1l_firmwaresnapdragon_850_mobile_compute_firmwareqam8775pqca6310wsa8835_firmwaresc8280xp-abbbqru1062qca6391qfw7114qca6574asa8255p_firmwarewcn7860qcs8550_firmwarear8035sa8620pwcn7881wcn7861sc8180x-adsa8620p_firmwaresd_8_gen1_5g_firmwarefastconnect_6900_firmwaresnapdragon_xr2_5gsnapdragon_765g_5g_mobile_firmwarewcn3980qdx1010_firmwareqca6420_firmwareqca8337sa6155_firmwaresnapdragon_8_gen_1_mobile_firmwareqdx1011_firmwarewcd9341_firmwareqsm8350_firmwaresd675qcs6490qca6426sc8380xp_firmwareqcc710_firmwareqca9377_firmwareaqt1000sa7255psnapdragon_888\+_5g_mobile_firmwareqdu1110_firmwaresa6155pwsa8832qcn6274snapdragon_845_mobile_firmwareqdu1000_firmwarewcn7880_firmwareqru1052wcd9341sm8750p_firmwareqca6421_firmwarewsa8840_firmwaresa8295p_firmwaresnapdragon_678_mobilesnapdragon_855_mobile_firmwareqcn6224_firmwaresc8180xp-ad_firmwaresc8180x-aaabsnapdragon_865\+_5g_mobile_firmwaresxr1230p_firmwareqca6564au_firmwareqca6797aqsnapdragon_675_mobile_firmwareqca6688aq_firmwaresnapdragon_768g_5g_mobilesnapdragon_x35_5g_modem-rf_firmwarewsa8830_firmwaresc8180x-aaab_firmwaresd675_firmwareqca6564auqam8650p_firmwaressg2115p_firmwarewcd9390wcd9375_firmwarewcn3950qca8081wsa8845_firmwareqca6574auwcd9385wcn7750fastconnect_6700_firmwareqca6436sc8180xp-acafwcn7750_firmwaresnapdragon_x55_5g_modem-rfqam8620p_firmwareqca6174a_firmwarevision_intelligence_400fastconnect_6700fastconnect_7800_firmwareSnapdragon
CWE ID-CWE-390
Detection of Error Condition Without Action
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2018-11299
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.38%
||
7 Day CHG~0.00%
Published-18 Sep, 2018 | 18:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when WLAN FW has not filled the vdev id correctly in stats events then WLAN host driver tries to access interface array without proper bound check which can lead to invalid memory access and as a side effect kernel panic or page fault.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2023-21643
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.07% / 20.66%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 09:14
Updated-02 Aug, 2024 | 09:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Untrusted Pointer Dereference in Automotive

Memory corruption due to untrusted pointer dereference in automotive during system call.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca6564au_firmwareqca6584ausa6155p_firmwaresa6150p_firmwaresa8145p_firmwaremsm8996au_firmwareapq8064au_firmwareqca6595qca6564ausa8155_firmwareqca6574ausa6145p_firmwaresa8155p_firmwaremsm8996auqca6564a_firmwaresa8195psa8540p_firmwaresa8150p_firmwareqca6595au_firmwaresa6155sa6155psa8540psa8295p_firmwareqca6574asa6145pqca6584au_firmwareapq8096auqca6696_firmwareqca6595_firmwaresa8145pqca6696qam8295psa9000papq8064ausa8150psa6150papq8096au_firmwaresa8155pqam8295p_firmwaresa8155qca6574a_firmwaresa9000p_firmwareqca6574au_firmwaresa8195p_firmwareqca6595ausa6155_firmwareqca6564asa8295pSnapdragon
CWE ID-CWE-822
Untrusted Pointer Dereference
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-49837
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.73%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 16:51
Updated-28 Feb, 2025 | 06:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Validation of Array Index in Automotive OS Platform

Memory corruption while reading CPU state data during guest VM suspend.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-srv1hsa7255pqam8620pqca6688aqqamsrv1mqca6696qca6595qam8295p_firmwareqca6696_firmwareqam8650psrv1m_firmwareqam8650p_firmwaresa7775p_firmwaresa8775pqca6574au_firmwareqam8255p_firmwareqam8775psa8295psa8650p_firmwaresrv1msa8620p_firmwareqam8775p_firmwareqca6688aq_firmwaresa7255p_firmwareqca6595_firmwaresa8255pqamsrv1hsa8620psa8540p_firmwaresa8295p_firmwareqamsrv1h_firmwaresa9000psrv1l_firmwaresrv1lsa8770psrv1h_firmwareqca6698aqqam8295psa8540psa8650pqca6595au_firmwaresa8770p_firmwareqca6698aq_firmwaresa9000p_firmwareqam8620p_firmwareqamsrv1m_firmwaresa7775psa8255p_firmwareqca6595auqca6574ausa8775p_firmwareqam8255pSnapdragon
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2024-49843
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.73%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 16:51
Updated-05 Feb, 2025 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Validation of Array Index in Graphics_Linux

Memory corruption while processing IOCTL from user space to handle GPU AHB bus error.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fastconnect_7800_firmwaresm4635wsa8840wcn7860sm7675wsa8845h_firmwarewcn7881_firmwarevideo_collaboration_vc1_platform_firmwarewsa8845qcm6125wcn7881wcn6650_firmwarewcd9380_firmwaresxr2330pwcn6450qca6391_firmwarewcn3950_firmwareqca6391sm8750sm8635pwcn6650video_collaboration_vc5_platformwcn3980wcd9370_firmwaresm8635p_firmwaresnapdragon_480_5g_mobilewcn3950snapdragon_w5\+_gen_1_wearablesw5100wsa8845_firmwarewcd9370qcs7230_firmwarewcd9378sw5100p_firmwaresm7675_firmwarewcn6755_firmwarevideo_collaboration_vc5_platform_firmwaresm7635_firmwaresm8750pwsa8835sm8750p_firmwarewsa8845hsnapdragon_480_5g_mobile_firmwarefastconnect_7800wcn6450_firmwaresnapdragon_4_gen_1_mobileqcs8250_firmwaresnapdragon_695_5g_mobilewcn7880_firmwarewcn3988wcn7880wcd9395_firmwaresm4635_firmwareqcm6125_firmwarewcd9378_firmwareqcs6125sm7635qcs7230sm7675psw5100_firmwarewcn3988_firmwaresm6650_firmwareqcs8250wcd9375_firmwaresm7675p_firmwarewsa8810_firmwarewcd9385_firmwarewsa8810wsa8832wcd9390_firmwaresm8635snapdragon_695_5g_mobile_firmwaresnapdragon_8_gen_3_mobile_firmwarewcd9375sm8635_firmwaresnapdragon_8_gen_3_mobilesm6650wsa8815qcs6125_firmwaresnapdragon_w5\+_gen_1_wearable_firmwarefastconnect_6200_firmwarewcn7861sm8750_firmwarewcd9380wsa8830snapdragon_480\+_5g_mobile_firmwaresnapdragon_480\+_5g_mobilewsa8815_firmwarewsa8832_firmwarewcn7861_firmwarewcn7860_firmwaresw5100pfastconnect_6200wsa8830_firmwarewcn6755wcn3980_firmwarevideo_collaboration_vc1_platformsnapdragon_4_gen_1_mobile_firmwarewcd9390wcd9385wsa8840_firmwarewcd9395wsa8835_firmwaresxr2330p_firmwareSnapdragon
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2024-49830
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.03% / 6.47%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 08:32
Updated-09 May, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Audio

Memory corruption while processing an IOCTL call to set mixer controls.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-snapdragon_429_mobile_firmwareqca6688aqwcn3620_firmwareqca9367_firmwareqca6678aqqca6688aq_firmwareqca9377sdm429w_firmwarewcn3620qca6574auqca6678aq_firmwaresnapdragon_429_mobileqca6595au_firmwareqca9367qca6574au_firmwareqca6698aq_firmwaresnapdragon_auto_5g_modem-rf_gen_2sdm429wqca6595auqca6698aqqca9377_firmwarewcn3660b_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwarewcn3660bSnapdragon
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-49829
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 5.66%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 08:32
Updated-09 May, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Camera

Memory corruption can occur during context user dumps due to inadequate checks on buffer length.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9380_firmwaresnapdragon_429_mobile_firmwarefastconnect_7800_firmwarewcn3620_firmwarewsa8835wcn3620sdm429w_firmwarewsa8830wsa8830_firmwarewsa8835_firmwarewcd9380snapdragon_8_gen_1_mobile_firmwaresnapdragon_429_mobilefastconnect_6900sdm429wfastconnect_6900_firmwaresnapdragon_8_gen_1_mobilewcn3660b_firmwarefastconnect_7800wcn3660bSnapdragon
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-49834
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.73%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 16:51
Updated-05 Feb, 2025 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Validation of Array Index in Camera

Memory corruption while power-up or power-down sequence of the camera sensor.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fastconnect_7800_firmwaresa7255psnapdragon_ar2_gen_1qcm6490_firmwaresdm429wqamsrv1msnapdragon_778g\+_5g_mobilewcn7860qcs5430wcn7881_firmwareqcs8550_firmwareqcm6490wcn7881sa7775p_firmwaresa8775pssg2125p_firmwareqam8775psa8650p_firmwareqcs615qca6391sd888sm8750wcn3660bwcn3950_firmwareqcn9274_firmwaresdm429w_firmwarewcn6650sa8255pwcd9370_firmwaresnapdragon_480_5g_mobilevideo_collaboration_vc3_platform_firmwaresmart_audio_400snapdragon_w5\+_gen_1_wearablesnapdragon_888_5g_mobilesw5100sxr2230pwcn3950wsa8845_firmwareqcm8550_firmwaresnapdragon_8\+_gen_2_mobilesw5100p_firmwarewcn6755_firmwaresxr2230p_firmwaresm7635_firmwaresd_8_gen1_5g_firmwarewsa8845hssg2115p_firmwaresnapdragon_4_gen_1_mobileqcm8550wcd9341sa8650psa8770p_firmwaretalynpluswcn3988qca6698aq_firmwarewcn7880_firmwarewcd9395_firmwareqamsrv1m_firmwaresa8775p_firmwaresm6370_firmwaresm7635talynplus_firmwarewsa8835_firmwarefastconnect_6900wcn3988_firmwareqcm4490wcd9335wcd9375_firmwareqcs410_firmwaresnapdragon_7c\+_gen_3_compute_firmwarewcd9385_firmwareqam8650p_firmwarewsa8810qcn9274snapdragon_8_gen_3_mobile_firmwarecsra6640qam8255p_firmwaresnapdragon_782g_mobilesnapdragon_888\+_5g_mobilewcd9375sa8620p_firmwaresm6650snapdragon_888_5g_mobile_firmwaresnapdragon_w5\+_gen_1_wearable_firmwaresa7255p_firmwareqca6595_firmwaresg8275pfastconnect_6200_firmwareqamsrv1hqcs410wcn6740wcd9380video_collaboration_vc3_platformsnapdragon_480\+_5g_mobile_firmwaresnapdragon_480\+_5g_mobileqamsrv1h_firmwarewsa8832_firmwaresnapdragon_778g_5g_mobilesnapdragon_4_gen_2_mobilewcn7861_firmwaresw5100psnapdragon_780g_5g_mobile_firmwarewsa8830_firmwarewcn6755snapdragon_8_gen_2_mobile_firmwareqca6595au_firmwareqcs6490_firmwareqrb5165mqrb5165n_firmwarewcd9385sa8255p_firmwarewsa8840_firmwareqca6595aucsra6620wcn3660b_firmwareqam8255psxr2250p_firmwaresm4635wsa8840srv1hsm8550p_firmwareqcn9011_firmwareqcs610qca6595sm7675wsa8845h_firmwarewcn3620_firmwareqam8650pvideo_collaboration_vc1_platform_firmwareqcn9012flight_rb5_5g_platform_firmwarewsa8845snapdragon_ar2_gen_1_firmwarewcn6650_firmwareqcs8300sxr1230p_firmwaresxr2330pcsra6620_firmwarewcd9380_firmwareqca6391_firmwaresrv1mqcn9012_firmwareqcs5430_firmwaresm7325p_firmwareqam8775p_firmwaresm8635psnapdragon_ar1_gen_1wcn3980sm8635p_firmwareqcs4490qcm5430qcs9100wcd9370wcd9378snapdragon_782g_mobile_firmwaresm7675_firmwareqcs4490_firmwaresnapdragon_429_mobile_firmwaresm8750psa9000psnapdragon_4_gen_2_mobile_firmwareqcn9011wsa8835sm8750p_firmwaressg2125pqca6678aqfastconnect_7800qca6797aq_firmwaresnapdragon_480_5g_mobile_firmwaresnapdragon_8_gen_1_mobilewcd9341_firmwaresnapdragon_695_5g_mobilesnapdragon_8_gen_2_mobilewcn7880sm4635_firmwaresnapdragon_888\+_5g_mobile_firmwarewcd9378_firmwarerobotics_rb2_firmwarewcd9335_firmwareqca6797aqqcm4490_firmwaresm7675pqcs8550sw5100_firmwaresxr2250pqcm5430_firmwaresm6650_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_429_mobilefastconnect_6700csra6640_firmwaresm7325psnapdragon_8_gen_1_mobile_firmwaresd_8_gen1_5gsm7675p_firmwaresnapdragon_ar1_gen_1_firmwarewsa8810_firmwareqcs9100_firmwaresnapdragon_778g_5g_mobile_firmwaresrv1m_firmwarewsa8832fastconnect_6700_firmwarewcd9390_firmwaresm8635qcs615_firmwaresnapdragon_695_5g_mobile_firmwarerobotics_rb5qcs610_firmwaressg2115psm8635_firmwaresnapdragon_8_gen_3_mobilewsa8815qrb5165nsnapdragon_780g_5g_mobilesxr1230pqrb5165m_firmwarewcn7861sa8620psm8750_firmwaresm6370wsa8830wsa8815_firmwaresmart_audio_400_firmwaresnapdragon_8\+_gen_2_mobile_firmwaresnapdragon_8\+_gen_1_mobile_firmwaresa8770pwcn7860_firmwarefastconnect_6200robotics_rb5_firmwaresg8275p_firmwaresrv1h_firmwarewcn3620sm7315snapdragon_778g\+_5g_mobile_firmwarewcn3980_firmwareqca6678aq_firmwareflight_rb5_5g_platformqca6698aqqcs8300_firmwarevideo_collaboration_vc1_platformsnapdragon_4_gen_1_mobile_firmwarefastconnect_6900_firmwareqcs6490sm7315_firmwaresd888_firmwaresa9000p_firmwaresm8550psnapdragon_8\+_gen_1_mobilewcd9390sa7775pwcd9395sxr2330p_firmwarewcn6740_firmwarerobotics_rb2Snapdragon
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2023-24851
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.86%
||
7 Day CHG~0.00%
Published-04 Jul, 2023 | 04:46
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy Without Checking Size of Input in WLAN HOST

Memory Corruption in WLAN HOST while parsing QMI response message from firmware.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sw5100pimmersive_home_214qcs410_firmwaresd865_5gsa6150p_firmwareipq9574qcn9000_firmwareqca6595qcn9022qcs610_firmwaresnapdragon_8\+_gen_1ipq6028_firmwarewcd9335qca8081_firmwarewcd9370qcn9001qca8072qca6696wcd9340_firmwarewcd9341_firmwareipq5028_firmwareqcn6024qcn9003_firmwareipq8076wcn6740_firmwarefastconnect_6700ipq6018_firmwareqcn6023snapdragon_695_5gsa4150pqcn5124_firmwaresnapdragon_888_5gwsa8832_firmwareqca8337ipq6000snapdragon_4_gen_2_firmwareqca6574au_firmwareipq8078aipq8078a_firmwareqam8295psnapdragon_x12_lte_firmwarewcd9341qca6574auwsa8810_firmwarecsra6640snapdragon_690_5gsnapdragon_778g\+_5g_firmwaresnapdragon_865\+_5gqcn9100_firmwaresnapdragon_765_5gqcn5122qca6554afastconnect_6800_firmwaresnapdragon_865\+_5g_firmwaresd835_firmwareqcn6024_firmwaresnapdragon_x65_5gvideo_collaboration_vc1_platform_firmwaresa4155psnapdragon_888\+_5g_firmwareqcn9000ssg2115pqcn6132_firmwaresnapdragon_xr2_5g_firmwareqsm8350_firmwareqcn5054snapdragon_765g_5g_firmwaresnapdragon_660_firmwaresnapdragon_4_gen_2fastconnect_6900video_collaboration_vc1_platformqcn5052wcd9385_firmwareipq9574_firmwareqca6310qam8255p_firmwaresnapdragon_778g_5gipq8074a_firmwareipq8076aqcn5164qcs4490sa6155pqca6564au_firmwarecsr8811_firmwarewsa8810qca8075qam8650pqca8085qca6595ausm7315_firmwaresnapdragon_865_5g_firmwarewcd9326_firmwaresa6155p_firmwaresd835snapdragon_835qcn9012ipq8070a_firmwareqcn9070qcs4490_firmwarewcn3910_firmwareqca8084snapdragon_680_4gwcn3910sdx65mwcd9370_firmwaresnapdragon_480\+_5g_firmwaresnapdragon_765_5g_firmwareqca6574aqca6174asnapdragon_695_5g_firmwaresa8195psnapdragon_750g_5g_firmwarewcd9340qcm2290qcm6490qcn6122_firmwareqcn5154_firmwaresnapdragon_x55_5g_firmwarewcn3988qcn5122_firmwareqcn9274qcn9024ipq8076a_firmwareqca6574sxr2230p_firmwareqcn9011snapdragon_439_firmwaresmart_audio_400qcn9024_firmwareqca8082sa6150pwcd9326qcs410qcm2290_firmwaresa8155p_firmwaresa8155pqca8072_firmwarewsa8830snapdragon_870_5g_firmwaresa6145psnapdragon_x65_5g_firmwareqcn9074_firmwareipq8174immersive_home_318_firmwareqcn6122sa8255p_firmwaresnapdragon_888\+_5gipq8174_firmwarear8035ipq8072aqrb5165m_firmwareimmersive_home_216_firmwareqcm4325immersive_home_316ipq8071asnapdragon_782gqca6698aqwcn3950_firmwaressg2125p_firmwareqrb5165nfastconnect_6200wcn3680bsm7325p_firmwaresa8145p_firmwaresa8150p_firmwaresnapdragon_835_firmwarefastconnect_6700_firmwaresnapdragon_768g_5gvideo_collaboration_vc3_platform_firmwarewcn3990qcn6023_firmwareqcn5164_firmwaresnapdragon_778g_5g_firmwaresnapdragon_780g_5gqcn9002ipq8078qcs6490snapdragon_778g\+_5gfastconnect_6200_firmwareqcn9072wsa8830_firmwareqca8386_firmwaresd660_firmwaresnapdragon_7c\+_gen_3wsa8832qca8082_firmwareimmersive_home_216ar8035_firmwareqcn5022_firmwareqrb5165msnapdragon_680_4g_firmwareqca6320sa4150p_firmwareqca4024_firmwaresd888_firmwareipq9008snapdragon_439qca6564ausnapdragon_460ipq9008_firmwareqcn9074wsa8815_firmwaresnapdragon_865_5gsa8195p_firmwareqca8337_firmwareqcm4290qcn5054_firmwareqca9888snapdragon_480_5g_firmwaresnapdragon_4_gen_1_firmwaresnapdragon_x12_ltesnapdragon_685_4gsnapdragon_xr2\+_gen_1qca9377_firmwareipq8173qcm6490_firmwareipq8072a_firmwaresnapdragon_w5\+_gen_1sm7250p_firmwareipq6010_firmwareqcm4490_firmwarewcn3950flight_rb5_5gsnapdragon_690_5g_firmwareqca6797aq_firmwareipq5028qca8085_firmwareqcn9070_firmwaresa8295p_firmwaresmart_audio_400_firmwaresnapdragon_460_firmwaresa4155p_firmwareqcn9022_firmwareipq5010_firmwareqcn6132snapdragon_auto_5g_firmwaresm7250psnapdragon_768g_5g_firmwareipq6018qca6584ausd888qca6320_firmwareqcn9011_firmwaresw5100_firmwarewcn6740qca6310_firmwarefastconnect_6800qca4024qca6595_firmwarefastconnect_7800_firmwareimmersive_home_214_firmwareqcn9001_firmwareipq8070afastconnect_6900_firmwarerobotics_rb5_firmwarewcd9380sa6145p_firmwareqam8255psxr2230psnapdragon_xr2_5gsa8150pqcn9003qca8075_firmwaresnapdragon_888_5g_firmwaresnapdragon_765g_5gqcn5052_firmwaresxr1230pipq6010sdx65m_firmwarevideo_collaboration_vc3_platformsw5100qam8295p_firmwaresnapdragon_8_gen_1_firmwarewcn3990_firmwaresm7315snapdragon_750g_5gqca6698aq_firmwareqcs2290wcd9385qsm8350qcs2290_firmwaresnapdragon_xr2\+_gen_1_firmwarewcn3615qca8084_firmwaresnapdragon_8_gen_1sa8255pqcs4290sxr1230p_firmwareqcn5024snapdragon_782g_firmwaresnapdragon_x55_5gipq8071a_firmwarewcn3615_firmwareflight_rb5_5g_firmwaressg2125pqca6554a_firmwareipq6028qcm4490snapdragon_4_gen_1snapdragon_870_5gcsra6640_firmwareqcn9100robotics_rb5snapdragon_480\+_5gqca6174a_firmwaresnapdragon_685_4g_firmwaresm7325pqam8650p_firmwareqcs6490_firmwaresnapdragon_480_5gipq8076_firmwarewcd9335_firmwarewcn3980_firmwareqrb5165n_firmwareqca6584au_firmwareqcn5152_firmwarewsa8835qca6595au_firmwareqca6391_firmwaresw5100p_firmwareqca6696_firmwareqcs4290_firmwarewcd9380_firmwareqca6574_firmwarecsra6620sd660qca8081wsa8815sg4150psd_8_gen1_5gqam8775pqca9377snapdragon_ar2_gen_1_firmwaresnapdragon_auto_5gqcn5124qca6797aqqcn5152qcm4325_firmwaresnapdragon_660qca6574a_firmwareqcn9072_firmwareqcm4290_firmwareqca9888_firmwareipq8074aqca9889snapdragon_8\+_gen_1_firmwareqcn5024_firmwaresd_8_gen1_5g_firmwareqcn9002_firmwarewcd9375_firmwaresnapdragon_7c\+_gen_3_firmwareqca8386immersive_home_318ipq5010qcn9274_firmwareqca6391snapdragon_w5\+_gen_1_firmwareipq8173_firmwareqcn9012_firmwaresg4150p_firmwaresnapdragon_780g_5g_firmwarecsra6620_firmwaresa8295pipq6000_firmwarefastconnect_7800qam8775p_firmwaresd865_5g_firmwarewcd9375ipq8078_firmwareqca9889_firmwaresnapdragon_ar2_gen_1wcn3988_firmwareimmersive_home_316_firmwareqcn5154sa8145pwsa8835_firmwaressg2115p_firmwarecsr8811qcn5022wcn3980wcn3680b_firmwareqcs610Snapdragon
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-14050
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.90%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 08:56
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bound writes occurs due to lack of check of buffer size will cause buffer overflow only in 32bit architecture. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, MDM9150, MDM9205, MDM9607, MDM9650, MSM8905, Nicobar, QCS405, QCS605, Rennell, SA6155P, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm850_firmwaremdm9150_firmwaresa6155p_firmwaresdm636_firmwaresdm845sdm660sdx24sdm630mdm9607_firmwaremdm9650qcs405sm7150_firmwaresdm710sm6150mdm9607sdm710_firmwaresm7150apq8009_firmwaresa6155psdm670mdm9150qcs605_firmwaremsm8905sdm670_firmwaresm8150_firmwaresdx24_firmwaresdm636qcs405_firmwarerennellsda845_firmwaresdm630_firmwaremdm9205_firmwaresda660_firmwarerennell_firmwaremdm9205qcs605sm6150_firmwaremdm9650_firmwaresm8150sdm850msm8905_firmwaresda660sxr1130_firmwarenicobar_firmwareapq8009sxr1130sdm660_firmwaresda845nicobarsdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-14056
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.19%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Possible integer overflow in API due to lack of check on large oid range count in cert extension field' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Kamorta, MDM9150, MDM9205, MDM9607, MDM9650, Nicobar, QCS404, QCS405, QCS605, QCS610, Rennell, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm850_firmwarekamorta_firmwaremdm9150_firmwaresa6155p_firmwareqcs610sdm636_firmwaresdm845sdm660sdm630qcs404_firmwaremdm9607_firmwaremdm9650sc8180x_firmwareqcs405sm7150_firmwaresdm710sc7180_firmwaremdm9607sm6150sdm710_firmwaresm7150sa6155psdm670qcs610_firmwaremdm9150qcs605_firmwaresc8180xsxr2130sdm670_firmwareqcs404sm8150_firmwaresxr2130_firmwaresdm636qcs405_firmwarerennellsc7180sda845_firmwaresdm630_firmwaremdm9205_firmwaresda660_firmwarerennell_firmwaremdm9205qcs605sdx55sm6150_firmwaremdm9650_firmwaresm8150sdm850sda660kamortasdx55_firmwaresxr1130_firmwarenicobar_firmwaresxr1130sdm660_firmwaresda845nicobarsdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-13995
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.40%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Lack of integer overflow check for addition of fragment size and remaining size that are read from shared memory can lead to memory corruption and potential information leakage' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwaremdm9640_firmwareqcs610sdm450_firmwaresdm632qcs404_firmwaremdm9650mdm9645apq8009_firmwaremsm8917sdm670qcs605_firmwaresda845_firmwaresa415mbitraapq8098qcn7605mdm9206_firmwarebitra_firmwaremsm8905_firmwaresda660sdx55_firmwareqca8081_firmwaresxr1130apq8053_firmwaresda845sa6155p_firmwaresdm450sdm636_firmwareapq8098_firmwaremsm8998_firmwaresdm630mdm9607_firmwaresm8250_firmwaremdm9655_firmwaresa415m_firmwareqcs405qm215sc7180_firmwareapq8017_firmwaresdm710_firmwaresa6155pqca8081msm8937msm8905sm8150_firmwaremsm8909sxr2130_firmwaremdm9655rennellsc7180msm8953_firmwaresaipan_firmwaresm6150_firmwaremsm8917_firmwaremsm8998sm8150sdx20_firmwaresdm850kamortaapq8017msm8996saipanmdm9640kamorta_firmwareqcm2150_firmwaresdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdx24sdm439sdm429msm8940_firmwaresm7150_firmwaresm6150msm8996ausdm429w_firmwaresm7150sxr2130sc8180xmdm9206sdm670_firmwareqcs404sdx24_firmwareipq8074sdm636ipq6018_firmwaremdm9205qcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaresxr1130_firmwareapq8009msm8909_firmwarenicobarsdm850_firmwaremsm8920msm8953sdx20qcm2150msm8920_firmwaresdm660sc8180x_firmwareipq8074_firmwaresdm710mdm9607mdm9645_firmwareqcn7605_firmwareqcs610_firmwaremdm9150msm8996_firmwareipq6018apq8096ausdm439_firmwareqcs405_firmwaresdm630_firmwaremdm9205_firmwaresda660_firmwarerennell_firmwareqm215_firmwaresdx55msm8940apq8053apq8096au_firmwaresm8250nicobar_firmwaresdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-14099
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.44%
||
7 Day CHG~0.00%
Published-30 Jul, 2020 | 11:40
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Device misbehavior may be observed when incorrect offset, length or number of buffers is passed by user space in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, MDM9206, MDM9207C, MDM9607, MSM8909W, MSM8917, MSM8953, Nicobar, QCM2150, QCS405, QCS605, QM215, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcm2150_firmwaremsm8953sdm450sdm429wsdm632_firmwaresdm450_firmwaresdm632qcm2150sdx24sdm439mdm9607_firmwaresm8250_firmwaresc8180x_firmwaresdm429qcs405sm7150_firmwaresm6150msm8909w_firmwaremdm9607qm215sdm429w_firmwaresm7150msm8917sxr2130qcs605_firmwaremdm9207c_firmwaresc8180xmdm9206mdm9207csm8150_firmwaresdx24_firmwaresxr2130_firmwaresdm439_firmwareqcs405_firmwaresda845_firmwaremdm9206_firmwareqcs605qm215_firmwaresdx55msm8953_firmwareapq8053saipan_firmwaresm6150_firmwaresm8250msm8917_firmwaresdm429_firmwaresm8150sxr1130_firmwaresdx55_firmwarenicobar_firmwaremsm8909wsaipansxr1130apq8053_firmwaresda845nicobarSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-14015
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.90%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 08:56
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow exists in the initialization of the identification stage due to lack of check on the number of templates provided. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8096, APQ8096AU, MDM9205, MSM8996, MSM8996AU, Nicobar, QCS404, QCS405, QCS605, Rennell, SA6155P, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm850_firmwaresa6155p_firmwareapq8096_firmwaresdm636_firmwaremsm8996au_firmwaresdm845apq8096sdm660sdx24sdm630qcs404_firmwaresc8180x_firmwareqcs405sm7150_firmwaresdm710sm6150msm8996ausdm710_firmwaresm7150sa6155psdm670sxr2130qcs605_firmwaremsm8996_firmwaresc8180xsdm670_firmwareqcs404sdx24_firmwaresm8150_firmwaresxr2130_firmwareapq8096ausdm636qcs405_firmwarerennellsda845_firmwaresdm630_firmwaremdm9205_firmwaresda660_firmwarerennell_firmwaremdm9205qcs605sdx55apq8096au_firmwaresm6150_firmwaresm8150sdm850sda660sdx55_firmwaresxr1130_firmwaremsm8996nicobar_firmwaresxr1130sdm660_firmwaresda845nicobarsdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-14046
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.19%
||
7 Day CHG~0.00%
Published-07 Feb, 2020 | 05:00
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound access while allocating memory for an array in camera due to improper validation of elements parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS605, SDM439, SDX24

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdx24_firmwaresdm439_firmwaresdx24sdm439qcs605qcs605_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2019-14071
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.19%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 08:56
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Compromised reset handler may bypass access control due to AC config is being reset if debug path is enabled to collect secure or non-secure ram dumps in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8017, APQ8053, APQ8096, APQ8096AU, IPQ6018, MDM9205, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS404, QCS405, QCS605, QM215, Rennell, SA6155P, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-apq8096_firmwareqcm2150_firmwaresdm632_firmwaremsm8996au_firmwaresdm845sdm450_firmwaresdm632apq8096sdx24sdm439qcs404_firmwaresdm429msm8940_firmwaresm7150_firmwaresm6150msm8996ausm7150msm8917sdm670sxr2130qcs605_firmwaresc8180xsdm670_firmwareqcs404sdx24_firmwaresdm636sda845_firmwareipq6018_firmwaremdm9205qcs605msm8937_firmwaresdm429_firmwaresda660sdx55_firmwaresxr1130_firmwaresxr1130apq8053_firmwaresda845nicobarsdm850_firmwaresa6155p_firmwaremsm8920msm8953sdm450sdm636_firmwaremsm8998_firmwareqcm2150msm8920_firmwaresdm630sdm660sc8180x_firmwareqcs405sdm710qm215apq8017_firmwaresdm710_firmwaresa6155pmsm8937msm8996_firmwareipq6018sm8150_firmwaresxr2130_firmwareapq8096ausdm439_firmwareqcs405_firmwarerennellsdm630_firmwaremdm9205_firmwaresda660_firmwarerennell_firmwareqm215_firmwaresdx55msm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaremsm8998sm8150sdm850apq8017msm8996nicobar_firmwaresdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CVE-2019-14024
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.19%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 06:30
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible stack-use-after-scope issue in NFC usecase for card emulation in Snapdragon Auto, Snapdragon Industrial IOT, Snapdragon Mobile in MSM8917, MSM8953, Nicobar, QM215, Rennell, SDM429, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-msm8953sdm450sdm632_firmwaresdm845sdm450_firmwaresdm632sdm439sm8250_firmwaresdm429sm7150_firmwaresdm710qm215sm6150sdm710_firmwaresm7150msm8917sdm670sxr2130sdm670_firmwaresm8150_firmwaresxr2130_firmwaresdm439_firmwarerennellrennell_firmwareqm215_firmwaremsm8953_firmwaresm6150_firmwaresm8250msm8917_firmwaresdm429_firmwaresm8150nicobar_firmwarenicobarsdm845_firmwareSnapdragon Auto, Snapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-416
Use After Free
CVE-2019-14087
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.19%
||
7 Day CHG~0.00%
Published-02 Jun, 2020 | 15:05
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Failure in buffer management while accessing handle for HDR blit when color modes not supported by display in Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wearables in MSM8909W, QCS605

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcs605qcs605_firmwaremsm8909w_firmwaremsm8909wSnapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-416
Use After Free
CVE-2019-13999
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.40%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Lack of check for integer overflow for round up and addition operations result into memory corruption and potential information leakage' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwaremdm9640_firmwareqcs610sdm450_firmwaresdm632qcs404_firmwaremdm9650mdm9645apq8009_firmwaremsm8917sdm670qcs605_firmwaresda845_firmwaresa415mapq8098qcn7605mdm9206_firmwaremsm8905_firmwaresda660sdx55_firmwareqca8081_firmwaresxr1130apq8053_firmwaresda845sa6155p_firmwaresdm450sdm636_firmwaresa515m_firmwareapq8098_firmwaremsm8998_firmwaresdm630mdm9607_firmwaresm8250_firmwaremdm9655_firmwaresa415m_firmwareqcs405qm215sc7180_firmwareapq8017_firmwaresdm710_firmwaresa6155pqca8081msm8937msm8905sm8150_firmwaremsm8909sxr2130_firmwaremdm9655rennellsc7180msm8953_firmwaresm6150_firmwaremsm8917_firmwaremsm8998sm8150sdx20_firmwaresdm850kamortaapq8017msm8996mdm9640kamorta_firmwareqcm2150_firmwaresdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdx24sdm439sdm429msm8940_firmwaresm7150_firmwaresm6150msm8996ausdm429w_firmwaresm7150sxr2130sc8180xmdm9206sdm670_firmwareqcs404sdx24_firmwareipq8074sdm636ipq6018_firmwaremdm9205sa515mqcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaresxr1130_firmwareapq8009msm8909_firmwarenicobarsdm850_firmwaremsm8920msm8953sdx20qcm2150msm8920_firmwaresdm660sc8180x_firmwareipq8074_firmwaresdm710mdm9607mdm9645_firmwareqcn7605_firmwareqcs610_firmwaremdm9150msm8996_firmwareipq6018apq8096ausdm439_firmwareqcs405_firmwaresdm630_firmwaremdm9205_firmwaresda660_firmwarerennell_firmwareqm215_firmwaresdx55msm8940apq8053apq8096au_firmwaresm8250nicobar_firmwaresdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-14023
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.19%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 06:30
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

String format issue will occur while processing HLOS data as there is no user input validation to ensure inputs are properly NULL terminated before string copy in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, Nicobar, Rennell, SA6155P, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa6155p_firmwaresm8150_firmwaresxr2130_firmwarerennellrennell_firmwaremdm9607_firmwaresm8250_firmwaresdx55sm7150_firmwaresm6150_firmwaresm8250sm6150mdm9607sm8150sdx55_firmwaresm7150nicobar_firmwaresa6155psxr2130nicobarSnapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CVE-2024-45564
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.47%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 08:31
Updated-09 May, 2025 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in HLOS

Memory corruption during concurrent access to server info object due to incorrect reference count update.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fastconnect_7800_firmwarewcd9341qam8295pqca6696_firmwaresnapdragon_888\+_5g_mobilesw5100pqca6678aqwcd9385_firmwarewcn3988_firmwaresnapdragon_865\+_5g_mobileqca6426sa9000pwsa8835_firmwareqca6678aq_firmwareqam8295p_firmwareqcs610snapdragon_w5\+_gen_1_wearable_firmwareqca6698aq_firmwarewcn3980qca6696sa8540p_firmwarec-v2x_9150_firmwaresnapdragon_888_5g_mobile_firmwareqca6174aqcs410sa6150p_firmwarewcn3620_firmwarewcd9385sa8530pqca6391sa8295pqca6688aq_firmwareqca9377qca6391_firmwareqca6174a_firmwaresnapdragon_x55_5g_modem-rf_systemwcn3620snapdragon_865_5g_mobile_firmwarefastconnect_6800_firmwaresa6155p_firmwaresnapdragon_429_mobilesa8195p_firmwaresw5100p_firmwaresnapdragon_xr2_5gqca6574au_firmwarewcd9370_firmwaresa8155p_firmwarefastconnect_6900sdm429wsnapdragon_865\+_5g_mobile_firmwarec-v2x_9150snapdragon_8_gen_1_mobileqca6595ausnapdragon_870_5g_mobile_firmwaresa8145p_firmwarewcn3680bqca6698aqsnapdragon_888_5g_mobilesa8150psxr2130_firmwarewcn3660bwsa8810wcd9380_firmwaresd865_5g_firmwaresnapdragon_w5\+_gen_1_wearablesnapdragon_429_mobile_firmwarevideo_collaboration_vc1_platform_firmwarewcd9341_firmwarewsa8835snapdragon_888\+_5g_mobile_firmwareqcn9074_firmwaresnapdragon_xr2_5g_firmwarewcd9370sdm429w_firmwarewsa8830sa9000p_firmwareqca6574auvideo_collaboration_vc3_platformsa6145psa8195psa6150psnapdragon_8_gen_1_mobile_firmwarewsa8815_firmwaresnapdragon_865_5g_mobileqca6595au_firmwareqca9367wcn3980_firmwarewcn3950_firmwaresa8530p_firmwaresa8540psa8295p_firmwaresd865_5gsw5100_firmwarevideo_collaboration_vc3_platform_firmwaresw5100qca6688aqqca9377_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresnapdragon_x55_5g_modem-rf_system_firmwaresxr2130wsa8810_firmwarefastconnect_6800qca6426_firmwaresa8150p_firmwareqca9367_firmwaresnapdragon_870_5g_mobilewcn3950wcn3988wcn3680b_firmwarewsa8830_firmwarewcd9380wsa8815qcs610_firmwareqca6436_firmwareqca6436sa6155psa8155psnapdragon_auto_5g_modem-rf_gen_2sa8145pvideo_collaboration_vc1_platformfastconnect_6900_firmwaresa6145p_firmwareqcn9074wcn3660b_firmwarefastconnect_7800qcs410_firmwareSnapdragon
CWE ID-CWE-416
Use After Free
CVE-2024-45554
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.61%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 08:31
Updated-09 May, 2025 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in DSP Service

Memory corruption during concurrent SSR execution due to race condition on the global maps list.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9380_firmwaresnapdragon_429_mobile_firmwarefastconnect_7800_firmwaresnapdragon_888\+_5g_mobilewsa8835sw5100psnapdragon_888\+_5g_mobile_firmwarewcd9385_firmwarewcn3988_firmwaresdm429w_firmwarewsa8830wsa8835_firmwaresnapdragon_8_gen_1_mobile_firmwarewcn3980_firmwarewcn3980snapdragon_888_5g_mobile_firmwareqca6174asw5100_firmwarewsa8832_firmwaresw5100sxr2250pwcn3620_firmwarewcd9385sxr2230p_firmwaresxr2230pwcn3620wcn3988qca6174a_firmwaresxr2250p_firmwarewcd9380wsa8830_firmwaresnapdragon_429_mobilesw5100p_firmwarefastconnect_6900sdm429wfastconnect_6900_firmwaresnapdragon_8_gen_1_mobilesnapdragon_888_5g_mobilewsa8832wcn3660b_firmwarefastconnect_7800wcn3660bSnapdragon
CWE ID-CWE-416
Use After Free
CVE-2019-14001
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.77%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 10:46
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wrong public key usage from existing oem_keystore for hash generation in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, QM215, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDX20

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-msm8953sdm450sdm636_firmwaresdm429wmsm8996au_firmwaresdm632_firmwaresdm450_firmwaresdm632sdx20sdm660sdm439mdm9607_firmwaresdm630mdm9650sdm429msm8909w_firmwaremdm9607msm8996auqm215sdm429w_firmwareapq8017_firmwareapq8009_firmwaremsm8909wmsm8917mdm9207c_firmwaremdm9206msm8905mdm9207capq8096ausdm439_firmwaresdm636sdm630_firmwaremdm9206_firmwareqm215_firmwaremsm8953_firmwareapq8053apq8096au_firmwaremsm8917_firmwaresdm429_firmwaremdm9650_firmwaresdx20_firmwaremsm8905_firmwareapq8017apq8009apq8053_firmwaresdm660_firmwareSnapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2019-14130
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.48%
||
7 Day CHG~0.00%
Published-30 Jul, 2020 | 11:40
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption can occurs in trusted application if offset size from HLOS is more than actual mapped buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-kamorta_firmwareqcs404sxr2130_firmwarerennellsc7180rennell_firmwareqcs404_firmwaresm8250_firmwaresdx55sm7150_firmwaresm6150_firmwaresm8250sm6150sc7180_firmwarekamortasdx55_firmwaresm7150sxr2130Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-14028
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.19%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 08:56
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overwrite during memcpy due to lack of check on SSID length validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996AU, MSM8998, Nicobar, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9886, QCN7605, QCS404, QCS405, QCS605, Rennell, SA6155P, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwareapq8096_firmwaremdm9640_firmwareqca4531_firmwaremsm8996au_firmwaresdm845apq8096sdx24qcs404_firmwaremdm9650sm7150_firmwaresm6150qca6574msm8996ausm7150apq8009_firmwaresdm670sxr2130qcs605_firmwaresc8180xmdm9206qca6564qca9379_firmwareqca6174asdm670_firmwareqcs404sdx24_firmwareqca6584au_firmwareipq8074sdm636sda845_firmwareqca9377qca4531apq8098qcn7605ipq6018_firmwaremdm9206_firmwareqca6574_firmwareqca9886qcs605qca6584_firmwaremdm9650_firmwareqca6584qca6574au_firmwaresda660sxr1130_firmwareapq8064_firmwareqca8081_firmwaresxr1130apq8009apq8053_firmwaresda845nicobarsdm850_firmwareqca6584ausa6155p_firmwaresdm636_firmwareapq8064sdm845_firmwareapq8098_firmwaresdx20msm8998_firmwaresdm660sdm630mdm9607_firmwaresm8250_firmwaresc8180x_firmwareqcs405ipq8074_firmwareqca6574ausdm710mdm9607apq8017_firmwaresdm710_firmwareqcn7605_firmwaresa6155pqca8081mdm9207c_firmwareipq6018mdm9207cqca6174a_firmwareqca9886_firmwareqca6564_firmwaresm8150_firmwaresxr2130_firmwareapq8096auqcs405_firmwarerennellsdm630_firmwaresda660_firmwarerennell_firmwareapq8053sm6150_firmwareapq8096au_firmwaresm8250msm8998sm8150sdx20_firmwaresdm850apq8017nicobar_firmwareqca9379sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-14047
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.19%
||
7 Day CHG~0.00%
Published-22 Jun, 2020 | 07:10
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

While IPA driver processes route add rule IOCTL, there is no input validation of the rule ID prior to adding the rule to the IPA HW commit list in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, APQ8096AU, MDM9607, MSM8909W, MSM8996, MSM8996AU, QCN7605, QCS605, SC8180X, SDA845, SDX20, SDX24, SDX55, SM8150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sm8150_firmwaresdx24_firmwareapq8096aumsm8996au_firmwareqcs605_firmwaresda845_firmwaresdx20qcn7605sdx24mdm9607_firmwareqcs605sc8180x_firmwaresdx55apq8053apq8096au_firmwaremsm8909w_firmwaremdm9607msm8996ausm8150sdx20_firmwareapq8053_firmwaresxr1130_firmwaresdx55_firmwareqcn7605_firmwaremsm8996sxr1130sda845msm8909wsc8180xmsm8996_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-20
Improper Input Validation
CVE-2024-45576
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.47%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 08:32
Updated-09 May, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Validation of Array Index in Camera Driver

Memory corruption while prociesing command buffer buffer in OPE module.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9380_firmwaresnapdragon_w5\+_gen_1_wearablesnapdragon_429_mobile_firmwarefastconnect_7800_firmwarewsa8835sw5100pwcd9385_firmwarewcn3988_firmwaresdm429w_firmwarewsa8830wsa8835_firmwaresnapdragon_8_gen_1_mobile_firmwaresnapdragon_w5\+_gen_1_wearable_firmwarewcn3980_firmwarewcn3980sw5100_firmwarewsa8832_firmwaresw5100sxr2250pwcn3620_firmwarewcd9385sxr2230p_firmwaresxr2230pwcn3620wcn3988wsa8830_firmwaresxr2250p_firmwarewcd9380snapdragon_429_mobilesw5100p_firmwarefastconnect_6900sdm429wfastconnect_6900_firmwaresnapdragon_8_gen_1_mobilewsa8832wcn3660b_firmwarefastconnect_7800wcn3660bSnapdragon
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2024-45574
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.47%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 08:32
Updated-09 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Validation of Array Index in Camera Driver

Memory corruption during array access in Camera kernel due to invalid index from invalid command data.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-snapdragon_429_mobile_firmwarewcn3620_firmwaresdm429wwcn3620sdm429w_firmwarewcn3660b_firmwaresnapdragon_429_mobilewcn3660bSnapdragon
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2023-33120
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.14% / 33.48%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 05:38
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in Audio

Memory corruption in Audio when memory map command is executed consecutively in ADSP.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm429w_firmwaresnapdragon_x20_lte_modemqcm8550_firmwaresd865_5gapq8017qcs410_firmwaresa6150p_firmwaresnapdragon_429_mobile_platform_firmwaresw5100psxr1120qca6595snapdragon_xr1_platformqcs610_firmwarewcd9335wcd9370qca8081_firmwaresnapdragon_x50_5g_modem-rf_systemqca6696wcd9340_firmwarewcd9341_firmwarewcd9395_firmwaresnapdragon_730_mobile_platformqcc710_firmwareqca6426wcn6740_firmwarefastconnect_6700wcn3610snapdragon_768g_5g_mobile_platform_firmwaresa4150pqca8337qca6426_firmwarewcd9395snapdragon_460_mobile_platformsnapdragon_auto_4g_modemsmart_display_200_platformqca6574au_firmwareqca6564_firmwareqam8295pwcd9341sd626_firmwareqca6574auwcd9390snapdragon_x12_lte_modemwsa8810_firmwaresd730_firmwarewsa8845h_firmwarecsra6640msm8209_firmwaresnapdragon_835_mobile_pc_platform_firmwarewcn3660b_firmwaresd730snapdragon_730g_mobile_platform_firmwarefastconnect_6800_firmwaresd835_firmwaresdx20msnapdragon_695_5g_mobile_platformsnapdragon_4_gen_1_mobile_platform_firmwarevideo_collaboration_vc1_platform_firmwaresa4155psnapdragon_778g\+_5g_mobile_platformsnapdragon_210_processor_firmwareqcm6125_firmwarec-v2x_9150snapdragon_wear_3100_platformqcc710msm8108snapdragon_480\+_5g_mobile_platform_firmwaresxr1120_firmwaresnapdragon_695_5g_mobile_platform_firmwaresnapdragon_x5_lte_modem_firmwarerobotics_rb3_platform315_5g_iot_modem_firmwarefastconnect_6900snapdragon_765g_5g_mobile_platformvideo_collaboration_vc1_platformsnapdragon_wear_2100_platform_firmwareqfw7114wcd9385_firmwareqca6421315_5g_iot_modemsnapdragon_x55_5g_modem-rf_systemqca6310qam8255p_firmwaresa8155_firmwarewcd9360snapdragon_888_5g_mobile_platform_firmwareqca6335mdm9250snapdragon_685_4g_mobile_platformsnapdragon_8\+_gen_2_mobile_platform_firmwarewsa8845sa6155pqca6421_firmwareqcm6125mdm9230qca6564au_firmwaresnapdragon_768g_5g_mobile_platformwsa8810qam8650pvideo_collaboration_vc5_platform_firmwaresnapdragon_8\+_gen_2_mobile_platformqca6595ausm7315_firmwarewcd9326_firmwaresa6155p_firmwarewsa8840mdm9640_firmwaremdm9230_firmwareqcs8550_firmwaresd835snapdragon_870_5g_mobile_platform_firmwareqfw7124_firmwareqca6436_firmwaresnapdragon_wear_4100\+_platform_firmwareqcn9012mdm9650_firmwarequalcomm_205_mobile_platformwcd9371_firmwaresnapdragon_8_gen_2_mobile_platformwcn3910_firmwaresnapdragon_7c\+_gen_3_compute_firmwaresm4125_firmwaresnapdragon_855\+\/860_mobile_platform_firmwaresnapdragon_212_mobile_platform_firmwareqca6420qca6174_firmwarewcn3910apq8064au_firmwarewcd9370_firmwarecsrb31024qca9367snapdragon_wear_3100_platform_firmwaresnapdragon_845_mobile_platformmdm9250_firmwaresnapdragon_x55_5g_modem-rf_system_firmwaresnapdragon_750g_5g_mobile_platform_firmwaresnapdragon_660_mobile_platformwcn3660bqca6574awcn3620_firmwareqca6174aqca6584_firmwaresa8195pwcd9340qcs8250_firmwareqcm2290snapdragon_820_automotive_platform_firmwareqca6335_firmwareqcm6490snapdragon_wear_2500_platformsm8550p_firmwareqcm8550snapdragon_x20_lte_modem_firmwarewcn3988snapdragon_460_mobile_platform_firmwareqca6574snapdragon_x75_5g_modem-rf_systemsd675_firmwareqca6430_firmwaresnapdragon_870_5g_mobile_platformqcn9011wsa8845hsa6150pwcd9326qcs410qcm2290_firmwaresa8155p_firmwareqca6564asa8155pwsa8830snapdragon_675_mobile_platformsnapdragon_662_mobile_platformsm8550psa6145pqcn9074_firmwarevision_intelligence_400_platform_firmwaresnapdragon_765_5g_mobile_platformsa8255p_firmwareflight_rb5_5g_platform_firmwaresmart_audio_200_platform_firmwaresnapdragon_665_mobile_platformar8035msm8996auqca6564sa6155qrb5165m_firmwarewcn3620snapdragon_678_mobile_platform_firmwareqcm4325robotics_rb5_platformsnapdragon_208_processor_firmwareqcn6224snapdragon_x5_lte_modemapq8064ausmart_display_200_platform_firmwareqca6698aqwcn3950_firmwaresm6250qrb5165nsmart_audio_200_platformfastconnect_6200snapdragon_710_mobile_platformsd670sm7325p_firmwarewcn3680bsa8145p_firmwaresnapdragon_730g_mobile_platformwcd9360_firmwaresnapdragon_888\+_5g_mobile_platformsmart_audio_400_platformsnapdragon_855\+\/860_mobile_platformsa8150p_firmwaresnapdragon_w5\+_gen_1_wearable_platformfastconnect_6700_firmwarevideo_collaboration_vc3_platform_firmwarewcn3990sd670_firmwaresnapdragon_680_4g_mobile_platform_firmwareqcs6490qcs8250snapdragon_750g_5g_mobile_platformfastconnect_6200_firmwarear8031_firmwarewsa8830_firmwareqcn6224_firmwareqca6431wsa8845_firmwaresd660_firmwaremdm9330_firmwaresnapdragon_auto_4g_modem_firmwarevision_intelligence_200_platformsxr2130_firmwaresnapdragon_675_mobile_platform_firmwarear8035_firmwaresnapdragon_730_mobile_platform_firmwaremdm9630qrb5165msnapdragon_888_5g_mobile_platformsnapdragon_w5\+_gen_1_wearable_platform_firmwareqca6320sa4150p_firmwaremsm8608_firmwaresd888_firmwaremsm8209snapdragon_662_mobile_platform_firmwareqca6564auqcs6125_firmwareqcn9074wsa8815_firmwaresa8195p_firmwareqca8337_firmwaresnapdragon_x12_lte_modem_firmwareqcm4290vision_intelligence_100_platformsnapdragon_680_4g_mobile_platformmsm8608ar8031sg8275p_firmwareqca9377_firmwareqcm6490_firmwaresnapdragon_1200_wearable_platform_firmwaresm7250p_firmwarewcn3680_firmwaresm4125snapdragon_855_mobile_platformrobotics_rb3_platform_firmwarewcn3950flight_rb5_5g_platformsnapdragon_xr2_5g_platformsnapdragon_429_mobile_platformqcs6125qca6797aq_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_765g_5g_mobile_platform_firmwaresnapdragon_xr2\+_gen_1_platform_firmwaresnapdragon_670_mobile_platform_firmwaresnapdragon_780g_5g_mobile_platformsnapdragon_710_mobile_platform_firmwaresa8295p_firmwaresd_675_firmwaresa4155p_firmwaresnapdragon_720g_mobile_platformvision_intelligence_200_platform_firmwaresm7250pcsrb31024_firmwaresa8155sm6250_firmwaresnapdragon_690_5g_mobile_platform_firmwaresnapdragon_780g_5g_mobile_platform_firmwaresnapdragon_845_mobile_platform_firmwareqca6584ausd888qca6320_firmwareqcn6274_firmwareqcn9011_firmwaresw5100_firmwaresnapdragon_765_5g_mobile_platform_firmwarewcn6740qca6310_firmwaresd626fastconnect_6800qfw7114_firmwareqcs7230snapdragon_685_4g_mobile_platform_firmwareqca6595_firmwarefastconnect_7800_firmwarewcd9371mdm9630_firmwaresnapdragon_782g_mobile_platform_firmwarefastconnect_6900_firmwareapq8017_firmwarewcd9380sa6145p_firmwareqam8255psa6155_firmwaresnapdragon_732g_mobile_platform_firmwaresnapdragon_xr2_5g_platform_firmwaresnapdragon_4_gen_1_mobile_platformsa8150psnapdragon_778g_5g_mobile_platformsnapdragon_665_mobile_platform_firmwaresnapdragon_x24_lte_modemmsm8996au_firmwaresnapdragon_835_mobile_pc_platformsnapdragon_auto_5g_modem-rf_firmwaresnapdragon_865\+_5g_mobile_platformsw5100video_collaboration_vc3_platformaqt1000snapdragon_865_5g_mobile_platform_firmwarec-v2x_9150_firmwareqam8295p_firmwaresd855snapdragon_212_mobile_platformqca6431_firmwarewcd9330_firmwareqca6174wcn3990_firmwaresm7315qca6698aq_firmwareqcs2290sdx20m_firmwareqca6564a_firmwarewcd9385qcs2290_firmwaremsm8909w_firmwarewcn3615qca9367_firmwarewcd9330wcn3610_firmwarewcn3680snapdragon_678_mobile_platformsa8255pqcs7230_firmwaresnapdragon_720g_mobile_platform_firmwareqcs4290wcd9390_firmwaresnapdragon_778g\+_5g_mobile_platform_firmwaresnapdragon_865\+_5g_mobile_platform_firmwaresnapdragon_690_5g_mobile_platformqca6430sg8275pmdm9650sdx55_firmwaresnapdragon_auto_5g_modem-rfsnapdragon_208_processorwcn3615_firmwaresnapdragon_210_processorsxr21309206_lte_modem_firmwaremsm8108_firmwaresnapdragon_wear_2500_platform_firmwarecsra6640_firmwarevision_intelligence_100_platform_firmwaresnapdragon_xr2\+_gen_1_platformqca6174a_firmwaresm7325pqam8650p_firmwarevideo_collaboration_vc5_platformsnapdragon_855_mobile_platform_firmwareqca6420_firmwareaqt1000_firmwareqcs6490_firmwaresdm429wsd855_firmwarewcd9335_firmwaremdm9640qca6436qrb5165n_firmwaresnapdragon_1200_wearable_platformsnapdragon_x24_lte_modem_firmwarewcn3980_firmwareqca6391_firmwarewsa8835wsa8840_firmwareqcn6274snapdragon_480_5g_mobile_platform_firmwareqfw7124qca6595au_firmwaresw5100p_firmwaresnapdragon_732g_mobile_platformsnapdragon_782g_mobile_platformqca6696_firmwareqcs4290_firmwaresnapdragon_865_5g_mobile_platformwcd9380_firmwarequalcomm_205_mobile_platform_firmwareqca6574_firmwarecsra6620qca8081sd660mdm9628wsa8815sg4150pqam8775pqca9377qca6797aqmdm9628_firmwareqcm4325_firmwarevision_intelligence_400_platform9206_lte_modemqca6574a_firmwaresdx55qcm4290_firmwaresnapdragon_480\+_5g_mobile_platformsd675wcd9375_firmwareqca6391qualcomm_215_mobile_platformsmart_audio_400_platform_firmwaresnapdragon_778g_5g_mobile_platform_firmwareqcn9012_firmwaresg4150p_firmwaresnapdragon_480_5g_mobile_platformqca6584snapdragon_670_mobile_platformcsra6620_firmwaresnapdragon_8_gen_2_mobile_platform_firmwaresa8295psnapdragon_xr1_platform_firmwareqcs8550robotics_rb5_platform_firmwaresnapdragon_x50_5g_modem-rf_system_firmwarefastconnect_7800qam8775p_firmwaresd865_5g_firmwarequalcomm_215_mobile_platform_firmwarewcd9375snapdragon_wear_2100_platformwcn3988_firmwaresa8145psd_675snapdragon_wear_4100\+_platformsnapdragon_888\+_5g_mobile_platform_firmwarewsa8835_firmwaresnapdragon_660_mobile_platform_firmwaresnapdragon_x75_5g_modem-rf_system_firmwaremdm9330qca6584au_firmwaresnapdragon_820_automotive_platformwcn3980msm8909wwcn3680b_firmwareqcs610Snapdragon
CWE ID-CWE-416
Use After Free
CVE-2019-14078
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.82%
||
7 Day CHG~0.00%
Published-02 Jun, 2020 | 15:05
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound memory access while processing qpay due to not validating length of the response buffer provided by User. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8098, MSM8909, MSM8998, SDA660, SDA845, SDM630, SDM636, SDM660, SDM845

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-msm8909sdm636_firmwaresdm636sda845_firmwareapq8098_firmwaresdm630_firmwaresdm845apq8098sda660_firmwaremsm8998_firmwaresdm660sdm630msm8998sda660apq8009_firmwareapq8009msm8909_firmwaresdm660_firmwaresda845sdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CVE-2019-14100
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.44%
||
7 Day CHG~0.00%
Published-30 Jul, 2020 | 11:40
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Register write via debugfs is disabled by default to prevent register writing via debugfs. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9206, MDM9207C, MDM9607, Nicobar, QCS405, SA6155P, SC8180X, SDX55, SM8150

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9206mdm9207csa6155p_firmwaresm8150_firmwareqcs405_firmwaremdm9206_firmwaremdm9607_firmwaresdx55sc8180x_firmwareqcs405mdm9607sm8150sdx55_firmwarenicobar_firmwaresa6155psc8180xmdm9207c_firmwarenicobarSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 21
  • 22
  • Next
Details not found