Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-22102

Summary
Assigner-qualcomm
Assigner Org ID-2cfc7d3e-20d3-47ac-8db7-1b7285aff15f
Published At-02 Sep, 2022 | 11:31
Updated At-03 Aug, 2024 | 03:00
Rejected At-
Credits

Memory corruption in multimedia due to incorrect type conversion while adding data in Snapdragon Auto

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:qualcomm
Assigner Org ID:2cfc7d3e-20d3-47ac-8db7-1b7285aff15f
Published At:02 Sep, 2022 | 11:31
Updated At:03 Aug, 2024 | 03:00
Rejected At:
▼CVE Numbering Authority (CNA)

Memory corruption in multimedia due to incorrect type conversion while adding data in Snapdragon Auto

Affected Products
Vendor
Qualcomm Technologies, Inc.Qualcomm, Inc.
Product
Snapdragon Auto
Versions
Affected
  • QCA6574AU, QCA6696, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P
Problem Types
TypeCWE IDDescription
textN/AIncorrect Type Conversion or Cast in Automotive Multimedia
Type: text
CWE ID: N/A
Description: Incorrect Type Conversion or Cast in Automotive Multimedia
Metrics
VersionBase scoreBase severityVector
3.18.4HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.qualcomm.com/company/product-security/bulletins/july-2022-bulletin
x_refsource_CONFIRM
Hyperlink: https://www.qualcomm.com/company/product-security/bulletins/july-2022-bulletin
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.qualcomm.com/company/product-security/bulletins/july-2022-bulletin
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.qualcomm.com/company/product-security/bulletins/july-2022-bulletin
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@qualcomm.com
Published At:02 Sep, 2022 | 12:15
Updated At:07 Sep, 2022 | 21:04

Memory corruption in multimedia due to incorrect type conversion while adding data in Snapdragon Auto

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.18.4HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Qualcomm Technologies, Inc.
qualcomm
>>qca6574au_firmware>>-
cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6574au>>-
cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6696_firmware>>-
cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6696>>-
cpe:2.3:h:qualcomm:qca6696:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sa6145p_firmware>>-
cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sa6145p>>-
cpe:2.3:h:qualcomm:sa6145p:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sa6150p_firmware>>-
cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sa6150p>>-
cpe:2.3:h:qualcomm:sa6150p:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sa6155p_firmware>>-
cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sa6155p>>-
cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sa8145p_firmware>>-
cpe:2.3:o:qualcomm:sa8145p_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sa8145p>>-
cpe:2.3:h:qualcomm:sa8145p:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sa8150p_firmware>>-
cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sa8150p>>-
cpe:2.3:h:qualcomm:sa8150p:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sa8155p_firmware>>-
cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sa8155p>>-
cpe:2.3:h:qualcomm:sa8155p:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sa8195p_firmware>>-
cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sa8195p>>-
cpe:2.3:h:qualcomm:sa8195p:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-704Primarynvd@nist.gov
CWE ID: CWE-704
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.qualcomm.com/company/product-security/bulletins/july-2022-bulletinproduct-security@qualcomm.com
Vendor Advisory
Hyperlink: https://www.qualcomm.com/company/product-security/bulletins/july-2022-bulletin
Source: product-security@qualcomm.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

880Records found
CVE-2019-10604
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.38%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 08:56
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possibility of heap-buffer-overflow during last iteration of loop while populating image version information in diag command response packet, in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MDM9607, MDM9640, MSM8909W, MSM8917, MSM8953, Nicobar, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDM429, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa6155p_firmwaremdm9640_firmwaremsm8953sdm450sdm845_firmwaresdm632_firmwareapq8098_firmwaresdm845sdm450_firmwaresdm632sdm439mdm9607_firmwaresm8250_firmwaresdm429sm7150_firmwaresdm710msm8909w_firmwaremdm9607qm215sm6150sdm710_firmwaresm7150msm8917sa6155psdm670sxr2130qcs605_firmwaresdm670_firmwaresm8150_firmwaresxr2130_firmwareapq8096ausdm439_firmwarerennellapq8098sda660_firmwarerennell_firmwareqm215_firmwareqcs605msm8953_firmwareapq8053apq8096au_firmwaresaipan_firmwaresm6150_firmwaremsm8917_firmwaresdm429_firmwaresm8250sm8150sda660sxr1130_firmwarenicobar_firmwaremsm8909wsaipansxr1130apq8053_firmwarenicobarmdm9640Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-10607
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.40%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 05:25
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds memcpy can occur by providing the embedded NULL character string and length greater than the actual string length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8996, MSM8996AU, QCA4531, QCA8081, QCA9531, QCA9558, QCA9886, QCA9980, QCN7605, QCS605, SDA660, SDX20, SDX24, SDX55, SM8150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca4531_firmwaremdm9640_firmwareqca9980_firmwaremsm8996au_firmwaresdx24mdm9650msm8940_firmwareqca9558_firmwareqca9558msm8909w_firmwaremsm8996auapq8009_firmwaremsm8917qcs605_firmwareipq4019_firmwaremdm9206sdx24_firmwareipq8074qca4531apq8098qcn7605mdm9615mdm9206_firmwaremsm8939qcs605qca9886msm8937_firmwaremdm9650_firmwaremsm8905_firmwaresda660sdx55_firmwareipq8064sxr1130_firmwareapq8064_firmwareqca8081_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwareipq8064_firmwaremsm8920apq8064apq8098_firmwaresdx20msm8920_firmwaremdm9607_firmwareqca9531ipq8074_firmwaremdm9607qca9980apq8017_firmwaremsm8939_firmwareqcn7605_firmwareqca8081msm8937mdm9207c_firmwaremsm8996_firmwaremsm8905mdm9207cqca9886_firmwaresm8150_firmwaremsm8909apq8096ausda660_firmwareipq4019sdx55msm8940apq8053apq8096au_firmwaremsm8917_firmwaremdm9615_firmwaresm8150sdx20_firmwareqca9531_firmwareapq8017msm8996mdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-10496
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.62%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 17:11
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lack of checking a variable received from driver and populating in Firmware data structure leads to buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850sd_632sd_820asd_675msm8996au_firmwaresd_439sd_670_firmwaresd_429sdm439sd_636snapdragon_high_med_2016_firmwaremsm8909w_firmwaremsm8996ausd_820sd_450_firmwaresd_845_firmwaresd_820a_firmwareqcs605_firmwaresd_675_firmwaresd_425_firmwaresd_665sd_625_firmwaresd_450sd_8cx_firmwaresd_845qcs605sd_632_firmwaresd_835_firmwaresd_835sda660sxr1130_firmwaresd_210_firmwaresxr1130msm8909wsd_665_firmwaresd_205_firmwaresd_212sd_427_firmwaresd_712sd_855sd_730_firmwarequalcomm_215sd_425sdm660sd_430_firmwaresd_710_firmwaresd_435sdm630sd_625sd_210sd_820_firmwaresd_636_firmwaresd_439_firmwarequalcomm_215_firmwaresd_429_firmwaresd_730snapdragon_high_med_2016sd_212_firmwaresd_850_firmwaresdm439_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaresd_8cxsd_427sd_430sd_670sd_435_firmwaresd_710sd_205sdm660_firmwaresd_855_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-10481
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.38%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 05:25
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound access occurs while handling the WMI FW event due to lack of check of buffer argument which comes directly from the WLAN FW in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MDM9607, MSM8996AU, QCA6574AU, QCA8081, QCN7605, SDX55, SM6150, SM7150, SM8150

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sm8150_firmwareipq8074apq8096aumsm8996au_firmwareqcn7605mdm9607_firmwareipq4019sdx55sm7150_firmwareipq8074_firmwareqca6574ausm6150apq8096au_firmwaremdm9607msm8996ausm6150_firmwaresm8150ipq8064qca6574au_firmwaresm7150sdx55_firmwareqca8081_firmwareqcn7605_firmwareqca8081ipq8064_firmwareipq4019_firmwareSnapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2019-10518
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.44%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 05:25
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free of a pointer in iWLAN scenario during netmgr state transition to CONNECT in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, SDA660, SDA845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwaremdm9640_firmwaresdm632_firmwaremsm8996au_firmwaresdm845sdm632sdx24sdm439mdm9650sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996ausm7150apq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwareipq4019_firmwaremdm9206sdm670_firmwaresdx24_firmwareipq8074sdm636sda845_firmwareapq8098mdm9206_firmwaremsm8939qcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaremsm8905_firmwareqca6574au_firmwaresda660sdx55_firmwareipq8064sxr1130_firmwareapq8064_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwareipq8064_firmwaresda845msm8920msm8953sdm636_firmwareapq8064sdm845_firmwareapq8098_firmwaresdx20msm8998_firmwaresdm660msm8920_firmwaresdm630mdm9607_firmwaresm8250_firmwareqcs405ipq8074_firmwareqca6574ausdm710mdm9607apq8017_firmwaresdm710_firmwaremsm8939_firmwaremdm9150msm8937mdm9207c_firmwaremsm8905mdm9207csm8150_firmwaremsm8909sxr2130_firmwareapq8096ausdm439_firmwareqcs405_firmwaresdm630_firmwaresda660_firmwareipq4019sdx55msm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaresm8250msm8998sm8150sdx20_firmwareapq8017sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-416
Use After Free
CVE-2019-10569
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 10.08%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 08:56
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack buffer overflow due to instance id is misplaced inside definition of hardware accelerated effects in makefile in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, APQ8098, MDM9607, MDM9640, MSM8998, QCS605, SC8180X, SDM439, SDM630, SDM636, SDM660, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9640_firmwaresdm636_firmwaresdm845_firmwareapq8098_firmwaresdm845msm8998_firmwaresdm660sdx24sdm630sdm439mdm9607_firmwaresc8180x_firmwaresm7150_firmwaresm6150mdm9607sm7150sc8180xqcs605_firmwaresm8150_firmwaresdx24_firmwaresdm439_firmwaresdm636sdm630_firmwareapq8098qcs605sdx55apq8053sm6150_firmwaremsm8998sm8150sxr1130_firmwaresdx55_firmwaresxr1130apq8053_firmwaresdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-10558
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.38%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 06:30
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

While transferring data from APPS to DSP, Out of bound in FastRPC HLOS Driver due to the data buffer which can be controlled by DSP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM6150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9640_firmwaresdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632sdx24sdm439mdm9650sdm429msm8940_firmwaresm6150msm8909w_firmwaremsm8996ausdm429w_firmwareapq8009_firmwaremsm8917sxr2130qcs605_firmwaremdm9206sdx24_firmwaresdm636sda845_firmwareapq8098qcn7605mdm9206_firmwareqcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaresda660sdx55_firmwaresxr1130_firmwaresxr1130msm8909wapq8009apq8053_firmwaresda845nicobarmsm8920msm8953sdm450sdm636_firmwaresdm845_firmwareapq8098_firmwaresdx20msm8998_firmwaresdm660msm8920_firmwaresdm630mdm9607_firmwaresm8250_firmwareqm215mdm9607apq8017_firmwareqcn7605_firmwaremsm8937mdm9207c_firmwaremdm9207csm8150_firmwaresxr2130_firmwareapq8096ausdm439_firmwaresdm630_firmwaresda660_firmwareqm215_firmwaresdx55msm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaresm8250msm8998sm8150sdx20_firmwareapq8017nicobar_firmwaresdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CVE-2019-10480
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.40%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 05:25
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound write can happen in WMI firmware event handler due to lack of validation of data received from WLAN firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCA9980, QCN7605, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaremdm9640_firmwareqca9980_firmwaremsm8996au_firmwaresdm845sdx24mdm9650msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996ausm7150apq8009_firmwaremsm8917sdm670qcs605_firmwareipq4019_firmwaremdm9206qca9379_firmwareqca6174asdm670_firmwaresdx24_firmwareipq8074sdm636sda845_firmwareqca9377apq8098qcn7605mdm9615mdm9206_firmwaremsm8939qcs605msm8937_firmwaremdm9650_firmwareqca6574au_firmwaresda660ipq8064sxr1130_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwareipq8064_firmwaresda845msm8920sdm636_firmwaresdm845_firmwareapq8098_firmwaresdx20sdm660msm8920_firmwaresdm630mdm9607_firmwareipq8074_firmwareqca6574ausdm710mdm9607qca9980apq8017_firmwaresdm710_firmwaremsm8939_firmwareqcn7605_firmwaremsm8937mdm9207c_firmwaremdm9207cqca6174a_firmwaresm8150_firmwaremsm8909apq8096ausdm630_firmwaresda660_firmwareipq4019msm8940apq8053sm6150_firmwareapq8096au_firmwaremsm8917_firmwaremdm9615_firmwaresm8150sdx20_firmwareapq8017qca9379sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-10567
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.20% / 42.32%
||
7 Day CHG~0.00%
Published-07 Feb, 2020 | 05:00
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a way to deceive the GPU kernel driver into thinking there is room in the GPU ringbuffer and overwriting existing commands could allow unintended GPU opcodes to be executed in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwaresdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632sdx24sdm439mdm9650sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996ausdm429w_firmwaresm7150apq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwaresc8180xmdm9206sdm670_firmwaresdx24_firmwaresdm636sda845_firmwareapq8098mdm9206_firmwareqcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaresda660sdx55_firmwaresxr1130_firmwaresxr1130msm8909wapq8009apq8053_firmwaresda845nicobarsa6155p_firmwaremsm8920msm8953sdm450sdm636_firmwareapq8098_firmwaresdx20msm8998_firmwaresdm660msm8920_firmwaresdm630mdm9607_firmwaresm8250_firmwaresc8180x_firmwareqcs405sdm710qm215mdm9607apq8017_firmwaresdm710_firmwaresa6155pmdm9150msm8937mdm9207c_firmwaremdm9207csm8150_firmwaresxr2130_firmwareapq8096ausdm439_firmwareqcs405_firmwarerennellsdm630_firmwaresda660_firmwarerennell_firmwareqm215_firmwaresdx55msm8953_firmwaremsm8940saipan_firmwaresm6150_firmwareapq8053msm8917_firmwareapq8096au_firmwaremsm8998sm8150sdx20_firmwaresm8250apq8017saipannicobar_firmwaresdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CVE-2019-10537
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.38%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 05:25
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation of event buffer extracted from FW response can lead to integer overflow, which will allow to pass the length check and eventually will lead to buffer overwrite when event data is copied to context buffer in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, Nicobar, QCA6574AU, QCN7605, QCS405, QCS605, SDM660, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sm8150_firmwaresxr2130_firmwaresdm660_firmwareqcs405_firmwaresdm845qcn7605sdm660mdm9607_firmwaresm8250_firmwareqcs605sdx55qcs405sm7150_firmwareqca6574ausm6150_firmwaresm6150sm8250mdm9607sm8150qca6574au_firmwaresdx55_firmwaresm7150sxr1130_firmwareqcn7605_firmwarenicobar_firmwaresxr1130sxr2130qcs605_firmwarenicobarsdm845_firmwareSnapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-10556
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.86%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 10:46
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing length check before copying the data from kernel space to userspace through the copy function can lead to buffer overflow in some cases in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, MSM8909W, MSM8917, MSM8953, Nicobar, QCN7605, QCS405, QCS605, QM215, Rennell, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-msm8953sdm450sdm429wsdm632_firmwaresdm845sdm450_firmwaresdm632sdx24sdm439sm8250_firmwaresc8180x_firmwaresdm429qcs405sm7150_firmwaresdm710msm8909w_firmwareqm215sm6150sdm429w_firmwaresdm710_firmwareapq8009sm7150apq8009_firmwareqcn7605_firmwaremsm8917sdm670sxr2130qcs605_firmwaresc8180xsdm670_firmwaresm8150_firmwaresdx24_firmwaresxr2130_firmwareapq8096ausdm439_firmwareqcs405_firmwarerennellsda845_firmwareqcn7605rennell_firmwareqm215_firmwareqcs605sdx55msm8953_firmwareapq8053apq8096au_firmwaresaipan_firmwaresm6150_firmwaremsm8917_firmwaresdm429_firmwaresm8250sm8150sxr1130_firmwaresdx55_firmwarenicobar_firmwaremsm8909wsaipansxr1130apq8053_firmwaresda845nicobarsdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-10512
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.75%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 17:11
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Payload size is not checked before using it as array index in audio in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9150_firmwaresd_632mdm9640_firmwaresd_820asd_675msm8996au_firmwaresd_439sd_670_firmwaresd_429sdx24sdm439mdm9650sd_636sd_615_firmwaremsm8909w_firmwaremsm8996ausd_820sd_450_firmwaresd_845_firmwaresd_820a_firmwareqcs605_firmwaresd_675_firmwareipq4019_firmwaremdm9206sd_425_firmwaresd_665sdx24_firmwaresd_625_firmwareipq8074sd_450sd_845mdm9206_firmwareqcs605sd_632_firmwaresd_835_firmwaremdm9650_firmwaresd_835sda660ipq8064sd_210_firmwaresxr1130_firmwaresd_415_firmwaresxr1130msm8909wsd_665_firmwaresd_616_firmwaresd_205_firmwaresd_415sd_212ipq8064_firmwaresd_427_firmwaresd_712sd_855sd_730_firmwarequalcomm_215sdx20sd_616sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435sd_615sd_710_firmwaresdm630qcs405sd_625ipq8074_firmwaresd_820_firmwaresd_210mdm9607sd_636_firmwaresd_439_firmwarequalcomm_215_firmwaremdm9150sd_429_firmwaresd_730sd_212_firmwaresd_850_firmwaresd_855_firmwaresdm439_firmwareqcs405_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaresd_430ipq4019sd_427sd_670sd_435_firmwaresdx20_firmwaresd_710sd_205sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2016-10394
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.05% / 14.06%
||
7 Day CHG~0.00%
Published-26 Nov, 2024 | 08:55
Updated-09 Jan, 2025 | 21:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Authentication in Core

Initial xbl_sec revision does not have all the debug policy features and critical checks.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_845sd_850_firmwaremdm9607sd_850mdm9607_firmwaresd_835_firmwaremdm9206sd_835mdm9206_firmwaresd_845_firmwareSnapdragon
CWE ID-CWE-287
Improper Authentication
CVE-2019-10503
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.00%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 14:38
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds access can occur in camera driver due to improper validation of array index in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, QCN7605, SDA660, SDM450, SDM630, SDM636, SDM660, SDX20

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-msm8920mdm9640_firmwaremsm8953sdm450sdm636_firmwaremsm8996au_firmwareapq8098_firmwaresdm450_firmwaremsm8998_firmwaresdx20sdm660msm8920_firmwaresdm630mdm9607_firmwaremdm9650msm8940_firmwaremsm8909w_firmwaremdm9607msm8996auapq8017_firmwareapq8009_firmwareqcn7605_firmwaremsm8909wmsm8917msm8937mdm9207c_firmwaremdm9206msm8905mdm9207cmsm8909apq8096ausdm636sdm630_firmwareapq8098qcn7605sda660_firmwaremdm9206_firmwaremsm8940apq8053apq8096au_firmwaremsm8953_firmwaremsm8917_firmwaremsm8937_firmwaremdm9650_firmwaremsm8998sdx20_firmwaremsm8905_firmwaresda660apq8017apq8009msm8909_firmwareapq8053_firmwaresdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2019-10580
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.10% / 26.79%
||
7 Day CHG~0.00%
Published-30 Jul, 2020 | 11:40
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When kernel thread unregistered listener, Use after free issue happened as the listener client`s private data has been already freed in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9607, MSM8909W, Nicobar, QCM2150, QCS405, QCS605, Saipan, SC8180X, SDM429W, SDX55, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcm2150_firmwaresm8150_firmwaresxr2130_firmwaresdm429wqcs405_firmwareqcs605_firmwareqcm2150mdm9607_firmwaresm8250_firmwareqcs605sc8180x_firmwaresdx55qcs405saipan_firmwaresm8250msm8909w_firmwaremdm9607sdm429w_firmwaresm8150sdx55_firmwarenicobar_firmwaremsm8909wsaipansxr2130sc8180xnicobarSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-416
Use After Free
CVE-2016-10408
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.44%
||
7 Day CHG~0.00%
Published-26 Nov, 2024 | 13:56
Updated-09 Jan, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Core.

QSEE will randomly experience a fatal error during execution due to speculative instruction fetches from device memory. Device memory is not valid executable memory.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-9206_lte_modemsd820_firmwareapq8037_firmwaresd626_firmware9206_lte_modem_firmwaresd626apq8037sd820sd821sd821_firmwareSnapdragonsd626_firmware9206_lte_modem_firmwaresd820_firmwareapq8037_firmwaresd821_firmware
CWE ID-CWE-284
Improper Access Control
CVE-2019-10497
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.28%
||
7 Day CHG~0.00%
Published-30 Sep, 2019 | 15:40
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free issue occurs If another instance of open for voice_svc node has been called from application without closing the previous one. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9150_firmwaresd_632mdm9640_firmwaresd_820asd_675msm8996au_firmwaresd_439sd_670_firmwaresd_429sdx24sdm439mdm9650sd_636sd_615_firmwaremsm8909w_firmwaremsm8996ausd_820sd_450_firmwaresd_845_firmwaresd_820a_firmwareqcs605_firmwaresd_675_firmwaremdm9206sd_425_firmwaresd_665sdx24_firmwaresd_625_firmwaresd_450sd_845mdm9206_firmwareqcs605sd_632_firmwaresd_835_firmwaremdm9650_firmwaresd_835sda660sd_210_firmwaresd_415_firmwaremsm8909wsd_665_firmwaresd_616_firmwaresd_205_firmwaresd_415sd_212sd_427_firmwaresd_712sd_855sd_730_firmwarequalcomm_215sdx20sd_616sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435sd_615sd_710_firmwaresdm630sd_625sd_820_firmwaresd_210mdm9607sd_636_firmwaresd_439_firmwarequalcomm_215_firmwaremdm9150sd_429_firmwaresd_730sd_212_firmwaresd_850_firmwaresd_855_firmwaresdm439_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaresd_430sd_427sd_670sd_435_firmwaresdx20_firmwaresd_710sd_205sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-416
Use After Free
CVE-2021-1921
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.40%
||
7 Day CHG~0.00%
Published-12 Nov, 2021 | 06:15
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible memory corruption due to Improper handling of hypervisor unmap operations for concurrent memory operations in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wsa8830wcd9380_firmwarewcn3990sd780gsd865_5gqca6595qca6431_firmwaresdx24sdx55m_firmwarewcn6856_firmwarewcd9360_firmwarewsa8835wcn3950_firmwarewcd9380sd888_5gqca6420_firmwareqca6390_firmwarewcd9370sd675_firmwarewcn6855_firmwareqca6426sdx24_firmwarewcn3990_firmwareqrb5165n_firmwaresm7325qca6430_firmwarewcn3980wcn6750wcn3998sd_8cx_firmwarewcd9385_firmwaresdxr2_5g_firmwarewcn3950whs9410wcd9340_firmwaresd855wsa8815wcn6850qsm8350_firmwareqsm8350sd_8c_firmwareqca6426_firmwarewcn7850qca6574au_firmwaresdx55_firmwarewcd9375_firmwarewcn3998_firmwarewcn3980_firmwareqca6391sdx55mwcd9360qca6420qca6436_firmwareqrb5165nqca6421_firmwareaqt1000_firmwarewcn6740_firmwaresd778gsa6155p_firmwarewhs9410_firmwarewcn7851qcs6490qrb5165_firmwaresdxr2_5gqcm6490_firmwareqrb5165wcn6851_firmwareqca6430qca6574auqca6421sd778g_firmwarewcd9340sa8195psdm830_firmwarewsa8810_firmwarewcd9341_firmwarewsa8810sd870qca6436wcn6851wcn6855sa6155pwcn7851_firmwarewcn6856sd_8cwcd9385wcd9341qca6431qcs6490_firmwareqca6595_firmwaresd870_firmwarewcn6740qca6391_firmwareqca6390wcd9375sd_8cxaqt1000sd780g_firmwarewcd9370_firmwaresdx55sd675wsa8830_firmwaresd855_firmwaresd865_5g_firmwareqcm6490sd888_5g_firmwarewcn6850_firmwarewcn7850_firmwarewsa8815_firmwarewsa8835_firmwaresa8195p_firmwaresdm830wcn6750_firmwaresm7325_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2019-10571
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.00%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 08:30
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Snapshot of IB can lead to invalid address access due to missing check for size in the related function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCN7605, QCS405, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm632_firmwaremsm8996au_firmwaresdm845sdm450_firmwaresdm632sdx24sdm439mdm9650sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996ausm7150msm8917sdm670sxr2130qcs605_firmwaremdm9206sdm670_firmwaresdx24_firmwaresdm636sda845_firmwareapq8098qcn7605mdm9206_firmwareqcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaresda660msm8909wmsm8909_firmwareapq8053_firmwaresda845nicobarsa6155p_firmwaremsm8920msm8953sdm450sdm636_firmwareapq8098_firmwaresdx20sdm660msm8920_firmwaresdm630mdm9607_firmwaresm8250_firmwareqcs405sdm710qm215mdm9607apq8017_firmwaresdm710_firmwareqcn7605_firmwaresa6155pmsm8937mdm9207c_firmwaremdm9207csm8150_firmwaremsm8909sxr2130_firmwareapq8096ausdm439_firmwareqcs405_firmwaresdm630_firmwaresda660_firmwareqm215_firmwaremsm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaresm8250sm8150sdx20_firmwareapq8017nicobar_firmwaresdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-10601
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.40%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 05:25
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound access can occur while processing firmware event due to lack of validation of WMI message received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MSM8996AU, Nicobar, QCA6574AU, QCN7605, QCS405, SDM630, SDM636, SDM660, SDM845, SM6150, SM7150, SM8150

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm636_firmwaremsm8996au_firmwaresdm845sdm660sdm630qcs405sm7150_firmwareipq8074_firmwareqca6574ausm6150msm8996ausm7150qcn7605_firmwareipq4019_firmwaresm8150_firmwareipq8074apq8096ausdm636qcs405_firmwaresdm660_firmwaresdm630_firmwareqcn7605ipq4019apq8096au_firmwaresm6150_firmwaresm8150ipq8064qca6574au_firmwarenicobar_firmwareipq8064_firmwarenicobarsdm845_firmwareSnapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2019-10596
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.38%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Improper access control can lead signed process to guess pid of other processes and access their address space' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Bitra, Nicobar, QCS605, QCS610, Rennell, SA6155P, Saipan, SC7180, SC8180X, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm850_firmwaresa6155p_firmwareqcs610sdm845sm8250_firmwaresc8180x_firmwaresm7150_firmwaresdm710sc7180_firmwaresm6150sdm710_firmwaresm7150sa6155psdm670qcs610_firmwaresxr2130sc8180xqcs605_firmwaresdm670_firmwaresm8150_firmwaresxr2130_firmwarerennellsc7180bitrarennell_firmwareqcs605saipan_firmwaresm6150_firmwaresm8250bitra_firmwaresm8150sdm850sxr1130_firmwarenicobar_firmwaresaipansxr1130nicobarsdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
CVE-2021-1952
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.38%
||
7 Day CHG~0.00%
Published-09 Sep, 2021 | 07:35
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer over read occurs due to lack of length check of request buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3991_firmwaremdm9150_firmwarewsa8830sd678sa6150p_firmwaresm6250p_firmwaresa8145p_firmwareqcs610sm7250qcs2290_firmwareqca8337sm7250_firmwareqca6431_firmwaresd7c_firmwarecsra6620qcs4290wcn3950_firmwaresc8180x\+sdx55sa8150p_firmwaresd765g_firmwareqca6420_firmwareqca6595au_firmwareqcs2290qca6390_firmwaresa6155sd690_5gsd730_firmwarewcd9370csra6620_firmwaresd_675_firmwaresd675_firmwarecsra6640_firmwareqcs6125_firmwareqca6426qca6584au_firmwaresa415mwcn3998sd_8cx_firmwarewcd9371_firmwaresdxr2_5g_firmwarewcd9385_firmwaresm4125sd720gwcn3950qsm8350_firmwaresd662qsm8350sd460_firmwaresa8155qca6574au_firmwaresdx55_firmwareqca6595ausa6155_firmwarewcd9375_firmwarewcn3998_firmwarewcn3999_firmwareqca6420qca6436_firmwarewcd9306qca6584ausa6155p_firmwaresd778gwcn3999sa515m_firmwareqcs6490qrb5165_firmwaresdxr2_5gqcs6125sa8155_firmwareqca4004_firmwaresd662_firmwaresa415m_firmwareqcs405qca6430wcn3988_firmwaresa6145p_firmwareqca6421sd778g_firmwaresm6250wcd9306_firmwaresa8195pwcd9340wsa8810_firmwaresd765gsd765_firmwareqca6436wcn6851wcd9335sa6155pqcs4290_firmwarewcd9385qca6431qca6696_firmwareqcs6490_firmwarewcd9371sd750gsd870_firmwareqca6390ar8035sd_8cxaqt1000sa8150psd750g_firmwaresc8180x\+sdx55_firmwaresm6250_firmwarewcd9375wcn3910_firmwareqca4004wsa8830_firmwaresd855_firmwaresd865_5g_firmwareqcm6490sd888_5g_firmwarewcn3988wcn6850_firmwarewsa8815_firmwarewsa8835_firmwaresa8195p_firmwareqcx315wcn6750_firmwareqcm6125_firmwareqcm2290_firmwarewcn3991qca8337_firmwarewcd9380_firmwaresd_675sd780gsd865_5gsdx55m_firmwarewcn6856_firmwaresd670_firmwareqca6574qcx315_firmwarewsa8835sd665_firmwarewcd9380sd888_5gsm6250pqcs410qca6574asd690_5g_firmwaresdx50m_firmwarewcn6855_firmwaresm7325qca6430_firmwarewcd9335_firmwarewcn6750mdm9205sa515mqca6574_firmwarewcd9340_firmwaresd855sm4125_firmwarewcn6850sd665sd7cwcn3910wsa8815sd_8c_firmwaresd765qca6426_firmwareqca6574a_firmwaresd768g_firmwaresd460qca6391sd730sdx55mqca6421_firmwareaqt1000_firmwarewcn6740_firmwaresd678_firmwarear8031_firmwareqcm4290qcm6490_firmwaresdx50mqrb5165sd480_firmwarewcn6851_firmwareqca6574ausa8155p_firmwaresd670qcm6125qcm4290_firmwaresd480sd870wcn6855wsa8810qcs610_firmwaremdm9150wcn6856qsm8250sd_8csa6145psd768gar8031qcs405_firmwaresa8145pwcn6740qca6696mdm9205_firmwareqca6391_firmwaresd780g_firmwarewcd9370_firmwaresa6150psdx55sa8155pcsra6640sd675sd720g_firmwareqcs410_firmwarear8035_firmwareqcm2290qsm8250_firmwaresm7325_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-10566
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.86%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 14:38
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow can occur in wlan module if supported rates or extended rates element length is greater than max rate set length in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8996AU, Nicobar, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS405, QCS605, SDA845, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaremsm8996au_firmwaresdm845sdx20mdm9607_firmwaresm8250_firmwaremdm9650qcs405qca6574ausdm710sm6150mdm9607msm8996auapq8017_firmwaresdm710_firmwareqcn7605_firmwaresdm670sxr2130qcs605_firmwaremdm9207c_firmwaremdm9206msm8905mdm9207cqca6174a_firmwareqca6174aqca9379_firmwaresdm670_firmwaresm8150_firmwaresxr2130_firmwareapq8096auqcs405_firmwareqca9377sda845_firmwareqcn7605mdm9206_firmwareqcs605apq8053apq8096au_firmwaresm6150_firmwaresm8250mdm9650_firmwaresm8150sdx20_firmwaremsm8905_firmwareqca6574au_firmwareapq8017nicobar_firmwareqca9379apq8053_firmwaresda845nicobarsdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-10575
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.64%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 10:46
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wlan binary which is not signed with OEMs RoT is working on secure device without authentication failure in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in SDA845, SDM845, SDM850

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm850_firmwaresdm850sda845_firmwaresdm845sda845sdm845_firmwareSnapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-10621
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.44%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 10:46
Updated-04 Aug, 2024 | 22:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free issue when MAP and UNMAP calls at same time as data structure used my MAP may be freed by UNMAP function in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in Nicobar, QCS405, Rennell, Saipan, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sm8150_firmwaresxr2130_firmwareqcs405_firmwarerennellrennell_firmwaresm8250_firmwaresc8180x_firmwaresdx55qcs405sm7150_firmwaresaipan_firmwaresm6150_firmwaresm6150sm8250sm8150sdx55_firmwaresm7150nicobar_firmwaresaipansxr2130sc8180xnicobarSnapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CWE ID-CWE-416
Use After Free
CVE-2019-10595
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.40%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 05:25
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer overwrite in message handler due to lack of validation of tid value calculated from packets received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, APQ8064, APQ8096AU, IPQ4019, IPQ8064, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909, MSM8909W, MSM8939, MSM8996AU, QCA4531, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCA9558, QCA9880, QCA9886, QCA9980, SDA660, SDM630, SDM636, SDM660, SDX20, SDX24

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwareqca4531_firmwaremdm9640_firmwaresdm636_firmwareapq8064qca9980_firmwaremsm8996au_firmwaresdx20sdm660sdx24sdm630mdm9607_firmwaremdm9650qca9558qca9558_firmwareqca6574aumdm9607msm8996auqca9880_firmwareqca9980qca9880msm8939_firmwareapq8009_firmwareipq4019_firmwaremdm9207c_firmwaremdm9206mdm9207cqca6174a_firmwareqca6174aqca9379_firmwareqca9886_firmwaremsm8909sdx24_firmwareapq8096ausdm636sdm660_firmwareqca9377qca4531sdm630_firmwaresda660_firmwaremdm9615mdm9206_firmwaremsm8939ipq4019qca9886apq8053apq8096au_firmwaremdm9615_firmwaremdm9650_firmwaresdx20_firmwareipq8064qca6574au_firmwaresda660apq8064_firmwareapq8009qca9379msm8909_firmwareapq8053_firmwareipq8064_firmwaremdm9640Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CVE-2019-10584
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.00%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 05:25
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possibility of out of bound access in debug queue, if packet size field is corrupted in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS405, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9640_firmwaresdm632_firmwaremsm8996au_firmwaresdm845sdm450_firmwaresdm632sdx24sdm439mdm9650sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996ausm7150apq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwaremdm9206sdm670_firmwaresdx24_firmwaresdm636sda845_firmwareapq8098qcn7605mdm9206_firmwareqcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaresda660sdx55_firmwaresxr1130_firmwaresxr1130msm8909wapq8009apq8053_firmwaresda845nicobarsa6155p_firmwaremsm8920msm8953sdm450sdm636_firmwaresdm845_firmwareapq8098_firmwaresdx20msm8998_firmwaresdm660msm8920_firmwaresdm630mdm9607_firmwaresm8250_firmwareqcs405sdm710qm215mdm9607apq8017_firmwaresdm710_firmwareqcn7605_firmwaresa6155pmsm8937mdm9207c_firmwaremdm9207csm8150_firmwaresxr2130_firmwareapq8096ausdm439_firmwareqcs405_firmwaresdm630_firmwaresda660_firmwareqm215_firmwaresdx55msm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaresm8250msm8998sm8150sdx20_firmwareapq8017nicobar_firmwaresdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-10524
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.28%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 17:11
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lack of check for a negative value returned for get_clk is wrongly interpreted as valid pointer and lead to use after free in clk driver in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9150_firmwaresd_632mdm9640_firmwaresd_820asd_675msm8996au_firmwaresd_439sd_670_firmwaresd_429sdx24sdm439mdm9650sd_636msm8909w_firmwaremsm8996ausd_820sd_450_firmwaresd_845_firmwaresd_820a_firmwareqcs605_firmwaresd_675_firmwaremdm9206sd_425_firmwaresd_665sdx24_firmwaresd_625_firmwaresd_450sd_845mdm9206_firmwareqcs605sd_632_firmwaresd_835_firmwaremdm9650_firmwaresd_835sda660sd_210_firmwaremsm8909wsd_665_firmwaresd_205_firmwaresd_212sd_427_firmwaresd_712sd_855sd_730_firmwarequalcomm_215sdx20sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435sd_710_firmwaresdm630qcs405sd_625sd_820_firmwaresd_210mdm9607sd_636_firmwaresd_439_firmwarequalcomm_215_firmwaremdm9150sd_429_firmwaresd_730sd_212_firmwaresd_850_firmwaresd_855_firmwaresdm439_firmwareqcs405_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaresd_430sd_427sd_670sd_435_firmwaresdx20_firmwaresd_710sd_205sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-416
Use After Free
CVE-2025-47346
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.69%
||
7 Day CHG~0.00%
Published-06 Jan, 2026 | 22:48
Updated-27 Jan, 2026 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds Write in HLOS

Memory corruption while processing a secure logging command in the trusted application.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9375_firmwaresm8735_firmwareqam8295p_firmwareqcm5430wcn3988_firmwaresm8650q_firmwaresa7255p_firmwareqca6595au_firmwareqam8620psnapdragon_8_gen_3_mobile_platformqam8255pwcd9375qca6574wcn7860_firmwaresnapdragon_4_gen_2_mobile_platform_firmwarewcn7861qca6574au_firmwaresm7635psm8635p_firmwaresc8380xpsa8650p_firmwaresrv1lqca8081qam8775p_firmwaresm6650_firmwarewcn7880snapdragon_auto_5g_modem-rf_gen_2_firmwareqca6174asa6155p_firmwarewsa8845_firmwarevideo_collaboration_vc3_platform_firmwaresnapdragon_x72_5g_modem-rf_system_firmwareqamsrv1msnapdragon_ar1_gen_1_platform_\"luna1\"_firmwareqamsrv1h_firmwaresm8635psnapdragon_8_gen_3_mobile_platform_firmwarewcn7750sm8635_firmwareqca6574awcd9395_firmwarewcn7881_firmwaresm8750sm4635_firmwaresa9000pqam8255p_firmwaresa8195p_firmwarewsa8810_firmwaresa8150p_firmwareqca6174a_firmwareqca6595ausrv1h_firmwareqca8081_firmwaresa8155p_firmwareqca6696_firmwareqca6584au_firmwareqfw7114sm6650psm8750p_firmwaresnapdragon_x35_5g_modem-rf_systemsnapdragon_ar1_gen_1_platform_firmwaresa6145p_firmwareqcs5430wcn7860sxr2330psa7775psa8295p_firmwareqcs9100qca6698aq_firmwarewsa8835_firmwaresnapdragon_6_gen_1_mobile_platformqcm5430_firmwarewcn7881qca6584auqca6797aq_firmwaresa8775pqcs9100_firmwaresm6650p_firmwareqfw7124_firmwaresxr2330p_firmwareqfw7114_firmwaresrv1mfastconnect_6200_firmwaresa6150p_firmwareqam8650pqca6574_firmwareqam8650p_firmwarewsa8810qca6574auwcn6755_firmwareqca6574a_firmwaresnapdragon_x75_5g_modem-rf_systemwsa8845hqam8775pqca8337_firmwaresm7635_firmwarewcn3950_firmwarewcn7750_firmwarewcn3950sm6650sm7635p_firmwarefastconnect_6700_firmwaresa8650pfastconnect_6900_firmwaresrv1m_firmwarewcn6650qcm6490_firmwareqca6678aq_firmwaresm7435_firmwareqca6797aqwcd9340_firmwarefastconnect_6200srv1hsm8735sxr2350pwcn6650_firmwaresm7635snapdragon_x75_5g_modem-rf_system_firmwaresm8635srv1l_firmwaresnapdragon_4_gen_2_mobile_platformfastconnect_6900sa8155psm8750pqep8111qcn6274qep8111_firmwarewsa8832sa8775p_firmwaresm7675_firmwareqcc710_firmwareqcn6224wcd9370wcd9390fastconnect_7800wcn6755sa8145p_firmwarewsa8832_firmwareqamsrv1hsa8540p_firmwaresa8150pqca6698aqsa8255pwsa8840sa7255psm8750_firmwaresa6155psnapdragon_x32_5g_modem-rf_system_firmwaresm7435ar8035qca6688aq_firmwaresnapdragon_6_gen_1_mobile_platform_firmwarewsa8830sa8540psm7675pqmp1000wcd9385sa6145pqcs5430_firmwareqca6688aqsnapdragon_auto_5g_modem-rf_gen_2wcd9340sa8770p_firmwaresm6475fastconnect_7800_firmwaresnapdragon_ar1_gen_1_platformqcs6490qca6678aqsnapdragon_x35_5g_modem-rf_system_firmwarewsa8830_firmwareqamsrv1m_firmwaresa9000p_firmwareqmp1000_firmwarewsa8840_firmwarewsa8815_firmwarewsa8835wcn7880_firmwarewcd9385_firmwareqca8337sa8620pqfw7124qam8295pqca6595qca6696wcd9380_firmwarewcn3988qcn6224_firmwareqca6595_firmwarevideo_collaboration_vc3_platformsnapdragon_x72_5g_modem-rf_systemsm7675qcm6490sm7675p_firmwareqcs6490_firmwarewsa8815wcd9378_firmwaresa8145pqcs615_firmwarewcd9370_firmwaresa8195par8035_firmwarewsa8845sa8620p_firmwaresm6475_firmwareqcc710snapdragon_x32_5g_modem-rf_systemwsa8845h_firmwaresnapdragon_ar1_gen_1_platform_\"luna1\"qam8620p_firmwaresm4635qcs615sa6150pwcd9378sxr2350p_firmwarewcd9395sa8770psc8380xp_firmwarewcd9380sa7775p_firmwaresa8255p_firmwaresa8295pfastconnect_6700qcn6274_firmwarewcd9390_firmwarewcn7861_firmwaresm8650qSnapdragon
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-47316
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.27%
||
7 Day CHG~0.00%
Published-24 Sep, 2025 | 15:33
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Double Free in Video

Memory corruption due to double free when multiple threads race to set the timestamp store.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9380wcd9341snapdragon_8cx_compute_platform_\(sc8180x-ab\)wcd9340_firmwaresnapdragon_7c\+_gen_3_compute_firmwaresc8380xp_firmwaresnapdragon_8cx_gen_3_compute_platform_\(sc8280xp-ab\)_firmwaresnapdragon_8cx_gen_3_compute_platform_\(sc8280xp-ab\)qca6430_firmwarefastconnect_6900snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-ac\)_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_8c_compute_platform_\(sc8180x-ad\)wcd9341_firmwarewcd9385_firmwarewsa8830_firmwaresnapdragon_8cx_compute_platform_\(sc8180x-ab\)_firmwarewsa8835wsa8845fastconnect_7800snapdragon_8cx_compute_platform_\(sc8180x-aa\)_firmwarewcd9385wcd9380_firmwarewsa8845hwsa8830snapdragon_8cx_gen_3_compute_platform_\(sc8280xp-bb\)_firmwarewsa8845_firmwareaqt1000snapdragon_8cx_compute_platform_\(sc8180x-aa\)fastconnect_6200_firmwarewsa8835_firmwarefastconnect_6700qca6391wsa8840_firmwarewsa8815_firmwarewcd9340wsa8840qca6391_firmwarefastconnect_6900_firmwarefastconnect_6800_firmwaresnapdragon_8c_compute_platform_\(sc8180x-ad\)_firmwaresnapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-af\)_firmwarewsa8810wsa8845h_firmwarefastconnect_6200fastconnect_6800qca6430aqt1000_firmwaresnapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-af\)snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-ac\)fastconnect_7800_firmwaresnapdragon_8cx_gen_3_compute_platform_\(sc8280xp-bb\)wsa8810_firmwareqca6420sc8380xpfastconnect_6700_firmwarewsa8815qca6420_firmwareSnapdragon
CWE ID-CWE-415
Double Free
CVE-2025-47359
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.29%
||
7 Day CHG~0.00%
Published-02 Feb, 2026 | 15:20
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in Secure Processor

Memory Corruption when multiple threads simultaneously access a memory free API.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fastconnect_6200wcd9378cqcc2072wsa8845fastconnect_6800_firmwarex2000077_firmwarefastconnect_6800wsa8845_firmwarex2000094wsa8840_firmwareaqt1000_firmwareqca6391_firmwaresc8180xp-aaab_firmwarewcd9378c_firmwareqca6420wcd9385sc8180xp-acaffastconnect_7800sc8180x-aaab_firmwarex2000090qca6430_firmwaresc8180xp-adx2000086_firmwaresc8180xp-ad_firmwarewsa8830wsa8835_firmwarewcd9385_firmwaresc8180xp-aaabwsa8815_firmwaresc8280xp-abbbsc8180xp-acaf_firmwarex2000092_firmwarewsa8810_firmwarexg101002_firmwarewsa8845h_firmwarexg101039_firmwarex2000077wsa8845hfastconnect_6900_firmwarewcd9340_firmwarex2000090_firmwareaqt1000sc8180x-acaf_firmwarefastconnect_6900wcd9340qca6430sc8280xp-abbb_firmwaresc8380xpwcd9341_firmwareqca6391wcd9341xg101032wcd9380sc8180x-acafwsa8835wcd9380_firmwaresc8380xp_firmwarewsa8840xg101032_firmwaresc8180x-ad_firmwarewsa8830_firmwarewsa8815fastconnect_6200_firmwaresc8180x-aaabx2000092xg101002qcc2072_firmwarexg101039qca6420_firmwarex2000086x2000094_firmwarefastconnect_7800_firmwaresc8180x-adwsa8810Snapdragon
CWE ID-CWE-416
Use After Free
CVE-2025-47364
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.01% / 0.22%
||
7 Day CHG~0.00%
Published-02 Feb, 2026 | 15:20
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer Overflow or Wraparound in Automotive

Memory corruption while calculating offset from partition start point.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa6155pqca6797aq_firmwaresa8770p_firmwaresa7775p_firmwaresa8650pqamsrv1msa8620pqca6696_firmwaresa8255pqam8775pqca8695au_firmwaresa9000psa8540pqca6797aqsa6145pqam8775p_firmwaresa8145psa8255p_firmwaresa7775psa8295psa8150p_firmwaresa6145p_firmwareqca6698aqqca6595sa8195p_firmwaresrv1m_firmwareqamsrv1hsa8145p_firmwaresrv1lqca6595auqam8295p_firmwareqam8620psa8650p_firmwareqca6595_firmwareqam8650psa8775p_firmwaresrv1hqca6574auqam8650p_firmwareqam8295psa6155p_firmwaresa6150pqca6698aq_firmwaresa7255psa9000p_firmwareqam8620p_firmwaresa7255p_firmwareqam8255psa8150psrv1h_firmwaresa8775psa6150p_firmwareqca6574au_firmwaresa8155psa8620p_firmwareqca6595au_firmwareqca6688aq_firmwareqamsrv1m_firmwaresa8295p_firmwareqam8255p_firmwaresa8770pqca8695ausa8195pqamsrv1h_firmwareqca6696srv1l_firmwareqca6688aqsa8155p_firmwaresa8540p_firmwaresrv1mSnapdragon
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-47368
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.78%
||
7 Day CHG~0.00%
Published-04 Nov, 2025 | 03:19
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in DSP Service

Memory corruption when dereferencing an invalid userspace address in a user buffer during MCDM IOCTL processing.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fastconnect_6900wsa8845hwsa8840wcd9380_firmwarewsa8845_firmwaresc8380xp_firmwarewsa8840_firmwarewcd9385_firmwarewcd9385wsa8845fastconnect_6900_firmwarefastconnect_7800sc8380xpfastconnect_7800_firmwarewcd9380wsa8845h_firmwareSnapdragon
CWE ID-CWE-126
Buffer Over-read
CVE-2025-47321
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.78%
||
7 Day CHG~0.00%
Published-18 Dec, 2025 | 05:29
Updated-27 Jan, 2026 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy Without Checking Size of Input in Core Services

Memory corruption while copying packets received from unix clients.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9375_firmwaresm8735_firmwareqcm5430wcn3988_firmwaresa7255p_firmwaresw5100qca6595au_firmwareqam8255pwcd9375qcm6125_firmwareqca6574wcn7860_firmwaresnapdragon_4_gen_2_mobile_platform_firmwarewcn7861qca6574au_firmwaresm7635psa8650p_firmwareqca8081qam8775p_firmwaresm6650_firmwarewcn7880qca2066_firmwareqca6174asa4155psa6155p_firmwaresnapdragon_768g_5g_mobile_platform_\(sm7250-ac\)snapdragon_765g_5g_mobile_platform_\(sm7250-ab\)smart_audio_400_platformwcn3980wsa8845_firmwareqca6391_firmwarevideo_collaboration_vc3_platform_firmwaresmart_audio_400_platform_firmwareqamsrv1msnapdragon_ar1_gen_1_platform_\"luna1\"_firmwareqamsrv1h_firmwaresxr2250p_firmwarewcn7750qcn9011qcs8550_firmwaresnapdragon_680_4g_mobile_platformqca6574awcd9395_firmwarewcn7881_firmwaresm8750sa9000pqam8255p_firmwaresa8195p_firmwarewsa8810_firmwaresdx61_firmwareqcn9012_firmwareqca8081_firmwareqca6174a_firmwareqca6595ausrv1h_firmwaresxr1230pqca6696_firmwarerobotics_rb2_platform_firmwaresa8155p_firmwaresm6650psm8750p_firmwaresnapdragon_765_5g_mobile_platform_\(sm7250-aa\)_firmwaresnapdragon_x35_5g_modem-rf_systemsnapdragon_ar1_gen_1_platform_firmwarewcn7860qcs5430ssg2115psa7775psw5100p_firmwareqcm8550snapdragon_685_4g_mobile_platform_\(sm6225-ad\)snapdragon_6_gen_1_mobile_platformssg2115p_firmwareqcm5430_firmwarewsa8835_firmwarewcn7881snapdragon_x65_5g_modem-rf_system_firmwaresa8775pqcn6024sm6650p_firmwareqcm8550_firmwarefastconnect_6200_firmwaresrv1mwcd9335qam8650pqca6574_firmwareqcn9011_firmwareqam8650p_firmwarewsa8810ssg2125pqca6574auwcn6755_firmwareqca6574a_firmwaresxr1230p_firmwarecsra6620wsa8845hsm7250p_firmwareqam8775pssg2125p_firmwareqca8337_firmwaresm7635_firmwarewcn3950_firmwarewcn7750_firmwareqcs6125wcn3950sm6650sm7635p_firmwaresxr2250pfastconnect_6700_firmwareqcm6125sa8650pfastconnect_6900_firmwareqcn6024_firmwareqcs6125_firmwaresxr2230p_firmwareqcn9012srv1m_firmwaresa4150p_firmwarewcn6740_firmwarewcn6650qcm6490_firmwarear8031_firmwaresm7435_firmwaresnapdragon_w5\+_gen_1_wearable_platformwcd9340_firmwarefastconnect_6200sw5100_firmwaresrv1hsm8735robotics_rb2_platformsw5100psm7635snapdragon_765_5g_mobile_platform_\(sm7250-aa\)sa4150pwcn6650_firmwaresnapdragon_680_4g_mobile_platform_firmwarewcn3980_firmwareqcs8550snapdragon_4_gen_2_mobile_platformfastconnect_6900sa8155pqep8111sm8750pqep8111_firmwarewcn6740wsa8832video_collaboration_vc1_platform_firmwaresa8775p_firmwarewcd9370wcn6755fastconnect_7800wsa8832_firmwaresm7250pvideo_collaboration_vc1_platformqamsrv1hqca6391sa8255pwsa8840sa7255psm8750_firmwaresa6155psnapdragon_x32_5g_modem-rf_system_firmwaresnapdragon_x65_5g_modem-rf_systemqcn9024sm7435ar8035snapdragon_6_gen_1_mobile_platform_firmwarewsa8830qmp1000wcd9385snapdragon_685_4g_mobile_platform_\(sm6225-ad\)_firmwareqcs5430_firmwaresnapdragon_ar2_gen_1_platform_firmwaresnapdragon_ar2_gen_1_platformsnapdragon_768g_5g_mobile_platform_\(sm7250-ac\)_firmwarewcd9340sa8770p_firmwaresm6475fastconnect_7800_firmwareqcs6490qcn9024_firmwaresdx61qca2066snapdragon_ar1_gen_1_platformsnapdragon_x35_5g_modem-rf_system_firmwarewsa8830_firmwareqamsrv1m_firmwaresa9000p_firmwareqmp1000_firmwarear8031wcd9335_firmwarewsa8815_firmwarewsa8835wsa8840_firmwarewcn7880_firmwarewcd9385_firmwareqca8337sa8620psxr2230pqca6696wcd9380_firmwarecsra6620_firmwarewcn3988video_collaboration_vc3_platformqcm6490snapdragon_765g_5g_mobile_platform_\(sm7250-ab\)_firmwareqcs6490_firmwarewsa8815wcd9378_firmwaresnapdragon_w5\+_gen_1_wearable_platform_firmwarewcd9370_firmwaresa8195par8035_firmwarewsa8845sa8620p_firmwaresm6475_firmwaresnapdragon_x32_5g_modem-rf_systemwsa8845h_firmwaresnapdragon_ar1_gen_1_platform_\"luna1\"wcd9395wcd9378sa8770pwcd9380sa7775p_firmwaresa8255p_firmwarefastconnect_6700wcn7861_firmwaresa4155p_firmwarecsra6640csra6640_firmwareSnapdragon
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-47343
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.69%
||
7 Day CHG~0.00%
Published-06 Jan, 2026 | 22:48
Updated-12 Jan, 2026 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Untrusted Pointer Dereference in Video

Memory corruption while processing a video session to set video parameters.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wsa8845wsa8845hcologne_firmwareqca0000wcd9378c_firmwarewcd9375_firmwaresc8380xp_firmwarewsa8840_firmwarewcd9380_firmwarexg101002sc8380xpxg101039_firmwarexg101039x2000077_firmwarewsa8845h_firmwarex2000086_firmwarex2000090fastconnect_6700_firmwarexg101002_firmwarex2000090_firmwarex2000086x2000092_firmwarewcd9378ccolognefastconnect_6900wcd9385_firmwarewsa8840wcd9375video_collaboration_vc3_platformwsa8845_firmwarefastconnect_6700qcm6490_firmwarefastconnect_7800wcd9370x2000094_firmwarevideo_collaboration_vc3_platform_firmwarewcd9385xg101032_firmwarefastconnect_6900_firmwareqcm6490qcm5430fastconnect_7800_firmwarex2000094wcd9370_firmwareqcm5430_firmwareqca0000_firmwarex2000092xg101032wcd9380x2000077Snapdragon
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2021-1950
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.82%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 04:40
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper cleaning of secure memory between authenticated users can lead to face authentication bypass in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3991_firmwarewsa8830qcn9070sa6150p_firmwaresa8145p_firmwareqcs610qcs2290_firmwareqca4024_firmwareqcn9072qcs4290wcn3950_firmwaresa8150p_firmwaresd765g_firmwareqcs2290qca6390_firmwareipq6000sd690_5gwcd9370qcn5152_firmwareqca6426qcn9000_firmwareqca9984_firmwarewcn3998wcd9385_firmwaresdxr2_5g_firmwarewcn3950qcn6024_firmwaresm6375_firmwaresd662sd460_firmwaresa9000p_firmwareqca6574au_firmwareqcn5122_firmwaresdx55_firmwarewcd9375_firmwareqca8081_firmwareqcn6023_firmwarewcn3998_firmwaresm7250p_firmwarewcn3999_firmwareqca6436_firmwaresd778gsa6155p_firmwaresm6225wcn3999qcs6490sdxr2_5gqcn5052ipq6010sd662_firmwareqcs405wcn3988_firmwareqcn9074sa6145p_firmwaresd778g_firmwaresa8195pwsa8810_firmwaresd765gsd765_firmwareqca6436wcn6851sa6155pqca8081qcn6023qcs4290_firmwarewcd9385wcd9341qca6696_firmwareqcs6490_firmwaresd750gsd870_firmwareqca6390ar8035csr8811sd750g_firmwaresa8150psxr2150p_firmwarewcd9375wcn3910_firmwarewsa8830_firmwaresd865_5g_firmwareqcm6490sd888_5g_firmwarewcn3988wcn6850_firmwarewsa8815_firmwarewsa8835_firmwaresa8195p_firmwareqcn5121qcn5022_firmwarewcn6750_firmwareqca8072qcm2290_firmwaresm6375wcn3991wcd9380_firmwareqcn9000sd865_5gsdx55m_firmwarewcn6856_firmwarewsa8835sa8540p_firmwarecsr8811_firmwarewcd9380sd888_5gqca8075_firmwaresd690_5g_firmwareipq6005_firmwarewcn6855_firmwaresm7325pqca8072_firmwarewcn3980qcn5052_firmwarewcn6750ipq6018_firmwaresa9000pwsa8815sm7325p_firmwarewcn6850wcn3910sdx57m_firmwaresd765qca6426_firmwareqca9984ipq6028qcn5021qcn5152qcn9024sd768g_firmwarewcn3980_firmwaresd460qca6391sdx55msxr2150pipq6005qcm4290qcm6490_firmwareqcn9070_firmwaresd480_firmwarewcn6851_firmwareipq6028_firmwaresm6225_firmwareqca6574ausa8155p_firmwareqcn5122qcn9024_firmwaresdx57mwcd9341_firmwareqcm4290_firmwaresd480sd870qcn5121_firmwarewcn6855wsa8810sa8540pqcs610_firmwarewcn6856qsm8250ipq6018qcn5022sa6145pipq6010_firmwaresd768gqcs405_firmwaresa8145pqca6696qca6391_firmwareqca4024wcd9370_firmwaresa6150psdx55qca8075qcn5021_firmwareqcn9022_firmwareqcn6024qcn9022sa8155pqcn9072_firmwaresm7250pipq6000_firmwareqcn9074_firmwarear8035_firmwareqcm2290qsm8250_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-287
Improper Authentication
CVE-2025-47351
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 5.52%
||
7 Day CHG~0.00%
Published-09 Oct, 2025 | 03:18
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer Overflow or Wraparound in DSP Service

Memory corruption while processing user buffers.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sg6150wsa8832sg6150psm8750p_firmwarewcn3950_firmwarewcd9375sm8750pwcn7861fastconnect_6200_firmwaresg6150_firmwarewsa8845wcd9385wsa8835_firmwarewsa8810fastconnect_7800sm8850fastconnect_7800_firmwaresm8750_firmwarewcn7881wcn7880_firmwarewsa8815wsa8835wcd9395wcd9370wsa8815_firmwarefastconnect_6900sg6150p_firmwarewcd9395_firmwaresm8850_firmwarewsa8810_firmwarewcn7860wcn7881_firmwarewsa8845hfastconnect_6700wcn3988wsa8830wsa8840wsa8845_firmwarefastconnect_6200wcd9370_firmwarewsa8840_firmwarewcd9385_firmwaresm8850p_firmwarewsa8830_firmwarewsa8832_firmwarefastconnect_6900_firmwarefastconnect_6700_firmwarewcd9375_firmwarewcn3988_firmwaresm8750wcn7860_firmwarewcn3950wcn7880wcn7861_firmwarewsa8845h_firmwaresm8850pSnapdragon
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-47367
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.78%
||
7 Day CHG~0.00%
Published-04 Nov, 2025 | 03:19
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds Write in WinBlast Driver

Memory corruption while accessing a buffer during IOCTL processing.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcc2072x2000094_firmwareqcs6490wcd9375video_collaboration_vc3_platformwcd9380_firmwarex2000090x2000086_firmwaresc8380xp_firmwareqcs5430x2000090_firmwarewsa8845snapdragon_8cx_gen_3_compute_platform_\(sc8280xp-ab\)_firmwarewcd9385x2000077_firmwarewsa8835_firmwarefastconnect_7800sc8380xpfastconnect_7800_firmwarewsa8835wcd9370xg101039fastconnect_6900qcc2072_firmwareqcm6490_firmwaresnapdragon_7c\+_gen_3_computex2000086wsa8845hx2000092snapdragon_8cx_gen_3_compute_platform_\(sc8280xp-bb\)_firmwarexg101039_firmwarexg101002fastconnect_6700snapdragon_8cx_gen_3_compute_platform_\(sc8280xp-bb\)snapdragon_7c\+_gen_3_compute_firmwareqcs5430_firmwareqcm6490wsa8830wsa8840wsa8845_firmwarewcd9370_firmwarewsa8840_firmwarewcd9378cxg101032wcd9385_firmwarewcd9378c_firmwaresnapdragon_8cx_gen_3_compute_platform_\(sc8280xp-ab\)video_collaboration_vc3_platform_firmwarex2000077wsa8830_firmwarex2000094fastconnect_6900_firmwarexg101032_firmwarewcd9375_firmwarexg101002_firmwarex2000092_firmwarefastconnect_6700_firmwareqcm5430_firmwareqcm5430qcs6490_firmwarewcd9380wsa8845h_firmwareSnapdragon
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-47380
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.69%
||
7 Day CHG~0.00%
Published-06 Jan, 2026 | 22:48
Updated-27 Jan, 2026 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Untrusted Pointer Dereference in Camera

Memory corruption while preprocessing IOCTLs in sensors.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fastconnect_7800_firmwarex2000077_firmwarex2000090_firmwarex2000094wsa8845_firmwarexg101039x2000077wsa8840_firmwarexg101032_firmwarexg101039_firmwarewsa8845xg101032wcd9378c_firmwarewsa8845hwsa8845h_firmwarewsa8840xg101002_firmwareqcc2072_firmwarex2000092wcd9378cxg101002x2000090x2000086x2000086_firmwarex2000094_firmwarex2000092_firmwareqcc2072fastconnect_7800Snapdragon
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2025-47323
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.78%
||
7 Day CHG~0.00%
Published-18 Dec, 2025 | 05:29
Updated-28 Jan, 2026 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer Overflow or Wraparound in Audio

Memory corruption while routing GPR packets between user and root when handling large data packet.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca6696_firmwaresm6650pqca8081_firmwaresnapdragon_8\+_gen_1_mobile_platform_firmwaresnapdragon_4_gen_2_mobile_platform_firmwarewcn3910snapdragon_685_4g_mobile_platform_\(sm6225-ad\)_firmwarewcd9390snapdragon_480\+_5g_mobile_platform_\(sm4350-ac\)_firmwaresnapdragon_888_5g_mobile_platformwcn7860_firmwarefastconnect_6900_firmwareqca6174a_firmwareqmp1000ssg2115pwcn3950snapdragon_480_5g_mobile_platform_firmwaresnapdragon_888_5g_mobile_platform_firmwaresnapdragon_x32_5g_modem-rf_system_firmwareqcn6224_firmwarewcn3980_firmwaresnapdragon_7c\+_gen_3_computeqfw7124wcd9378qca6678aqqcm5430snapdragon_8_gen_1_firmwaresnapdragon_778g_5g_mobile_platform_firmwaresnapdragon_888\+_5g_mobile_platform_\(sm8350-ac\)_firmwaresnapdragon_w5\+_gen_1_wearable_platformsm7325psnapdragon_680_4g_mobile_platform_firmwaresa4155p_firmwaresa7775psrv1msa6150psnapdragon_auto_5g_modem-rf_gen_2_firmwarewsa8845h_firmwaresnapdragon_7_gen_1_mobile_platform_firmwareqamsrv1mqca6564qca6584au_firmwareqca6595au_firmwareqca6688aq_firmwaresnapdragon_ar1_gen_1_platform_\"luna1\"qcm6490wcd9335_firmwarecsra6620_firmwarewcd9380_firmwarerobotics_rb2_platform_firmwaressg2115p_firmwaresg8275_firmwaresnapdragon_778g_5g_mobile_platformwcn6740snapdragon_680_4g_mobile_platformwcn6740_firmwaresa8650pqcm6490_firmwareqca6696snapdragon_480_5g_mobile_platformwsa8832_firmwaresnapdragon_x72_5g_modem-rf_system_firmwarerobotics_rb2_platformqcs4490_firmwareqca6564ausnapdragon_4_gen_1_mobile_platform_firmwaresnapdragon_685_4g_mobile_platform_\(sm6225-ad\)sm8750p_firmwaresnapdragon_x35_5g_modem-rf_systemfastconnect_6200_firmwaresnapdragon_8_gen_2_mobile_platformsxr1230psm7435qca8337snapdragon_x72_5g_modem-rf_systemsm7675qcn6024_firmwaresa8540p_firmwarear8035_firmwaresm8475p_firmwarewcd9340_firmwareqcn9011_firmwarewcn7861sg8275p_firmwaresa8770psm7675psm8750pqmp1000_firmwaresnapdragon_8cx_gen_3_compute_platform_\(sc8280xp-bb\)fastconnect_7800_firmwaresnapdragon_ar1_gen_1_platform_\"luna1\"_firmwareqcm2290_firmwareqcs2290qcn9012qca6174asnapdragon_x75_5g_modem-rf_system_firmwarevideo_collaboration_vc3_platformsnapdragon_6_gen_1_mobile_platformsm7635ssg2125p_firmwarewcd9395_firmwaresnapdragon_8\+_gen_1_mobile_platformsm8550pqamsrv1hqam8620psnapdragon_8_gen_1snapdragon_460_mobile_platformsg8275pwcd9370sdx61_firmwareqamsrv1m_firmwarewcn3988wsa8815_firmwaresm7550pqam8295p_firmwaresa4150p_firmwareqfw7124_firmwareqcs2290_firmwareqam8650pwcd9371_firmwaresm8475psnapdragon_8cx_gen_3_compute_platform_\(sc8280xp-ab\)wsa8845hqam8620p_firmwarewcn6650_firmwaresa6145p_firmwaressg2125psm7550snapdragon_7\+_gen_2_mobile_platformqca6595sm7635p_firmwareqcm4490wcd9385_firmwareqcn6224qep8111wcn6755_firmwarewcn6755sa9000psnapdragon_x35_5g_modem-rf_system_firmwareqcm8550wsa8815fastconnect_6700qca8081qca6797aqqcm2290fastconnect_6700_firmwaresa8195p_firmwaresnapdragon_8_gen_3_mobile_platform_firmwaresrv1h_firmwareqca6564_firmwarewcn7861_firmwaresm7550_firmwareqcn6274sdx61sw5100snapdragon_8_gen_1_mobile_platformqcc710snapdragon_8\+_gen_2_mobile_platform_firmwaresa8195psnapdragon_8cx_gen_3_compute_platform_\(sc8280xp-ab\)_firmwaresa6150p_firmwareqcs8550sa8775p_firmwaresxr2250pvideo_collaboration_vc3_platform_firmwaresa4150psa6155_firmwarear8035sm8635snapdragon_778g\+_5g_mobile_platform_\(sm7325-ae\)_firmwaresm7635pwcn3950_firmwareqca6574wsa8840snapdragon_4_gen_1_mobile_platformsnapdragon_7\+_gen_2_mobile_platform_firmwaresm8750_firmwaresa8620p_firmwaresm7435_firmwareqca8337_firmwarewcn3988_firmwaresm4635_firmwaresm8650qsnapdragon_ar2_gen_1_platformsa8145pqam8650p_firmwareqca6797aq_firmwaresa8775pwsa8832wcd9340srv1lsa6155psa8150p_firmwaresc8380xpsm4635qcc710_firmwarewcd9385qcn9011sxr1230p_firmwarewsa8835_firmwarewsa8845sm8550p_firmwarewcn7750_firmwarewcd9378_firmwaresa8620psa9000p_firmwaresc8380xp_firmwaresnapdragon_x65_5g_modem-rf_systemcsra6620sa8295p_firmwaresg4150p_firmwaresnapdragon_x65_5g_modem-rf_system_firmwaresnapdragon_auto_5g_modem-rf_gen_2snapdragon_x70_modem-rf_system_firmwareqfw7114sm8735_firmwaresw5100p_firmwaresm6650snapdragon_662_mobile_platform_firmwaresnapdragon_4_gen_2_mobile_platformqca6574_firmwareqcm4490_firmwaresnapdragon_7_gen_1_mobile_platformsm8635p_firmwaresa8650p_firmwaresa6155sa4155psnapdragon_695_5g_mobile_platform_firmwareqcn9024snapdragon_x70_modem-rf_systemsnapdragon_ar1_gen_1_platform_firmwaresm7675p_firmwareqcm5430_firmwaresm7675_firmwaresdx71msnapdragon_ar2_gen_1_platform_firmwaresnapdragon_888\+_5g_mobile_platform_\(sm8350-ac\)snapdragon_7c\+_gen_3_compute_firmwarewcd9395csra6640sa7775p_firmwaresnapdragon_x75_5g_modem-rf_systemqcs6490snapdragon_8\+_gen_2_mobile_platformwcd9375_firmwareqam8295psm6475srv1m_firmwarewcd9390_firmwarefastconnect_7800sa8770p_firmwarewsa8810_firmwareqam8255p_firmwaresxr2250p_firmwarewcd9370_firmwarecsra6640_firmwareqca6574a_firmwaresnapdragon_695_5g_mobile_platformsnapdragon_8cx_gen_3_compute_platform_\(sc8280xp-bb\)_firmwaresm6650_firmwaresxr2230pqam8775pwcd9335wcn7860qam8775p_firmwaresa8150pqfw7114_firmwareqcn6024wcd9380qca6698aqqca6391_firmwaresnapdragon_460_mobile_platform_firmwareqca6564au_firmwaresnapdragon_8_gen_3_mobile_platformfastconnect_6200sa8295psa6155p_firmwaresm7550p_firmwarewcn7880sa8255p_firmwaresnapdragon_8_gen_2_mobile_platform_firmwareqcs6490_firmwareqcn9012_firmwareqca6698aq_firmwarewsa8830_firmwaresa8145p_firmwarewsa8830sm7635_firmwarewcn7750snapdragon_480\+_5g_mobile_platform_\(sm4350-ac\)qcs8550_firmwaresnapdragon_778g\+_5g_mobile_platform_\(sm7325-ae\)snapdragon_ar1_gen_1_platformsa8155p_firmwareqamsrv1h_firmwaresa8255pwcn7881qca6574au_firmwareqep8111_firmwaresw5100_firmwaresa8540pwcn6650wcn7881_firmwareqca6595_firmwareqca6574auqcs4490qca6595ausrv1hsm8635_firmwaresg8275snapdragon_782g_mobile_platform_\(sm7325-af\)_firmwaresdx71m_firmwaresm8635psnapdragon_6_gen_1_mobile_platform_firmwareqcm8550_firmwaresnapdragon_782g_mobile_platform_\(sm7325-af\)sm6650p_firmwareqca6574asxr2230p_firmwaresnapdragon_x32_5g_modem-rf_systemsg4150pqcn6274_firmwarewsa8835qcn9024_firmwarewcn3980qca6678aq_firmwarewcd9375sa7255p_firmwaresnapdragon_w5\+_gen_1_wearable_platform_firmwarewcn3910_firmwaresm6475_firmwaresa7255pwsa8840_firmwareqam8255psnapdragon_662_mobile_platformsa6145psa8155wsa8845_firmwaresnapdragon_8_gen_1_mobile_platform_firmwareqcs5430fastconnect_6900sa8155psm8750srv1l_firmwarewcn7880_firmwareqcs5430_firmwaresm7325p_firmwareqca6688aqqca6584ausm8735qca6391wsa8810wcd9371sa8155_firmwaresm8650q_firmwaresw5100pSnapdragon
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-47340
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 5.52%
||
7 Day CHG~0.00%
Published-09 Oct, 2025 | 03:18
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds Write in DSP Service

Memory corruption while processing IOCTL call to get the mapping.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcc2072x2000094_firmwarewcd9380_firmwarex2000090x2000086_firmwaresc8380xp_firmwarex2000090_firmwarewsa8845wcd9385x2000077_firmwarefastconnect_7800sc8380xpfastconnect_7800_firmwarexg101039fastconnect_6900qcc2072_firmwarex2000086wsa8845hx2000092xg101039_firmwarexg101002wsa8840wsa8845_firmwarewsa8840_firmwarewcd9378cxg101032wcd9385_firmwarewcd9378c_firmwarex2000077x2000094fastconnect_6900_firmwarexg101032_firmwarexg101002_firmwarex2000092_firmwarewcd9380wsa8845h_firmwareSnapdragon
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-47399
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.29%
||
7 Day CHG~0.00%
Published-02 Feb, 2026 | 15:20
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy Without Checking Size of Input in Camera

Memory Corruption while processing IOCTL call to update sensor property settings with invalid input parameters.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fastconnect_7800x2000090x2000077wcd9378cwsa8840x2000086_firmwarecolognexg101002_firmwarewsa8845wsa8845hx2000077_firmwarexg101032_firmwarewsa8845_firmwarex2000094x2000090_firmwarewsa8840_firmwarecologne_firmwarex2000092xg101002xg101039x2000092_firmwarex2000086fastconnect_7800_firmwarex2000094_firmwarewcd9378c_firmwarewsa8845h_firmwarexg101032xg101039_firmwareSnapdragon
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-47372
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9||CRITICAL
EPSS-0.02% / 4.38%
||
7 Day CHG~0.00%
Published-18 Dec, 2025 | 05:29
Updated-23 Dec, 2025 | 21:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy Without Checking Size of Input in Boot

Memory Corruption when a corrupted ELF image with an oversized file size is read into a buffer without authentication.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qamsrv1m_firmwaresrv1hsrv1l_firmwareqam8775p_firmwareqam8775pqca6595auqca6797aq_firmwareqam8255p_firmwareqamsrv1msa9000p_firmwareqca6696sa7775pqamsrv1hqca6698aq_firmwaresrv1m_firmwareqamsrv1h_firmwareqca6797aqqca6696_firmwaresa8255p_firmwaresa8620psa8650p_firmwaresa8650psa7775p_firmwaresa8620p_firmwareqca6678aq_firmwaresrv1h_firmwareqca6595au_firmwareqca6678aqqca6595sa8770psa8775psa8255psa8775p_firmwareqam8650p_firmwareqam8650pqca6595_firmwaresa9000psrv1msa7255pqam8255pqam8620p_firmwaresrv1lqca6698aqqam8620psa8770p_firmwaresa7255p_firmwareSnapdragon
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-47361
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.78%
||
7 Day CHG~0.00%
Published-04 Nov, 2025 | 03:19
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Validation of Array Index in Automotive Software platform based on QNX

Memory corruption when triggering a subsystem crash with an out-of-range identifier.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa8775p_firmwareqam8620p_firmwareqca6797aq_firmwareqca6696_firmwareqam8650psa8620psa8770p_firmwaresa7255psa8295p_firmwaresrv1l_firmwareqamsrv1m_firmwareqca6688aq_firmwaresa7255p_firmwaresa8620p_firmwareqam8255pqca8695au_firmwaresrv1lqca6595au_firmwareqca6595_firmwareqca6595auqamsrv1hqca6574au_firmwareqca6698aq_firmwaresa8255p_firmwareqca6696qam8775p_firmwareqca6595sa8255psa8650p_firmwaresa9000pqam8295p_firmwaresrv1m_firmwareqca8695ausa8770psa9000p_firmwaresrv1h_firmwaresa7775pqam8295psa8775pqam8620psa8650psrv1hsrv1mqam8775pqca6688aqqca6698aqsa8540p_firmwaresa8295pqamsrv1msa8540pqam8255p_firmwareqca6797aqqam8650p_firmwaresa7775p_firmwareqamsrv1h_firmwareqca6574auSnapdragon
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2021-1959
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.53%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 06:31
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible memory corruption due to lack of bound check of input index in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwarefsm10055sm7250mdm9640_firmwaresm6250p_firmwaresa6150p_firmwareqcs610qca8337qca6431_firmwarewcd9360_firmwarewcn3950_firmwaresc8180x\+sdx55sa8150p_firmwareqcs2290qca6595au_firmwaresa6155qca6335msm8917sd_455_firmwareqcs605_firmwaresd_675_firmwareqcs6125_firmwaresd632msm8108sa415mwcn3998wcd9371_firmwaremsm8108_firmwarewcn3950sm4125sd720gmdm9628mdm9206_firmwareqsw8573_firmwarewcn3660bsd450_firmwareqsm8350_firmwaresd710_firmwareqsm8350sd460_firmwaremdm9230_firmwareqca6574au_firmwaremdm9630wcd9375_firmwarewcn3998_firmwaresa6155_firmwaresdx12_firmwaremsm8909wapq8009w_firmwareqca6420apq8053_firmwarewcd9360qca9367_firmwarewhs9410_firmwaremdm8207qcs6125sa8155_firmwaresd662_firmwareqca6430wcd9306_firmwarewcd9340sd765gqca1990_firmwarequalcomm215_firmwarefsm10056_firmwareqca6436wcn6851sa6155pqcs603_firmwaremsm8937msm8209_firmwaremdm9250_firmwarewcn3660_firmwarewcd9341qca6431qca6696_firmwarewcd9371sd870_firmwaresd750gwcn3910_firmwaresd_8cxsa8150pmdm9207_firmwarewsa8830_firmwaremdm9330_firmwaresd855_firmwaresd660sd865_5g_firmwaresd712wcn3988sd660_firmwaresa8195p_firmwaremsm8208_firmwarewcn6750_firmwaresd450wcn3610msm8608mdm9640wcn3991qca8337_firmwaresda429w_firmwarewcd9380_firmwaresdm429wwcd9330msm8996au_firmwarecsr6030qca6564ausdx55m_firmwarewcn6856_firmwaremsm8940_firmwareqet4101_firmwaremsm8976_firmwareqca6574sd632_firmwaresd670_firmwarewcd9380qualcomm215mdm9230qcs410sd690_5g_firmwaresdx50m_firmwareqca9379_firmwaresdx24_firmwareqca6174qca6430_firmwarewcd9335_firmwaresd439_firmwarewcn3980qca6335_firmwareqsw8573qcs605wcd9340_firmwarewsa8815wcn6850sd7cwcn3910qca6320qca6584_firmwaremsm8937_firmwaremdm9650_firmwaresd_8c_firmwareqca6426_firmwarewcn3660b_firmwarewcn3680sd835qca1990wcn3980_firmwaresd730wcd9330_firmwaresdx55mqca6421_firmwaremsm8953sd821_firmwaresd678_firmwarewcn3680_firmwarewcn6851_firmwareqcs603sd670sd_636_firmwareqca6564a_firmwareapq8009wqca6694au_firmwaremsm8976sg_firmwareqcm4290_firmwaresd480sd870wcn6855sd210_firmwareqcs610_firmwaresa6145psdxr1apq8096auqca6595_firmwaresa8145pmdm8207_firmwaresdm630_firmwaresd820_firmwareqca6391_firmwarewcd9370_firmwaresdx55apq8053sa8155psd675sd439qet4101wcn3660qca9379ar8035_firmwareqcm2290wcn3991_firmwaremdm9150_firmwarewsa8830sd678sa8145p_firmwareqcs2290_firmwarefsm10056sm7250_firmwaresd7c_firmwarecsrb31024mdm9628_firmwaremdm9650sd_636fsm10055_firmwareqcs4290mdm9250sd765g_firmwareqca6420_firmwareqca6390_firmwareapq8009_firmwaresd690_5gqca6174_firmwaresd730_firmwarewcd9370sd675_firmwareqca6426qca6584au_firmwarewcn3990_firmwareqca9377sdw2500_firmwaresd_8cx_firmwarewcd9385_firmwaresdxr2_5g_firmwarewhs9410wcd9326_firmwarewcn3615_firmwaresd662apq8037sa8155qca6320_firmwareqca6584wcn3680b_firmwaresdx55_firmwarewcn3615qca6595auwcn3610_firmwareqca6436_firmwaremdm9207wcd9306qca6584ausd778gqca6564au_firmwaremsm8208sa6155p_firmwareqca6310sa515m_firmwaresd429qcs6490sdxr2_5gqca9367sdm630mdm9607_firmwaresd821msm8976sgsa415m_firmwarewcn3988_firmwaresd205sd429_firmwareqca6421sd778g_firmwaresa6145p_firmwaresm6250sa8195psd712_firmwareapq8017_firmwarewsa8810_firmwareqca6694sd765_firmwarewcd9326wcd9335qca6174a_firmwareqcs4290_firmwarewcd9385qcs6490_firmwareqca6390wcd9375sd750g_firmwareaqt1000msm8976ar8035sm6250_firmwaresc8180x\+sdx55_firmwareqca6694_firmwaremsm8953_firmwareqca6694ausda429wmsm8917_firmwaresd210wcn3620_firmwaresdx20_firmwarewsa8815_firmwaresd888_5g_firmwaresd820qcm6490wcn6850_firmwarewsa8835_firmwarewcn3620apq8017qcx315csr6030_firmwareqca6564amdm9630_firmwareqcm6125_firmwareqcm2290_firmwarewcn3990sd_675sd865_5gqca6595sdx24msm8909w_firmwareqcx315_firmwarewsa8835msm8996ausdm429w_firmwaresd665_firmwaresd888_5gsm6250pqca6574amdm9206wcn6855_firmwareqca6174aqca6310_firmwaresm7325wcn6750sa515mqca6574_firmwaresd855sm4125_firmwaresd665sd765qca6574a_firmwaresd768g_firmwaremsm8209sd850_firmwareapq8009sd460qca6391sdxr1_firmwareaqt1000_firmwaremsm8920qcm4290csrb31024_firmwareqcm6490_firmwaresdx50msdx20sd480_firmwaremsm8920_firmwaresd_455qca6574ausd710sa8155p_firmwaremdm9607sd205_firmwarewcd9341_firmwareqcm6125wsa8810mdm9150wcn6856sd_8cwcn3680bsd835_firmwaresd768gqca6696sd845_firmwaremsm8608_firmwaresdw2500sa6150pmsm8940apq8096au_firmwaresd845apq8037_firmwaresd720g_firmwaresdx12qcs410_firmwaremdm9330sd850sm7325_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-47363
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.01% / 0.22%
||
7 Day CHG~0.00%
Published-02 Feb, 2026 | 15:20
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer Overflow or Wraparound in Automotive

Memory corruption when calculating oversized partition sizes without proper checks.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa6155pqca6797aq_firmwaresa8770p_firmwaresa7775p_firmwaresa8650pqamsrv1msa8620pqca6696_firmwaresa8255pqam8775pqca8695au_firmwaresa9000psa8540pqca6797aqsa6145pqam8775p_firmwaresa8145psa8255p_firmwaresa7775psa8295psa8150p_firmwaresa6145p_firmwareqca6698aqqca6595sa8195p_firmwaresrv1m_firmwareqamsrv1hsa8145p_firmwaresrv1lqca6595auqam8295p_firmwareqam8620psa8650p_firmwareqca6595_firmwareqam8650psa8775p_firmwaresrv1hqca6574auqam8650p_firmwareqam8295psa6155p_firmwaresa6150pqca6698aq_firmwaresa7255psa9000p_firmwareqam8620p_firmwaresa7255p_firmwareqam8255psa8150psrv1h_firmwaresa8775psa6150p_firmwareqca6574au_firmwaresa8155psa8620p_firmwareqca6595au_firmwareqca6688aq_firmwareqamsrv1m_firmwaresa8295p_firmwareqam8255p_firmwaresa8770pqca8695ausa8195pqamsrv1h_firmwareqca6696srv1l_firmwareqca6688aqsa8155p_firmwaresa8540p_firmwaresrv1mSnapdragon
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-47353
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.78%
||
7 Day CHG~0.00%
Published-04 Nov, 2025 | 03:19
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Exposed Dangerous Method or Function in Automotive Software platform based on QNX

Memory corruption while processing request sent from GVM.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa8775p_firmwareqca6797aq_firmwareqam8650psa8620psa8770p_firmwaresa7255pqamsrv1m_firmwaresa7255p_firmwaresa8620p_firmwareqam8255pqca6595_firmwareqamsrv1hqca6698aq_firmwaresa8255p_firmwareqam8775p_firmwareqca6595sa8255psa8650p_firmwaresa9000psrv1m_firmwaresa8770psa9000p_firmwaresrv1h_firmwaresa7775psa8775psa8650psrv1hsrv1mqam8775pqca6698aqqamsrv1mqam8255p_firmwareqca6797aqqam8650p_firmwaresa7775p_firmwareqamsrv1h_firmwareSnapdragon
CWE ID-CWE-749
Exposed Dangerous Method or Function
CVE-2025-47357
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-8||HIGH
EPSS-0.01% / 2.39%
||
7 Day CHG~0.00%
Published-04 Nov, 2025 | 03:19
Updated-05 Nov, 2025 | 17:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authentication for Critical Function in SMSS

Information Disclosure when a user-level driver performs QFPROM read or write operations on Fuse regions.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa8775p_firmwareqam8620p_firmwareqca6797aq_firmwareqca6696_firmwareqcs9100_firmwareqam8650psa8620psa8770p_firmwaresa7255psrv1l_firmwareqamsrv1m_firmwaresa7255p_firmwaresa8620p_firmwareqam8255pqca6797aqsrv1lqca6595au_firmwareqca6595_firmwareqca6595auqamsrv1hqca6698aq_firmwaresa8255p_firmwareqca6696qam8775p_firmwareqca6595sa8255psa8650p_firmwaresa9000psrv1m_firmwaresa8770psa9000p_firmwareqcs9100srv1h_firmwaresa7775psa8775pqca6678aqqam8620psa8650psrv1hsrv1mqam8775pqca6698aqqamsrv1mqam8255p_firmwareqca6678aq_firmwareqam8650p_firmwaresa7775p_firmwareqamsrv1h_firmwareSnapdragon
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-47338
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 5.52%
||
7 Day CHG~0.00%
Published-09 Oct, 2025 | 03:18
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Untrusted Pointer Dereference in DSP Service

Memory corruption while processing escape commands from userspace.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcc2072x2000094_firmwarewcd9380_firmwarex2000090x2000086_firmwaresc8380xp_firmwarex2000090_firmwarewsa8845wcd9385x2000077_firmwarefastconnect_7800sc8380xpfastconnect_7800_firmwarexg101039fastconnect_6900qcc2072_firmwarex2000086wsa8845hx2000092xg101039_firmwarexg101002wsa8840wsa8845_firmwarewsa8840_firmwarewcd9378cxg101032wcd9385_firmwarewcd9378c_firmwarex2000077x2000094fastconnect_6900_firmwarexg101032_firmwarexg101002_firmwarex2000092_firmwarewcd9380wsa8845h_firmwareSnapdragon
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2025-47356
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.69%
||
7 Day CHG~0.00%
Published-06 Jan, 2026 | 22:48
Updated-27 Jan, 2026 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Double Free in Video

Memory Corruption when multiple threads concurrently access and modify shared resources.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fastconnect_7800_firmwarewsa8840_firmwarecolognewcd9378c_firmwarewcd9385_firmwarex2000092wcd9378cx2000086wcd9380_firmwaresc8380xpx2000086_firmwarefastconnect_6900cologne_firmwarex2000094_firmwarefastconnect_7800x2000077_firmwarex2000090_firmwarewsa8845_firmwarex2000094xg101039x2000077xg101032_firmwarexg101039_firmwarewsa8845xg101032wsa8845h_firmwarewsa8845hwsa8840xg101002_firmwareqca0000_firmwarexg101002x2000090sc8380xp_firmwarewcd9380wcd9385x2000092_firmwareqca0000fastconnect_6900_firmwareSnapdragon
CWE ID-CWE-415
Double Free
  • Previous
  • 1
  • 2
  • ...
  • 12
  • 13
  • 14
  • ...
  • 17
  • 18
  • Next
Details not found