ByteOS Network

Possible out of bound access due to lack of validation of page offset before page is inserted in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

Vendor-Qualcomm Technologies, Inc.

Product-qca9377_firmware wcn3991_firmware wcn3991 wsa8830 wcd9380_firmware sa6150p_firmware sa8145p_firmware sd780g wcn6856_firmware wsa8835 qca6574 wcd9380 sa8150p_firmware sd888_5g qca6595au_firmware sa6155 wcd9370 qca6574a wcn6855_firmware qca6174a sm7325 wcd9335_firmware qca9377 wcn6750 wcd9385_firmware qca6574_firmware wcn6850 sa8155 qca6574a_firmware qca6574au_firmware qca6595au sa6155_firmware sdx12_firmware wcd9375_firmware qca6391 wcn6740_firmware sd778g sa6155p_firmware qcs6490 qcm6490_firmware sd480_firmware sa8155_firmware wcn6851_firmware wcn3988_firmware qca6574au sa6145p_firmware sa8155p_firmware sd778g_firmware sa8195p wcd9341_firmware sd480 wcn6855 wcn6851 wcd9335 sa6155p wcn6856 sa6145p qca6174a_firmware wcd9385 wcd9341 qca6696_firmware qcs6490_firmware sa8145p wcn6740 qca6696 qca6391_firmware wcd9375 sd780g_firmware wcd9370_firmware sa8150p sa6150p sa8155p wsa8830_firmware qcm6490 sd888_5g_firmware wcn3988 wcn6850_firmware wsa8835_firmware sa8195p_firmware sdx12 wcn6750_firmware sm7325_firmware Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

CWE ID-CWE-20

Improper Input Validation

CVE-2021-30310

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.5||HIGH

EPSS-0.28% / 51.02%

7 Day CHG~0.00%

Published-20 Oct, 2021 | 06:31

Updated-03 Aug, 2024 | 22:32

Possible buffer overflow due to Improper validation of received CF-ACK and CF-Poll data frames in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music

Vendor-Qualcomm Technologies, Inc.

Product-qca9377_firmware wcn3991_firmware wsa8830 sm7250 mdm9640_firmware sa6150p_firmware sa8145p_firmware qcs2290_firmware sm7250_firmware csrb31024 mdm9628_firmware wcd9360_firmware mdm9650 wcn3950_firmware mdm9250 sa8150p_firmware qcs2290 qca6595au_firmware sd765g_firmware sa6155 apq8009_firmware sd690_5g wcd9370 qca6564 qca6584au_firmware wcn3990_firmware qca9369 qca9377 qca4531 wcn3998 wcd9385_firmware wcn3950 wcd9326_firmware mdm9628 wcn3615_firmware mdm9206_firmware wcn3660b qca4020 sa8155 qca6320_firmware qca6574au_firmware sdx55_firmware wcn3680b_firmware qca6595au sa6155_firmware wcd9375_firmware wcn3615 wcn3998_firmware wcn3610_firmware wcd9360 apq8053_firmware sdx20m qca6564au_firmware qca6584au sa6155p_firmware qca6310 qca9367_firmware sa515m_firmware qca9367 sa8155_firmware sd821 mdm9607_firmware mdm9655_firmware wcn3988_firmware sa6145p_firmware wcd9340 sa8195p apq8017_firmware wsa8810_firmware sd765g sd765_firmware qca4020_firmware wcd9326 wcd9335 sa6155p qca6174a_firmware mdm9250_firmware wcd9385 wcd9341 mdm9655 qca6696_firmware sd750g wcn3910_firmware wcd9375 sd750g_firmware sa8150p wsa8830_firmware sd210 sd820 sdx20_firmware wcn3988 wsa8815_firmware wsa8835_firmware sa8195p_firmware apq8017 qca6564a wcn3610 mdm9640 qcm2290_firmware wcn3991 wcd9380_firmware qca4531_firmware wcn3990 wcd9330 msm8996au_firmware qca6595 qca6564au sdx24 wsa8835 qca6574 msm8996au wcd9380 qca9369_firmware qca6574a sd690_5g_firmware mdm9206 qca9379_firmware qca6174a sdx24_firmware qca6310_firmware wcd9335_firmware sa515m qca6574_firmware qca9886 wcd9340_firmware wsa8815 wcn3910 qca6320 mdm9650_firmware qca6175a sd765 wcn3660b_firmware qca6574a_firmware sd768g_firmware apq8009 wcd9330_firmware sd821_firmware mdm9626 csrb31024_firmware sdx20 sd480_firmware mdm9626_firmware qca6574au sa8155p_firmware mdm9607 qca6564a_firmware wcd9341_firmware sdx20m_firmware sd480 wsa8810 sd210_firmware sa6145p wcn3680b qca9886_firmware qca6564_firmware sd768g apq8096au qca6595_firmware sa8145p qca6696 sd820_firmware sd845_firmware wcd9370_firmware sa6150p sdx55 apq8053 apq8096au_firmware sa8155p sd845 qca9379 qca6175a_firmware qcm2290 Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music

CWE ID-CWE-20

Improper Input Validation

CVE-2025-21460

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.03% / 5.35%

7 Day CHG~0.00%

Published-06 May, 2025 | 08:32

Updated-09 May, 2025 | 19:09

Improper Input Validation in Automotive Software platform based on QNX

Memory corruption while processing a message, when the buffer is controlled by a Guest VM, the value can be changed continuously.

Vendor-Qualcomm Technologies, Inc.

Product-qam8295p qca6696_firmware sa8775p sa8770p_firmware sa9000p qam8295p_firmware qam8255p_firmware qca6698aq_firmware srv1l sa8540p_firmware qca6696 srv1h_firmware sa8775p_firmware sa6150p_firmware qca6595 sa8295p sa8620p_firmware qca6688aq_firmware qam8620p sa6155p_firmware qam8775p_firmware sa8155_firmware sa8195p_firmware qca6574au_firmware sa8155p_firmware sa8255p_firmware sa8155 qam8255p qca6595au sa8145p_firmware qca6698aq srv1m sa8150p qamsrv1h sa7775p_firmware sa8650p qam8650p sa6155 sa7775p qca6574au sa9000p_firmware qam8775p sa6145p sa8195p qca6574a_firmware sa6150p qca6595au_firmware srv1l_firmware sa8255p sa8540p sa8295p_firmware qca6595_firmware qca6688aq qca6574a sa8620p qamsrv1h_firmware sa8150p_firmware sa7255p_firmware srv1h sa6145p_firmware sa6155_firmware sa8770p qam8650p_firmware qamsrv1m sa6155p sa8155p sa8145p sa7255p qam8620p_firmware sa8650p_firmware qamsrv1m_firmware srv1m_firmware Snapdragon

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-787

Out-of-bounds Write

CVE-2025-21477

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.5||HIGH

EPSS-0.12% / 31.42%

7 Day CHG~0.00%

Published-06 Aug, 2025 | 07:25

Updated-20 Aug, 2025 | 19:42

Improper Input Validation in Modem

Transient DOS while processing CCCH data when NW sends data with invalid length.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2018-3574

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-5.5||MEDIUM

EPSS-0.05% / 14.04%

7 Day CHG~0.00%

Published-19 Sep, 2018 | 14:00

Updated-05 Aug, 2024 | 04:50

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, userspace can request ION cache maintenance on a secure ION buffer for which the ION_FLAG_SECURE ion flag is not set and cause the kernel to attempt to perform cache maintenance on memory which does not belong to HLOS.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-20

Improper Input Validation

CVE-2019-10501

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.10% / 28.44%

7 Day CHG~0.00%

Published-30 Sep, 2019 | 15:40

Updated-04 Aug, 2024 | 22:24

Possible use after free issue due to improper input validation in volume listener library in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24

Vendor-Qualcomm Technologies, Inc.

Product-sd_850 mdm9150_firmware sd_632 sd_820a sd_675 msm8996au_firmware sd_439 sd_670_firmware sd_429 sdx24 sdm439 mdm9650 sd_636 msm8909w_firmware msm8996au sd_820 sd_450_firmware sd_845_firmware sd_820a_firmware qcs605_firmware sd_675_firmware mdm9206 sd_425_firmware sd_665 sdx24_firmware sd_625_firmware sd_450 sd_845 mdm9206_firmware qcs605 sd_632_firmware sd_835_firmware mdm9650_firmware sd_835 sda660 sd_210_firmware msm8909w sd_665_firmware sd_205_firmware sd_212 sd_427_firmware sd_712 sd_855 sd_730_firmware qualcomm_215 sdx20 sd_425 sdm660 sd_430_firmware mdm9607_firmware sd_435 sd_710_firmware sdm630 qcs405 sd_625 sd_820_firmware sd_210 mdm9607 sd_636_firmware sd_439_firmware qualcomm_215_firmware mdm9150 sd_429_firmware sd_730 sd_212_firmware sd_850_firmware sdm439_firmware qcs405_firmware sd_712_firmware sdm630_firmware sda660_firmware sd_430 sd_427 sd_670 sd_435_firmware sdx20_firmware sd_710 sd_205 sdm660_firmware sd_855_firmware Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CWE ID-CWE-416

Use After Free

CWE ID-CWE-20

Improper Input Validation

CVE-2019-10563

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 12.05%

7 Day CHG~0.00%

Published-21 Nov, 2019 | 14:38

Updated-04 Aug, 2024 | 22:24

Buffer over-read can occur in fast message handler due to improper input validation while processing a message from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053, APQ8096AU, MSM8996AU, MSM8998, QCN7605, QCS405, QCS605, SDA660, SDM636, SDM660, SDX20, SDX24

CWE ID-CWE-125

Out-of-bounds Read

CWE ID-CWE-20

Improper Input Validation

CVE-2019-10626

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-5.5||MEDIUM

EPSS-0.04% / 12.25%

7 Day CHG~0.00%

Published-22 Jun, 2020 | 07:10

Updated-04 Aug, 2024 | 22:32

Payload size is not validated before reading memory that may cause issue of accessing invalid pointer or some garbage data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Rennell, Saipan, SC8180X, SDA660, SDA845, SDM429W, SDM439, SDM670, SDM710, SDX20, SDX24, SDX55, SM8150, SM8250, SXR1130, SXR2130

Vendor-Qualcomm Technologies, Inc.

Product-mdm9640_firmware sdm429w msm8996au_firmware sdx24 sdm439 mdm9650 msm8909w_firmware msm8996au sdm429w_firmware apq8009_firmware sdm670 sxr2130 qcs605_firmware ipq4019_firmware sc8180x mdm9206 sdm670_firmware sdx24_firmware ipq8074 sda845_firmware apq8098 ipq6018_firmware mdm9206_firmware qcs605 mdm9650_firmware ipq8064 sda660 sdx55_firmware sxr1130_firmware sxr1130 msm8909w apq8009 apq8053_firmware ipq8064_firmware sda845 apq8098_firmware sdx20 mdm9607_firmware sm8250_firmware sc8180x_firmware qcs405 ipq8074_firmware sdm710 mdm9607 apq8017_firmware sdm710_firmware mdm9207c_firmware ipq6018 mdm9207c sm8150_firmware sxr2130_firmware apq8096au sdm439_firmware qcs405_firmware rennell sda660_firmware rennell_firmware ipq4019 sdx55 apq8053 apq8096au_firmware saipan_firmware sm8250 sm8150 sdx20_firmware apq8017 saipan mdm9640 Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE ID-CWE-20

Improper Input Validation

CVE-2019-10506

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 11.85%

7 Day CHG~0.00%

Published-30 Sep, 2019 | 15:40

Updated-04 Aug, 2024 | 22:24

While processing QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY vendor command, driver does not validate the data obtained from the user space which could be invalid and thus leads to an undesired behaviour in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS605, SD 600, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX24

CWE ID-CWE-20

Improper Input Validation

CVE-2024-53031

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 9.52%

7 Day CHG~0.00%

Published-03 Mar, 2025 | 10:07

Updated-07 Mar, 2025 | 11:47

Improper Input Validation in Automotive OS Platform

Memory corruption while reading a type value from a buffer controlled by the Guest Virtual Machine.

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-10538

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.33% / 55.41%

7 Day CHG~0.00%

Published-30 Sep, 2019 | 15:40

Updated-04 Aug, 2024 | 22:24

Lack of check of address range received from firmware response allows modem to respond arbitrary pages into its address range which can compromise HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM660, SDX20, SDX24

CWE ID-CWE-20

Improper Input Validation

CVE-2024-53022

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 9.52%

7 Day CHG~0.00%

Published-03 Mar, 2025 | 10:07

Updated-06 Mar, 2025 | 17:52

Improper Input Validation in Automotive OS Platform

Memory corruption may occur during communication between primary and guest VM.

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-53029

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 9.52%

7 Day CHG~0.00%

Published-03 Mar, 2025 | 10:07

Updated-05 Mar, 2025 | 04:55

Improper Input Validation in Automotive OS Platform

Memory corruption while reading a value from a buffer controlled by the Guest Virtual Machine.

Vendor-Qualcomm Technologies, Inc.

Product-Snapdragon

CWE ID-CWE-20

Improper Input Validation

CVE-2019-10577

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.1||CRITICAL

EPSS-0.26% / 49.45%

7 Day CHG~0.00%

Published-05 Mar, 2020 | 08:56

Updated-04 Aug, 2024 | 22:24

Improper input validation while processing SIP URI received from the network will lead to buffer over-read and then to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Vendor-Qualcomm Technologies, Inc.

Product-mdm9150_firmware mdm9635m_firmware apq8096_firmware mdm9640_firmware qcm2150_firmware sdm429w msm8996au_firmware sdm632_firmware sdm845 sdm450_firmware sdm632 apq8096 sdx24 sdm439 mdm9650 sdm429 msm8940_firmware sm7150_firmware sm6150 msm8909w_firmware msm8996au mdm9645 sdm429w_firmware sm7150 apq8009_firmware msm8917 sdm670 sxr2130 qcs605_firmware sc8180x mdm9206 sdm670_firmware sdx24_firmware sdm636 sda845_firmware mdm9635m apq8098 mdm9615 mdm9205 mdm9206_firmware qcs605 msm8937_firmware mdm9650_firmware sdm429_firmware msm8905_firmware sda660 sdx55_firmware sxr1130_firmware sxr1130 msm8909w apq8009 msm8909_firmware apq8053_firmware sda845 nicobar sdm850_firmware msm8920 msm8953 sdm450 sdm636_firmware sdm845_firmware apq8098_firmware sdx20 msm8998_firmware qcm2150 msm8920_firmware sdm630 mdm9607_firmware sm8250_firmware mdm9655_firmware sdm660 sc8180x_firmware sdm710 qm215 mdm9607 mdm9645_firmware apq8017_firmware mdm9625_firmware sdm710_firmware mdm9150 msm8937 msm8905 sm8150_firmware msm8909 sxr2130_firmware mdm9655 apq8096au sdm439_firmware rennell sdm630_firmware mdm9205_firmware sda660_firmware mdm9625 rennell_firmware qm215_firmware sdx55 msm8953_firmware msm8940 saipan_firmware sm6150_firmware apq8053 msm8917_firmware apq8096au_firmware msm8998 sm8150 sdx20_firmware sdm850 sm8250 mdm9615_firmware apq8017 saipan nicobar_firmware sdm660_firmware mdm9640 Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CWE ID-CWE-125

Out-of-bounds Read

CWE ID-CWE-20

Improper Input Validation

CVE-2019-10552

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.1||CRITICAL

EPSS-0.24% / 46.84%

7 Day CHG~0.00%

Published-05 Mar, 2020 | 08:56

Updated-04 Aug, 2024 | 22:24

Multiple Buffer Over-read issue can happen due to improper length checks while decoding Service Reject/RAU Reject/PTMSI Realloc cmd in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130

Vendor-Qualcomm Technologies, Inc.

Product-mdm9150_firmware mdm9635m_firmware apq8096_firmware mdm9640_firmware qcm2150_firmware sdm429w msm8996au_firmware sdm632_firmware sdm845 sdm450_firmware sdm632 apq8096 sdx24 sdm439 mdm9650 sdm429 msm8940_firmware sm7150_firmware sm6150 msm8909w_firmware msm8996au mdm9645 sdm429w_firmware sm7150 apq8009_firmware msm8917 sdm670 qcs605_firmware sc8180x mdm9206 sdm670_firmware sdx24_firmware sdm636 sda845_firmware mdm9635m apq8098 mdm9615 mdm9205 mdm9206_firmware msm8939 qcs605 msm8937_firmware mdm9650_firmware sdm429_firmware msm8905_firmware sda660 sdx55_firmware sxr1130_firmware sxr1130 msm8909w apq8009 msm8909_firmware apq8053_firmware sda845 nicobar sdm850_firmware msm8920 msm8953 sdm450 sdm636_firmware sdm845_firmware apq8098_firmware sdx20 msm8998_firmware qcm2150 msm8920_firmware sdm630 mdm9607_firmware sdm660 mdm9655_firmware sc8180x_firmware sdm710 qm215 mdm9607 mdm9645_firmware apq8017_firmware mdm9625_firmware sdm710_firmware msm8939_firmware mdm9150 msm8937 msm8905 sm8150_firmware msm8909 mdm9655 apq8096au sdm439_firmware rennell sdm630_firmware mdm9205_firmware sda660_firmware mdm9625 rennell_firmware qm215_firmware sdx55 msm8953_firmware msm8940 sm6150_firmware apq8053 apq8096au_firmware msm8917_firmware mdm9615_firmware msm8998 sm8150 sdx20_firmware sdm850 apq8017 nicobar_firmware sdm660_firmware mdm9640 Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

CWE ID-CWE-125

Out-of-bounds Read

CWE ID-CWE-20

Improper Input Validation

CVE-2024-53012

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 9.52%

7 Day CHG~0.00%

Published-03 Mar, 2025 | 10:07

Updated-05 Mar, 2025 | 04:55

Improper Input Validation in Automotive OS Platform

Memory corruption may occur due to improper input validation in clock device.

Vendor-Qualcomm Technologies, Inc.

Product-Snapdragon

CWE ID-CWE-20

Improper Input Validation

CVE-2017-18147

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.17% / 38.47%

7 Day CHG~0.00%

Published-03 Apr, 2018 | 17:00

Updated-17 Sep, 2024 | 04:19

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in MMCP, a downlink message is not being properly validated.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-20

Improper Input Validation

CVE-2024-45579

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.03% / 5.35%

7 Day CHG~0.00%

Published-06 May, 2025 | 08:32

Updated-09 May, 2025 | 19:12

Improper Input Validation in Camera Driver

Memory corruption may occur when invoking IOCTL calls from userspace to the camera kernel driver to dump request information, due to a missing memory requirement check.

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-45577

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.03% / 5.35%

7 Day CHG~0.00%

Published-06 May, 2025 | 08:32

Updated-09 May, 2025 | 19:14

Improper Input Validation in Camera Driver

Memory corruption while invoking IOCTL calls from userspace to camera kernel driver to dump request information.

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-43052

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 12.14%

7 Day CHG~0.00%

Published-02 Dec, 2024 | 10:18

Updated-12 Dec, 2024 | 15:28

Improper Input Validation in Video Analytics and Processing

Memory corruption while processing API calls to NPU with invalid input.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2024-38413

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-6.6||MEDIUM

EPSS-0.03% / 8.37%

7 Day CHG~0.00%

Published-03 Feb, 2025 | 16:51

Updated-05 Feb, 2025 | 13:58

Improper Input Validation in Computer Vision

Memory corruption while processing frame packets.

Vendor-Qualcomm Technologies, Inc.

Product-fastconnect_7800_firmware wsa8840 snapdragon_8_gen_3_mobile_firmware wsa8845_firmware wsa8845h_firmware wsa8845 snapdragon_8_gen_3_mobile wcd9395_firmware wcd9390 wsa8840_firmware wsa8845h wcd9395 fastconnect_7800 wcd9390_firmware Snapdragon

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-38420

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-8.8||HIGH

EPSS-0.04% / 9.52%

7 Day CHG~0.00%

Published-03 Feb, 2025 | 16:51

Updated-05 Feb, 2025 | 13:56

Improper Input Validation in Hypervisor

Memory corruption while configuring a Hypervisor based input virtual device.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-33031

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.03% / 7.29%

7 Day CHG~0.00%

Published-04 Nov, 2024 | 10:04

Updated-16 Nov, 2024 | 04:55

Improper Input Validation in RIL

Memory corruption while processing the update SIM PB records request.

Vendor-Qualcomm Technologies, Inc.

Product-fastconnect_7800 qca8337_firmware snapdragon_x72_5g_modem-rf_system qcn6274_firmware sdm429w qca8337 snapdragon_x75_5g_modem-rf_system_firmware qfw7124 qcn6224_firmware sdm429w_firmware wcd9340 qcn6274 qcn6224 fastconnect_7800_firmware snapdragon_x72_5g_modem-rf_system_firmware snapdragon_x75_5g_modem-rf_system qca8081 qcc710 qfw7114_firmware ar8035 wcd9340_firmware wcn3660b qcc710_firmware wcn3620_firmware wcn3660b_firmware wcn3620 snapdragon_429_mobile_platform_firmware qca8081_firmware qfw7124_firmware qfw7114 snapdragon_429_mobile_platform ar8035_firmware Snapdragon qca8337_firmware qcn6274_firmware qfw7114_firmware snapdragon_x75_5g_modem-rf_system_firmware wcd9340_firmware qcc710_firmware qcn6224_firmware wcn3620_firmware sdm429w_firmware wcn3660b_firmware snapdragon_429_mobile_platform_firmware fastconnect_7800_firmware qca8081_firmware snapdragon_x72_5g_modem-rf_system_firmware qfw7124_firmware ar8035_firmware

CWE ID-CWE-20

Improper Input Validation

CVE-2024-33066

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.16% / 37.92%

7 Day CHG~0.00%

Published-07 Oct, 2024 | 12:58

Updated-16 Oct, 2024 | 19:49

Improper Input Validation in WLAN Resource Manager

Memory corruption while redirecting log file to any file location with any file name.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2024-33065

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-8.4||HIGH

EPSS-0.03% / 8.33%

7 Day CHG~0.00%

Published-07 Oct, 2024 | 12:58

Updated-11 Aug, 2025 | 15:06

Improper Input Validation in Camera

Memory corruption while taking snapshot when an offset variable is set by camera driver.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2018-5869

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 10.07%

7 Day CHG~0.00%

Published-18 Jan, 2019 | 22:00

Updated-05 Aug, 2024 | 05:47

Improper input validation in the QTEE keymaster app can lead to invalid memory access in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 800, SD 810

CWE ID-CWE-20

Improper Input Validation

CVE-2014-9965

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.06% / 18.24%

7 Day CHG~0.00%

Published-13 Jun, 2017 | 20:00

Updated-20 Apr, 2025 | 01:37

In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of an SCM call.

Vendor-Google LLC Qualcomm Technologies, Inc.

Product-android All Qualcomm products

CWE ID-CWE-20

Improper Input Validation

CVE-2014-9962

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.06% / 18.24%

7 Day CHG~0.00%

Published-13 Jun, 2017 | 20:00

Updated-20 Apr, 2025 | 01:37

In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of a DRM provisioning command.

Vendor-Google LLC Qualcomm Technologies, Inc.

Product-android All Qualcomm products

CWE ID-CWE-20

Improper Input Validation

CVE-2014-9971

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.25% / 48.35%

7 Day CHG~0.00%

Published-18 Aug, 2017 | 18:00

Updated-20 Apr, 2025 | 01:37

In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts causes an instruction inside of an assert to not be executed resulting in incorrect control flow.

Vendor-Google LLC Qualcomm Technologies, Inc.

Product-android Snapdragon Mobile

CWE ID-CWE-20

Improper Input Validation

CVE-2024-53030

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.04% / 9.52%

7 Day CHG~0.00%

Published-03 Mar, 2025 | 10:07

Updated-07 Mar, 2025 | 11:47

Improper Input Validation in Automotive OS Platform

Memory corruption while processing input message passed from FE driver.

Vendor-Qualcomm Technologies, Inc.

Product-sa9000p qca6595au_firmware sa8650p_firmware qca6678aq sa8255p sa8155p_firmware qamsrv1m_firmware qcs9100 msm8996au msm8996au_firmware sa8620p_firmware sa8155p qam8650p_firmware qca6574a_firmware qca6595_firmware snapdragon_820_automotive_firmware qca6584au_firmware sa6155_firmware qam8620p srv1h qca6564au qca6564a_firmware sa7255p sa8620p qam8620p_firmware sa7255p_firmware qam8775p_firmware qam8295p_firmware qca6797aq qam8255p qca6688aq sa7775p_firmware sa8255p_firmware sa8155_firmware sa8770p_firmware sa8295p_firmware sa6150p qca6696_firmware qam8295p sa8150p qca6595au sa6150p_firmware qcs9100_firmware sa8295p sa8145p sa8150p_firmware srv1l sa6145p sa6155p_firmware qca6698aq_firmware qam8650p qam8775p qca6595 qca6688aq_firmware sa8770p srv1h_firmware sa8775p srv1m snapdragon_820_automotive sa8775p_firmware sa9000p_firmware qamsrv1m qca6564au_firmware qca6574au qca6797aq_firmware srv1m_firmware sa7775p sa8650p sa8540p_firmware sa8145p_firmware sa6155 sa8195p_firmware qca6698aq sa8195p qca6584au sa6155p qamsrv1h qca6564a qca6574au_firmware qamsrv1h_firmware qca6678aq_firmware qca6574a qam8255p_firmware sa6145p_firmware sa8155 srv1l_firmware qca6696 sa8540p Snapdragon

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-787

Out-of-bounds Write

CVE-2018-3597

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.02% / 2.41%

7 Day CHG~0.00%

Published-06 Jul, 2018 | 17:00

Updated-16 Sep, 2024 | 18:48

In the ADSP RPC driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, an arbitrary kernel write can occur.

Vendor-Qualcomm Technologies, Inc.Google LLC

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-20

Improper Input Validation

CVE-2024-23362

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.1||HIGH

EPSS-0.04% / 12.78%

7 Day CHG~0.00%

Published-02 Sep, 2024 | 10:22

Updated-05 Sep, 2024 | 03:56

Improper Input Validation in Trusted Execution Environment

Cryptographic issue while parsing RSA keys in COBR format.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2024-23386

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.03% / 7.29%

7 Day CHG~0.00%

Published-04 Nov, 2024 | 10:04

Updated-16 Nov, 2024 | 04:55

Improper Input Validation in Video

memory corruption when WiFi display APIs are invoked with large random inputs.

CWE ID-CWE-20

Improper Input Validation

CVE-2024-21476

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.08% / 24.85%

7 Day CHG~0.00%

Published-06 May, 2024 | 14:32

Updated-15 Jan, 2025 | 17:00

Improper Input Validation in Secure Processor

Memory corruption when the channel ID passed by user is not validated and further used.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-21473

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.8||CRITICAL

EPSS-0.19% / 40.90%

7 Day CHG~0.00%

Published-01 Apr, 2024 | 15:06

Updated-13 Jan, 2025 | 21:54

Improper Input Validation in WIN SON

Memory corruption while redirecting log file to any file location with any file name.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-21453

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.5||HIGH

EPSS-0.12% / 32.38%

7 Day CHG~0.00%

Published-01 Apr, 2024 | 15:06

Updated-11 Aug, 2025 | 15:06

Improper Input Validation in Automotive Telematics

Transient DOS while decoding message of size that exceeds the available system memory.

CWE ID-CWE-20

Improper Input Validation

CVE-2024-21452

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.3||HIGH

EPSS-0.07% / 22.54%

7 Day CHG~0.00%

Published-01 Apr, 2024 | 15:06

Updated-13 Jan, 2025 | 21:53

Improper Input Validation in Automotive Telematics

Transient DOS while decoding an ASN.1 OER message containing a SEQUENCE of unknown extensions.

CWE ID-CWE-20

Improper Input Validation

CVE-2022-33300

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-8.4||HIGH

EPSS-0.04% / 12.72%

7 Day CHG~0.00%

Published-06 Jan, 2023 | 05:02

Updated-09 Apr, 2025 | 14:53

Improper input validation in Automotive Android OS

Memory corruption in Automotive Android OS due to improper input validation.

Vendor-Qualcomm Technologies, Inc.

Product-qca9377_firmware wsa8830 wcd9380_firmware sa6150p_firmware wcn3990 sa8145p_firmware sw5100p sd865_5g qcc5100 sdx55m_firmware wcn6856_firmware qcn9012 wsa8835 wcd9380 sa8150p_firmware sd888_5g qca6595au_firmware qca6390_firmware wcn6855_firmware qca6174a qca6426 wcn3990_firmware qrb5165n_firmware qcn9012_firmware qca9377 wcd9335_firmware wcn3980 wcd9385_firmware qam8295p sdxr2_5g_firmware sd_8_gen1_5g_firmware wsa8815 wcn6850 qam8295p_firmware qcn9011_firmware qca6426_firmware wcn7850 qca6574au_firmware qca6595au sdx12_firmware qrb5165m wcn3980_firmware qca6391 sdx55m qca6436_firmware qrb5165n sa8295p qcc5100_firmware sa6155p_firmware wcn7851 qrb5165_firmware qrb5165m_firmware sdxr2_5g qrb5165 wcn6851_firmware qcn9011 wcn3988_firmware qca6574au sa6145p_firmware sa8155p_firmware sa8195p wsa8810_firmware wcd9341_firmware sw5100 wsa8810 sd870 qca6436 wcn6851 wcd9335 sa6155p wcn6855 sw5100p_firmware wcn7851_firmware wcn6856 sa6145p qca6174a_firmware wcd9385 wcd9341 qca6696_firmware sa8145p sd870_firmware qca6696 qca6391_firmware qca6390 sa8150p sa6150p sa8155p wsa8830_firmware sd660 sd865_5g_firmware wcn3988 sd888_5g_firmware wcn6850_firmware sd660_firmware wcn7850_firmware wsa8815_firmware sa8195p_firmware wsa8835_firmware sdx12 sw5100_firmware sm8475 sa8295p_firmware Snapdragon

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-787

Out-of-bounds Write

CVE-2022-34146

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.5||HIGH

EPSS-0.15% / 36.67%

7 Day CHG~0.00%

Published-09 Feb, 2023 | 06:58

Updated-03 Aug, 2024 | 08:16

Improper input validation in WLAN Host

Transient DOS due to improper input validation in WLAN Host while parsing frame during defragmentation.

Vendor-Qualcomm Technologies, Inc.

Product-qcn5024_firmware wsa8830 qcn9070 sxr2230p_firmware qcs610 ipq8173_firmware qcn5124 qca4024_firmware qcn9072 wcn3950_firmware ipq8078a ipq5028_firmware qca6595au_firmware ipq6000 wcd9370 ssg2115p qcn5152_firmware qca6584au_firmware qcn9000_firmware ipq5018 qca6554a_firmware wcd9385_firmware qam8295p wcn3950 ipq8076a qcn6024_firmware sd_8_gen1_5g_firmware ipq8074a qcn5124_firmware qam8295p_firmware qcn6100_firmware qcn6102_firmware wcn7850 qca6574au_firmware qcn5122_firmware qcn5164_firmware qca6595au qca8081_firmware qcn6023_firmware wcd9375_firmware qcn9002 ipq5010 qca6564au_firmware qca6584au sa6155p_firmware sd680_firmware ipq8078a_firmware qcn9274 ipq8174 qcn9001 wcn7851 ipq5028 qca6698aq qcn5052 ipq6010 qcn6112_firmware wcn3988_firmware qcn9074 sa8195p qcn6132 wsa8810_firmware sd680 sa6155p sg4150p qca8081 wcn7851_firmware qca6698aq_firmware ipq8071a qcn6023 ipq8071a_firmware wcd9385 qca9888_firmware qcn6122 wcd9341 qca6696_firmware ipq9008_firmware qcn5154_firmware csr8811 wcd9375 qcn9100_firmware wsa8830_firmware ipq5010_firmware ipq8074a_firmware wcn3988 wsa8815_firmware wcn7850_firmware wsa8835_firmware sa8195p_firmware sm8475 qcn5022_firmware sa8295p_firmware sa4150p sg4150p_firmware qcm4325 qca8072 ipq5018_firmware wcd9380_firmware ssg2125p qcn9000 ipq8072a qca6554a ipq8076a_firmware qca6595 ipq8078 qca6564au qcn9001_firmware ipq8173 wcn6856_firmware ipq9008 qcn5164 qcn6122_firmware qca6574 sxr1230p_firmware wsa8835 csr8811_firmware wcd9380 qcn5054_firmware qcs410 qcn5154 qca8075_firmware ssg2125p_firmware qca6574a qcn5024 wcn6855_firmware qca9889 qcn6132_firmware qcn9003_firmware sxr1230p qca9888 qca8072_firmware wcn3980 qcn5052_firmware qcn9274_firmware qcn9003 ipq8070a_firmware ipq6018_firmware ipq8076_firmware qcm4325_firmware qca6574_firmware wsa8815 qcn6112 sxr2230p ipq8076 qca6574a_firmware qcn5152 ipq6028 qcn9024 ipq9574_firmware wcn3980_firmware sa8295p wcn6740_firmware qcn6102 qcn9100 ipq8078_firmware wsa8832_firmware qcn5054 qcn9070_firmware ipq6028_firmware ipq8072a_firmware qca6574au qca9889_firmware sa8155p_firmware ipq9574 qcn5122 qcn9024_firmware ipq8174_firmware wcd9341_firmware wsa8810 wsa8832 wcn6855 qcs610_firmware wcn6856 ipq6018 qcn5022 ipq6010_firmware qca6595_firmware wcn6740 qca6696 sa4150p_firmware qca4024 wcd9370_firmware qca8075 qcn9022_firmware sa8155p qcn6024 qcn9022 ipq8070a qcn9002_firmware qcn6100 qcn9072_firmware ipq6000_firmware ssg2115p_firmware qcn9074_firmware qcs410_firmware Snapdragon qcn5024_firmware ipq5018_firmware wcd9380_firmware sxr2230p_firmware ipq8076a_firmware ipq8173_firmware qcn9001_firmware wcn6856_firmware qca4024_firmware qcn6122_firmware sxr1230p_firmware wcn3950_firmware csr8811_firmware ipq5028_firmware qca6595au_firmware qcn5054_firmware qca8075_firmware ssg2125p_firmware wcn6855_firmware qcn5152_firmware qcn6132_firmware qcn9003_firmware qca6584au_firmware qca8072_firmware qcn9000_firmware qcn5052_firmware qcn9274_firmware ipq8070a_firmware qca6554a_firmware wcd9385_firmware qcn6024_firmware ipq8076_firmware ipq6018_firmware qcm4325_firmware qca6574_firmware sd_8_gen1_5g_firmware qcn5124_firmware qam8295p_firmware qcn6100_firmware qcn6102_firmware qca6574a_firmware qca6574au_firmware qcn5122_firmware qcn5164_firmware wcd9375_firmware qca8081_firmware qcn6023_firmware ipq9574_firmware wcn3980_firmware wcn6740_firmware qca6564au_firmware sd680_firmware sa6155p_firmware ipq8078a_firmware ipq8078_firmware wsa8832_firmware qcn9070_firmware ipq6028_firmware ipq8072a_firmware qcn6112_firmware wcn3988_firmware qca9889_firmware sa8155p_firmware qcn9024_firmware ipq8174_firmware wsa8810_firmware wcd9341_firmware qcs610_firmware wcn7851_firmware qca6698aq_firmware ipq8071a_firmware qca9888_firmware ipq6010_firmware qca6696_firmware qca6595_firmware ipq9008_firmware qcn5154_firmware sa4150p_firmware wcd9370_firmware qcn9100_firmware qcn9022_firmware wsa8830_firmware qcn9002_firmware ipq5010_firmware ipq8074a_firmware wsa8815_firmware wsa8835_firmware wcn7850_firmware qcn9072_firmware ipq6000_firmware sa8195p_firmware ssg2115p_firmware qcn9074_firmware qcs410_firmware qcn5022_firmware sa8295p_firmware sg4150p_firmware

CWE ID-CWE-20

Improper Input Validation

CVE-2024-49845

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.03% / 5.35%

7 Day CHG~0.00%

Published-06 May, 2025 | 08:32

Updated-09 May, 2025 | 19:11

Improper Input Validation in HLOS

Memory corruption during the FRS UDS generation process.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-49844

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.03% / 5.35%

7 Day CHG~0.00%

Published-06 May, 2025 | 08:32

Updated-11 Aug, 2025 | 15:06

Improper Input Validation in Automotive

Memory corruption while triggering commands in the PlayReady Trusted application.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-787

Out-of-bounds Write

CVE-2021-1969

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-6.2||MEDIUM

EPSS-0.03% / 8.58%

7 Day CHG~0.00%

Published-20 Oct, 2021 | 00:00

Updated-03 Aug, 2024 | 16:25

Improper validation of kernel buffer address while copying information back to user buffer can lead to kernel memory information exposure to user space in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Vendor-Qualcomm Technologies, Inc.

Product-fsm10055 wcn3991_firmware mdm9150_firmware wcn3991 sd678 sa6150p_firmware qca8337_firmware sa8145p_firmware qcs610 sda429w_firmware wcd9380_firmware sd_675 fsm10056 qca8337 qca6595 sdx55m_firmware csra6620 fsm10055_firmware qca6574 wcn3950_firmware sd665_firmware wcd9380 sa8150p_firmware qca6420_firmware qca6595au_firmware sa6155 qcs410 wcd9370 csra6620_firmware sd_675_firmware sd675_firmware qca6574a csra6640_firmware qcs6125_firmware qca6584au_firmware qca6430_firmware wcd9335_firmware wcn3980 wcn3998 sd_8cx_firmware wcn3950 sd720g qca6574_firmware wcd9340_firmware wcn3660b sd855 wsa8815 sd665 sd_8c_firmware wcn3660b_firmware sa8155 qca6574a_firmware qca6574au_firmware sdx55_firmware qca6595au sa6155_firmware wcd9375_firmware wcn3998_firmware wcn3999_firmware wcn3980_firmware wcn3610_firmware qca6420 qca6391 sdx55m aqt1000_firmware qca6584au sa6155p_firmware wcn3999 sd678_firmware ar8031_firmware qcs6125 sa8155_firmware qcs405 qca6430 wcn3988_firmware qca6574au sa6145p_firmware sa8155p_firmware sm6250 wcd9340 sa8195p wsa8810_firmware wcd9341_firmware qcm6125 wsa8810 fsm10056_firmware wcd9335 sa6155p qcs610_firmware mdm9150 sd_8c sa6145p wcd9341 ar8031 qca6696_firmware qca6595_firmware qcs405_firmware sa8145p qca6696 qca6391_firmware ar8035 wcd9375 sd_8cx aqt1000 sa8150p wcd9370_firmware sm6250_firmware sa6150p sdx55 sa8155p csra6640 sda429w sd675 sd855_firmware wcn3620_firmware wcn3988 wsa8815_firmware wcn3620 sd720g_firmware sa8195p_firmware qcs410_firmware ar8035_firmware wcn3610 qcm6125_firmware Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CWE ID-CWE-20

Improper Input Validation

CVE-2021-1968

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-6.2||MEDIUM

EPSS-0.02% / 3.01%

7 Day CHG~0.00%

Published-20 Oct, 2021 | 00:00

Updated-03 Aug, 2024 | 16:25

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2017-11027

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.02% / 2.41%

7 Day CHG~0.00%

Published-16 Nov, 2017 | 22:00

Updated-20 Apr, 2025 | 01:37

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing UBI image, size is not validated for being smaller than minimum header size causing unintialized data access vulnerability.

Vendor-Google LLC Qualcomm Technologies, Inc.

Product-android Android for MSM, Firefox OS for MSM, QRD Android

CWE ID-CWE-20

Improper Input Validation

CVE-2020-3653

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-9.1||CRITICAL

EPSS-0.24% / 46.84%

7 Day CHG~0.00%

Published-16 Apr, 2020 | 10:46

Updated-04 Aug, 2024 | 07:37

Possible buffer over-read in windows wlan driver function due to lack of check of length of variable received from userspace in Snapdragon Compute, Snapdragon Connectivity in MSM8998, QCA6390, SC7180, SC8180X, SDM850

Vendor-Qualcomm Technologies, Inc.

Product-sdm850_firmware sc7180_firmware msm8998 sdm850 sc7180 qca6390_firmware msm8998_firmware qca6390 sc8180x sc8180x_firmware Snapdragon Compute, Snapdragon Connectivity

CWE ID-CWE-125

Out-of-bounds Read

CWE ID-CWE-20

Improper Input Validation

CVE-2020-3617

Matching Score-6

Assigner-Qualcomm, Inc.

View Details

Matching Score-6

Assigner-Qualcomm, Inc.

CVSS Score-7.1||HIGH

EPSS-0.03% / 7.76%

7 Day CHG~0.00%

Published-09 Sep, 2020 | 06:25

Updated-04 Aug, 2024 | 07:37

u'Buffer over-read Issue in Q6 testbus framework due to diag packet length is not completely validated before accessing the field and leads to Information disclosure.' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in Kamorta, Nicobar, QCS605, QCS610, Rennell, SC7180, SDA660, SDM630, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SXR1130

CWE ID-CWE-125

Out-of-bounds Read

CWE ID-CWE-20

Improper Input Validation

CVE-2011-0220

Matching Score-4

Assigner-Apple Inc.

View Details

Matching Score-4

Assigner-Apple Inc.

CVSS Score-5.5||MEDIUM

EPSS-0.04% / 13.28%

7 Day CHG~0.00%

Published-05 Feb, 2020 | 19:46

Updated-06 Aug, 2024 | 21:43

Apple Bonjour before 2011 allows a crash via a crafted multicast DNS packet.

Vendor-Apple Inc.

Product-bonjour Bonjour

CWE ID-CWE-20

Improper Input Validation

CVE-2021-22152

Matching Score-4

Assigner-BlackBerry

View Details

Matching Score-4

Assigner-BlackBerry

CVSS Score-5.5||MEDIUM

EPSS-0.05% / 15.19%

7 Day CHG~0.00%

Published-13 May, 2021 | 10:43

Updated-03 Aug, 2024 | 18:37

A Denial of Service due to Improper Input Validation vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially to prevent any new user connections.

Vendor-n/a BlackBerry Limited

Product-unified_endpoint_management n/a

CWE ID-CWE-20

Improper Input Validation

CVE-2024-10083

Matching Score-4

Assigner-Schneider Electric

View Details

Matching Score-4

Assigner-Schneider Electric

CVSS Score-6.8||MEDIUM

EPSS-0.04% / 13.28%

7 Day CHG~0.00%

Published-13 Feb, 2025 | 05:40

Updated-13 Feb, 2025 | 14:29

CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of engineering workstation when specific driver interface is invoked locally by an authenticated user with crafted input.

Vendor-Schneider Electric SE

Product-Uni-Telway driver Uni-Telway driver used in EcoStruxure Process Expert for AVEVA System Platform Uni-Telway driver used in EcoStruxure Control Expert Uni-Telway driver used in EcoStruxure Process Expert Uni-Telway driver used in OPC Factory Server

CWE ID-CWE-20

Improper Input Validation

CVE-2024-0285

Matching Score-4

Assigner-OpenHarmony

View Details

Matching Score-4

Assigner-OpenHarmony

CVSS Score-4.7||MEDIUM

EPSS-0.03% / 5.19%

7 Day CHG~0.00%

Published-02 Feb, 2024 | 06:19

Updated-07 May, 2025 | 20:08

Dsoftbus has an improper input validation vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input.

Vendor-OpenAtom Foundation OpenHarmony (OpenAtom Foundation)

Product-openharmony OpenHarmony

CWE ID-CWE-20

Improper Input Validation

CVE-2022-33216

Credits

Improper Input Validation in Automotive

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs