Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-21652

Summary
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At-19 Jan, 2025 | 10:18
Updated At-04 May, 2025 | 07:18
Rejected At-
Credits

ipvlan: Fix use-after-free in ipvlan_get_iflink().

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix use-after-free in ipvlan_get_iflink(). syzbot presented an use-after-free report [0] regarding ipvlan and linkwatch. ipvlan does not hold a refcnt of the lower device unlike vlan and macvlan. If the linkwatch work is triggered for the ipvlan dev, the lower dev might have already been freed, resulting in UAF of ipvlan->phy_dev in ipvlan_get_iflink(). We can delay the lower dev unregistration like vlan and macvlan by holding the lower dev's refcnt in dev->netdev_ops->ndo_init() and releasing it in dev->priv_destructor(). Jakub pointed out calling .ndo_XXX after unregister_netdevice() has returned is error prone and suggested [1] addressing this UAF in the core by taking commit 750e51603395 ("net: avoid potential UAF in default_operstate()") further. Let's assume unregistering devices DOWN and use RCU protection in default_operstate() not to race with the device unregistration. [0]: BUG: KASAN: slab-use-after-free in ipvlan_get_iflink+0x84/0x88 drivers/net/ipvlan/ipvlan_main.c:353 Read of size 4 at addr ffff0000d768c0e0 by task kworker/u8:35/6944 CPU: 0 UID: 0 PID: 6944 Comm: kworker/u8:35 Not tainted 6.13.0-rc2-g9bc5c9515b48 #12 4c3cb9e8b4565456f6a355f312ff91f4f29b3c47 Hardware name: linux,dummy-virt (DT) Workqueue: events_unbound linkwatch_event Call trace: show_stack+0x38/0x50 arch/arm64/kernel/stacktrace.c:484 (C) __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0xbc/0x108 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x16c/0x6f0 mm/kasan/report.c:489 kasan_report+0xc0/0x120 mm/kasan/report.c:602 __asan_report_load4_noabort+0x20/0x30 mm/kasan/report_generic.c:380 ipvlan_get_iflink+0x84/0x88 drivers/net/ipvlan/ipvlan_main.c:353 dev_get_iflink+0x7c/0xd8 net/core/dev.c:674 default_operstate net/core/link_watch.c:45 [inline] rfc2863_policy+0x144/0x360 net/core/link_watch.c:72 linkwatch_do_dev+0x60/0x228 net/core/link_watch.c:175 __linkwatch_run_queue+0x2f4/0x5b8 net/core/link_watch.c:239 linkwatch_event+0x64/0xa8 net/core/link_watch.c:282 process_one_work+0x700/0x1398 kernel/workqueue.c:3229 process_scheduled_works kernel/workqueue.c:3310 [inline] worker_thread+0x8c4/0xe10 kernel/workqueue.c:3391 kthread+0x2b0/0x360 kernel/kthread.c:389 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:862 Allocated by task 9303: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x30/0x68 mm/kasan/common.c:68 kasan_save_alloc_info+0x44/0x58 mm/kasan/generic.c:568 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0x84/0xa0 mm/kasan/common.c:394 kasan_kmalloc include/linux/kasan.h:260 [inline] __do_kmalloc_node mm/slub.c:4283 [inline] __kmalloc_node_noprof+0x2a0/0x560 mm/slub.c:4289 __kvmalloc_node_noprof+0x9c/0x230 mm/util.c:650 alloc_netdev_mqs+0xb4/0x1118 net/core/dev.c:11209 rtnl_create_link+0x2b8/0xb60 net/core/rtnetlink.c:3595 rtnl_newlink_create+0x19c/0x868 net/core/rtnetlink.c:3771 __rtnl_newlink net/core/rtnetlink.c:3896 [inline] rtnl_newlink+0x122c/0x15c0 net/core/rtnetlink.c:4011 rtnetlink_rcv_msg+0x61c/0x918 net/core/rtnetlink.c:6901 netlink_rcv_skb+0x1dc/0x398 net/netlink/af_netlink.c:2542 rtnetlink_rcv+0x34/0x50 net/core/rtnetlink.c:6928 netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline] netlink_unicast+0x618/0x838 net/netlink/af_netlink.c:1347 netlink_sendmsg+0x5fc/0x8b0 net/netlink/af_netlink.c:1891 sock_sendmsg_nosec net/socket.c:711 [inline] __sock_sendmsg net/socket.c:726 [inline] __sys_sendto+0x2ec/0x438 net/socket.c:2197 __do_sys_sendto net/socket.c:2204 [inline] __se_sys_sendto net/socket.c:2200 [inline] __arm64_sys_sendto+0xe4/0x110 net/socket.c:2200 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x90/0x278 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x13c/0x250 arch/arm64/kernel/syscall.c:132 do_el0_svc+0x54/0x70 arch/arm64/kernel/syscall.c:151 el ---truncated---

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Linux
Assigner Org ID:416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At:19 Jan, 2025 | 10:18
Updated At:04 May, 2025 | 07:18
Rejected At:
▼CVE Numbering Authority (CNA)
ipvlan: Fix use-after-free in ipvlan_get_iflink().

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix use-after-free in ipvlan_get_iflink(). syzbot presented an use-after-free report [0] regarding ipvlan and linkwatch. ipvlan does not hold a refcnt of the lower device unlike vlan and macvlan. If the linkwatch work is triggered for the ipvlan dev, the lower dev might have already been freed, resulting in UAF of ipvlan->phy_dev in ipvlan_get_iflink(). We can delay the lower dev unregistration like vlan and macvlan by holding the lower dev's refcnt in dev->netdev_ops->ndo_init() and releasing it in dev->priv_destructor(). Jakub pointed out calling .ndo_XXX after unregister_netdevice() has returned is error prone and suggested [1] addressing this UAF in the core by taking commit 750e51603395 ("net: avoid potential UAF in default_operstate()") further. Let's assume unregistering devices DOWN and use RCU protection in default_operstate() not to race with the device unregistration. [0]: BUG: KASAN: slab-use-after-free in ipvlan_get_iflink+0x84/0x88 drivers/net/ipvlan/ipvlan_main.c:353 Read of size 4 at addr ffff0000d768c0e0 by task kworker/u8:35/6944 CPU: 0 UID: 0 PID: 6944 Comm: kworker/u8:35 Not tainted 6.13.0-rc2-g9bc5c9515b48 #12 4c3cb9e8b4565456f6a355f312ff91f4f29b3c47 Hardware name: linux,dummy-virt (DT) Workqueue: events_unbound linkwatch_event Call trace: show_stack+0x38/0x50 arch/arm64/kernel/stacktrace.c:484 (C) __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0xbc/0x108 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x16c/0x6f0 mm/kasan/report.c:489 kasan_report+0xc0/0x120 mm/kasan/report.c:602 __asan_report_load4_noabort+0x20/0x30 mm/kasan/report_generic.c:380 ipvlan_get_iflink+0x84/0x88 drivers/net/ipvlan/ipvlan_main.c:353 dev_get_iflink+0x7c/0xd8 net/core/dev.c:674 default_operstate net/core/link_watch.c:45 [inline] rfc2863_policy+0x144/0x360 net/core/link_watch.c:72 linkwatch_do_dev+0x60/0x228 net/core/link_watch.c:175 __linkwatch_run_queue+0x2f4/0x5b8 net/core/link_watch.c:239 linkwatch_event+0x64/0xa8 net/core/link_watch.c:282 process_one_work+0x700/0x1398 kernel/workqueue.c:3229 process_scheduled_works kernel/workqueue.c:3310 [inline] worker_thread+0x8c4/0xe10 kernel/workqueue.c:3391 kthread+0x2b0/0x360 kernel/kthread.c:389 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:862 Allocated by task 9303: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x30/0x68 mm/kasan/common.c:68 kasan_save_alloc_info+0x44/0x58 mm/kasan/generic.c:568 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0x84/0xa0 mm/kasan/common.c:394 kasan_kmalloc include/linux/kasan.h:260 [inline] __do_kmalloc_node mm/slub.c:4283 [inline] __kmalloc_node_noprof+0x2a0/0x560 mm/slub.c:4289 __kvmalloc_node_noprof+0x9c/0x230 mm/util.c:650 alloc_netdev_mqs+0xb4/0x1118 net/core/dev.c:11209 rtnl_create_link+0x2b8/0xb60 net/core/rtnetlink.c:3595 rtnl_newlink_create+0x19c/0x868 net/core/rtnetlink.c:3771 __rtnl_newlink net/core/rtnetlink.c:3896 [inline] rtnl_newlink+0x122c/0x15c0 net/core/rtnetlink.c:4011 rtnetlink_rcv_msg+0x61c/0x918 net/core/rtnetlink.c:6901 netlink_rcv_skb+0x1dc/0x398 net/netlink/af_netlink.c:2542 rtnetlink_rcv+0x34/0x50 net/core/rtnetlink.c:6928 netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline] netlink_unicast+0x618/0x838 net/netlink/af_netlink.c:1347 netlink_sendmsg+0x5fc/0x8b0 net/netlink/af_netlink.c:1891 sock_sendmsg_nosec net/socket.c:711 [inline] __sock_sendmsg net/socket.c:726 [inline] __sys_sendto+0x2ec/0x438 net/socket.c:2197 __do_sys_sendto net/socket.c:2204 [inline] __se_sys_sendto net/socket.c:2200 [inline] __arm64_sys_sendto+0xe4/0x110 net/socket.c:2200 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x90/0x278 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x13c/0x250 arch/arm64/kernel/syscall.c:132 do_el0_svc+0x54/0x70 arch/arm64/kernel/syscall.c:151 el ---truncated---

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/core/link_watch.c
Default Status
unaffected
Versions
Affected
  • From 8c55facecd7ade835287298ce325f930d888d8ec before ba9f7c16ec879c83bb4f80406773a911aace8267 (git)
  • From 8c55facecd7ade835287298ce325f930d888d8ec before 52a24538d569f48e79d1a169a5d359d384152950 (git)
  • From 8c55facecd7ade835287298ce325f930d888d8ec before cb358ff94154774d031159b018adf45e17673941 (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/core/link_watch.c
Default Status
affected
Versions
Affected
  • 6.2
Unaffected
  • From 0 before 6.2 (semver)
  • From 6.6.72 through 6.6.* (semver)
  • From 6.12.10 through 6.12.* (semver)
  • From 6.13 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/ba9f7c16ec879c83bb4f80406773a911aace8267
N/A
https://git.kernel.org/stable/c/52a24538d569f48e79d1a169a5d359d384152950
N/A
https://git.kernel.org/stable/c/cb358ff94154774d031159b018adf45e17673941
N/A
Hyperlink: https://git.kernel.org/stable/c/ba9f7c16ec879c83bb4f80406773a911aace8267
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/52a24538d569f48e79d1a169a5d359d384152950
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/cb358ff94154774d031159b018adf45e17673941
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-416CWE-416 Use After Free
Type: CWE
CWE ID: CWE-416
Description: CWE-416 Use After Free
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At:19 Jan, 2025 | 11:15
Updated At:10 Feb, 2025 | 18:15

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix use-after-free in ipvlan_get_iflink(). syzbot presented an use-after-free report [0] regarding ipvlan and linkwatch. ipvlan does not hold a refcnt of the lower device unlike vlan and macvlan. If the linkwatch work is triggered for the ipvlan dev, the lower dev might have already been freed, resulting in UAF of ipvlan->phy_dev in ipvlan_get_iflink(). We can delay the lower dev unregistration like vlan and macvlan by holding the lower dev's refcnt in dev->netdev_ops->ndo_init() and releasing it in dev->priv_destructor(). Jakub pointed out calling .ndo_XXX after unregister_netdevice() has returned is error prone and suggested [1] addressing this UAF in the core by taking commit 750e51603395 ("net: avoid potential UAF in default_operstate()") further. Let's assume unregistering devices DOWN and use RCU protection in default_operstate() not to race with the device unregistration. [0]: BUG: KASAN: slab-use-after-free in ipvlan_get_iflink+0x84/0x88 drivers/net/ipvlan/ipvlan_main.c:353 Read of size 4 at addr ffff0000d768c0e0 by task kworker/u8:35/6944 CPU: 0 UID: 0 PID: 6944 Comm: kworker/u8:35 Not tainted 6.13.0-rc2-g9bc5c9515b48 #12 4c3cb9e8b4565456f6a355f312ff91f4f29b3c47 Hardware name: linux,dummy-virt (DT) Workqueue: events_unbound linkwatch_event Call trace: show_stack+0x38/0x50 arch/arm64/kernel/stacktrace.c:484 (C) __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0xbc/0x108 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x16c/0x6f0 mm/kasan/report.c:489 kasan_report+0xc0/0x120 mm/kasan/report.c:602 __asan_report_load4_noabort+0x20/0x30 mm/kasan/report_generic.c:380 ipvlan_get_iflink+0x84/0x88 drivers/net/ipvlan/ipvlan_main.c:353 dev_get_iflink+0x7c/0xd8 net/core/dev.c:674 default_operstate net/core/link_watch.c:45 [inline] rfc2863_policy+0x144/0x360 net/core/link_watch.c:72 linkwatch_do_dev+0x60/0x228 net/core/link_watch.c:175 __linkwatch_run_queue+0x2f4/0x5b8 net/core/link_watch.c:239 linkwatch_event+0x64/0xa8 net/core/link_watch.c:282 process_one_work+0x700/0x1398 kernel/workqueue.c:3229 process_scheduled_works kernel/workqueue.c:3310 [inline] worker_thread+0x8c4/0xe10 kernel/workqueue.c:3391 kthread+0x2b0/0x360 kernel/kthread.c:389 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:862 Allocated by task 9303: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x30/0x68 mm/kasan/common.c:68 kasan_save_alloc_info+0x44/0x58 mm/kasan/generic.c:568 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0x84/0xa0 mm/kasan/common.c:394 kasan_kmalloc include/linux/kasan.h:260 [inline] __do_kmalloc_node mm/slub.c:4283 [inline] __kmalloc_node_noprof+0x2a0/0x560 mm/slub.c:4289 __kvmalloc_node_noprof+0x9c/0x230 mm/util.c:650 alloc_netdev_mqs+0xb4/0x1118 net/core/dev.c:11209 rtnl_create_link+0x2b8/0xb60 net/core/rtnetlink.c:3595 rtnl_newlink_create+0x19c/0x868 net/core/rtnetlink.c:3771 __rtnl_newlink net/core/rtnetlink.c:3896 [inline] rtnl_newlink+0x122c/0x15c0 net/core/rtnetlink.c:4011 rtnetlink_rcv_msg+0x61c/0x918 net/core/rtnetlink.c:6901 netlink_rcv_skb+0x1dc/0x398 net/netlink/af_netlink.c:2542 rtnetlink_rcv+0x34/0x50 net/core/rtnetlink.c:6928 netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline] netlink_unicast+0x618/0x838 net/netlink/af_netlink.c:1347 netlink_sendmsg+0x5fc/0x8b0 net/netlink/af_netlink.c:1891 sock_sendmsg_nosec net/socket.c:711 [inline] __sock_sendmsg net/socket.c:726 [inline] __sys_sendto+0x2ec/0x438 net/socket.c:2197 __do_sys_sendto net/socket.c:2204 [inline] __se_sys_sendto net/socket.c:2200 [inline] __arm64_sys_sendto+0xe4/0x110 net/socket.c:2200 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x90/0x278 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x13c/0x250 arch/arm64/kernel/syscall.c:132 do_el0_svc+0x54/0x70 arch/arm64/kernel/syscall.c:151 el ---truncated---

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 6.2(inclusive) to 6.6.72(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 6.7(inclusive) to 6.12.10(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>6.13
cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>6.13
cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>6.13
cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>6.13
cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>6.13
cpe:2.3:o:linux:linux_kernel:6.13:rc5:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>6.13
cpe:2.3:o:linux:linux_kernel:6.13:rc6:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-416Primarynvd@nist.gov
CWE-416Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-416
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-416
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://git.kernel.org/stable/c/52a24538d569f48e79d1a169a5d359d384152950416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/ba9f7c16ec879c83bb4f80406773a911aace8267416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/cb358ff94154774d031159b018adf45e17673941416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Hyperlink: https://git.kernel.org/stable/c/52a24538d569f48e79d1a169a5d359d384152950
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/ba9f7c16ec879c83bb4f80406773a911aace8267
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/cb358ff94154774d031159b018adf45e17673941
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch

Change History

0
Information is not available yet

Similar CVEs

3188Records found
CVE-2023-36743
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.24% / 79.03%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:08
Updated-14 Apr, 2025 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Win32k Elevation of Privilege Vulnerability

Win32k Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016Windows Server 2012 R2Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)Windows 11 version 21H2Windows Server 2022Windows Server 2019Windows 10 Version 21H2
CWE ID-CWE-416
Use After Free
CVE-2023-36802
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-75.43% / 98.87%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 16:58
Updated-30 Oct, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-10-03||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability

Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2windows_10_21h2windows_server_2022windows_10_22h2windows_10_1809windows_server_2019windows_11_21h2Windows Server 2022Windows Server 2019Windows 11 version 21H2Windows 10 Version 21H2Windows 10 Version 1809Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 10 Version 22H2Streaming Service Proxy
CWE ID-CWE-416
Use After Free
CVE-2023-36804
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.54%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 16:58
Updated-30 Oct, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows GDI Elevation of Privilege Vulnerability

Windows GDI Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows 11 version 21H2Windows Server 2016 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2019 (Server Core installation)Windows 10 Version 22H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2022Windows Server 2019Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012 R2Windows 10 Version 1809Windows 11 version 22H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2016
CWE ID-CWE-416
Use After Free
CVE-2024-43059
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.88%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 10:07
Updated-03 Mar, 2025 | 13:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in Automotive Multimedia

Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-Snapdragon
CWE ID-CWE-416
Use After Free
CVE-2023-35666
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.86%
||
7 Day CHG~0.00%
Published-11 Sep, 2023 | 20:09
Updated-26 Sep, 2024 | 14:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In bta_av_rc_msg of bta_av_act.cc, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-416
Use After Free
CVE-2023-35687
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.41%
||
7 Day CHG~0.00%
Published-11 Sep, 2023 | 20:09
Updated-26 Sep, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In MtpPropertyValue of MtpProperty.h, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2023-36605
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.4||HIGH
EPSS-0.10% / 28.12%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:07
Updated-14 Apr, 2025 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Named Pipe Filesystem Elevation of Privilege Vulnerability

Windows Named Pipe Filesystem Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_11_22h2windows_11_21h2windows_10_22h2windows_server_2022windows_server_2019Windows Server 2019 (Server Core installation)Windows 11 version 22H2Windows 11 version 21H2Windows 10 Version 1809Windows Server 2022Windows 10 Version 22H2Windows Server 2019Windows 10 Version 21H2
CWE ID-CWE-416
Use After Free
CVE-2023-36726
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.12%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:07
Updated-14 Apr, 2025 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability

Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016Windows Server 2012 R2Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)Windows 11 version 21H2Windows Server 2022Windows Server 2019Windows 10 Version 21H2
CWE ID-CWE-416
Use After Free
CVE-2023-35685
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.32%
||
7 Day CHG~0.00%
Published-08 Jan, 2025 | 17:35
Updated-31 Jan, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In DevmemIntMapPages of devicemem_server.c, there is a possible physical page uaf due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2023-35380
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.22% / 84.27%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 17:08
Updated-09 Jul, 2025 | 13:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012 R2 (Server Core installation)Windows Server 2012Windows Server 2022Windows 10 Version 1507Windows 10 Version 1607Windows 11 version 22H2Windows Server 2008 Service Pack 2Windows Server 2019Windows Server 2008 Service Pack 2Windows 10 Version 22H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 R2Windows Server 2016 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows 11 version 21H2Windows Server 2019 (Server Core installation)Windows Server 2016
CWE ID-CWE-416
Use After Free
CVE-2023-35382
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.37% / 84.73%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 17:08
Updated-01 Jan, 2025 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_11_22h2windows_11_21h2windows_10_22h2windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 21H2Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows 11 version 21H2Windows Server 2019Windows 10 Version 22H2
CWE ID-CWE-416
Use After Free
CVE-2019-2215
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-52.95% / 97.91%
||
7 Day CHG+0.56%
Published-11 Oct, 2019 | 18:16
Updated-24 Oct, 2025 | 14:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095

Action-Not Available
Vendor-n/aCanonical Ltd.Huawei Technologies Co., Ltd.Debian GNU/LinuxGoogle LLCNetApp, Inc.Android
Product-florida-l22alp-tl00b_firmwarestanford-l09_firmwarey9_2019_firmwaretony-tl00bubuntu_linuxsolidfirenova_3eares-al00bbarca-al00_firmwaredebian_linuxlelandp-l22c_firmwareyale-tl00bp20_firmwarecolumbia-al00a_firmwarenova_2sflorida-l22_firmwarejohnson-tl00d_firmwareares-tl00chw_firmwareberkeley-l09a220_firmwarefigo-al00aaff_baseboard_management_controller_firmwareandroidh300sberkeley-tl10alp-al00byale-al00ah410sflorida-l21_firmwarestanford-l09scolumbia-l29d_firmwareh610sp20_liteyale-tl00b_firmwareflorida-l03_firmwaretony-tl00b_firmwarea800nova_2s_firmwarehonor_view_20_firmwarebla-al00ba800_firmwareleland-l32a_firmwarelelandp-al00cduke-l09i_firmwareh410ch300s_firmwarestanford-l09neo-al00dleland-tl10b_firmwareneo-al00d_firmwarefas2720jakarta-al00a_firmwarea320dura-al00a_firmwarehonor_9i_firmwareh700s_firmwarebla-tl00ba320_firmwareleland-tl10c_firmwarec190_firmwaresolidfire_baseboard_management_controller_firmwarec190florida-al20b_firmwareberkeley-tl10_firmwarea220yale-l21a_firmwareleland-tl10ccolumbia-l29dprinceton-al10b_firmwarecloud_backupbla-l29cyale-al00a_firmwareares-al10d_firmwarebla-l29c_firmwaredata_availability_servicesflorida-l21h500s_firmwarerhone-al00aff_baseboard_management_controlleralp-al00b_firmwareleland-l21a_firmwaresydney-tl00_firmwarey9_2019tony-al00bh700sfas2750_firmwaremate_rsprinceton-al10bsolidfire_baseboard_management_controllerrhone-al00_firmwareflorida-al20bfas2720_firmwarejakarta-al00aberkeley-l09_firmwarestanford-l09s_firmwareflorida-tl10bh500sares-al00b_firmwareleland-al10bservice_processornova_3dura-al00abla-tl00b_firmwareflorida-tl10b_firmwarebarca-al00sydney-al00h610s_firmwarecolumbia-al00ap20_lite_firmwarejohnson-tl00dtony-al00b_firmwareleland-l32anova_3e_firmwaresydneym-al00_firmwareanne-al00_firmwareares-tl00chwleland-tl10bsydney-tl00figo-al00a_firmwarep20honor_view_20ares-al10dsydneym-al00mate_rs_firmwareyale-l21ahci_management_nodeleland-al10b_firmwarehonor_9isteelstore_cloud_integrated_storagefas2750leland-l21aflorida-l03h410s_firmwaresydney-al00_firmwarebla-al00b_firmwareduke-l09ianne-al00lelandp-al00c_firmwarecornell-tl10balp-tl00bnova_3_firmwarecornell-tl10b_firmwarelelandp-l22ch410c_firmwareAndroidAndroid Kernel
CWE ID-CWE-416
Use After Free
CVE-2016-1573
Matching Score-4
Assigner-Canonical Ltd.
ShareView Details
Matching Score-4
Assigner-Canonical Ltd.
CVSS Score-4.8||MEDIUM
EPSS-0.09% / 24.90%
||
7 Day CHG~0.00%
Published-22 Apr, 2019 | 15:35
Updated-16 Sep, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Using a specially crafted fallback art property, scopes can execute arbitrary QML code in context of unity8-dash

Versions of Unity8 before 8.11+16.04.20160122-0ubuntu1 file plugins/Dash/CardCreator.js will execute any code found in place of a fallback image supplied by a scope.

Action-Not Available
Vendor-ubportsUbuntu
Product-unity8Unity8
CWE ID-CWE-416
Use After Free
CVE-2023-33074
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.03% / 8.36%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 05:26
Updated-16 Dec, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in Audio

Memory corruption in Audio when SSR event is triggered after music playback is stopped.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qam8255p_firmwarewsa8830wcd9380_firmwaresa6150p_firmwaressg2125psa8145p_firmwaresxr2230p_firmwaresw5100pqam8650psd865_5gsg8275p_firmwaresnapdragon_w5\+_gen_1_wearable_platformwcn785x-5qca6595qam8775pwsa8840wsa8835qca6574sxr1230p_firmwarewcn3950_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwarewcd9380sa8150p_firmwareqca6595au_firmwaressg2125p_firmwareqca6574assg2115pwcn685x-5_firmwaresxr1230pwcn685x-1sg8275psnapdragon_8_gen_2_mobile_platformwcn6750wcn3980wcd9385_firmwareqam8295pwcn3950wsa8845qcm4325_firmwareqca6574_firmwarewsa8815sxr2230pwsa8845_firmwareqam8295p_firmwaresnapdragon_xr2_5g_platform_firmwareqca6574a_firmwareqca6574au_firmwareqca6595ausm6225-adwsa8845h_firmwarewcn785x-5_firmwarewcn3980_firmwaresa8295psnapdragon_w5\+_gen_1_wearable_platform_firmwaresm8475_firmwaresa6155p_firmwaresm6225snapdragon_xr2_5g_platformsm6225-ad_firmwarewsa8840_firmwareqca6698aqsa4155p_firmwarewsa8832_firmwarewcn685x-5sm6225_firmwarewcn3988_firmwareqca6797aq_firmwarewcn785x-1_firmwareqca6574ausa6145p_firmwaresa8155p_firmwaresa8195pwsa8810_firmwaresnapdragon_8\+_gen_2_mobile_platformsw5100wsa8810wsa8845hwsa8832wcd9395_firmwaresa8255p_firmwaresa6155psw5100p_firmwaresm8550pqca6698aq_firmwaresa6145pwcn685x-1_firmwarewcd9385qam8650p_firmwareqam8775p_firmwaresa8255pqca6696_firmwareqca6595_firmwaresa8145pwcd9395qca6696qca6797aqsa4150p_firmwarewcn6750_firmwaresa8150psm8550p_firmwaresa6150pwcd9390wcd9390_firmwaresa8155pwsa8830_firmwaresd865_5g_firmwarewcn3988wsa8815_firmwarewsa8835_firmwaresa8195p_firmwaressg2115p_firmwaresw5100_firmwaresm8475sa8295p_firmwareqam8255psa4155psa4150psnapdragon_8_gen_2_mobile_platform_firmwarewcn785x-1qcm4325Snapdragon
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-33108
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.06% / 18.65%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 05:38
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in Graphics

Memory corruption in Graphics Driver when destroying a context with KGSL_GPU_AUX_COMMAND_TIMELINE objects queued.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sw5100p_firmwaresw5100psa6155p_firmwaresa8295p_firmwareqca6696_firmwareqam8295p_firmwareqca6595qca6574_firmwaresa8155p_firmwaresa8155pwsa8830_firmwareqca6696qam8775pqca6797aqwsa8830qca6698aq_firmwaresnapdragon_w5\+_gen_1_wearable_platform_firmwaresa8255p_firmwareqca6574a_firmwaresw5100_firmwaresa8255pqcs7230_firmwareqca6595_firmwareqcs7230qca6391sa8195p_firmwareqca6698aqsa8295pqam8255p_firmwareqca6574aqam8255pqca6574au_firmwaresa8195pqam8775p_firmwareqam8295pqcs8250_firmwaresw5100qca6574ausnapdragon_w5\+_gen_1_wearable_platformqam8650p_firmwarevideo_collaboration_vc5_platformsa6155pwsa8835_firmwarewsa8835qam8650pqca6574qca6797aq_firmwareqcs8250qca6595au_firmwareqca6391_firmwarevideo_collaboration_vc5_platform_firmwareqca6595auSnapdragon
CWE ID-CWE-416
Use After Free
CVE-2023-33029
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.06% / 18.73%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 05:00
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in DSP Service

Memory corruption in DSP Service during a remote call from HLOS to DSP.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qdx1010_firmwaresw5100pqcs410_firmwaresa6150p_firmwareqca6595qcs610_firmwarewcd9335wcd9370qca8081_firmwareqca6696wcd9340_firmwarewcd9341_firmwarewcd9395_firmwareqcn6024qcc710_firmwarewcn6740_firmwaresa4150psm7325-ae_firmwarewsa8832_firmwareqca8337qdu1110wcd9395qca6574au_firmwarewcn785x-5qam8295pwcd9341qca6574auwcd9390snapdragon_x12_lte_modemwsa8810_firmwarewsa8845h_firmwarecsra6640sm6375_firmwareqcn6024_firmwarevideo_collaboration_vc1_platform_firmwaresa4155psm8350ssg2115pqcc710sm6375sm8450_firmwarevideo_collaboration_vc1_platformqru1032_firmwareqfw7114wcd9385_firmwareqam8255p_firmwaresnapdragon_ar2_gen_1_platform_firmwareqcs4490snapdragon_8\+_gen_2_mobile_platform_firmwarewsa8845sa6155pwsa8810qam8650pqdu1000_firmwarevideo_collaboration_vc5_platform_firmwaresnapdragon_8\+_gen_2_mobile_platformsm8350-acqca6595ausm7315_firmwareqdu1010sm7325_firmwaresa6155p_firmwarewsa8840qcs8550_firmwareqdu1210_firmwareqfw7124_firmwareqcn9012qcs4490_firmwaresnapdragon_8_gen_2_mobile_platformsm4450snapdragon_7c\+_gen_3_compute_firmwareapq8009wcd9370_firmwareqdu1110_firmwareqdu1000qca6574asm7325-aeqca6174asa8195pwcd9340qcs8250_firmwareqdu1210sm6225qcm6490sm8550p_firmwarewcn3998_firmwarewcn3988qcn9024qca6574sm7325-afsnapdragon_x75_5g_modem-rf_systemsxr2230p_firmwareqcn9011qcn9024_firmwarewsa8845hsa6150pqcs410sa8155p_firmwaresa8155pwsa8830sm8550psa6145psa8255p_firmwareflight_rb5_5g_platform_firmwarewcn785x-1_firmwarear8035qrb5165m_firmwareqcm4325robotics_rb5_platformqcn6224sm8475_firmwareqca6698aqssg2125p_firmwarewcn3950_firmwareqrb5165nwcn685x-1sa8145p_firmwaresm7325p_firmwareqdx1011sa8150p_firmwaresnapdragon_w5\+_gen_1_wearable_platformvideo_collaboration_vc3_platform_firmwareqcs6490qcs8250wsa8830_firmwareqcn6224_firmwarewsa8845_firmwarewsa8832ar8035_firmwaresm8475apq8009_firmwareqrb5165msnapdragon_w5\+_gen_1_wearable_platform_firmwaresa4150p_firmwaresd888_firmwaresm6225_firmwaresm7325-af_firmwarewsa8815_firmwaresa8195p_firmwareqca8337_firmwaresnapdragon_x12_lte_modem_firmwaresm7325sg8275p_firmwareqca9377_firmwareqcm6490_firmwaresm8350-ac_firmwareqcm4490_firmwareqru1032wcn785x-5_firmwareflight_rb5_5g_platformwcn3950snapdragon_x65_5g_modem-rf_system_firmwareqca6797aq_firmwaresnapdragon_7c\+_gen_3_computesm4350_firmwaresm7350-ab_firmwarewcn3991sa8295p_firmwaresa4155p_firmwareqcn6274_firmwaresd888qcn9011_firmwareqru1062_firmwaresw5100_firmwarewcn685x-5wcn6740qru1062sm6225-ad_firmwareqfw7114_firmwareqca6595_firmwareqcs7230wcd9380sa6145p_firmwareqam8255psxr2230psa8150psm7350-absnapdragon_auto_5g_modem-rf_firmwaresm8350_firmwaresxr1230psm6225-adsm4350-acsw5100video_collaboration_vc3_platformwcn3991_firmwareqam8295p_firmwaresm7315qca6698aq_firmwarewcd9385sa8255pqcs7230_firmwaresxr1230p_firmwarewcd9390_firmwarewcn6750sg8275pwcn6750_firmwareqdx1011_firmwaresnapdragon_auto_5g_modem-rfssg2125pqru1052qcm4490csra6640_firmwaresm4350qca6174a_firmwaresm7325pqam8650p_firmwarewcn3998video_collaboration_vc5_platformqcs6490_firmwaresm8450snapdragon_x65_5g_modem-rf_systemwcd9335_firmwarewcn3980_firmwareqcn6274qrb5165n_firmwareqfw7124wsa8835qca6595au_firmwareqca6391_firmwarewsa8840_firmwareqdu1010_firmwaresw5100p_firmwaresm4450_firmwaresnapdragon_ar2_gen_1_platformqca6696_firmwarewcd9380_firmwareqca6574_firmwarewsa8815csra6620qca8081sg4150psd_8_gen1_5gsm4375qam8775pqca6797aqqca9377sm4375_firmwareqcm4325_firmwareqca6574a_firmwaresd_8_gen1_5g_firmwarewcd9375_firmwareqca6391wcn785x-1qcn9012_firmwaresg4150p_firmwareqru1052_firmwaresnapdragon_8_gen_2_mobile_platform_firmwarecsra6620_firmwaresa8295probotics_rb5_platform_firmwareqcs8550qam8775p_firmwarewcd9375wcn685x-5_firmwarewcn3988_firmwaresa8145psm4350-ac_firmwarewsa8835_firmwaressg2115p_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewcn3980qdx1010wcn685x-1_firmwareqcs610Snapdragon
CWE ID-CWE-416
Use After Free
CVE-2023-33117
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.52%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 05:38
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in Audio

Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcm8550_firmwareqcs410_firmwaresa6150p_firmwaresd865_5gsw5100pqca6595qcs610_firmwarewcd9335wcd9370qca8081_firmwareqca6696wcd9340_firmwarewcd9341_firmwarewcd9395_firmwareqcc710_firmwareqca6426wcn6740_firmwarefastconnect_6700snapdragon_768g_5g_mobile_platform_firmwaresa4150pqca8337qca6426_firmwarewcd9395snapdragon_460_mobile_platformqca6574au_firmwareqam8295pwcd9341qca6574auwcd9390snapdragon_x12_lte_modemwsa8810_firmwarewsa8845h_firmwarecsra6640wcn3660b_firmwarefastconnect_6800_firmwaresnapdragon_695_5g_mobile_platformsnapdragon_4_gen_1_mobile_platform_firmwarevideo_collaboration_vc1_platform_firmwaresa4155psnapdragon_778g\+_5g_mobile_platformqcc710snapdragon_480\+_5g_mobile_platform_firmwaresnapdragon_695_5g_mobile_platform_firmwarefastconnect_6900snapdragon_765g_5g_mobile_platformvideo_collaboration_vc1_platformqfw7114wcd9385_firmwareqca6421snapdragon_x55_5g_modem-rf_systemqam8255p_firmwaresnapdragon_888_5g_mobile_platform_firmwaresnapdragon_685_4g_mobile_platformsnapdragon_8\+_gen_2_mobile_platform_firmwarewsa8845sa6155pqca6421_firmwaresnapdragon_768g_5g_mobile_platformwsa8810qam8650pvideo_collaboration_vc5_platform_firmwaresnapdragon_8\+_gen_2_mobile_platformqca6595ausm7315_firmwarewcd9326_firmwaresa6155p_firmwarewsa8840qcs8550_firmwaresnapdragon_870_5g_mobile_platform_firmwareqfw7124_firmwareqca6436_firmwareqcn9012snapdragon_8_gen_2_mobile_platformwcn3910_firmwaresnapdragon_7c\+_gen_3_compute_firmwaresm4125_firmwarewcn3910wcd9370_firmwaresnapdragon_750g_5g_mobile_platform_firmwaresnapdragon_x55_5g_modem-rf_system_firmwaresnapdragon_660_mobile_platformwcn3660bqca6574aqca6174asa8195pwcd9340qcs8250_firmwareqcm2290qcm6490sm8550p_firmwareqcm8550wcn3988snapdragon_460_mobile_platform_firmwareqca6574snapdragon_x75_5g_modem-rf_systemsnapdragon_870_5g_mobile_platformqcn9011wsa8845hsa6150pwcd9326qcs410qcm2290_firmwaresa8155p_firmwaresa8155pwsa8830snapdragon_662_mobile_platformsm8550psa6145psnapdragon_765_5g_mobile_platformsa8255p_firmwareflight_rb5_5g_platform_firmwarear8035qrb5165m_firmwareqcm4325robotics_rb5_platformqcn6224qca6698aqwcn3950_firmwareqrb5165nfastconnect_6200wcn3680bsa8145p_firmwaresm7325p_firmwaresnapdragon_888\+_5g_mobile_platformsa8150p_firmwaresmart_audio_400_platformsnapdragon_w5\+_gen_1_wearable_platformfastconnect_6700_firmwarevideo_collaboration_vc3_platform_firmwarewcn3990snapdragon_680_4g_mobile_platform_firmwareqcs6490qcs8250snapdragon_750g_5g_mobile_platformfastconnect_6200_firmwarewsa8830_firmwareqcn6224_firmwareqca6431wsa8845_firmwaresd660_firmwaresxr2130_firmwarear8035_firmwareqrb5165msnapdragon_888_5g_mobile_platformsnapdragon_w5\+_gen_1_wearable_platform_firmwaresa4150p_firmwaresd888_firmwaresnapdragon_662_mobile_platform_firmwarewsa8815_firmwaresa8195p_firmwareqca8337_firmwareqcm4290snapdragon_x12_lte_modem_firmwaresnapdragon_680_4g_mobile_platformsg8275p_firmwareqca9377_firmwareqcm6490_firmwaresm7250p_firmwaresm4125flight_rb5_5g_platformwcn3950snapdragon_xr2_5g_platformqca6797aq_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_765g_5g_mobile_platform_firmwaresnapdragon_xr2\+_gen_1_platform_firmwaresnapdragon_780g_5g_mobile_platformsa8295p_firmwaresa4155p_firmwaresm7250psnapdragon_780g_5g_mobile_platform_firmwareqcn6274_firmwaresd888qcn9011_firmwaresw5100_firmwaresnapdragon_765_5g_mobile_platform_firmwarewcn6740fastconnect_6800qfw7114_firmwareqca6595_firmwareqcs7230fastconnect_7800_firmwaresnapdragon_685_4g_mobile_platform_firmwaresnapdragon_782g_mobile_platform_firmwarefastconnect_6900_firmwarewcd9380sa6145p_firmwareqam8255psnapdragon_xr2_5g_platform_firmwaresnapdragon_4_gen_1_mobile_platformsa8150psnapdragon_778g_5g_mobile_platformsnapdragon_auto_5g_modem-rf_firmwaresnapdragon_865\+_5g_mobile_platformsw5100video_collaboration_vc3_platformsnapdragon_865_5g_mobile_platform_firmwareqam8295p_firmwareqca6431_firmwarewcn3990_firmwaresm7315qca6698aq_firmwareqcs2290wcd9385qcs2290_firmwarewcn3615sa8255pqcs7230_firmwareqcs4290wcd9390_firmwaresnapdragon_778g\+_5g_mobile_platform_firmwaresnapdragon_865\+_5g_mobile_platform_firmwaresnapdragon_690_5g_mobile_platformsg8275psnapdragon_auto_5g_modem-rfwcn3615_firmwaresxr2130csra6640_firmwaresnapdragon_xr2\+_gen_1_platformqca6174a_firmwaresm7325pqam8650p_firmwarevideo_collaboration_vc5_platformqcs6490_firmwarewcd9335_firmwarewcn3980_firmwareqcn6274qca6436qfw7124qrb5165n_firmwaresnapdragon_480_5g_mobile_platform_firmwareqca6595au_firmwareqca6391_firmwarewsa8835wsa8840_firmwaresw5100p_firmwaresnapdragon_782g_mobile_platformqca6696_firmwareqcs4290_firmwaresnapdragon_865_5g_mobile_platformwcd9380_firmwareqca6574_firmwarewsa8815csra6620qca8081sd660sg4150pqam8775pqca6797aqqca9377qcm4325_firmwareqca6574a_firmwareqcm4290_firmwaresnapdragon_480\+_5g_mobile_platformwcd9375_firmwareqca6391qualcomm_215_mobile_platformqcn9012_firmwaresmart_audio_400_platform_firmwaresnapdragon_778g_5g_mobile_platform_firmwaresg4150p_firmwaresnapdragon_480_5g_mobile_platformsnapdragon_8_gen_2_mobile_platform_firmwarecsra6620_firmwaresa8295probotics_rb5_platform_firmwareqcs8550fastconnect_7800qam8775p_firmwaresd865_5g_firmwarequalcomm_215_mobile_platform_firmwarewcd9375wcn3988_firmwaresa8145psnapdragon_888\+_5g_mobile_platform_firmwarewsa8835_firmwaresnapdragon_660_mobile_platform_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewcn3980snapdragon_690_5g_mobile_platform_firmwarewcn3680b_firmwareqcs610Snapdragon
CWE ID-CWE-416
Use After Free
CVE-2023-33118
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.52%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 05:38
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in Automotive Audio

Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcm8550_firmwareqcs410_firmwaresa6150p_firmwaresd865_5gsw5100pqca6595qcs610_firmwarewcd9335wcd9370qca8081_firmwareqca6696wcd9340_firmwarewcd9341_firmwarewcd9395_firmwareqcc710_firmwarewcn6740_firmwarefastconnect_6700snapdragon_768g_5g_mobile_platform_firmwaresa4150pqca8337wcd9395snapdragon_460_mobile_platformqca6574au_firmwareqam8295pwcd9341qca6574auwcd9390snapdragon_x12_lte_modemwsa8810_firmwarecsra6640wcn3660b_firmwarefastconnect_6800_firmwaresnapdragon_695_5g_mobile_platformsnapdragon_4_gen_1_mobile_platform_firmwarevideo_collaboration_vc1_platform_firmwaresa4155psnapdragon_778g\+_5g_mobile_platformqcc710snapdragon_480\+_5g_mobile_platform_firmwaresnapdragon_695_5g_mobile_platform_firmwarefastconnect_6900snapdragon_765g_5g_mobile_platformvideo_collaboration_vc1_platformqfw7114wcd9385_firmwaresnapdragon_x55_5g_modem-rf_systemqam8255p_firmwaresnapdragon_888_5g_mobile_platform_firmwaresnapdragon_685_4g_mobile_platformsnapdragon_8\+_gen_2_mobile_platform_firmwarewsa8845sa6155psnapdragon_768g_5g_mobile_platformwsa8810qam8650pvideo_collaboration_vc5_platform_firmwaresnapdragon_8\+_gen_2_mobile_platformqca6595ausm7315_firmwarewcd9326_firmwaresa6155p_firmwarewsa8840qcs8550_firmwaresnapdragon_870_5g_mobile_platform_firmwareqfw7124_firmwareqcn9012snapdragon_8_gen_2_mobile_platformwcn3910_firmwaresnapdragon_7c\+_gen_3_compute_firmwaresm4125_firmwarewcn3910wcd9370_firmwaresnapdragon_750g_5g_mobile_platform_firmwaresnapdragon_x55_5g_modem-rf_system_firmwaresnapdragon_660_mobile_platformwcn3660bqca6574aqca6174asa8195pwcd9340qcs8250_firmwareqcm2290qcm6490sm8550p_firmwareqcm8550wcn3988snapdragon_460_mobile_platform_firmwareqca6574snapdragon_x75_5g_modem-rf_systemsnapdragon_870_5g_mobile_platformqcn9011wsa8845hsa6150pwcd9326qcs410qcm2290_firmwaresa8155p_firmwaresa8155pwsa8830snapdragon_662_mobile_platformsm8550psa6145psnapdragon_765_5g_mobile_platformsa8255p_firmwareflight_rb5_5g_platform_firmwarear8035qrb5165m_firmwareqcm4325robotics_rb5_platformqcn6224qca6698aqwcn3950_firmwareqrb5165nfastconnect_6200wcn3680bsa8145p_firmwaresm7325p_firmwaresnapdragon_888\+_5g_mobile_platformsa8150p_firmwaresmart_audio_400_platformsnapdragon_w5\+_gen_1_wearable_platformfastconnect_6700_firmwarevideo_collaboration_vc3_platform_firmwarewcn3990snapdragon_680_4g_mobile_platform_firmwareqcs6490qcs8250snapdragon_750g_5g_mobile_platformfastconnect_6200_firmwarewsa8830_firmwareqcn6224_firmwarewsa8845_firmwaresd660_firmwarear8035_firmwareqrb5165msnapdragon_888_5g_mobile_platformsnapdragon_w5\+_gen_1_wearable_platform_firmwaresa4150p_firmwaresd888_firmwaresnapdragon_662_mobile_platform_firmwarewsa8815_firmwaresa8195p_firmwareqca8337_firmwareqcm4290snapdragon_x12_lte_modem_firmwaresnapdragon_680_4g_mobile_platformsg8275p_firmwareqca9377_firmwareqcm6490_firmwaresm7250p_firmwaresm4125flight_rb5_5g_platformwcn3950snapdragon_xr2_5g_platformqca6797aq_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_765g_5g_mobile_platform_firmwaresnapdragon_xr2\+_gen_1_platform_firmwaresnapdragon_780g_5g_mobile_platformsa8295p_firmwaresa4155p_firmwaresm7250psnapdragon_780g_5g_mobile_platform_firmwareqcn6274_firmwaresd888qcn9011_firmwaresw5100_firmwaresnapdragon_765_5g_mobile_platform_firmwarewcn6740fastconnect_6800qfw7114_firmwareqca6595_firmwareqcs7230fastconnect_7800_firmwaresnapdragon_685_4g_mobile_platform_firmwaresnapdragon_782g_mobile_platform_firmwarefastconnect_6900_firmwarewcd9380sa6145p_firmwareqam8255psnapdragon_xr2_5g_platform_firmwaresnapdragon_4_gen_1_mobile_platformsa8150psnapdragon_778g_5g_mobile_platformsnapdragon_auto_5g_modem-rf_firmwaresnapdragon_865\+_5g_mobile_platformsw5100video_collaboration_vc3_platformsnapdragon_865_5g_mobile_platform_firmwareqam8295p_firmwarewcn3990_firmwaresm7315qca6698aq_firmwareqcs2290wcd9385qcs2290_firmwarewcn3615sa8255pqcs7230_firmwareqcs4290wcd9390_firmwaresnapdragon_778g\+_5g_mobile_platform_firmwaresnapdragon_865\+_5g_mobile_platform_firmwaresnapdragon_690_5g_mobile_platformsg8275psnapdragon_auto_5g_modem-rfwcn3615_firmwarecsra6640_firmwaresnapdragon_xr2\+_gen_1_platformqca6174a_firmwaresm7325pqam8650p_firmwarevideo_collaboration_vc5_platformqcs6490_firmwarewcd9335_firmwarewcn3980_firmwareqcn6274qrb5165n_firmwareqfw7124snapdragon_480_5g_mobile_platform_firmwarewsa8835qca6595au_firmwareqca6391_firmwarewsa8840_firmwaresw5100p_firmwaresnapdragon_782g_mobile_platformqca6696_firmwareqcs4290_firmwaresnapdragon_865_5g_mobile_platformwcd9380_firmwareqca6574_firmwarewsa8815csra6620qca8081sd660sg4150pqam8775pqca6797aqqca9377qcm4325_firmwareqca6574a_firmwareqcm4290_firmwaresnapdragon_480\+_5g_mobile_platformwcd9375_firmwareqca6391qualcomm_215_mobile_platformqcn9012_firmwaresmart_audio_400_platform_firmwaresnapdragon_778g_5g_mobile_platform_firmwaresg4150p_firmwaresnapdragon_480_5g_mobile_platformsnapdragon_8_gen_2_mobile_platform_firmwarecsra6620_firmwaresa8295probotics_rb5_platform_firmwareqcs8550fastconnect_7800qam8775p_firmwaresd865_5g_firmwarequalcomm_215_mobile_platform_firmwarewcd9375wcn3988_firmwaresa8145psnapdragon_888\+_5g_mobile_platform_firmwarewsa8835_firmwaresnapdragon_660_mobile_platform_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewcn3980snapdragon_690_5g_mobile_platform_firmwarewcn3680b_firmwareqcs610Snapdragon
CWE ID-CWE-416
Use After Free
CVE-2023-33021
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.03% / 8.08%
||
7 Day CHG~0.00%
Published-05 Sep, 2023 | 06:24
Updated-02 Aug, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in Graphics

Memory corruption in Graphics while processing user packets for command submission.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwareqam8255p_firmwaresa6150p_firmwaresm6250p_firmwareqcs610qca8337qca6431_firmwaresmart_audio_400wcn3950_firmwaresnapdragon_8_gen_1sa8150p_firmwareqca6595au_firmwaresa6155snapdragon_x55_5gcsra6620_firmwaresd_675_firmwarecsra6640_firmwaresnapdragon_632snapdragon_730g_firmwarewcd9371_firmwareqam8295pwcn3950qcn6024_firmwarewcn3660bsnapdragon_626_firmwaresnapdragon_x65_5g_firmwaresnapdragon_768g_5gsnapdragon_730_firmwaresm7315_firmwaresnapdragon_778g\+_5gsnapdragon_x55_5g_firmwareqca6574au_firmwaresmart_audio_200qca8081_firmwaresa6155_firmwarewcd9375_firmwareqca6420snapdragon_xr2_5gsnapdragon_w5\+_gen_1snapdragon_888_5gsnapdragon_626qrb5165m_firmwareqca6698aqsa4155p_firmwaresa8155_firmwaresnapdragon_765_5g_firmwareqca6430snapdragon_870_5gsnapdragon_778g\+_5g_firmwaresnapdragon_855\+wcd9340sd626_firmwaresw5100qca6436sa6155pqca6698aq_firmwaresnapdragon_710snapdragon_865\+_5g_firmwaresnapdragon_675_firmwaresnapdragon_630wcn3660_firmwarewcd9341sa8255pqca6431qca6696_firmwarewcd9371qca6797aqsa8150pwsa8830_firmwaresnapdragon_765g_5g_firmwaresd855_firmwaresd660sd865_5g_firmwaresnapdragon_4_gen_1snapdragon_778g_5gwcn3988snapdragon_768g_5g_firmwaresd660_firmwaresa8195p_firmwarefastconnect_6800_firmwaresnapdragon_865_5g_firmwaresa8295p_firmwarewcn3610qca8337_firmwarewcd9380_firmwaresw5100pmsm8996au_firmwaresnapdragon_x12_lte_firmwareqca6564ausnapdragon_8_gen_1_firmwaresd670_firmwareqca6574wcd9380snapdragon_x50_5gfastconnect_6700snapdragon_720gqcs410snapdragon_auto_5gsnapdragon_480_5gqca9379_firmwareqcn9012_firmwaresd626qca6430_firmwarewcd9335_firmwarewcn3980qcm4325_firmwarewcd9340_firmwaresnapdragon_680_4g_firmwarewsa8815vision_intelligence_200qca6320mdm9650_firmwareqca6426_firmwarewcn3660b_firmwaresd835qcn9024wcn3980_firmwaresd730snapdragon_888_5g_firmwaresa8295psnapdragon_765g_5gvision_intelligence_100wcn6740_firmwareqca6421_firmwaresnapdragon_632_firmwaresnapdragon_670_firmwaresmart_audio_200_firmwaresnapdragon_730apq8064au_firmwaresnapdragon_710_firmwarefastconnect_6900fastconnect_6900_firmwaresmart_audio_400_firmwaresnapdragon_820_firmwareqca6797aq_firmwaresnapdragon_750g_5gsd670qcn9024_firmwareqca6564a_firmwaresnapdragon_x24_lte_firmwaresw5100p_firmwareqcs610_firmwaresa6145pqca6595_firmwaresa8145pqca6391_firmwaresa4150p_firmwarewcd9370_firmwaresmart_display_200snapdragon_730gsdx55sd888_firmwaresa8155pcsra6640sd675snapdragon_690_5gsnapdragon_xr1_firmwarewcn3660qca9379qam8255psa4155par8035_firmwarevision_intelligence_100_firmwarewsa8830snapdragon_429_firmwaresa8145p_firmwaresnapdragon_x65_5gsnapdragon_4_gen_1_firmwaremdm9650snapdragon_7c\+_gen_3_firmwarecsra6620snapdragon_690_5g_firmwaresnapdragon_439qca6420_firmwaresd730_firmwaresnapdragon_765_5gwcd9370sd675_firmwareqca6564snapdragon_835_firmwareqca6426qca6584au_firmwarewcn3990_firmwareqrb5165n_firmwareqca9377snapdragon_xr1snapdragon_720g_firmwarewcd9385_firmwaresnapdragon_782g_firmwarewcd9326_firmwarefastconnect_6200wcn3615_firmwaresnapdragon_780g_5g_firmwaresnapdragon_732gqam8295p_firmwareqcn9011_firmwareflight_rb5_5g_firmwaresa8155qca6320_firmwarewcn3680b_firmwaresdx55_firmwarewcn3615qca6595ausm7250p_firmwarewcn3610_firmwareqca6436_firmwareqrb5165nsnapdragon_888\+_5gqca6564au_firmwareqca6584ausnapdragon_695_5g_firmwaresa6155p_firmwareqca6310snapdragon_855\+_firmwareqcs6490snapdragon_450_firmwaresnapdragon_732g_firmwaresnapdragon_x24_ltewcn3988_firmwaresnapdragon_778g_5g_firmwaresa6145p_firmwareqca6421sm6250fastconnect_6700_firmwaresa8195psxr1120wsa8810_firmwaresnapdragon_636_firmwarerobotics_rb5wcd9326wcd9335sa8255p_firmwaresnapdragon_780g_5gqca8081snapdragon_630_firmwareqca6174a_firmwarewcd9385sxr2130_firmwareqcs6490_firmwarehome_hub_100snapdragon_660snapdragon_xr2_5g_firmwarear8035snapdragon_450wcd9375aqt1000apq8064ausm6250_firmwaresnapdragon_480_5g_firmwarewsa8815_firmwareqcm6490wsa8835_firmwaresnapdragon_820snapdragon_695_5gsxr1120_firmwareqca6564avision_intelligence_200_firmwaresa4150pqcm4325snapdragon_865_5gsnapdragon_636wcn3990sd_675sd865_5gfastconnect_6800qca6595qcn9012sd888snapdragon_685_4g_firmwaresnapdragon_855wsa8835msm8996ausnapdragon_auto_5g_firmwaresnapdragon_860snapdragon_7c\+_gen_3sm6250psnapdragon_865\+_5gsnapdragon_855_firmwaresxr2130snapdragon_670qca6574aqca6174asm7325pqca6310_firmwaresnapdragon_678_firmwarehome_hub_100_firmwaresnapdragon_625qca6574_firmwaresnapdragon_888\+_5g_firmwaresnapdragon_480\+_5g_firmwaresd855sm7325p_firmwaresnapdragon_782gqca6574a_firmwarefastconnect_6200_firmwaresnapdragon_678qrb5165msm7315qca6391snapdragon_w5\+_gen_1_firmwarefastconnect_7800aqt1000_firmwaresnapdragon_625_firmwaresnapdragon_685_4gsnapdragon_660_firmwareqcm6490_firmwaresnapdragon_675qcn9011snapdragon_480\+_5gqca6574ausa8155p_firmwaresnapdragon_680_4gsnapdragon_x50_5g_firmwarewcd9341_firmwarefastconnect_7800_firmwarewsa8810smart_display_200_firmwaresnapdragon_429snapdragon_439_firmwaresnapdragon_x12_lterobotics_rb5_firmwarewcn3680bsd835_firmwareqca6564_firmwaresnapdragon_835wcn6740qca6696sa6150psnapdragon_870_5g_firmwareqcn6024flight_rb5_5gsm7250psw5100_firmwareqcs410_firmwaresnapdragon_860_firmwaresnapdragon_750g_5g_firmwareSnapdragon
CWE ID-CWE-416
Use After Free
CVE-2023-33114
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.11% / 29.83%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 05:38
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use after free in Neural Processing Unit

Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca6431sw5100pqcs410_firmwaresa6150p_firmwaresd660_firmwaresd865_5gqca6595qcs610_firmwarewcd9335sxr2130_firmwarewcd9370snapdragon_675_mobile_platform_firmwarear8035_firmwareqca6696snapdragon_730_mobile_platform_firmwaresnapdragon_x50_5g_modem-rf_systemqrb5165mwcd9341_firmwaresnapdragon_w5\+_gen_1_wearable_platform_firmwaresa4150p_firmwaresnapdragon_730_mobile_platformqca6426snapdragon_662_mobile_platform_firmwarefastconnect_6700qcs6125_firmwarewcn3610snapdragon_768g_5g_mobile_platform_firmwaresa4150pwsa8815_firmwaresa8195p_firmwareqca8337_firmwareqca8337qca6426_firmwaresnapdragon_680_4g_mobile_platformsnapdragon_460_mobile_platformar8031qca6574au_firmwaresm7250p_firmwareqam8295psm4125wcd9341qca6574ausnapdragon_855_mobile_platformflight_rb5_5g_platformwcn3950wsa8810_firmwaresd730_firmwaresnapdragon_xr2_5g_platformcsra6640qcs6125wcn3660b_firmwaresnapdragon_765g_5g_mobile_platform_firmwaresd730snapdragon_xr2\+_gen_1_platform_firmwaresnapdragon_730g_mobile_platform_firmwarefastconnect_6800_firmwaresa8295p_firmwaresa4155p_firmwaresnapdragon_720g_mobile_platformsm6250_firmwaresm7250pvideo_collaboration_vc1_platform_firmwaresa4155pqcm6125_firmwarec-v2x_9150qcn9011_firmwaresw5100_firmwaresnapdragon_765_5g_mobile_platform_firmwarefastconnect_6800315_5g_iot_modem_firmwareqca6595_firmwaresnapdragon_685_4g_mobile_platform_firmwarefastconnect_6900snapdragon_765g_5g_mobile_platformvideo_collaboration_vc1_platformwcd9385_firmware315_5g_iot_modemqca6421fastconnect_6900_firmwaresnapdragon_x55_5g_modem-rf_systemwcd9380sa6145p_firmwaresnapdragon_732g_mobile_platform_firmwaresnapdragon_xr2_5g_platform_firmwaresa8150psnapdragon_665_mobile_platform_firmwaresnapdragon_685_4g_mobile_platformsa6155pqca6421_firmwareqcm6125snapdragon_auto_5g_modem-rf_firmwaresnapdragon_768g_5g_mobile_platformwsa8810video_collaboration_vc5_platform_firmwaresnapdragon_865\+_5g_mobile_platformsw5100qca6595auaqt1000video_collaboration_vc3_platformsnapdragon_865_5g_mobile_platform_firmwarec-v2x_9150_firmwaresa6155p_firmwarewcd9326_firmwareqam8295p_firmwaresd855qca6431_firmwarewcn3990_firmwaresnapdragon_870_5g_mobile_platform_firmwareqca6698aq_firmwareqca6436_firmwaresnapdragon_wear_4100\+_platform_firmwareqcn9012wcd9385wcn3910_firmwarewcn3610_firmwaresnapdragon_678_mobile_platformsm4125_firmwaresnapdragon_720g_mobile_platform_firmwaresnapdragon_855\+\/860_mobile_platform_firmwareqca6420snapdragon_865\+_5g_mobile_platform_firmwaresnapdragon_690_5g_mobile_platformwcn3910qca6430wcd9370_firmwaresdx55_firmwaresnapdragon_auto_5g_modem-rfsnapdragon_750g_5g_mobile_platform_firmwaresnapdragon_x55_5g_modem-rf_system_firmwaresnapdragon_660_mobile_platformwcn3660bqca6574asxr2130sa8195pcsra6640_firmwareqcs8250_firmwaresnapdragon_xr2\+_gen_1_platformvideo_collaboration_vc5_platformsnapdragon_855_mobile_platform_firmwareqca6420_firmwareaqt1000_firmwarewcn3988qcs6490_firmwaresd855_firmwarewcd9335_firmwareqrb5165n_firmwareqca6436qca6574snapdragon_460_mobile_platform_firmwarewcn3980_firmwareqca6595au_firmwareqca6391_firmwarewsa8835qca6430_firmwaresnapdragon_870_5g_mobile_platformqcn9011sw5100p_firmwaresnapdragon_732g_mobile_platformqca6696_firmwaresnapdragon_865_5g_mobile_platformwcd9380_firmwaresa6150pqca6574_firmwarewcd9326qcs410sa8155p_firmwarecsra6620sd660wsa8815sa8155psnapdragon_675_mobile_platformwsa8830snapdragon_662_mobile_platformsa6145psnapdragon_765_5g_mobile_platformflight_rb5_5g_platform_firmwaresnapdragon_665_mobile_platformar8035qca6574a_firmwaresdx55snapdragon_750g_5g_mobile_platformqrb5165m_firmwaresnapdragon_678_mobile_platform_firmwarewcd9375_firmwarerobotics_rb5_platformqca6391qcn9012_firmwaresmart_audio_400_platform_firmwareqca6698aqwcn3950_firmwaresm6250qrb5165ncsra6620_firmwaresa8295probotics_rb5_platform_firmwaresnapdragon_x50_5g_modem-rf_system_firmwarefastconnect_6200wcn3680bsa8145p_firmwaresd865_5g_firmwaresnapdragon_730g_mobile_platformwcd9375sa8150p_firmwaresmart_audio_400_platformsnapdragon_855\+\/860_mobile_platformsnapdragon_w5\+_gen_1_wearable_platformwcn3988_firmwarefastconnect_6700_firmwarevideo_collaboration_vc3_platform_firmwaresa8145pwcn3990snapdragon_wear_4100\+_platformwsa8835_firmwaresnapdragon_680_4g_mobile_platform_firmwaresnapdragon_660_mobile_platform_firmwareqcs6490qcs8250wcn3980snapdragon_690_5g_mobile_platform_firmwarefastconnect_6200_firmwarear8031_firmwarewsa8830_firmwarewcn3680b_firmwareqcs610Snapdragon
CWE ID-CWE-416
Use After Free
CVE-2023-33120
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.14% / 33.47%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 05:38
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in Audio

Memory corruption in Audio when memory map command is executed consecutively in ADSP.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm429w_firmwaresnapdragon_x20_lte_modemqcm8550_firmwaresd865_5gapq8017qcs410_firmwaresa6150p_firmwaresnapdragon_429_mobile_platform_firmwaresw5100psxr1120qca6595snapdragon_xr1_platformqcs610_firmwarewcd9335wcd9370qca8081_firmwaresnapdragon_x50_5g_modem-rf_systemqca6696wcd9340_firmwarewcd9341_firmwarewcd9395_firmwaresnapdragon_730_mobile_platformqcc710_firmwareqca6426wcn6740_firmwarefastconnect_6700wcn3610snapdragon_768g_5g_mobile_platform_firmwaresa4150pqca8337qca6426_firmwarewcd9395snapdragon_460_mobile_platformsnapdragon_auto_4g_modemsmart_display_200_platformqca6574au_firmwareqca6564_firmwareqam8295pwcd9341sd626_firmwareqca6574auwcd9390snapdragon_x12_lte_modemwsa8810_firmwaresd730_firmwarewsa8845h_firmwarecsra6640msm8209_firmwaresnapdragon_835_mobile_pc_platform_firmwarewcn3660b_firmwaresd730snapdragon_730g_mobile_platform_firmwarefastconnect_6800_firmwaresd835_firmwaresdx20msnapdragon_695_5g_mobile_platformsnapdragon_4_gen_1_mobile_platform_firmwarevideo_collaboration_vc1_platform_firmwaresa4155psnapdragon_778g\+_5g_mobile_platformsnapdragon_210_processor_firmwareqcm6125_firmwarec-v2x_9150snapdragon_wear_3100_platformqcc710msm8108snapdragon_480\+_5g_mobile_platform_firmwaresxr1120_firmwaresnapdragon_695_5g_mobile_platform_firmwaresnapdragon_x5_lte_modem_firmwarerobotics_rb3_platform315_5g_iot_modem_firmwarefastconnect_6900snapdragon_765g_5g_mobile_platformvideo_collaboration_vc1_platformsnapdragon_wear_2100_platform_firmwareqfw7114wcd9385_firmwareqca6421315_5g_iot_modemsnapdragon_x55_5g_modem-rf_systemqca6310qam8255p_firmwaresa8155_firmwarewcd9360snapdragon_888_5g_mobile_platform_firmwareqca6335mdm9250snapdragon_685_4g_mobile_platformsnapdragon_8\+_gen_2_mobile_platform_firmwarewsa8845sa6155pqca6421_firmwareqcm6125mdm9230qca6564au_firmwaresnapdragon_768g_5g_mobile_platformwsa8810qam8650pvideo_collaboration_vc5_platform_firmwaresnapdragon_8\+_gen_2_mobile_platformqca6595ausm7315_firmwarewcd9326_firmwaresa6155p_firmwarewsa8840mdm9640_firmwaremdm9230_firmwareqcs8550_firmwaresd835snapdragon_870_5g_mobile_platform_firmwareqfw7124_firmwareqca6436_firmwaresnapdragon_wear_4100\+_platform_firmwareqcn9012mdm9650_firmwarequalcomm_205_mobile_platformwcd9371_firmwaresnapdragon_8_gen_2_mobile_platformwcn3910_firmwaresnapdragon_7c\+_gen_3_compute_firmwaresm4125_firmwaresnapdragon_855\+\/860_mobile_platform_firmwaresnapdragon_212_mobile_platform_firmwareqca6420qca6174_firmwarewcn3910apq8064au_firmwarewcd9370_firmwarecsrb31024qca9367snapdragon_wear_3100_platform_firmwaresnapdragon_845_mobile_platformmdm9250_firmwaresnapdragon_x55_5g_modem-rf_system_firmwaresnapdragon_750g_5g_mobile_platform_firmwaresnapdragon_660_mobile_platformwcn3660bqca6574awcn3620_firmwareqca6174aqca6584_firmwaresa8195pwcd9340qcs8250_firmwareqcm2290snapdragon_820_automotive_platform_firmwareqca6335_firmwareqcm6490snapdragon_wear_2500_platformsm8550p_firmwareqcm8550snapdragon_x20_lte_modem_firmwarewcn3988snapdragon_460_mobile_platform_firmwareqca6574snapdragon_x75_5g_modem-rf_systemsd675_firmwareqca6430_firmwaresnapdragon_870_5g_mobile_platformqcn9011wsa8845hsa6150pwcd9326qcs410qcm2290_firmwaresa8155p_firmwareqca6564asa8155pwsa8830snapdragon_675_mobile_platformsnapdragon_662_mobile_platformsm8550psa6145pqcn9074_firmwarevision_intelligence_400_platform_firmwaresnapdragon_765_5g_mobile_platformsa8255p_firmwareflight_rb5_5g_platform_firmwaresmart_audio_200_platform_firmwaresnapdragon_665_mobile_platformar8035msm8996auqca6564sa6155qrb5165m_firmwarewcn3620snapdragon_678_mobile_platform_firmwareqcm4325robotics_rb5_platformsnapdragon_208_processor_firmwareqcn6224snapdragon_x5_lte_modemapq8064ausmart_display_200_platform_firmwareqca6698aqwcn3950_firmwaresm6250qrb5165nsmart_audio_200_platformfastconnect_6200snapdragon_710_mobile_platformsd670sm7325p_firmwarewcn3680bsa8145p_firmwaresnapdragon_730g_mobile_platformwcd9360_firmwaresnapdragon_888\+_5g_mobile_platformsmart_audio_400_platformsnapdragon_855\+\/860_mobile_platformsa8150p_firmwaresnapdragon_w5\+_gen_1_wearable_platformfastconnect_6700_firmwarevideo_collaboration_vc3_platform_firmwarewcn3990sd670_firmwaresnapdragon_680_4g_mobile_platform_firmwareqcs6490qcs8250snapdragon_750g_5g_mobile_platformfastconnect_6200_firmwarear8031_firmwarewsa8830_firmwareqcn6224_firmwareqca6431wsa8845_firmwaresd660_firmwaremdm9330_firmwaresnapdragon_auto_4g_modem_firmwarevision_intelligence_200_platformsxr2130_firmwaresnapdragon_675_mobile_platform_firmwarear8035_firmwaresnapdragon_730_mobile_platform_firmwaremdm9630qrb5165msnapdragon_888_5g_mobile_platformsnapdragon_w5\+_gen_1_wearable_platform_firmwareqca6320sa4150p_firmwaremsm8608_firmwaresd888_firmwaremsm8209snapdragon_662_mobile_platform_firmwareqca6564auqcs6125_firmwareqcn9074wsa8815_firmwaresa8195p_firmwareqca8337_firmwaresnapdragon_x12_lte_modem_firmwareqcm4290vision_intelligence_100_platformsnapdragon_680_4g_mobile_platformmsm8608ar8031sg8275p_firmwareqca9377_firmwareqcm6490_firmwaresnapdragon_1200_wearable_platform_firmwaresm7250p_firmwarewcn3680_firmwaresm4125snapdragon_855_mobile_platformrobotics_rb3_platform_firmwarewcn3950flight_rb5_5g_platformsnapdragon_xr2_5g_platformsnapdragon_429_mobile_platformqcs6125qca6797aq_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_765g_5g_mobile_platform_firmwaresnapdragon_xr2\+_gen_1_platform_firmwaresnapdragon_670_mobile_platform_firmwaresnapdragon_780g_5g_mobile_platformsnapdragon_710_mobile_platform_firmwaresa8295p_firmwaresd_675_firmwaresa4155p_firmwaresnapdragon_720g_mobile_platformvision_intelligence_200_platform_firmwaresm7250pcsrb31024_firmwaresa8155sm6250_firmwaresnapdragon_690_5g_mobile_platform_firmwaresnapdragon_780g_5g_mobile_platform_firmwaresnapdragon_845_mobile_platform_firmwareqca6584ausd888qca6320_firmwareqcn6274_firmwareqcn9011_firmwaresw5100_firmwaresnapdragon_765_5g_mobile_platform_firmwarewcn6740qca6310_firmwaresd626fastconnect_6800qfw7114_firmwareqcs7230snapdragon_685_4g_mobile_platform_firmwareqca6595_firmwarefastconnect_7800_firmwarewcd9371mdm9630_firmwaresnapdragon_782g_mobile_platform_firmwarefastconnect_6900_firmwareapq8017_firmwarewcd9380sa6145p_firmwareqam8255psa6155_firmwaresnapdragon_732g_mobile_platform_firmwaresnapdragon_xr2_5g_platform_firmwaresnapdragon_4_gen_1_mobile_platformsa8150psnapdragon_778g_5g_mobile_platformsnapdragon_665_mobile_platform_firmwaresnapdragon_x24_lte_modemmsm8996au_firmwaresnapdragon_835_mobile_pc_platformsnapdragon_auto_5g_modem-rf_firmwaresnapdragon_865\+_5g_mobile_platformsw5100video_collaboration_vc3_platformaqt1000snapdragon_865_5g_mobile_platform_firmwarec-v2x_9150_firmwareqam8295p_firmwaresd855snapdragon_212_mobile_platformqca6431_firmwarewcd9330_firmwareqca6174wcn3990_firmwaresm7315qca6698aq_firmwareqcs2290sdx20m_firmwareqca6564a_firmwarewcd9385qcs2290_firmwaremsm8909w_firmwarewcn3615qca9367_firmwarewcd9330wcn3610_firmwarewcn3680snapdragon_678_mobile_platformsa8255pqcs7230_firmwaresnapdragon_720g_mobile_platform_firmwareqcs4290wcd9390_firmwaresnapdragon_778g\+_5g_mobile_platform_firmwaresnapdragon_865\+_5g_mobile_platform_firmwaresnapdragon_690_5g_mobile_platformqca6430sg8275pmdm9650sdx55_firmwaresnapdragon_auto_5g_modem-rfsnapdragon_208_processorwcn3615_firmwaresnapdragon_210_processorsxr21309206_lte_modem_firmwaremsm8108_firmwaresnapdragon_wear_2500_platform_firmwarecsra6640_firmwarevision_intelligence_100_platform_firmwaresnapdragon_xr2\+_gen_1_platformqca6174a_firmwaresm7325pqam8650p_firmwarevideo_collaboration_vc5_platformsnapdragon_855_mobile_platform_firmwareqca6420_firmwareaqt1000_firmwareqcs6490_firmwaresdm429wsd855_firmwarewcd9335_firmwaremdm9640qca6436qrb5165n_firmwaresnapdragon_1200_wearable_platformsnapdragon_x24_lte_modem_firmwarewcn3980_firmwareqca6391_firmwarewsa8835wsa8840_firmwareqcn6274snapdragon_480_5g_mobile_platform_firmwareqfw7124qca6595au_firmwaresw5100p_firmwaresnapdragon_732g_mobile_platformsnapdragon_782g_mobile_platformqca6696_firmwareqcs4290_firmwaresnapdragon_865_5g_mobile_platformwcd9380_firmwarequalcomm_205_mobile_platform_firmwareqca6574_firmwarecsra6620qca8081sd660mdm9628wsa8815sg4150pqam8775pqca9377qca6797aqmdm9628_firmwareqcm4325_firmwarevision_intelligence_400_platform9206_lte_modemqca6574a_firmwaresdx55qcm4290_firmwaresnapdragon_480\+_5g_mobile_platformsd675wcd9375_firmwareqca6391qualcomm_215_mobile_platformsmart_audio_400_platform_firmwaresnapdragon_778g_5g_mobile_platform_firmwareqcn9012_firmwaresg4150p_firmwaresnapdragon_480_5g_mobile_platformqca6584snapdragon_670_mobile_platformcsra6620_firmwaresnapdragon_8_gen_2_mobile_platform_firmwaresa8295psnapdragon_xr1_platform_firmwareqcs8550robotics_rb5_platform_firmwaresnapdragon_x50_5g_modem-rf_system_firmwarefastconnect_7800qam8775p_firmwaresd865_5g_firmwarequalcomm_215_mobile_platform_firmwarewcd9375snapdragon_wear_2100_platformwcn3988_firmwaresa8145psd_675snapdragon_wear_4100\+_platformsnapdragon_888\+_5g_mobile_platform_firmwarewsa8835_firmwaresnapdragon_660_mobile_platform_firmwaresnapdragon_x75_5g_modem-rf_system_firmwaremdm9330qca6584au_firmwaresnapdragon_820_automotive_platformwcn3980msm8909wwcn3680b_firmwareqcs610Snapdragon
CWE ID-CWE-416
Use After Free
CVE-2023-33063
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.44% / 62.94%
||
7 Day CHG~0.00%
Published-05 Dec, 2023 | 03:04
Updated-27 Oct, 2025 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-12-26||Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Use After Free in DSP Services

Memory corruption in DSP Services during a remote call from HLOS to DSP.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-ipq8076a_firmwarewcn3990_firmwareqca6426_firmwareqcs6490qcs5430sda845wcn685x-1_firmwarewsa8835_firmwaresnapdragon_429_mobile_platformwcd9341_firmwarewcn3660bqam8775p_firmwaresm8550psm8150_firmwareqca9898ipq4018_firmwaresa8770psm7250-acqca9886_firmwaresm8250-acsa8775pipq8068_firmwarewsa8830csr8811wcd9340ipq8070asm8350_firmwaresnapdragon_210_processoripq6010_firmwareqcs4490ipq8076qca6420_firmwareqcn5154_firmwaresd888qcn6023sm6225wcd9326_firmwarewcd9380_firmwareqcn6023_firmwaresnapdragon_auto_5g_modem-rf_firmwareipq8173_firmwaresnapdragon_429_mobile_platform_firmwares820aipq6028snapdragon_xr1_platform_firmwaresnapdragon_xr2\+_gen_1_platform_firmwareqca6595auipq4018qcn9012_firmwareqca6390qcm44908998snapdragon_xr1_platformsnapdragon_632_mobile_platform_firmwaresm6250qcm6490_firmwarewcd9395_firmwaresm8475_firmwareqcm6125sm7325pipq6018wsa8845_firmwarewcd9370_firmwareqcn9011_firmwaresa6150p_firmware8953pro_firmwareipq8070_firmwaresnapdragon_662_mobile_platformqca9992_firmwaresw5100psm7150-acqca7500qca9377snapdragon_210_processor_firmwareqcs7230ipq8064_firmwarewcn3620apq8053-aawcd9360snapdragon_ar2_gen_1_platformwsa8810flight_rb5_5g_platform_firmwaresm8450sm6350_firmwareipq8070a_firmwareqcn9022csra6620_firmwareipq8074aqca9888sm7315flight_rb5_5g_platformsm7325-afqca6335qcm2290_firmwaresm4250-aasd_675qca9377_firmwareimmersive_home_216_platform_firmwaresa8195p_firmwaresa6150psnapdragon_auto_4g_modemsa8155pssg2125p_firmwareqca6696_firmwareipq8076awcn3950_firmwareqca9985snapdragon_675_mobile_platform_firmwareqcs2290qrb5165mapq8017_firmwarewcn3998_firmwarewcn3610sm7125_firmwaresm7325p_firmwaresm6125_firmwareqcn5022wsa8815wsa8815_firmwareipq6010qca9992snapdragon_x65_5g_modem-rf_systemqca9880immersive_home_214_platform_firmwareqrb5165m_firmwaresnapdragon_7c\+_gen_3_compute_firmwarewcd9335qca9994snapdragon_4_gen_2_mobile_platformqca6335_firmwarecsrb31024_firmwarear9380wcn3991qca6421_firmwareqca7500_firmwareipq4019_firmwaresd888_firmwaresm6350sxr1230psxr2230pmdm9650sm4375_firmwaresnapdragon_x50_5g_modem-rf_systemqrb5165n_firmwareipq8078a_firmwaresm8150ssg2125pwcn3615qca6420qca6430_firmwaresm8350-acwsa8845ipq4028sdm845snapdragon_439_mobile_platformvision_intelligence_300_platform_firmwaresxr1120qca6391_firmwarecsra6640sa4150psa8255p_firmwareqca6595sm7250-ac_firmwaresm8250-absm4350_firmwarewcn3615_firmwarewcn785x-1qam8295papq8009_firmwaresa6155snapdragon_x12_lte_modemipq8072a_firmwarewcd9385_firmwareqam8775pqcm2290qam8255p_firmwaresm7150-aaipq8064snapdragon_x24_lte_modemqcn9070qca6797aq_firmwareqcn5164_firmware8098_firmwarevideo_collaboration_vc5_platformqca6421sd835_firmwaresnapdragon_wear_4100\+_platformsg8275pqca6390_firmwareqam8255pqca6310_firmwareqca6595au_firmwaresa6155pqcs410_firmwareqcn5154qcm4490_firmwaresnapdragon_ar2_gen_1_platform_firmwaresnapdragon_7c\+_gen_3_computewsa8845hsw5100_firmwareqcs610sm8150-acsm6125qca9980_firmwareqcn5152_firmwarevision_intelligence_300_platformqcn5152sxr2130snapdragon_625_mobile_platform_firmwaresnapdragon_x55_5g_modem-rf_system_firmwareqca6797aqsnapdragon_8_gen_2_mobile_platform_firmwareqam8650p_firmwarewcn3620_firmwarewcn3991_firmwareqcn5024_firmwaresa8770p_firmwarewcn3680b_firmwaresd835snapdragon_x55_5g_modem-rf_systemqcm4290_firmwareqca6564_firmwareipq8071asm6375sxr2230p_firmwareqca6310qca6595_firmwaresa6145pwcd9335_firmwarewcd9390apq8053-aa_firmwaresa4150p_firmwareqca6174asa9000p_firmwareipq8065sm7150-abimmersive_home_216_platformwcd9340_firmwaresa8195pssg2115pipq4029qca9880_firmwarewcd9375_firmwareqcm5430_firmwareqcm5430qcs2290_firmwarevision_intelligence_400_platform_firmwaresg8275p_firmware315_5g_iot_modemwcd9380ipq8074a_firmwareipq8078_firmwaresnapdragon_xr2\+_gen_1_platformqcn9024_firmwarec-v2x_9150_firmwareipq8070snapdragon_x50_5g_modem-rf_system_firmwareqca6436csrb31024qca9889_firmwareqcs8250sm7250pqca8337_firmwaresd865_5gsxr2130_firmwarewcd9360_firmwaresm4250-aa_firmwareqca6696vision_intelligence_400_platformqca6574aapq8009ipq8065_firmwareqcn5124_firmwaresm6150-acwsa8840_firmwareqcn5122_firmwarewcd9371_firmwaresm7325-aewcn39508998_firmwaresxr1120_firmwaremsm8905_firmwareqcs8155ipq5010aqt1000_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqcn9070_firmwaresa8150p_firmwaresm7150-ab_firmwarewcd9385ipq4029_firmware8098qca8075qcn6024_firmwareqcn9074_firmwareqca8075_firmwarewcn6750_firmwarewcn3680_firmwarear8035_firmwareqca6698aq_firmwareqcs8155_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwareqca6391sa8145p_firmwareqca8081_firmwaresa9000pqam8295p_firmwareqca8081sm8250-ab_firmwaresnapdragon_425_mobile_platform_firmwareqca6574qca6431sm4350-ac_firmwareqca6436_firmwaresm4375qcs5430_firmwareqcm6490qcs8550_firmwareqcs8250_firmwaresnapdragon_w5\+_gen_1_wearable_platform_firmwareqcs8550snapdragon_212_mobile_platform_firmwareipq8068sm7250-aaqcm6125_firmwaresd730qcn5164snapdragon_425_mobile_platformqca6430qcn9100_firmwaresa8775p_firmwaresm8550p_firmwaremsm8905sm8150-ac_firmwaresd660_firmwaresm7250-ab8953proqcs4290ipq8174_firmwarewcn685x-5_firmwaresa8255pqcn5124qrb5165nimmersive_home_316_platformsm7250p_firmwaresd855snapdragon_439_mobile_platform_firmwares820a_firmwareipq8173qcm4290qca9984_firmwarewcn6740qcs6125_firmwarecsr8811_firmwarewsa8810_firmwaresnapdragon_8_gen_2_mobile_platformsa8150psm7150-aa_firmwaresa4155pqca6174a_firmwaresnapdragon_x24_lte_modem_firmwaresnapdragon_x12_lte_modem_firmwaresd626_firmwareqcn9000_firmwarewcn3610_firmwaresnapdragon_4_gen_2_mobile_platform_firmwaresdm660_firmwaresm4125_firmwaresdm429w_firmwarec-v2x_9150qcn9024wcd9395wcn3680bipq4019ipq8078ar8031qcm4325_firmwarewcd9341qcn9074sm8350ar8035sm6225_firmwarewsa8832_firmwarewcn3680qcn9072sdm429wqcn5122wcn3660b_firmwarewcn3988_firmwaresm7225ipq6018_firmwaresdx55_firmwareipq5010_firmwarewsa8832wcd9375video_collaboration_vc3_platformqca6564sm4125qcs4290_firmwarewcd9390_firmwareaqt1000qsm8250qca9888_firmwaresd_675_firmwarewcd9370sd865_5g_firmwaresm6225-ad_firmwareqcn5052ipq8076_firmwaresa8145psnapdragon_625_mobile_platformsnapdragon_662_mobile_platform_firmwarewcn3988ipq6028_firmwaresd675sm6375_firmwaresnapdragon_xr2_5g_platform_firmwareqca6574_firmwareqca6698aqsm7350-ab_firmwaresm4350sa8155wsa8845h_firmwaresnapdragon_675_mobile_platformsnapdragon_auto_5g_modem-rfqam8650pqca6320_firmwaresd670_firmwaresg4150p_firmwaresnapdragon_212_mobile_platformsm7325_firmwaresm4350-acwcn6740_firmwareipq8078awcd9371qcn9022_firmwaresd855_firmwareqcn9012sm6225-adsm8475sw5100p_firmwareqsm8250_firmwareqcn5052_firmwaresm7315_firmwaresd660wcn785x-5qca9898_firmwarear8031_firmwarewsa8840sm8350-ac_firmwaresnapdragon_xr2_5g_platformimmersive_home_318_platform_firmwarewsa8830_firmwaresm8450_firmwarecsra6640_firmwaresnapdragon_8\+_gen_2_mobile_platformsda845_firmwareqrb5165qcs6125sg4150papq8053-acsd626qcn9072_firmwaresm7250-ab_firmwareqcs410sm8250-ac_firmwaressg2115p_firmwarewcn3998qca4024_firmwareqcs4490_firmwaresnapdragon_auto_4g_modem_firmwareimmersive_home_214_platformsnapdragon_wear_4100\+_platform_firmwarewcn785x-1_firmwaresm6250_firmwaresm7325sa8155p_firmwarewcn6750wcn3910_firmwaresd670qca6426qcn6024ar9380_firmwareapq8017mdm9650_firmwaresm7125wcn3910qca9994_firmwareqcs7230_firmwareqca6574a_firmwareqca9985_firmwaresdm660qca4024sm7350-abwcd9326sxr1230p_firmwareapq5053-aaipq8071a_firmwaresd730_firmwarewcn3980_firmwareqca9984qca8337qca9886qcs610_firmwareipq8174snapdragon_632_mobile_platformqcn9011qca6574au_firmwaresm7325-af_firmwarewsa8835sm7225_firmwaresa8155_firmwareqrb5165_firmwareqcm4325qca9889ipq4028_firmwarewcn3980apq8053-ac_firmwarevideo_collaboration_vc3_platform_firmwarevideo_collaboration_vc5_platform_firmwaresa6155_firmwareqca9980sa8295psdm845_firmwaresdx55immersive_home_318_platformsm6150-ac_firmwareqca6574ausa4155p_firmwaresa6145p_firmwarevideo_collaboration_vc1_platformsw5100qm215qca9990_firmwarecsra6620qca9990qcn9000wcn3990sm7250-aa_firmwarewcn785x-5_firmwarewcn685x-5sa6155p_firmwareimmersive_home_316_platform_firmwareqca6431_firmwaresm7150-ac_firmwareipq8072asd675_firmwarevideo_collaboration_vc1_platform_firmwaresm7325-ae_firmware315_5g_iot_modem_firmwareqcn9100qca6564au_firmwareapq5053-aa_firmwarewcn685x-1qcn5022_firmwareqca6320qm215_firmwareqca6564ausnapdragon_w5\+_gen_1_wearable_platformsa8295p_firmwareqcs6490_firmwareqcn5024Snapdragonipq8076a_firmwaresnapdragon_626_mobile_platform_firmwarewcn3990_firmwareaqt1000_firmwareqca6426_firmwaresnapdragon_750g_5g_mobile_platform_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqcn9070_firmwaresa8150p_firmwareipq4029_firmwareqcn6024_firmwareqcn9074_firmwarewsa8835_firmwareqca8075_firmwarewcn3680_firmwarear8035_firmwareqca6698aq_firmwareqcs8155_firmwarewcd9341_firmwareqam8775p_firmwaresa8145p_firmwareqca8081_firmwareqam8295p_firmwareipq4018_firmwaresnapdragon_425_mobile_platform_firmwaresnapdragon_778g_5g_mobile_platform_firmwareqca9886_firmwareqca6436_firmwaresmart_audio_400_platform_firmwareqcs5430_firmwareipq8068_firmwareqcs8550_firmwareqcs8250_firmwarequalcomm_video_collaboration_vc1_platform_firmwaresnapdragon_212_mobile_platform_firmwaresnapdragon_660_mobile_platform_firmwarequalcomm_215_mobile_platform_firmwareqcm6125_firmwareipq6010_firmwareqcn9100_firmwaresa8775p_firmwareqca6420_firmwaresm8550p_firmwaresnapdragon_695_5g_mobile_platform_firmwareqcn5154_firmwaresd660_firmwarewcd9326_firmwarewcd9380_firmwareqcn6023_firmwaresnapdragon_855_mobile_platform_firmwaresnapdragon_auto_5g_modem-rf_firmwareipq8173_firmwaresnapdragon_429_mobile_platform_firmwaresnapdragon_xr1_platform_firmwareipq8174_firmwareqcn9012_firmwaresnapdragon_720g_mobile_platform_firmwaresnapdragon_632_mobile_platform_firmwareqcm6490_firmwarewcd9395_firmwaresm7250p_firmwaresnapdragon_439_mobile_platform_firmwarewsa8845_firmwarewcd9370_firmwareqcn9011_firmwaresa6150p_firmwareqca9984_firmwareqcs6125_firmwareipq8070_firmwarecsr8811_firmwarefastconnect_6900_firmwareqca9992_firmwarewsa8810_firmwarequalcomm_video_collaboration_vc5_platform_firmwaresnapdragon_210_processor_firmwareipq8064_firmwareqca6174a_firmwaresnapdragon_670_mobile_platform_firmwaresnapdragon_x12_lte_modem_firmwaresd626_firmwareqcn9000_firmwaresnapdragon_x24_lte_modem_firmwarewcn3610_firmwaresnapdragon_4_gen_2_mobile_platform_firmwaresm4125_firmwaresdm429w_firmwareflight_rb5_5g_platform_firmwareipq8070a_firmwarerobotics_rb3_platform_firmwaresnapdragon_665_mobile_platform_firmwarecsra6620_firmwaresnapdragon_845_mobile_platform_firmwareqcm4325_firmwareqcm2290_firmwarewsa8832_firmwareqca9377_firmwareimmersive_home_216_platform_firmwaresa8195p_firmwarewcn3988_firmwarewcn3660b_firmwareipq6018_firmwaresdx55_firmwaressg2125p_firmwareipq5010_firmwareqca6696_firmwarerobotics_rb5_platform_firmwarewcn3950_firmwaresnapdragon_675_mobile_platform_firmwareapq8017_firmwareqcs4290_firmwaresnapdragon_865_5g_mobile_platform_firmwarewcd9390_firmwaresm7325p_firmwareqca9888_firmwaresd_675_firmwaresd865_5g_firmwarewsa8815_firmwarequalcomm_205_mobile_platform_firmwareipq8076_firmwaresnapdragon_820_automotive_platform_firmwareimmersive_home_214_platform_firmwareqrb5165m_firmwaresnapdragon_662_mobile_platform_firmwareipq6028_firmwareqca6335_firmwaresnapdragon_xr2_5g_platform_firmwarecsrb31024_firmwareqca6574_firmwareqca6421_firmwareqca7500_firmwaresd888_firmwareipq4019_firmwarewsa8845h_firmwaresnapdragon_780g_5g_mobile_platform_firmwareqca6320_firmwareqrb5165n_firmwaresd670_firmwaresg4150p_firmwarewcn6740_firmwareipq8078a_firmwareqcn9022_firmwaresd855_firmwareqca6430_firmwaresw5100p_firmwarevision_intelligence_300_platform_firmwarefastconnect_7800_firmwareqca6391_firmwareqcn5052_firmwareqsm8250_firmwaresm7315_firmwaresa8255p_firmwarewcn3615_firmwareqca9898_firmwarear8031_firmwareipq8072a_firmwarewcd9385_firmwareimmersive_home_318_platform_firmwarewsa8830_firmwarecsra6640_firmwarequalcomm_video_collaboration_vc3_platform_firmwareqam8255p_firmwareqcn9072_firmwareqca6797aq_firmwaressg2115p_firmwareqcn5164_firmwarefastconnect_6800_firmwaresnapdragon_4_gen_1_mobile_platform_firmwarefastconnect_6200_firmwareqca4024_firmwareqcs4490_firmwaresnapdragon_auto_4g_modem_firmwaresd835_firmwaresnapdragon_690_5g_mobile_platform_firmwaresnapdragon_680_4g_mobile_platform_firmwaresm6250_firmwaresa8155p_firmwareqca6310_firmwareqca6595au_firmwareqcs410_firmwareqcm4490_firmwaresnapdragon_ar2_gen_1_platform_firmwarewcn3910_firmwaresw5100_firmwarear9380_firmwaremdm9650_firmwareqca9994_firmwareqca9980_firmwareqca6574a_firmwareqca9985_firmwareqcn5152_firmwareqcs7230_firmwaresnapdragon_625_mobile_platform_firmwaresnapdragon_x55_5g_modem-rf_system_firmwaresnapdragon_8_gen_2_mobile_platform_firmwaresxr1230p_firmwareqam8650p_firmwarewcn3620_firmwareipq8071a_firmwaresd730_firmwarewcn3980_firmwareqcn5024_firmwaresa8770p_firmwarewcn3680b_firmwareqcm4290_firmwaresd_8_gen1_5g_firmwareqcs610_firmwareqca6564_firmwaresnapdragon_835_mobile_pc_platform_firmwaresxr2230p_firmwareqca6595_firmwareqca6574au_firmwaresa8155_firmwarewcd9335_firmwaresa4150p_firmwaresa9000p_firmwarewcd9340_firmwareipq4028_firmwaresa6155_firmwareqca9880_firmwarefastconnect_6700_firmwareqcm5430_firmwarewcd9375_firmwareqcs2290_firmwarevision_intelligence_400_platform_firmwaresg8275p_firmwaresa4155p_firmwareipq8074a_firmwareipq8078_firmwaresa6145p_firmwareqcn9024_firmwareqca9990_firmwarec-v2x_9150_firmwaresnapdragon_x50_5g_modem-rf_system_firmwaresa6155p_firmwaresnapdragon_8_gen_1_mobile_platform_firmwareqca9889_firmwareimmersive_home_316_platform_firmwareqca6431_firmwareqca8337_firmwaresd675_firmwaresxr2130_firmwarewcd9360_firmware315_5g_iot_modem_firmwaresnapdragon_460_mobile_platform_firmwareqca6564au_firmwareqcn5022_firmwaresnapdragon_480_5g_mobile_platform_firmwareipq8065_firmwareqcn5124_firmwarewsa8840_firmwareqcn5122_firmwaresnapdragon_888_5g_mobile_platform_firmwarewcd9371_firmwaresnapdragon_710_mobile_platform_firmwaresa8295p_firmwareqcs6490_firmwaresxr1120_firmwareMultiple Chipsets
CWE ID-CWE-416
Use After Free
CVE-2019-2329
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.51%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 14:38
Updated-04 Aug, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free issue in cleanup routine due to missing pointer sanitization for a failed start of a trusted application. in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, QCS404, QCS605, SDA845, SDM670, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm670_firmwareqcs404sm8150_firmwaresxr2130_firmwaresda845_firmwaresdm845mdm9205_firmwaremdm9205qcs404_firmwareqcs605sdx55sm7150_firmwaresm6150_firmwaresdm710sm6150sm8150sdm710_firmwaresxr1130_firmwaresdx55_firmwaresm7150sxr1130sdm670sxr2130qcs605_firmwaresda845sdm845_firmwareSnapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-416
Use After Free
CVE-2025-47359
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.28%
||
7 Day CHG~0.00%
Published-02 Feb, 2026 | 15:20
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in Secure Processor

Memory Corruption when multiple threads simultaneously access a memory free API.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fastconnect_6200wcd9378cqcc2072wsa8845fastconnect_6800_firmwarex2000077_firmwarefastconnect_6800wsa8845_firmwarex2000094wsa8840_firmwareaqt1000_firmwareqca6391_firmwaresc8180xp-aaab_firmwarewcd9378c_firmwareqca6420wcd9385sc8180xp-acaffastconnect_7800sc8180x-aaab_firmwarex2000090qca6430_firmwaresc8180xp-adx2000086_firmwaresc8180xp-ad_firmwarewsa8830wsa8835_firmwarewcd9385_firmwaresc8180xp-aaabwsa8815_firmwaresc8280xp-abbbsc8180xp-acaf_firmwarex2000092_firmwarewsa8810_firmwarexg101002_firmwarewsa8845h_firmwarexg101039_firmwarex2000077wsa8845hfastconnect_6900_firmwarewcd9340_firmwarex2000090_firmwareaqt1000sc8180x-acaf_firmwarefastconnect_6900wcd9340qca6430sc8280xp-abbb_firmwaresc8380xpwcd9341_firmwareqca6391wcd9341xg101032wcd9380sc8180x-acafwsa8835wcd9380_firmwaresc8380xp_firmwarewsa8840xg101032_firmwaresc8180x-ad_firmwarewsa8830_firmwarewsa8815fastconnect_6200_firmwaresc8180x-aaabx2000092xg101002qcc2072_firmwarexg101039qca6420_firmwarex2000086x2000094_firmwarefastconnect_7800_firmwaresc8180x-adwsa8810Snapdragon
CWE ID-CWE-416
Use After Free
CVE-2021-29627
Matching Score-4
Assigner-FreeBSD
ShareView Details
Matching Score-4
Assigner-FreeBSD
CVSS Score-7.8||HIGH
EPSS-1.05% / 77.34%
||
7 Day CHG~0.00%
Published-07 Apr, 2021 | 14:45
Updated-03 Aug, 2024 | 22:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13.0-RC4 before p0, and 12.2-RELEASE before p6, listening socket accept filters implementing the accf_create callback incorrectly freed a process supplied argument string. Additional operations on the socket can lead to a double free or use after free.

Action-Not Available
Vendor-n/aFreeBSD Foundation
Product-freebsdFreeBSD
CWE ID-CWE-416
Use After Free
CWE ID-CWE-415
Double Free
CVE-2021-22545
Matching Score-4
Assigner-Google LLC
ShareView Details
Matching Score-4
Assigner-Google LLC
CVSS Score-7.5||HIGH
EPSS-0.06% / 18.23%
||
7 Day CHG~0.00%
Published-29 Jun, 2021 | 11:55
Updated-16 Sep, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use-after-free in BinDiff

An attacker can craft a specific IdaPro *.i64 file that will cause the BinDiff plugin to load an invalid memory offset. This can allow the attacker to control the instruction pointer and execute arbitrary code. It is recommended to upgrade BinDiff 7

Action-Not Available
Vendor-Google LLC
Product-bindiffBindiff
CWE ID-CWE-416
Use After Free
CVE-2021-30262
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.04% / 12.95%
||
7 Day CHG~0.00%
Published-03 Jan, 2022 | 07:25
Updated-03 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation of a socket state when socket events are being sent to clients can lead to invalid access of memory in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fsm10055qca9377_firmwaremdm9150_firmwarewcn3991_firmwaresd678mdm9640_firmwaresa6150p_firmwaresa8145p_firmwareqcs610sm6250p_firmwarewsa8830fsm10056qca8337csrb31024csra6620fsm10055_firmwarewcn3950_firmwaresa8150p_firmwaresd765g_firmwareqca6595au_firmwareqca6390_firmwaresa6155sd690_5gsd730_firmwarewcd9370csra6620_firmwareqcs605_firmwaresd_675_firmwaresd675_firmwarecsra6640_firmwareqca6564qca6426wcn3990_firmwareqrb5165n_firmwareqca9377sa415mwcn3998wcd9385_firmwaresdxr2_5g_firmwarewcn3950wcd9326_firmwaresd720gqsw8573_firmwarewcn3660bsd662sd460_firmwaresa8155qca6574au_firmwaresdx55_firmwarewcn3680b_firmwareqca6595ausa6155_firmwarewcd9375_firmwarewcn3998_firmwaremsm8909wsm7250p_firmwareapq8009w_firmwarewcn3610_firmwareqca6436_firmwarewcn3999_firmwareqrb5165nqca6564au_firmwaresa6155p_firmwaresm6225wcn3999sd429qrb5165_firmwaresdxr2_5gsa8155_firmwaresd662_firmwaresa415m_firmwareqcs405wcn3988_firmwaresa6145p_firmwaresd205sd429_firmwaresm6250wcd9340sa8195pwsa8810_firmwarequalcomm215_firmwaresd765gsd765_firmwarefsm10056_firmwareqca6436wcd9326wcd9335sa6155pwcn6851qcs603_firmwareqca6174a_firmwarewcd9385wcd9341qca6696_firmwaresd750gsd870_firmwarear8035qca6390sd750g_firmwareaqt1000sa8150pwcd9375sm6250_firmwarewsa8830_firmwaresda429wsd210sd855_firmwaresd660sd865_5g_firmwarewcn3620_firmwarewcn3988wcn6850_firmwarewsa8815_firmwaresd660_firmwarewcn3620wsa8835_firmwaresa8195p_firmwareqca6564awcn3610mdm9640wcn3991qca8337_firmwaresda429w_firmwarewcd9380_firmwarewcn3990sd_675sdm429wsd865_5gqca6564ausdx24sdx55m_firmwareqet4101_firmwaremsm8909w_firmwareqca6574wsa8835sdm429w_firmwaresd665_firmwarewcd9380sm6250pqualcomm215qcs410qca6574asd690_5g_firmwareqca6174asdx24_firmwarewcd9335_firmwarewcn3980qsw8573qca6574_firmwareqcs605wcd9340_firmwaresd855wsa8815wcn6850sd665sd765qca6426_firmwarewcn3660b_firmwareqca6574a_firmwaresd768g_firmwarewcn3980_firmwaresd460qca6391sd730sdx55msdxr1_firmwareaqt1000_firmwaresd678_firmwarear8031_firmwarecsrb31024_firmwareqrb5165wcn6851_firmwareqcs603sm6225_firmwareqca6574ausa8155p_firmwaresd205_firmwareqca6564a_firmwareapq8009wwcd9341_firmwarewsa8810sd870sd210_firmwareqcs610_firmwaremdm9150qsm8250sa6145pwcn3680bqca6564_firmwaresdxr1sd768gar8031qcs405_firmwaresa8145pqca6696qca6391_firmwaresd845_firmwarewcd9370_firmwaresa6150psdx55sa8155pcsra6640sd675sd845qet4101sm7250psd720g_firmwareqcs410_firmwarear8035_firmwareqsm8250_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-416
Use After Free
CVE-2024-43062
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.88%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 10:07
Updated-03 Mar, 2025 | 12:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in Camera Linux

Memory corruption caused by missing locks and checks on the DMA fence and improper synchronization.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-Snapdragon
CWE ID-CWE-416
Use After Free
CVE-2023-29358
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.20% / 84.21%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 23:26
Updated-01 Jan, 2025 | 01:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows GDI Elevation of Privilege Vulnerability

Windows GDI Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-416
Use After Free
CVE-2024-55549
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.19%
||
7 Day CHG~0.00%
Published-14 Mar, 2025 | 00:00
Updated-03 Nov, 2025 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.

Action-Not Available
Vendor-libxml2 (XMLSoft)
Product-libxsltlibxslt
CWE ID-CWE-416
Use After Free
CVE-2020-0243
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.47%
||
7 Day CHG~0.00%
Published-11 Aug, 2020 | 19:28
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In clearPropValue of MediaAnalyticsItem.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-8.0 Android-8.1Android ID: A-151644303

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-667
Improper Locking
CVE-2026-21251
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.83%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 17:51
Updated-27 Feb, 2026 | 20:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cluster Client Failover (CCF) Elevation of Privilege Vulnerability

Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2022windows_server_2025windows_server_2022_23h2windows_server_2019Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2022Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows Server 2016Windows Server 2025 (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2019-10621
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.38%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 10:46
Updated-04 Aug, 2024 | 22:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free issue when MAP and UNMAP calls at same time as data structure used my MAP may be freed by UNMAP function in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in Nicobar, QCS405, Rennell, Saipan, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sm8150_firmwaresxr2130_firmwareqcs405_firmwarerennellrennell_firmwaresm8250_firmwaresc8180x_firmwaresdx55qcs405sm7150_firmwaresaipan_firmwaresm6150_firmwaresm6150sm8250sm8150sdx55_firmwaresm7150nicobar_firmwaresaipansxr2130sc8180xnicobarSnapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CWE ID-CWE-416
Use After Free
CVE-2023-28577
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.56%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 09:15
Updated-02 Aug, 2024 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Dmabuf Kernel Address UAF Vulnerability

In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel address.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fastconnect_7800snapdragon_865_5gwcd9380_firmwarewsa8830qcs610sw5100psd865_5gfastconnect_6900fastconnect_6800fastconnect_6900_firmwaresnapdragon_8_gen_1_firmwarewcn3988_firmwareqcn9074snapdragon_870_5gwsa8835wcn3950_firmwaresnapdragon_8_gen_1wsa8810_firmwarewcd9380wcd9341_firmwarefastconnect_7800_firmwaresw5100wsa8810qca6436qcs410snapdragon_865\+_5gsnapdragon_x55_5gqcs610_firmwaresw5100p_firmwaresxr2130wcd9370snapdragon_865\+_5g_firmwarewcn3680bqca6426sxr2130_firmwarewcd9341wcn3980qca6391_firmwarewcn3950snapdragon_xr2_5g_firmwarewcd9370_firmwarewcn3660bwsa8815snapdragon_870_5g_firmwarewsa8830_firmwaresd865_5g_firmwareqca6426_firmwarewcn3660b_firmwarewcn3988wsa8815_firmwaresnapdragon_x55_5g_firmwarewcn3680b_firmwarewsa8835_firmwaresw5100_firmwareqcn9074_firmwarefastconnect_6800_firmwareqcs410_firmwaresnapdragon_865_5g_firmwareqca6391wcn3980_firmwareqca6436_firmwaresnapdragon_xr2_5gSnapdragonwcd9380_firmwaresxr2130_firmwareqca6391_firmwarefastconnect_6900_firmwarewcd9370_firmwareqca6436_firmwarewcn3988_firmwarewsa8830_firmwaresd865_5g_firmwaresnapdragon_xr2_5g_platform_firmwarewcn3950_firmwareqca6426_firmwarewcn3660b_firmwarewsa8810_firmwarewsa8815_firmwarewcd9341_firmwarefastconnect_7800_firmwareqcs610_firmwarewsa8835_firmwarewcn3680b_firmwaresnapdragon_865_5g_mobile_platform_firmwaresw5100_firmwareqcn9074_firmwarefastconnect_6800_firmwaresw5100p_firmwareqcs410_firmwaresnapdragon_8_gen_1_mobile_platform_firmwaresnapdragon_x55_5g_modem-rf_system_firmwarewcn3980_firmware
CWE ID-CWE-416
Use After Free
CVE-2025-8842
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.03% / 8.91%
||
7 Day CHG~0.00%
Published-11 Aug, 2025 | 10:32
Updated-15 Sep, 2025 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NASM Netwide Assember preproc.c do_directive use after free

A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected by this issue is the function do_directive of the file preproc.c. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-nasmNASM
Product-netwide_assemblerNetwide Assember
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-416
Use After Free
CVE-2025-8176
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.02% / 4.31%
||
7 Day CHG~0.00%
Published-26 Jul, 2025 | 03:32
Updated-11 Sep, 2025 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LibTIFF tiffmedian.c get_histogram use after free

A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue.

Action-Not Available
Vendor-n/aLibTIFF
Product-libtiffLibTIFF
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-416
Use After Free
CVE-2021-1940
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.02% / 6.32%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 00:00
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free can occur due to improper handling of response from firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fsm10055wcn3991_firmwaresd678sm6250p_firmwareqcs610fsm10056qca8337csra6620fsm10055_firmwarewcn3950_firmwareqca6420_firmwareqca6595au_firmwaresa6155sd730_firmwarewcd9370csra6620_firmwaresd_675_firmwaresd675_firmwarecsra6640_firmwareqca6564qcs6125_firmwareqca6584au_firmwarewcn3990_firmwaresa415mwcn3998sd_8cx_firmwarewcn3950sd720gwcn3660bsa8155qca6574au_firmwaresdx55_firmwareqca6595ausa6155_firmwarewcd9375_firmwarewcn3998_firmwarewcn3999_firmwarewcn3610_firmwareqca6420qca6564au_firmwareqca6584ausa6155p_firmwarewcn3999sa515m_firmwareqcs6125sa8155_firmwaresa415m_firmwareqcs405qca6430wcn3988_firmwaresa6145p_firmwaresm6250wcd9340sa8195pwsa8810_firmwarefsm10056_firmwarewcd9335sa6155pwcd9341qca6696_firmwarear8035wcd9375sd_8cxaqt1000sm6250_firmwaresda429wsd855_firmwaresd660wcn3620_firmwarewcn3988wsa8815_firmwaresd660_firmwarewcn3620sa8195p_firmwareqca6564awcn3610qcm6125_firmwarewcn3991qca8337_firmwaresda429w_firmwarewcd9380_firmwarewcn3990sd_675qca6564ausdx55m_firmwareqca6574sd665_firmwarewcd9380sm6250pqcs410qca6574asdx50m_firmwareqca6430_firmwarewcd9335_firmwarewcn3980sa515mqca6574_firmwarewcd9340_firmwaresd855wsa8815sd665sd_8c_firmwarewcn3660b_firmwareqca6574a_firmwarewcn3980_firmwaresd730qca6391sdx55maqt1000_firmwaresd678_firmwarear8031_firmwaresdx50mqca6574ausa8155p_firmwareqca6564a_firmwarewcd9341_firmwareqcm6125wsa8810qcs610_firmwaresd_8csa6145pqca6564_firmwarear8031qcs405_firmwareqca6696qca6391_firmwarewcd9370_firmwaresdx55sa8155pcsra6640sd675sd720g_firmwareqcs410_firmwarear8035_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-416
Use After Free
CVE-2021-1947
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.04% / 10.76%
||
7 Day CHG~0.00%
Published-17 Sep, 2021 | 07:05
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in kernel graphics driver because of storing an invalid pointer in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3991_firmwarewsa8830sm7250qca9561qcs2290_firmwareqca8337sm7250_firmwarear9380qca9563_firmwareqca9561_firmwareqca9880_firmwareqca9992qcs4290wcn3950_firmwaresd765g_firmwareqcs2290ipq8069_firmwareqca6390_firmwaresd690_5gwcd9370qcs6125_firmwareqca6426wcn3990_firmwareqca9984_firmwarewcn3998wcd9385_firmwarewcn3950sm4125wcd9326_firmwarewcn3615_firmwareqca9563qsw8573_firmwarewcn3660bsd662qca9982sd460_firmwareqca6320_firmwarewcn3680b_firmwaresdx55_firmwarewcd9375_firmwarewcn3615wcn3998_firmwaremsm8909wapq8009w_firmwarewcn3610_firmwareapq8053_firmwareipq8065qca9990qrb5165_firmwaresd429qcs6125sd662_firmwareipq8068wcn3988_firmwaresd429_firmwarewcd9340sdm830_firmwarewsa8810_firmwaresd765gsd765_firmwarewcd9326wcd9335wcn6851qca9982_firmwareqcs4290_firmwarewcd9385qca9888_firmwarewcd9341ipq8068_firmwaresd750gsd870_firmwareqca6390qca9898_firmwaresd750g_firmwarewcd9375wcn3910_firmwaremsm8953_firmwarewsa8830_firmwaresda429wqca9992_firmwaresd660sd855_firmwaresd865_5g_firmwarewcn3620_firmwarewcn3988wcn6850_firmwaresd660_firmwarewcn3620wsa8815_firmwarewsa8835_firmwareqca9898wcn3610qcm6125_firmwareqca9882qcm2290_firmwarewcn3991qca8337_firmwaresda429w_firmwarewcd9380_firmwarewcn3990qca9980_firmwaresdm429wsd865_5gar9380_firmwaresdx55m_firmwareqca9558qca9558_firmwareqet4101_firmwareqca9896_firmwaremsm8909w_firmwareipq8065_firmwarewsa8835sdm429w_firmwaresd665_firmwarewcd9380sd690_5g_firmwareqca9889qca9888qca9994_firmwarewcd9335_firmwarewcn3980qsw8573qca9886wcd9340_firmwaresd855sm4125_firmwarewcn6850sd665wcn3910qca6320wsa8815sd765qca9887qca6426_firmwarewcn3660b_firmwareqca9984ipq8064ipq8069sd768g_firmwarewcn3980_firmwaresd460qca6391sdx55mipq8064_firmwaremsm8953qcm4290qca9882_firmwareqrb5165wcn6851_firmwareqca9994qca9531qca9887_firmwareqca9889_firmwareqca9980apq8009wqca9880wcd9341_firmwareqcm6125qcm4290_firmwaresd870wsa8810wcn3680bqca9886_firmwaresd768gqca6391_firmwarewcd9370_firmwaresdx55apq8053qca9990_firmwareqet4101qca9531_firmwaresdm830qca9896qcm2290Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-416
Use After Free
CVE-2024-38412
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.03% / 9.35%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 16:51
Updated-05 Feb, 2025 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in Computer Vision

Memory corruption while invoking IOCTL calls from user-space to kernel-space to handle session errors.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fastconnect_7800_firmwarewsa8840snapdragon_8_gen_3_mobile_firmwarewsa8845_firmwarewsa8845h_firmwarewsa8845snapdragon_8_gen_3_mobilewcd9395_firmwarewcd9390wsa8840_firmwarewsa8845hwcd9395fastconnect_7800wcd9390_firmwareSnapdragon
CWE ID-CWE-416
Use After Free
CVE-2024-38399
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.11% / 29.88%
||
7 Day CHG+0.02%
Published-07 Oct, 2024 | 12:58
Updated-16 Oct, 2024 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in Graphics

Memory corruption while processing user packets to generate page faults.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qam8255p_firmwaresnapdragon_8_gen_1_mobile_platformwsa8830wcd9380_firmwareqam8650pqca6595qam8775pqamsrv1mwsa8835wcn3950_firmwarewcd9380snapdragon_685_4g_mobile_platform_\(sm6225-ad\)_firmwareqca6595au_firmwaresnapdragon_685_4g_mobile_platform_\(sm6225-ad\)wcd9370qamsrv1hqam8295pwcn3950sa8650pqamsrv1h_firmwaresa9000pqca6688aqqam8295p_firmwaresa9000p_firmwaresa8775pqca6574au_firmwaresa7255pwcd9375_firmwareqca6595ausnapdragon_680_4g_mobile_platform_firmwaresa8295pfastconnect_7800sa8620p_firmwaresa6155p_firmwaresa8775p_firmwaresa8650p_firmwareqca6698aqfastconnect_6900srv1h_firmwarefastconnect_6900_firmwareqca6797aq_firmwareqca6574ausrv1hsa8155p_firmwaresa7775p_firmwaresa8195psa7255p_firmwarewsa8810_firmwarefastconnect_7800_firmwarewsa8810sa8620psa8255p_firmwaresg4150psa6155psnapdragon_8_gen_1_mobile_platform_firmwaresnapdragon_680_4g_mobile_platformqca6698aq_firmwaresrv1m_firmwaresa7775pqamsrv1m_firmwareqam8650p_firmwaresa8770p_firmwaresa8255pqam8775p_firmwareqca6696_firmwareqca6595_firmwareqca6696qca6797aqwcd9375wcd9370_firmwaresa8155pwsa8830_firmwarewsa8835_firmwaresrv1msa8195p_firmwaresa8295p_firmwareqam8255psg4150p_firmwaresa8770pqca6688aq_firmwareSnapdragonqam8255p_firmwaresa8620p_firmwaresa6155p_firmwarewcd9380_firmwaresa8775p_firmwaresa8650p_firmwarefastconnect_6900_firmwaresrv1h_firmwareqca6797aq_firmwaresa8155p_firmwaresa7775p_firmwaresa7255p_firmwarewcn3950_firmwarewsa8810_firmwarefastconnect_7800_firmwareqca6595au_firmwaresa8255p_firmwaresnapdragon_8_gen_1_mobile_platform_firmwareqca6698aq_firmwareqamsrv1m_firmwaresrv1m_firmwareqam8650p_firmwaresa8770p_firmwareqam8775p_firmwareqca6696_firmwareqca6595_firmwareqamsrv1h_firmwarewcd9370_firmwarewsa8830_firmwareqam8295p_firmwaresa9000p_firmwarewsa8835_firmwareqca6574au_firmwaresa8195p_firmwarewcd9375_firmwaresa8295p_firmwaresg4150p_firmwaresnapdragon_680_4g_mobile_platform_firmwareqca6688aq_firmware
CWE ID-CWE-416
Use After Free
CVE-2021-1891
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.04% / 13.38%
||
7 Day CHG~0.00%
Published-07 May, 2021 | 09:10
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A possible use-after-free occurrence in audio driver can happen when pointers are not properly handled in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfs2580qca9377_firmwareqpm5679_firmwaresm6250p_firmwareipq4028_firmwareqca8337qdm5579ar9380ipq8173_firmwareqfs2608_firmwareqfs2530qpm8870_firmwareqln1030pm6125qat5522_firmwarewcn3950_firmwarepm8150aqdm5670qca6595au_firmwareqpm5541_firmwareqpa5581_firmwaresa6155pm7150lqcc1110_firmwarepm8998_firmwareqpa8821wtr5975_firmwareqcs6125_firmwarepm456_firmwareqpa5580_firmwaresa415mwcn3998wcd9371_firmwarewcn3950sm4125sd720gqsw8573_firmwarewcn3660bsd450_firmwareqfe4320qsw8574_firmwaresd460_firmwaresmb2351_firmwarepm8953_firmwaresd6905gqpa4360_firmwareqca8081_firmwareqfe2520_firmwarewcn3998_firmwareapq8009w_firmwarepm855papq8053_firmwareqca6420pm6150aqpm6670_firmwareipq8070_firmwareipq8065ipq8078a_firmwarepm660_firmwarepm8150bipq8072_firmwaresa8155_firmwareipq8068qfe2101qca6430qat3522pmr735awcd9340sd765gsdr660qfs2630_firmwaresdr865qdm5620_firmwaresmb1358qca9888_firmwaresmr545qca6696_firmwareqln5020wcd9371sd870_firmwarepmm855au_firmwaresa8150ppm6350qdm5621qfe3340qtc800sqat3514_firmwareqca9992_firmwaresd660qet6105pm640p_firmwaresd660_firmwarewcn6750_firmwareqat5516_firmwarepm6150lsd450sd8885gpm855l_firmwareqca6428_firmwareqca9985_firmwareqtc410sipq4018_firmwarewcn3991qca9980_firmwareqpa8801sdm429wpm8150l_firmwareipq8173qat5533_firmwaresdx55m_firmwaresdxr25gqpa8673_firmwarepm6150smb1354_firmwaresd670_firmwareqca6574sd632_firmwareqfs2630qpa8842csr8811_firmwaresdr052_firmwarewcd9380qualcomm215qln4640qcs410qpm5579_firmwaresmb1380_firmwareqfe4309_firmwarepmk8350_firmwaresmb1381pm855p_firmwarepm7250wtr4905qpa8803sdx24_firmwareqca9985sd439_firmwaresdxr25g_firmwareqdm2301ipq6018_firmwarewcd9340_firmwarewsa8815wcn6850qfe2101_firmwareqdm5621_firmwareqdm2301_firmwareqpm6375ipq6028ipq8064wcn3980_firmwaresd730pm660l_firmwarepm6250_firmwarewcn6740_firmwarepm8008pm8350b_firmwareqtm525_firmwarepme605_firmwarepme605sd678_firmwareqpm5621_firmwareqln1021aq_firmwareqcs603rsw8577qpa6560_firmwareqca9994qpa8802_firmwareqln4640_firmwareqfe4308_firmwareqca9980qpm5621qpm6582ipq8174_firmwareapq8009wpm8009_firmwareqfe4303qfs2580_firmwaresd670qcm4290_firmwarepm8150lpmi8998_firmwareqcs610_firmwaresa6145ppm660a_firmwarepm215pm4250qca9886_firmwarear8031qpm5577wtr2965sa2150pqca6391_firmwarepm8150qca4024pmi8937_firmwarewcd9370_firmwareqat3516_firmwaresdx55apq8053csra6640pm8350bhsqat3555_firmwareqpa8803_firmwarewcn3660pm855bsmb2351qln1031qpm5870pm8909wsa8830pm660qet6110_firmwareqdm5579_firmwareqpm6325pm6125_firmwareqbt1500qpa5581csrb31024pmx24_firmwareqbt1500_firmwareqpm5870_firmwareqca9992qcs4290pmm855auqet6100qca6420_firmwaresmb1394_firmwaresmb1396pm7150asd675_firmwareipq8072pm8350qca6564qpa4361_firmwarepm8350c_firmwareqpa5461_firmwareqca6426wcn3990_firmwareqca9984_firmwareqca9377qpm5641qpa5373_firmwarewcd9385_firmwareqdm5650_firmwareqpa4340_firmwarewcd9326_firmwarewcn3615_firmwarewtr2955pm7250_firmwaresdr845_firmwareqdm5620qln1021aqipq8074asmb1380pmk8002_firmwareqsw6310_firmwaresa8155qln1031_firmwareqdm4650_firmwareqcn5122_firmwarepmm6155au_firmwareqat5533sdx55_firmwarewcn3615sm7250p_firmwarewcn3610_firmwareqsm7250_firmwareqpm6670pm7150l_firmwareqca6584auqpm4641qat5515_firmwareipq8174pm855qpm8830_firmwaresd429pm8250qdm4643qfs2530_firmwaresa415m_firmwarepmx55qpm4641_firmwarewcn3988_firmwaresd205sd429_firmwarepm8150c_firmwareqca6421qdm3301qpa8842_firmwareqat3519_firmwaresa8195psdr735_firmwarepm8953qat5515qpm5677qat3514wcd9326wcd9335pm6350_firmwarepm8004_firmwaresdr8150_firmwareqcs4290_firmwarepm439qtc800h_firmwarepmk7350_firmwareqpm5620qpm4630qca6390qca9898_firmwaresd750g_firmwareaqt1000wcd9375sm6250_firmwarepmm8195auqln4642msm8917_firmwareqpm5677_firmwareipq8074a_firmwarewsa8815_firmwarepmi8937pm8998pmk7350sdw3100qpm8820_firmwaresmr525_firmwarewtr3925_firmwareqfe4301_firmwareapq8017qln1020_firmwareqpm6621_firmwarepm670a_firmwareqcm6125_firmwarepmx55_firmwarewtr2955_firmwareqfe4373fc_firmwareqca6595pm8150_firmwaresmb1398_firmwareqpm8830qat5522ipq8065_firmwarepm8150cpmr735bsd665_firmwareqpa4360pmk8003_firmwareqca8075_firmwareqpa4361qpm4640_firmwareqpm5577_firmwareqdm5679_firmwarepm8350csmr525qca9888qca6310_firmwareqfe4305_firmwareipq8070a_firmwarepm6150l_firmwarepmr525pm8150a_firmwareqca6574_firmwareqca9886qln1036aq_firmwaresd665pm6150a_firmwarepm6150_firmwaresd765qca6574a_firmwareqpm4630_firmwareqat3555qpa5461sd8c_firmwarewtr2965_firmwarepm670_firmwarecsrb31024_firmwareqfs2608sd480_firmwareqln1036aqqtc801sipq6028_firmwareipq8072a_firmwareqpm5641_firmwareqca9889_firmwaresd710qcn5122pm8008_firmwareqpm6621pmr735a_firmwarepmw3100pmx50qca6564_firmwaresdr8250sd768gqln1030_firmwarewcn6740pmw3100_firmwarepm8004pm640lpmk8002qca8075sd845ipq6000_firmwareqcs410_firmwareqpa5580qpm5579qfe2550sa6150p_firmwareqcs610qcn5550qpm5620_firmwareqdm2307qca6431_firmwareqpa8802wcd9360_firmwareqpm6585_firmwareqat3519qbt2000_firmwareqca4024_firmwareipq8078aqtc800hsa8150p_firmwareqcs2290sdr8250_firmwareqca6335msm8917csra6620_firmwareqcs605_firmwareqln1020smr546_firmwareqdm5671csra6640_firmwarepmc1000hqpm4650_firmwareqat3518sd8csd632sdr425_firmwaresmr526_firmwareipq8076apm640a_firmwarewgr7640_firmwareqdm2305_firmwareqpm5670_firmwaresd710_firmwareqca6428qdm5652qca6574au_firmwareipq8071qpm8870wcd9375_firmwareqpm5679qbt2000sa6155_firmwaremsm8909wwcd9360qca6438_firmwarepmx50_firmwareqpa8675_firmwaresdr735gwcn3999qdm3301_firmwareqca7500qsm7250ipq4029_firmwareqcs6125ipq6010sd662_firmwareqcc1110qcs405smb1360qualcomm215_firmwarersw8577_firmwareqdm2308_firmwarepm439_firmwareqca6436wcn6851sa6155pqcs603_firmwareqpa6560sdr675_firmwarewcn3660_firmwarewcd9341ipq8068_firmwarepmi8952pm8937_firmwareqca6431qdm4643_firmwaresm7350_firmwareqet4100_firmwaresd750gqfe4320_firmwareqdm3302wcn3910_firmwareqpm5657qpm5875_firmwarewsa8830_firmwaresd855_firmwareqdm5650wcn3988qca6438wtr3925sdr052sa8195p_firmwaresmb1390sdw3100_firmwareqca9898ipq4028qet4100wcn3610qpa8686_firmwareqpm6585qca8337_firmwaresda429w_firmwarewcd9380_firmwaresmb1355ipq8072aqca7500_firmwareqln4650sdr735g_firmwarepm8350bhs_firmwarewgr7640ipq8076a_firmwareqat5568qdm5671_firmwareqet5100qca6564auqpa8801_firmwareqtm527_firmwarewcn6856_firmwarepm8005_firmwareqet4101_firmwarepm7250bqln4642_firmwaresmb1355_firmwarepm7250b_firmwarepmd9655_firmwaresmb1351_firmwaresdx50m_firmwaresdr735smb1395pm660lsmr526wtr5975qca6430_firmwarepmk8003qtc801s_firmwarewcd9335_firmwareqat3522_firmwarewcn3980pm7350c_firmwareqca6335_firmwareqsw8573qcs605wcn3910smb1394qca6426_firmwarepm8350_firmwarewcn3660b_firmwarewcn3680qca9984qfe4309pm8009qpa8675qcn5550_firmwaresdr051_firmwaresdx55mipq8064_firmwarepm670aqca6421_firmwareqfe4373fcmsm8953qat3518_firmwarepmi8998qfe2520qsw8574sd6905g_firmwarear8031_firmwarewcn3680_firmwarepm855lwcn6851_firmwareqdm5670_firmwareipq8070sd8655gpm7150a_firmwarepm8150b_firmwareqfe4302smr545_firmwarepmc1000h_firmwareqca6564a_firmwareqdm2310_firmwarepm4250_firmwareqca9880sd480sd870sd8885g_firmwarepm670sd210_firmwareqdm5677pm8005ipq6018pm855_firmwareqdm2302pmm6155ausdxr1pm855b_firmwareqca6595_firmwareqcs405_firmwareqpm6582_firmwareqpm6375_firmwarepm640l_firmwareqln4650_firmwareqpm5875qet5100msd888_firmwaresa8155psd675sd439qet4101qat3516pm670lqpm5658ar8035_firmwareqcm2290qpm5658_firmwarewcn3991_firmwareqdm5652_firmwarepmm8155au_firmwaresd678sdr051qln5030qcs2290_firmwarepm4125pmi632qpa2625_firmwarepm456pm8350bh_firmwarecsra6620pmr735b_firmwareqet5100_firmwareqpa5373qpm4621smb1360_firmwareqca9880_firmwareqet6100_firmwarepm670l_firmwaresdr660gsd765g_firmwareqpa8686smb1358_firmwareqca6390_firmwareipq6000sd730_firmwarewcd9370qcn5152_firmwaresdr425pmr525_firmwareqca6584au_firmwareqfe3340_firmwarepmi632_firmwareqpm5541qat5516sd662qpa8821_firmwareqfe4308sdr660g_firmwarepm8350bhpm3003awcn3680b_firmwareqca6595auwcn3999_firmwareqca6436_firmwaresm7350smb1354qca6564au_firmwareqdm2305sa6155p_firmwareqca6310qpm8820pm8937qpm2630qln5020_firmwaresa515m_firmwareqca9990smb1398sa6145p_firmwaresdr675sm6250apq8017_firmwarewsa8810_firmwaresd765_firmwareqdm5677_firmwareqca8081ipq8071aqca6174a_firmwareipq8071a_firmwarewcd9385qpm6325_firmwareqdm2302_firmwareqat3550_firmwarepmm8155auqln5040_firmwarepm4125_firmwarear8035csr8811qpa8673qdm2310qfe2550_firmwaremsm8953_firmwareqln5030_firmwaresda429wsd210wcn3620_firmwareqfe4302_firmwaresmb1396_firmwarewcn6850_firmwarewcn3620wsa8835_firmwareqca6564asmr546pmx24qet6110pmi8952_firmwareqcm2290_firmwareqln5040qpm8895sdr845qpm5670wcn3990qtm527ar9380_firmwarepmk8350sdx24qdm3302_firmwaresd888pm8350bqdm2307_firmwaremsm8909w_firmwarewsa8835sdm429w_firmwareqpm5657_firmwaresm6250psdr660_firmwarepm8909_firmwareipq4018qca6574apm8916_firmwareqca9889qca6174asmb1390_firmwareipq8074qfe4303_firmwareqca9994_firmwareqpm4640wcn6750pm7350cqet5100m_firmwareipq8076_firmwareqpm4650qtm525sa515msa2150p_firmwarewtr6955sd855sm4125_firmwaresd8cxqfe4305ipq8076wtr6955_firmwarepm640pqcn5152sd768g_firmwaresdr865_firmwarepm8250_firmwaresd460qca6391sd8cx_firmwaresdxr1_firmwaresmb1351aqt1000_firmwarepm215_firmwareqpm8895_firmwarepm660aqpa4340qcm4290sdx50mpm640asdr8150pm8916smb1395_firmwareqdm4650pmd9655ipq8074_firmwareqca6574ausa8155p_firmwaresd205_firmwareqsw6310qet6105_firmwaresd8655g_firmwarewcd9341_firmwareqcm6125wsa8810qtc410s_firmwareqpm2630_firmwareqat5568_firmwareqdm2308qat3550wtr4905_firmwarewcn6856qdm5679wcn3680bipq6010_firmwarepm3003a_firmwareqca6696qfe4301qtc800s_firmwaresmb1381_firmwaresd845_firmwareqpa2625sa6150pqca9990_firmwareipq8070apmm8195au_firmwaresm7250psd720g_firmwareipq8071_firmwareqpm4621_firmwareipq4029pm6250Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-416
Use After Free
CVE-2021-0483
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.29%
||
7 Day CHG~0.00%
Published-22 Oct, 2021 | 13:26
Updated-03 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple methods of AAudioService, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-153358911

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2021-0330
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.02%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 16:49
Updated-03 Aug, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In add_user_ce and remove_user_ce of storaged.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in storaged with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-170732441

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2021-0684
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.18%
||
7 Day CHG~0.00%
Published-06 Oct, 2021 | 14:11
Updated-03 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In TouchInputMapper::sync of TouchInputMapper.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-179839665

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2021-0612
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.19%
||
7 Day CHG~0.00%
Published-27 Sep, 2021 | 11:21
Updated-03 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In m4u, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05425834.

Action-Not Available
Vendor-n/aGoogle LLCMediaTek Inc.
Product-mt6757cdmt6592hmt6873mt6893mt6799mt6580mt6750mt6582emt6755smt6595mt6757cmt6765mt6737mt6883mt6891mt6592tmt6853tmt6739mt6757mt6797mt6769mt6761mt6875mt6889mt6768mt6755mt6592_90mt6771mt6758mt6833mt6732mt6885mt6582tmt6735mt6750smt6753mt6762mt6795mt6877mt6582wmt6853androidmt6757chmt6589tdmt6592emt6589mt6582hmt6582_90mt6752mt6779mt6785mt6731mt6763mt6592wMT6580, MT6582E, MT6582H, MT6582T, MT6582W, MT6582_90, MT6589, MT6589TD, MT6592E, MT6592H, MT6592T, MT6592W, MT6592_90, MT6595, MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893
CWE ID-CWE-416
Use After Free
CVE-2021-1048
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-1.66% / 81.85%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 18:05
Updated-23 Oct, 2025 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-13||Apply updates per vendor instructions.

In ep_loop_check_proc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204573007References: Upstream kernel

Action-Not Available
Vendor-n/aGoogle LLCAndroid
Product-androidAndroidKernel
CWE ID-CWE-416
Use After Free
CVE-2021-0497
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.78%
||
7 Day CHG-0.00%
Published-11 Jun, 2021 | 16:42
Updated-03 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461320

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2021-0527
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.19%
||
7 Day CHG-0.00%
Published-21 Jun, 2021 | 16:01
Updated-03 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185193931

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2021-0310
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.78%
||
7 Day CHG~0.00%
Published-11 Jan, 2021 | 21:48
Updated-03 Aug, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In LazyServiceRegistrar of LazyServiceRegistrar.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Android ID: A-170212632.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2021-0399
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.76% / 73.04%
||
7 Day CHG~0.00%
Published-10 Mar, 2021 | 15:41
Updated-03 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In qtaguid_untag of xt_qtaguid.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-176919394References: Upstream kernel

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • ...
  • 56
  • 57
  • 58
  • ...
  • 63
  • 64
  • Next
Details not found