Total
314 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-3588 | 1 Qualcomm | 22 Mdm9206, Mdm9206 Firmware, Mdm9607 and 19 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
There is improper access control of the SSC and GPU mapped regions which lead to inject code from HLOS in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, SDA660. | |||||
CVE-2017-18155 | 1 Qualcomm | 12 Msm8996au, Msm8996au Firmware, Sd 450 and 9 more | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
While playing HEVC content using HD DMB in Snapdragon Automobile and Snapdragon Mobile in version MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, an uninitialized variable can be used leading to a kernel fault. | |||||
CVE-2017-18298 | 1 Qualcomm | 52 Mdm9206, Mdm9206 Firmware, Mdm9607 and 49 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Lack of Input Validation in SDMX API can lead to NULL pointer access in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660 . | |||||
CVE-2017-18330 | 1 Qualcomm | 78 Ipq8074, Ipq8074 Firmware, Mdm9206 and 75 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Buffer overflow in AES-CCM and AES-GCM encryption via initialization vector in snapdragon automobile, snapdragon mobile and snapdragon wear in versions IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016. | |||||
CVE-2018-11948 | 1 Qualcomm | 60 Msm8996au, Msm8996au Firmware, Qcs605 and 57 more | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
Exceeding the limit of usage entries are not tracked and the information will be lost causing the content to lose continuity in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in versions MSM8996AU, QCS605, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130. | |||||
CVE-2018-13900 | 1 Qualcomm | 70 Mdm9150, Mdm9150 Firmware, Mdm9206 and 67 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Use-after-free vulnerability will occur as there is no protection for the route table`s rule in IPA driver in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in versions MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24. | |||||
CVE-2017-18317 | 1 Qualcomm | 10 Msm8996au, Msm8996au Firmware, Sd 410 and 7 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Restrictions related to the modem (sim lock, sim kill) can be bypassed by manipulating the system to issue a deactivation flow sequence in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU,SD 410/12,SD 820,SD 820A. | |||||
CVE-2018-11850 | 1 Qualcomm | 48 Mdm9206, Mdm9206 Firmware, Mdm9607 and 45 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Lack of check on remaining length parameter When processing scan start command will lead to buffer flow in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 625, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20 | |||||
CVE-2018-13905 | 1 Qualcomm | 40 Mdm9206, Mdm9206 Firmware, Mdm9607 and 37 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
KGSL syncsource lock not handled properly during syncsource cleanup can lead to use after free issue in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, QCS605, SD 210/SD 212/SD 205, SD 439 / SD 429, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SD 855, SDM439, SDM660, SDX24. | |||||
CVE-2017-18311 | 1 Qualcomm | 70 Mdm9607, Mdm9607 Firmware, Mdm9635m and 67 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
XPU Master privilege escalation is possible due to improper access control of unused configuration xPU ports where unused configuration ports are open in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016. | |||||
CVE-2018-11945 | 1 Qualcomm | 100 Mdm9150, Mdm9150 Firmware, Mdm9206 and 97 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Improper input validation in wireless service messaging module for data received from broadcast messages can lead to heap overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in versions MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130. | |||||
CVE-2018-11264 | 1 Qualcomm | 38 Mdm9206, Mdm9206 Firmware, Mdm9607 and 35 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Possible buffer overflow in Ontario fingerprint code due to lack of input validation for the parameters coming into TZ from HLOS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDA660. | |||||
CVE-2018-11932 | 1 Qualcomm | 40 Mdm9650, Mdm9650 Firmware, Mdm9655 and 37 more | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
Improper input validation can lead RW access to secure subsystem from HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in versions MDM9650, MDM9655, MSM8996AU, QCS605, SD 410/12, SD 615/16/SD 415, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SXR1130. | |||||
CVE-2018-11931 | 1 Qualcomm | 80 Mdm9150, Mdm9150 Firmware, Mdm9206 and 77 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Improper access to HLOS is possible while transferring memory to CPZ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in versions MDM9150, MDM9206, MDM9607, MDM9650, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130. | |||||
CVE-2018-11855 | 1 Qualcomm | 34 Mdm9607, Mdm9607 Firmware, Mdm9650 and 31 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
If an end user makes use of SCP11 sample OCE code without modification it could lead to a buffer overflow when transmitting a CAPDU in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT and Snapdragon Mobile in versions MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 636, SD 820, SD 820A, SD 835, SD 8CX, SDA660, SDM630, SDM660. | |||||
CVE-2018-11279 | 1 Qualcomm | 92 Mdm9206, Mdm9206 Firmware, Mdm9607 and 89 more | 2024-02-28 | 8.3 HIGH | 8.8 HIGH |
Lack of check of input size can make device memory get corrupted because of buffer overflow in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 810, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130 | |||||
CVE-2018-11305 | 1 Qualcomm | 50 Mdm9206, Mdm9206 Firmware, Mdm9607 and 47 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
When a series of FDAL messages are sent to the modem, a Use After Free condition can occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20. | |||||
CVE-2018-13912 | 1 Qualcomm | 72 Mdm9150, Mdm9150 Firmware, Mdm9206 and 69 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Arbitrary write issue can occur when user provides kernel address in compat mode in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24. | |||||
CVE-2017-18323 | 1 Qualcomm | 70 Mdm9206, Mdm9206 Firmware, Mdm9607 and 67 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Cryptographic key material leaked in TDSCDMA RRC debug messages in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130. | |||||
CVE-2018-5916 | 1 Qualcomm | 70 Mdm9206, Mdm9206 Firmware, Mdm9607 and 67 more | 2024-02-28 | 6.1 MEDIUM | 6.5 MEDIUM |
Buffer overread while decoding PDP modify request or network initiated secondary PDP activation in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX20, SXR1130. |