NVIDIA Jetson 输入验证错误漏洞

Nvidia NVIDIA Jetson is an embedded system development module from Nvidia Corporation. NVIDIA Jetson suffers from an Input Validation Error vulnerability that stems from a vulnerability in Trusty's command handler that contains unvalidated input buffer lengths. An attacker could exploit this...

CVE-2020-11289

Out of bound write can occur in TZ command handler due to lack of validation of command ID in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables,...

Design/Logic Flaw

Out of bound write can occur in TZ command handler due to lack of validation of command ID in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables,...

CVE-2020-11289

CVE-2020-11289 describes an out-of-bounds write in the TZ command handler due to missing validation of the command ID in Qualcomm Snapdragon SoCs. Affected families include Snapdragon Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, IoT, Mobile, Voice & Music, Wearables, and Wired/WAN p...

CVE-2020-11289

Out of bound write can occur in TZ command handler due to lack of validation of command ID in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables,...

Command injection

In the FPC TrustZone fingerprint App, there is a possible invalid command handler due to an exposed test feature. This could lead to local escalation of privilege in the TEE, with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Andro...

CVE-2019-14074

u'Heap overflow in diag command handler due to lack of check of packet length received from user' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice ...

CVE-2019-14074

CVE-2019-14074 describes a heap overflow in the diag command handler caused by missing packet-length validation, affecting numerous Qualcomm Snapdragon platforms (e.g., APQ8009, SDM8xx/9x, and other Snapdragon families). The issue is localized (local attacker) and is described in public CVE listi...

CVE-2019-14074

u'Heap overflow in diag command handler due to lack of check of packet length received from user' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice ...

CVE-2019-14101

Out of bounds read can happen in diag event set mask command handler when user provided length in the command request is less than expected length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon...

CVE-2019-14101

Out of bounds read can happen in diag event set mask command handler when user provided length in the command request is less than expected length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon...

CVE-2019-14101

CVE-2019-14101 affects Qualcomm Snapdragon platforms (e.g., Auto, Compute, Connectivity, IOT, Mobile, Wearables) including APQ8009/8096 families and many MSM/SDM/QCS/SXR devices. The vulnerability is an out-of-bounds read in the diag event set mask command handler when the provided length in the ...

CVE-2019-14094

Integer overflow in diag command handler when user inputs a large value for number of tasks field in the request packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT...

Integer overflow

Integer overflow in diag command handler when user inputs a large value for number of tasks field in the request packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT...

CVE-2019-14094

CVE-2019-14094 describes an integer overflow in the diag command handler when a large value is supplied for the number of tasks in request packets. Affected products are Qualcomm Snapdragon families including Snapdragon Auto, Compute, Connectivity, etc., across numerous SoCs (e.g., APQ8009, APQ80...

CVE-2020-13840

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 MTK chipsets. Code execution can occur via an MTK AT command handler buffer overflow. The LG ID is LVE-SMP-200008 June 2020...

CVE-2020-13841

An issue was discovered on LG mobile devices with Android OS 9 and 10 MTK chipsets. An AT command handler allows attackers to bypass intended access restrictions. The LG ID is LVE-SMP-200009 June 2020...

CVE-2020-13841

An issue was discovered on LG mobile devices with Android OS 9 and 10 MTK chipsets. An AT command handler allows attackers to bypass intended access restrictions. The LG ID is LVE-SMP-200009 June 2020...

Buffer overflow

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 MTK chipsets. Code execution can occur via a custom AT command handler buffer overflow. The LG ID is LVE-SMP-200007 June 2020...

Command injection

An issue was discovered on LG mobile devices with Android OS 9 and 10 MTK chipsets. An AT command handler allows attackers to bypass intended access restrictions. The LG ID is LVE-SMP-200009 June 2020...