Race condition

Use after free due to race condition when reopening the device driver repeatedly in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure...

CVE-2020-11262

CVE-2020-11262 describes a race between command submission and context destruction that can cause an invalid context to be added, leading to a use-after-free condition. Reported for Snapdragon Auto/Compute/Connectivity/Consumer IOT/Industrial IOT/Mobile/Voice & Music/Wearables (Qualcomm/Snapdrago...

CVE-2020-11260

An improper free of uninitialized memory can occur in DIAG services in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile...

CVE-2020-11261

Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

CVE-2020-11260

CVE-2020-11260 affects Qualcomm Snapdragon DIAG services (Snapdragon Compute/Industrial IOT/Mobile). The issue is an improper free of uninitialized memory in DIAG components. NVD notes LOCAL attack vector, low complexity, no authentication, and potential full impact on confidentiality, integrity,...

CVE-2020-11250

CVE-2020-11250 is a use-after-free vulnerability caused by a race condition when reopening a Snapdragon device driver repeatedly across Snapdragon Auto/Compute/Connectivity/Consumer IoT/Industrial IoT/Mobile/Voice & Music/Wearables/Wired Infrastructure and Networking. Affects Qualcomm components ...

CVE-2020-11239

CVE-2020-11239 describes a use-after-free when importing a DMA buffer using the CPU address due to an attachment not being cleaned up. Affected are Qualcomm/Snapdragon platforms (Snapdragon Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, Mobile, Voice & Music, Wearables). The root caus...

CVE-2020-11239

Use after free issue when importing a DMA buffer by using the CPU address of the buffer due to attachment is not cleaned up properly in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,...

CVE-2020-11240

CVE-2020-11240 describes a memory corruption issue in Qualcomm Snapdragon components triggered by an ioctl command with an incorrect copy size. The vulnerability affects a broad set of Snapdragon products (Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, Mobile, Voice & Music, Wearables...

CVE-2020-11238

Possible Buffer over-read in ARP/NS parsing due to lack of check of packet length received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music...

CVE-2020-11235

CVE-2020-11235 describes a buffer overflow that can occur while parsing a unified command due to insufficient input validation in Qualcomm Snapdragon components (Auto, Compute, Connectivity, etc.). The issue is triggered locally and can impact confidentiality, integrity, and availability, as indi...

CVE-2020-11235

Buffer overflow might occur while parsing unified command due to lack of check of input data received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobil...

CVE-2020-11182

Possible heap overflow while parsing NAL header due to lack of check of length of data received from user in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile...

CVE-2020-11182

CVE-2020-11182: Affects Snapdragon/Qualcomm components where a heap overflow can occur while parsing the NAL header due to missing length validation of user-supplied data. Description explicitly lists Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, and Mobile as impacted. Ro...

CVE-2020-11165

Memory corruption due to buffer overflow while copying the message provided by HLOS into buffer without validating the length of buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired...

CVE-2020-11165

CVE-2020-11165 : Memory corruption due to a buffer overflow when copying the HLOS message into a buffer without validating its length. Affects Qualcomm Snapdragon platforms (Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, Wired Infrastructure and Networking). Root ca...

CVE-2020-11161

CVE-2020-11161 involves an out-of-bounds memory access in Qualcomm Snapdragon components when computing alignment for a negative width supplied by external components. Affected are Snapdragon Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, Mobile, and Voice & Music stacks. The issue is...

CVE-2020-11160

Resource leakage issue during dci client registration due to reference count is not decremented if dci client registration fails in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

CVE-2020-11160

CVE-2020-11160 describes a resource leakage due to a reference count not being decremented when dci client registration fails. This affects Qualcomm Snapdragon platforms (Auto, Compute, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wearables). The vulnerability centers on the dci client re...

CVE-2020-11134

CVE-2020-11134 affects Qualcomm Snapdragon family (Snapdragon Auto/Compute/Connectivity, etc.). The root cause is insufficient validation of time bitmap length and bit duration fields in NAN management frame attributes, leading to a possible stack out-of-bounds write within NAN ranging setup. The...