Input validation

RRC sends a connection establishment success to NAS even though connection setup validation returns failure and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile...

Input validation

Unintended reads and writes by NS EL2 in access control driver due to lack of check of input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking...

Cross site scripting

Out-of-bounds read vulnerability while accessing DTMF payload due to lack of check of buffer length before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music,...

Denial of service

Denial of service while processing RTCP packets containing multiple SDES reports due to memory for last SDES packet is freed and rest of the memory is leaked in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,...

Double free

A double free condition can occur when the device moves to suspend mode during secure playback in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile...

Design/Logic Flaw

Memory crash when accessing histogram type KPI input received due to lack of check of histogram definition before accessing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile...

CVE-2021-1892

Memory corruption due to improper input validation while processing IO control which is nonstandard in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Wired Infrastructure and Networking...

CVE-2021-1892

CVE-2021-1892 describes memory corruption due to improper input validation when processing IO control that is nonstandard in Qualcomm Snapdragon components (Compute, Connectivity, Consumer Electronics Connectivity, Wired Infrastructure and Networking). Connected sources confirm the issue across Q...

CVE-2020-11255

Denial of service while processing RTCP packets containing multiple SDES reports due to memory for last SDES packet is freed and rest of the memory is leaked in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,...

CVE-2020-11252

The CVE-2020-11252 issue concerns Qualcomm Snapdragon devices where the TrustZone initialization code disables xPU when memory dumps are enabled, leading to potential information disclosure across Snapdragon Auto/Compute/Connectivity/Consumer IoT/Industrial IoT/Mobile/Voice & Music/Wired Infrastr...

CVE-2020-11252

Trustzone initialization code will disable xPUs when memory dumps are enabled and lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired...

CVE-2020-11251

CVE-2020-11251 is an out‑of‑bounds read vulnerability described as a lack of buffer length checks before copying during DTMF payload access in Qualcomm/Snapdragon platforms (Auto, Compute, Connectivity, IOT, Wearables, etc.). The root cause is a missing length check when handling DTMF payloads, l...

CVE-2020-11243

CVE-2020-11243 affects Qualcomm closed-source components on Snapdragon platforms (Auto, Compute, Connectivity, Mobile). Technical detail: RRC sends a connection-establishment success to NAS even when the connection setup validation fails, causing a Denial of Service. The CVE is referenced in mult...

CVE-2020-11245

CVE-2020-11245 describes unintended reads and writes by NS EL2 in the access control driver due to a lack of input validation checks across Qualcomm/Snapdragon components (Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, and Wired Infrastructure & Networking). The issue affects ...

CVE-2020-11243

RRC sends a connection establishment success to NAS even though connection setup validation returns failure and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile...

CVE-2020-11245

Unintended reads and writes by NS EL2 in access control driver due to lack of check of input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking...

CVE-2020-11236

Memory corruption due to invalid value of total dimension in the non-histogram type KPI could lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile...

CVE-2020-11237

The CVE-2020-11237 entry concerns a memory crash caused by not checking the histogram definition before accessing it in Qualcomm Snapdragon components (Snapdragon Auto/Compute/Connectivity/Mobile). The issue is triggered during histogram KPI input handling and is documented as a local issue with ...

CVE-2020-11237

Memory crash when accessing histogram type KPI input received due to lack of check of histogram definition before accessing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile...

CVE-2020-11234

CVE-2020-11234 describes a Use-After-Free condition in Qualcomm Snapdragon family firmware: when sending a socket event message to a user application, invalid information can be passed if the socket is freed by another thread, leading to a local impact on Snapdragon Auto, Snapdragon Compute, Snap...