CVE-2020-11277

CVE-2020-11277 describes a race condition in Qualcomm/Snapdragon platforms (Compute, Industrial IoT, Mobile) during an async fastrpc session: the fastrpc context can be freed after sending an RPC, creating a potential vulnerability during async processing. The provided sources (Red Hat advisory a...

CVE-2020-11277

Possible race condition during async fastrpc session after sending RPC message due to the fastrpc ctx gets free during async session in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile...

CVE-2020-11275

CVE-2020-11275 involves a possible buffer over-read when parsing a quiet Information Element in an Rx beacon frame on Qualcomm Snapdragon platforms (Auto/Compute/Connectivity, Consumer Electronics Connectivity, IoT, Industrial IoT, Mobile, etc.). The root cause is an improper check of the IE leng...

CVE-2020-11270

CVE-2020-11270 : A DoS condition in Qualcomm Snapdragon firmware (across Snapdragon Auto, Compute, Connectivity, and related Snapdragon platforms) arises when an RTT responder consistently rejects all FTMR by sending FTM1 with a failure status in the FTM parameter IE. This vulnerability is descri...

CVE-2020-11253

CVE-2020-11253 describes an Arbitrary memory write in the video driver when setting internal buffers across Snapdragon Auto/Compute/Connectivity/Consumer IOT/Industrial IOT/Mobile. The root cause is memory corruption within the video driver’s buffer setup, leading to potential impact on confident...

CVE-2020-11269

CVE-2020-11269 is a memory corruption issue described as occurring while processing EAPOL frames due to insufficient validation of key length in Qualcomm Snapdragon families (Auto, Compute, Connectivity, and related Snapdragon components). The initial entry lists a high severity (CVSS v3.1 base 8...

CVE-2020-11223

CVE-2020-11223 affects Qualcomm camera driver components (Snapdragon family). Root cause: out-of-bounds write due to lack of validation of array index before copying into an array. Impact described as high with local attacker access and potential to compromise confidentiality, integrity, and avai...

CVE-2020-11223

Out of bound in camera driver due to lack of check of validation of array index before copying into array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables...

CVE-2020-11204

Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for parameters that are read from shared MSG RAM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdrag...

CVE-2020-11195

Out of bound write and read in TA while processing command from NS side due to improper length check on command and response buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music...

CVE-2020-11198

Key material used for TZ diag buffer encryption and other data related to log buffer is not wiped securely due to improper usage of memset in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &...

CVE-2020-11195

CVE-2020-11195 concerns an out-of-bounds read/write in the Trust Authority (TA) when processing commands from the NS side, caused by an improper length check on command and response buffers. Affected are Snapdragon platforms including Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mob...

CVE-2020-11194

CVE-2020-11194 affects Qualcomm Snapdragon platforms (Snapdragon Auto/Compute/Connectivity/Consumer IOT/Industrial IOT/Mobile/Wired Infrastructure and Networking). The issue is a possible out-of-bounds access in the Trust Authority (TA) when processing a command received from the Network Subsyste...

CVE-2020-11177

CVE-2020-11177 affects Qualcomm closed‑source components in Snapdragon devices (Auto/Compute/Connectivity/IOT/Wearables, etc.). The issue arises from improper validation of the SPC code setting and device lock, allowing a local attacker to overwrite the Security Code NV item without current SPC b...

CVE-2020-11170

CVE-2020-11170 involves an out-of-bounds memory access during Vorbis audio playback due to improper header extraction checks in Qualcomm/ Snapdragon components (Auto, Compute, Connectivity, IOT, Mobile, etc.). Root cause: insufficient validation in header parsing leads to memory access beyond bou...

CVE-2020-11147

Use after free issue in audio modules while removing and freeing objects during list iteration due to incorrect usage of macro in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile...

CVE-2020-11147

CVE-2020-11147 affects Snapdragon Compute, Snapdragon Industrial IOT, and Snapdragon Mobile: a use-after-free in audio modules caused by incorrect macro usage during list iteration when removing/freeing objects. Root cause is the macro misuse leading to freeing objects while iterating. Documented...

Heap overflow

Heap overflow in the BMC firmware for some IntelR Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access...

Input validation

Insufficient input validation in the BMC firmware for some IntelR Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access...

Cross site scripting

Out of bounds read in the BMC firmware for some IntelR Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access...