CVE-2020-3686

CVE-2020-3686 concerns a memory out-of-bounds issue during music playback when an incorrect bitstream is copied into an array without length checks in Qualcomm Snapdragon components (Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables, and related infr...

CVE-2020-3686

Possible memory out of bound issue during music playback when an incorrect bit stream content is copied into array without checking the length of array in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon...

CVE-2020-3685

Pointer variable which is freed is not cleared can result in memory corruption and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdrago...

CVE-2020-3685

CVE-2020-3685 affects Qualcomm closed‑source components used in Snapdragon platforms. The issue arises from a freed pointer variable not being cleared, which can lead to memory corruption and result in a denial of service on devices such as Snapdragon Auto, Compute, Connectivity, IoT, Wearables, ...

CVE-2020-11217

A possible double free or invalid memory access in audio driver while reading Speaker Protection parameters in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile...

CVE-2020-11225

Out of bound access in WLAN driver due to lack of validation of array length before copying into array in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon...

CVE-2020-11225

CVE-2020-11225 is an out-of-bounds access issue in the WLAN host component used by Qualcomm Snapdragon WLAN/driver across multiple Snapdragon lines. The root cause is lack of validation of array length before copying into an array, enabling a potential memory corruption scenario. Documented impac...

CVE-2020-11217

CVE-2020-11217 involves a vulnerability in the Qualcomm Snapdragon audio driver (Speaker Protection parameters) that can cause a double free or invalid memory access in the affected audio subsystem. Reported impact targets Snapdragon Compute, Connectivity, Industrial IoT, and Mobile SKUs, with th...

CVE-2020-11216

Buffer over read can happen in video driver when playing clip with atomsize having value UINT32MAX in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

CVE-2020-11216

CVE-2020-11216 is a buffer over-read in the video driver when playing a clip where atomsize equals UINT32_MAX, affecting Qualcomm Snapdragon platforms (Auto/Compute/Connectivity/Consumer IOT/Industrial IOT/Mobile/Voice & Music/Wearables). The issue is triggered during video processing and is docu...

CVE-2020-11214

CVE-2020-11214 concerns a buffer over-read in processing an NDL attribute on Qualcomm Snapdragon firmware across multiple Snapdragon lines (Auto, Compute, Connectivity, Consumer Electronics Connectivity, Consumer IoT, Industrial IoT, Mobile, Voice & Music, Wired Infrastructure & Networking). The ...

CVE-2020-11215

The CVE-2020-11215 entry concerns Qualcomm Snapdragon components (Snapdragon Auto, Compute, Connectivity, and related features across multiple Snapdragon lines) where an out-of-bounds read can occur while processing a VSA attribute due to an improper minimum length check. Affected products includ...

CVE-2020-11213

Out of bound reads might occur in while processing Service descriptor due to improper validation of length of fields in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,...

CVE-2020-11212

CVE-2020-11212 describes an out-of-bounds read during parsing of NAN beacon attributes and OUIs caused by an improper length check in Qualcomm Snapdragon components (Auto, Compute, Connectivity, CE Connectivity, Consumer IoT, Industrial IoT, IoT, Mobile, Voice & Music, Wired Infrastructure and Ne...

CVE-2020-11200

CVE-2020-11200 is a buffer over-read during parsing of RPS caused by insufficient input validation, affecting Qualcomm Snapdragon family (Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, Mobile). The vulnerability concerns a faulty parse path in a component/function/file used by Snapdra...

CVE-2020-11197

Possible integer overflow can occur when stream info update is called when total number of streams detected are zero while parsing TS clip with invalid data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,...

CVE-2020-11181

Out of bound access issue while handling cvp process control command due to improper validation of buffer pointer received from HLOS in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile...

CVE-2020-11180

Out of bound access in computer vision control due to improper validation of command length before processing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile...

CVE-2020-11180

The CVE-2020-11180 issue is an out-of-bounds access in Snapdragon computer vision controls caused by improper validation of command length before processing. Affected components include Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT and Mobile; the root cause is input length...

CVE-2020-11152

CVE-2020-11152 describes a race condition in the HAL layer when processing callback objects from HIDL across Qualcomm Snapdragon Auto/Compute/Consumer IoT/Industrial IoT/Mobile/Wearables families. Root cause is lack of synchronization when accessing objects, enabling a potential impact on confide...