Qualcomm Chipsets security vulnerabilities

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporation. There is a security vulnerability in Qualcomm Chipsets, which stems from memory corruption that occurs when processing the fastboot command used to set the display mode...

CVE-2018-9369

In bootloader there is fastboot command allowing user specified kernel command line arguments. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

EUVD-2017-17235

Malware in sbrugna...

EUVD-2017-14722

Malware in sbrugna...

EUVD-2025-2205

Malicious code in bioql PyPI...

CVE-2025-20892

Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command. User interaction is required for triggering this vulnerability...

CVE-2025-20892

Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command. User interaction is required for triggering this vulnerability...

CVE-2025-20892

Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command. User interaction is required for triggering this vulnerability...

CVE-2025-20892

CVE-2025-20892 concerns a protection mechanism failure in the bootloader of Samsung Mobile devices prior to SMR January 2025 Release 1. The issue enables physical attackers to execute the fastboot command, with user interaction required to trigger it. Reported impact scores (CVSS v3.1) indicate a...

CVE-2025-20892

Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command. User interaction is required for triggering this vulnerability...

CVE-2022-22079

Denial of service while processing fastboot flash command on mmc due to buffer over read...

CVE-2018-11943

In all android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, while processing fastboot flash command, memory leak or unexpected behavior may occur due to processing of unintialized data buffers...

initroot: Bypassing Nexus 6 Secure Boot through Kernel Command-line Injection

In the May 2017 Android Security Bulletin, Google released a patch to a critical and unique vulnerability CVE-2016-10277 in the Nexus 6 bootloader we had found and responsibly disclosed. By exploiting the vulnerability, a physical adversary or one with authorized-ADB/fastboot USB access to the...

CVE-2017-5625

In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition except 'keystore' by issuing the 'fastboot oem dump ' fastboot command...

CVE-2017-5625

The CVE affects OnePlus 3/3T devices running OxygenOS before 4.0.3. A compromised fastboot interface can allow an unauthorized attacker with physical access and bootloader that is locked to partially dump ciphertext content from arbitrary partitions (excluding keystore) via fastboot oem dump . Th...

CVE-2017-0582

An elevation of privilege vulnerability in the HTC OEM fastboot command could enable a local malicious application to execute arbitrary code within the context of the sensor hub. This issue is rated as Moderate because it first requires exploitation of separate vulnerabilities. Product: Android...

CVE-2017-5623

An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem bootmode rf/wlan/ftm/normal command' in contradiction to the threat model of Android where the bootloader MUST NOT allow any...

CVE-2017-5623

An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem bootmode rf/wlan/ftm/normal command' in contradiction to the threat model of Android where the bootloader MUST NOT allow any...

OnePlus 3/3T: Bootloader disable dm-verity Vulnerability (CVE-2017-5624)

CVE-2017-5624, affecting all versions of OxygenOS to date, allows the attacker to disable dm-verity. The combination of the vulnerabilities enables a powerful attack – persistent highly privileged code execution without any warning to the user and with access to the original user’s data after the...