Authorization

Improper authorization in DSP process could allow unauthorized users to downgrade the library versions in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439...

Input validation

Out of Bound issue in DSP services while processing received arguments due to improper validation of length received as an argument' in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439...

CVE-2020-11209

CVE-2020-11209 concerns Qualcomm’s DSP/Hexagon components (Snapdragon) where improper authorization in the DSP process could allow unauthorized downgrade of library versions across multiple Snapdragon platforms (SD820/821/855/675/660/429/439, SD855, SD860 etc., including QCS603/605, SDA855, SA615...

CVE-2020-11208

Out of Bound issue in DSP services while processing received arguments due to improper validation of length received as an argument' in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439...

Buffer overflow

Buffer overflow can occur when playing specific clip which is non-standard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206,...

CVE-2017-18157

CVE-2017-18157 is described as a Use After Free condition in the Thermal Engine affecting Snapdragon Automotive, Mobile, and Wear platforms (list includes MDM9206, MDM9607, MDM9650, MSM89xx series, SD 210–835, SDX20, etc.). The connected sources corroborate the presence of a use-after-free in the...

CVE-2017-15841

When HOST sends a Special command ID packet, Controller triggers a RAM Dump and FW reset in Snapdragon Mobile in version SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SnapdragonHighMed2016...

CVE-2017-18172

In a device, with screen size 1440x2560, the check of contiguous buffer will overflow on certain buffer size resulting in an Integer Overflow or Wraparound in System UI in Snapdragon Automobile, Snapdragon Mobile in version MDM9635M, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD...

CVE-2017-18302

CVE-2017-18302 affects Qualcomm Snapdragon SoCs (MSM8996AU and numerous SD/i variants listed) where a crafted HLOS client can modify in-memory structures passed to a QSEE application between check and use. This leads to arbitrary writes to TZ kernel memory regions, i.e., local elevation of privil...

CVE-2017-18145

CVE-2017-18145 describes a Use-After-Free condition in the DPM native process while handling Android framework events on Qualcomm Snapdragon platforms. The underlying issue is that an iterator pointer is deleted after an event is processed, which can cause a Use After Condition during processing ...