Improper access control

Improper access control sequence for AC database after memory allocation can lead to possible memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired...

CVE-2021-35129

Memory corruption in BT controller due to improper length check while processing vendor specific commands in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking...

CVE-2021-35129

CVE-2021-35129 describes memory corruption in the Bluetooth (BT) controller caused by an improper length check when processing vendor-specific commands. Public details in connected sources indicate multiple Qualcomm Snapdragon products are affected, spanning Snapdragon Compute, Snapdragon Connect...

CVE-2021-35071

Possible buffer over read due to lack of size validation while copying data from DBR buffer to RX buffer and can lead to Denial of Service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired...

CVE-2021-35071

CVE-2021-35071 is a buffer over-read in Qualcomm Snapdragon components caused by lack of size validation when copying data from the DBR buffer to the RX buffer, leading to Denial of Service. Affected products span Snapdragon Auto, Compute, Connectivity, Industrial IoT, Mobile, Wearables, and Wire...

CVE-2021-30349

CVE-2021-30349 describes an improper access control sequence in Qualcomm/ Snapdragon firmware where after memory allocation the AC database can be accessed out of intended order, potentially causing memory corruption in multiple Snapdragon products (Auto, Compute, Connectivity, Consumer IOT, Indu...

CVE-2021-30345

RPM secure Stream can access any secure resource due to improper SMMU configuration in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking...

CVE-2021-30339

Reading PRNG output may lead to improper key generation due to lack of buffer validation in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking...

CVE-2021-30281

CVE-2021-30281 concerns an access control error described for Qualcomm Snapdragon platforms (Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, Voice & Music, Wearables, Wired Infrastructure & Networking). Description states possible unauthorized access to a secure space due to improper c...

PT-2022-10002 · Qualcomm · Qualcomm Snapdragon

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon affected versions not specified Description: The issue is related to improper key generation due to a lack of buffer validation when reading PRNG output. This affects various Qualcomm Snapdragon products, including...

PT-2022-10008 · Qualcomm · Qualcomm Snapdragon

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon affected versions not specified Description: The issue is related to improper SMMU configuration, allowing RPM secure Stream to access any secure resource. This affects various Qualcomm Snapdragon products, including...

CVE-2021-35103

Possible out of bound write due to improper validation of number of timer values received from firmware while syncing timers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and...

CVE-2021-35088

Possible out of bound read due to improper validation of IE length during SSID IE parse when channel is DFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure...

Authentication flaw

Improper cleaning of secure memory between authenticated users can lead to face authentication bypass in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking...

Design/Logic Flaw

Possible out of bound write due to improper validation of number of timer values received from firmware while syncing timers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and...

CVE-2021-35088

CVE-2021-35088 : An out-of-bounds read due to improper validation of the SSID IE length during SSID IE parsing when the channel is DFS, reported for Qualcomm Snapdragon families (Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, Wearables, Wired Infrastructure and Networking). Th...

CVE-2021-35088

Possible out of bound read due to improper validation of IE length during SSID IE parse when channel is DFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure...

CVE-2021-1950

Root cause: improper clearing of secure memory between authenticated users in Qualcomm Snapdragon components. Affected: Snapdragon Auto, Compute, Connectivity, Industrial IOT, Mobile, and Wired Infrastructure/Networking platforms. Impact: face authentication bypass (local access, high confidentia...

CVE-2021-30325

Possible out of bound access of DCI resources due to lack of validation process and resource allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure an...

CVE-2021-35069

Improper validation of data length received from DMA buffer can lead to memory corruption. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networki...