CVE-2021-1892

Memory corruption due to improper input validation while processing IO control which is nonstandard in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Wired Infrastructure and Networking...

CVE-2020-11252

Trustzone initialization code will disable xPUs when memory dumps are enabled and lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired...

CVE-2020-11210

Possible memory corruption in RPM region due to improper XPU configuration in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking...

Input validation

Unintended reads and writes by NS EL2 in access control driver due to lack of check of input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking...

CVE-2021-1892

Memory corruption due to improper input validation while processing IO control which is nonstandard in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Wired Infrastructure and Networking...

CVE-2021-1892

CVE-2021-1892 describes memory corruption due to improper input validation when processing IO control that is nonstandard in Qualcomm Snapdragon components (Compute, Connectivity, Consumer Electronics Connectivity, Wired Infrastructure and Networking). Connected sources confirm the issue across Q...

CVE-2020-11252

The CVE-2020-11252 issue concerns Qualcomm Snapdragon devices where the TrustZone initialization code disables xPU when memory dumps are enabled, leading to potential information disclosure across Snapdragon Auto/Compute/Connectivity/Consumer IoT/Industrial IoT/Mobile/Voice & Music/Wired Infrastr...

CVE-2020-11252

Trustzone initialization code will disable xPUs when memory dumps are enabled and lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired...

CVE-2020-11245

CVE-2020-11245 describes unintended reads and writes by NS EL2 in the access control driver due to a lack of input validation checks across Qualcomm/Snapdragon components (Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, and Wired Infrastructure & Networking). The issue affects ...

CVE-2020-11245

Unintended reads and writes by NS EL2 in access control driver due to lack of check of input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking...

CVE-2020-11210

Possible memory corruption in RPM region due to improper XPU configuration in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking...

CVE-2020-11210

CVE-2020-11210 is a memory-corruption issue in the RPM region caused by improper XPU configuration in Qualcomm closed-source components. The vulnerability is associated with Qualcomm processors and has been designated by multiple sources as critical/high impact. The connected documents confirm th...

CVE-2020-11191

CVE-2020-11191 concerns an out-of-bounds read during processing of crafted SDP in Qualcomm Snapdragon firmware. The entry specifies a lack of null-string checks affecting multiple Snapdragon subsystems (Auto, Compute, Connectivity, Consumer Electronics Connectivity, Consumer IoT, Industrial IoT, ...

Cisco Aironet Access Points FlexConnect Multicast DNS Denial of Service Vulnerability

A vulnerability in the multicast DNS mDNS gateway feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient input validation of incoming mDNS...

Design/Logic Flaw

While processing storage SCM commands there is a time of check or time of use window where a pointer used could be invalid at a specific time while executing the storage SCM call in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile,...

Information disclosure

Usage of syscall by non-secure entity can allow extraction of secure QTEE diagnostic information in clear text form due to insufficient checks in the syscall handler and leads to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,...

Improper access control

HLOS to access EL3 stack canary by just mapping imem region due to Improper access control and can lead to information exposure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice ...

Design/Logic Flaw

Part of RPM region was not protected from xblSec itself due to improper policy and leads to unprivileged access in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking...

CVE-2020-11228

Part of RPM region was not protected from xblSec itself due to improper policy and leads to unprivileged access in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking...

CVE-2020-11228

CVE-2020-11228 affects Qualcomm closed‑source components (on Snapdragon platforms) due to an improper policy in the RPM region of xblSec, enabling unprivileged access. The issue is documented across multiple sources (NVD entry and Red Hat advisory) with explicit references to Qualcomm’s security ...