718 matches found
CVE-2020-11220
CVE-2020-11220 is a TOCTOU-type issue in processing storage SCM commands where a pointer could be invalid during a specific window in Qualcomm closed-source components used in Snapdragon Auto/Compute/Connectivity/Industrial IOT/Mobile/Wired platforms. The connected documentation confirms the vuln...
CVE-2020-11199
HLOS to access EL3 stack canary by just mapping imem region due to Improper access control and can lead to information exposure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice ...
CVE-2020-3664
Out of bound read access in hypervisor due to an invalid read access attempt by passing invalid addresses in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructu...
CVE-2020-11281
Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers can lead to information disclosure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,...
CVE-2020-11198
Key material used for TZ diag buffer encryption and other data related to log buffer is not wiped securely due to improper usage of memset in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &...
CVE-2020-11194
Possible out of bound access in TA while processing a command from NS side due to improper length check of response buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and...
Memory corruption
Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for parameters that are read from shared MSG RAM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdrag...
Memory corruption
Possible memory corruption while processing EAPOL frames due to lack of validation of key length before using it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,...
Design/Logic Flaw
Possible out of bound access in TA while processing a command from NS side due to improper length check of response buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and...
Buffer overflow
Arithmetic overflow can happen while processing NOA IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon...
CVE-2020-11287
Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers can lead to information disclosure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,...
CVE-2020-11281
CVE-2020-11281 affects Qualcomm Snapdragon platforms (Auto/Compute/Connectivity/Consumer Electronics Connectivity/Consumer IOT/Industrial IOT/Mobile/V&M/Wired Infrastructure and Networking). The issue arises from a logic that links RTT frames with non-randomized MAC addresses by comparing sequenc...
CVE-2020-11281
Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers can lead to information disclosure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,...
CVE-2020-11276
Possible buffer over read while processing P2P IE and NOA attribute of beacon and probe response frames due to improper validation of P2P IE and NOA attribute lengths in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer...
CVE-2020-11275
CVE-2020-11275 involves a possible buffer over-read when parsing a quiet Information Element in an Rx beacon frame on Qualcomm Snapdragon platforms (Auto/Compute/Connectivity, Consumer Electronics Connectivity, IoT, Industrial IoT, Mobile, etc.). The root cause is an improper check of the IE leng...
CVE-2020-11270
CVE-2020-11270 : A DoS condition in Qualcomm Snapdragon firmware (across Snapdragon Auto, Compute, Connectivity, and related Snapdragon platforms) arises when an RTT responder consistently rejects all FTMR by sending FTM1 with a failure status in the FTM parameter IE. This vulnerability is descri...
CVE-2020-11269
CVE-2020-11269 is a memory corruption issue described as occurring while processing EAPOL frames due to insufficient validation of key length in Qualcomm Snapdragon families (Auto, Compute, Connectivity, and related Snapdragon components). The initial entry lists a high severity (CVSS v3.1 base 8...
CVE-2020-11204
Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for parameters that are read from shared MSG RAM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdrag...
CVE-2020-11198
Key material used for TZ diag buffer encryption and other data related to log buffer is not wiped securely due to improper usage of memset in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &...
CVE-2020-11194
CVE-2020-11194 affects Qualcomm Snapdragon platforms (Snapdragon Auto/Compute/Connectivity/Consumer IOT/Industrial IOT/Mobile/Wired Infrastructure and Networking). The issue is a possible out-of-bounds access in the Trust Authority (TA) when processing a command received from the Network Subsyste...