Qca6174 Firmware Security Vulnerabilities - October
Memory corruption in graphics due to use-after-free while importing graphics buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
8.4CVSS
8AI Score
0.0004EPSS
Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdr...
9.8CVSS
9.8AI Score
0.002EPSS
Transient Denial-of-Service in WLAN due to buffer over-read while parsing MDNS frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voi...
7.5CVSS
7.7AI Score
0.001EPSS
8.8CVSS
9.3AI Score
0.001EPSS
Memory corruption due to configuration weakness in modem wile sending command to write protected files.
7.8CVSS
7.8AI Score
0.0004EPSS
Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mo...
7.5CVSS
7.6AI Score
0.001EPSS
Transient DOS due to loop with unreachable exit condition in WLAN firmware while parsing IPV6 extension header. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapd...
7.5CVSS
7.6AI Score
0.001EPSS
Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.
7.9CVSS
8AI Score
0.001EPSS
Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames.
7.5CVSS
6.5AI Score
0.001EPSS
Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames.
7.5CVSS
6.5AI Score
0.001EPSS
Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card.
6.8CVSS
6.8AI Score
0.001EPSS
Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.
7.8CVSS
7.8AI Score
0.0004EPSS
Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.
7.5CVSS
7.6AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.001EPSS
Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.
8.4CVSS
7.7AI Score
0.0004EPSS
Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.
8.4CVSS
7.9AI Score
0.0004EPSS
Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.
8.4CVSS
7.9AI Score
0.0004EPSS
8.4CVSS
7.7AI Score
0.0004EPSS
Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.
8.4CVSS
7.7AI Score
0.0004EPSS
9.8CVSS
9.3AI Score
0.001EPSS
Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value.
8.2CVSS
7.3AI Score
0.001EPSS
Memory corruption in MPP performance while accessing DSM watermark using external memory address.
7.8CVSS
7.8AI Score
0.0004EPSS
Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.
7.8CVSS
7.8AI Score
0.0004EPSS
Memory corruption in WLAN HAL while handling command streams through WMI interfaces.
7.8CVSS
7.9AI Score
0.0004EPSS
8.4CVSS
7.8AI Score
0.0004EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.
7.5CVSS
7.5AI Score
0.0004EPSS
Memory corruption in Audio when memory map command is executed consecutively in ADSP.
7.8CVSS
7.9AI Score
0.0004EPSS
Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains IPPROTO_NONE as the next header.
7.5CVSS
7.5AI Score
0.0004EPSS
Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.
7.5CVSS
7.6AI Score
0.0005EPSS