Qca6390 Firmware Security Vulnerabilities
Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.
9.8CVSS
9.6AI Score
0.001EPSS
Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.
7.5CVSS
7.6AI Score
0.001EPSS
Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame.
9.8CVSS
9.6AI Score
0.002EPSS
Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms.
9.8CVSS
9.5AI Score
0.002EPSS
8.4CVSS
7.8AI Score
0.0004EPSS
8.4CVSS
8AI Score
0.0004EPSS
6.8CVSS
5.5AI Score
0.0004EPSS
6.8CVSS
5.5AI Score
0.0004EPSS
8.4CVSS
8AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.001EPSS
7.1CVSS
5.4AI Score
0.0004EPSS
Memory corruption due to buffer over-read in Modem while processing SetNativeHandle RTP service.
7.8CVSS
7.8AI Score
0.0004EPSS
Transient DOS due to reachable assertion in WLAN while processing PEER ID populated by TQM.
7.5CVSS
7.4AI Score
0.001EPSS
Memory corruption due to improper access control in kernel while processing a mapping request from root process.
7.8CVSS
7.6AI Score
0.0004EPSS
Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.
8.4CVSS
8AI Score
0.0004EPSS
Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.
8.4CVSS
7.7AI Score
0.0004EPSS
Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.
8.4CVSS
7.9AI Score
0.0004EPSS
Transient DOS due to untrusted Pointer Dereference in core while sending USB QMI request.
6.2CVSS
5.4AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.001EPSS
Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from network.
7.5CVSS
7.6AI Score
0.001EPSS
Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response.
9.8CVSS
9.5AI Score
0.002EPSS
Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key.
7.1CVSS
7AI Score
0.0004EPSS
Memory corruption in Trusted Execution Environment while calling service API with invalid address.
7.8CVSS
7.8AI Score
0.0004EPSS
Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.
8.4CVSS
7.9AI Score
0.0004EPSS
Memory Corruption due to improper validation of array index in Linux while updating adn record.
7.8CVSS
7.5AI Score
0.0004EPSS
Memory corruption in RIL due to Integer Overflow while triggering qcril_uim_request_apdu request.
7.8CVSS
7.7AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.001EPSS
Information disclosure in Bluetooth when an GATT packet is received due to improper input validation.
6.5CVSS
6.3AI Score
0.001EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
Memory Corruption in GPS HLOS Driver when injectFdclData receives data with invalid data length.
7.8CVSS
7.6AI Score
0.0004EPSS
Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.
9.3CVSS
7.5AI Score
0.0004EPSS
Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use.
7.7CVSS
6.7AI Score
0.0004EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
Transient DOS in WLAN Firmware while processing the received beacon or probe response frame.
7.5CVSS
7.5AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.001EPSS
7.8CVSS
7.9AI Score
0.0004EPSS
7.8CVSS
7.7AI Score
0.0004EPSS
8.4CVSS
7.7AI Score
0.0004EPSS
Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.
8.4CVSS
7.7AI Score
0.0004EPSS
Transient DOS in Bluetooth HOST while passing descriptor to validate the blacklisted BT keyboard.
6.5CVSS
6.4AI Score
0.0004EPSS
Information Disclosure in WLAN HOST while sending DPP action frame to peer with an invalid source address.
8.2CVSS
7.3AI Score
0.001EPSS
Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode.
7.8CVSS
7.7AI Score
0.0004EPSS
8.4CVSS
7.6AI Score
0.0004EPSS
8.4CVSS
7.8AI Score
0.0004EPSS
Cryptographic issue in Data Modem due to improper authentication during TLS handshake.
9.1CVSS
7.5AI Score
0.001EPSS
Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.
7.8CVSS
7.8AI Score
0.0004EPSS
Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan.
6.1CVSS
5.5AI Score
0.0004EPSS