Lucene search
+L
QualcommPm3003a Firmware

90 matches found

CVE
CVE
added 2021/05/07 9:10 a.m.1195 views

CVE-2021-1905

CVE-2021-1905 is a memory-management vulnerability (use-after-free) in Qualcomm Snapdragon chipsets caused by improper handling of memory mapping across multiple processes. Affects a broad range of Snapdragon products (Auto, Compute, Connectivity, IoT, Mobile, Wearables, etc.). The CVE is charact...

8.4CVSS8.3AI score0.0115EPSS
In wild
CVE
CVE
added 2021/05/07 9:10 a.m.1078 views

CVE-2021-1906

CVE-2021-1906 affects Qualcomm Snapdragon GPU address management across Snapdragon Auto/Compute/Connectivity/Consumer IOT/Industrial IOT/Mobile/Wearables. Root cause: improper handling of address deregistration on failure can lead to a new GPU address allocation failure. CVSS reflects Medium seve...

6.2CVSS6.9AI score0.0052EPSS
In wild
CVE
CVE
added 2021/06/09 5:0 a.m.1073 views

CVE-2020-11261

CVE-2020-11261 is a memory-corruption vulnerability in Qualcomm Snapdragon chipsets (including Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wearables). Root cause: improper check when an application requests memory allocation for an extremely large ...

7.8CVSS8.4AI score0.01772EPSS
In wild
CVE
CVE
added 2021/05/07 9:10 a.m.239 views

CVE-2020-11273

CVE-2020-11273 affects Qualcomm Snapdragon SoCs (Snapdragon Auto/Compute/Connectivity/Mobile) where a histogram binning info missing leads to null pointer access due to a missing null check. Reported CVSSv3.1 base score 7.5 (HIGH) with network attack vector and no user interaction. The issue is d...

7.8CVSS7.5AI score0.00686EPSS
CVE
CVE
added 2021/04/07 7:55 a.m.227 views

CVE-2020-11236

CVE-2020-11236 affects Qualcomm/Snapdragon closed-source components: memory corruption due to an invalid total dimension value in the non-histogram KPI can cause Denial of Service on Snapdragon Auto/Compute/Connectivity/Mobile. Root cause is memory corruption; impact is high (availability) with l...

8.4CVSS5.8AI score0.00448EPSS
CVE
CVE
added 2021/04/07 7:55 a.m.227 views

CVE-2020-11237

The CVE-2020-11237 entry concerns a memory crash caused by not checking the histogram definition before accessing it in Qualcomm Snapdragon components (Snapdragon Auto/Compute/Connectivity/Mobile). The issue is triggered during histogram KPI input handling and is documented as a local issue with ...

8.4CVSS7.6AI score0.00202EPSS
CVE
CVE
added 2021/06/09 5:0 a.m.154 views

CVE-2020-11239

CVE-2020-11239 describes a use-after-free when importing a DMA buffer using the CPU address due to an attachment not being cleaned up. Affected are Qualcomm/Snapdragon platforms (Snapdragon Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, Mobile, Voice & Music, Wearables). The root caus...

7.8CVSS8AI score0.00208EPSS
CVE
CVE
added 2021/02/22 6:25 a.m.146 views

CVE-2020-11272

CVE-2020-11272 is a high-severity flaw affecting Qualcomm WLAN components in Snapdragon-based devices. The root cause is a use-after-free condition caused by deleting an entry in a hash table before enqueuing a frame to the PE queue, which can lead to use of a stale object. Documented impact span...

10CVSS9.3AI score0.00806EPSS
CVE
CVE
added 2021/03/17 6:1 a.m.142 views

CVE-2020-11290

CVE-2020-11290 is a use-after-free in Qualcomm MSM ioctl event handling caused by a race between ioctl register and deregister. Affected are Snapdragon products including Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, and Wearables. The issue stems from contention in the ioctl...

7CVSS7.2AI score0.00179EPSS
CVE
CVE
added 2021/06/09 5:0 a.m.140 views

CVE-2020-11240

CVE-2020-11240 describes a memory corruption issue in Qualcomm Snapdragon components triggered by an ioctl command with an incorrect copy size. The vulnerability affects a broad set of Snapdragon products (Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, Mobile, Voice & Music, Wearables...

7.8CVSS7.9AI score0.0016EPSS
CVE
CVE
added 2021/06/09 5:0 a.m.136 views

CVE-2020-11250

CVE-2020-11250 is a use-after-free vulnerability caused by a race condition when reopening a Snapdragon device driver repeatedly across Snapdragon Auto/Compute/Connectivity/Consumer IoT/Industrial IoT/Mobile/Voice & Music/Wearables/Wired Infrastructure and Networking. Affects Qualcomm components ...

7CVSS7.2AI score0.00111EPSS
CVE
CVE
added 2021/06/09 5:0 a.m.136 views

CVE-2020-11262

CVE-2020-11262 describes a race between command submission and context destruction that can cause an invalid context to be added, leading to a use-after-free condition. Reported for Snapdragon Auto/Compute/Connectivity/Consumer IOT/Industrial IOT/Mobile/Voice & Music/Wearables (Qualcomm/Snapdrago...

7CVSS7.1AI score0.00104EPSS
CVE
CVE
added 2021/02/22 6:25 a.m.135 views

CVE-2020-11271

CVE-2020-11271 describes a race-condition vulnerability causing possible out-of-bounds access when handling global control elements in Qualcomm Snapdragon firmware across multiple platforms (Snapdragon Auto/Compute/Connectivity, IoT, Mobile, Wearables, etc.). The issue is characterized by local a...

7.8CVSS7.7AI score0.00161EPSS
CVE
CVE
added 2021/03/17 6:1 a.m.135 views

CVE-2020-11308

CVE-2020-11308 describes a buffer overflow in Qualcomm Snapdragon components (e.g., Snapdragon Auto/Compute/Connectivity/Consumer IoT/Industrial IoT/Mobile/Voice & Music and related bootloader) triggered while converting ASCII strings to Unicode when the actual size exceeds the required size. Pub...

7.2CVSS6.8AI score0.00225EPSS
CVE
CVE
added 2021/03/17 6:1 a.m.134 views

CVE-2020-11309

The CVE-2020-11309 issue is a Use-After-Free in Qualcomm Adreno GPU drivers related to mapping user memory to GPU memory, caused by an improper check of referenced memory in Snapdragon GPUs. The vulnerability affects Qualcomm GPU components integrated in Snapdragon devices (Auto/Compute/Connectiv...

7.8CVSS8AI score0.00219EPSS
CVE
CVE
added 2021/02/22 6:26 a.m.133 views

CVE-2020-11277

CVE-2020-11277 describes a race condition in Qualcomm/Snapdragon platforms (Compute, Industrial IoT, Mobile) during an async fastrpc session: the fastrpc context can be freed after sending an RPC, creating a potential vulnerability during async processing. The provided sources (Red Hat advisory a...

7.4CVSS7.5AI score0.00115EPSS
CVE
CVE
added 2021/02/22 6:25 a.m.132 views

CVE-2020-11223

CVE-2020-11223 affects Qualcomm camera driver components (Snapdragon family). Root cause: out-of-bounds write due to lack of validation of array index before copying into an array. Impact described as high with local attacker access and potential to compromise confidentiality, integrity, and avai...

7.8CVSS7.6AI score0.00161EPSS
CVE
CVE
added 2021/02/22 6:26 a.m.127 views

CVE-2020-11297

CVE-2020-11297 denotes a Denial of Service in the WLAN module due to an improper check of subtypes in the logic that drops excessive frames. Impact is DoS on devices using Snapdragon family components (Auto, Compute, Connectivity, CE Connectivity, CIoT, Industrial IoT, Mobile, and V&M). Root caus...

7.8CVSS7.5AI score0.00605EPSS
CVE
CVE
added 2021/03/17 6:0 a.m.113 views

CVE-2020-11226

CVE-2020-11226 concerns a memory-read out-of-bounds vulnerability in Qualcomm closed-source Data modem logic, stemming from a missing offset-length check during unpacking. Affected products span Snapdragon Auto/Compute/Connectivity/IoT lines (Qualcomm closed-source components). The underlying fla...

7.5CVSS7.5AI score0.0087EPSS
CVE
CVE
added 2021/05/07 9:10 a.m.112 views

CVE-2021-1891

CVE-2021-1891 is a Qualcomm audio-driver use-after-free vulnerability (pointer mismanagement) impacting Snapdragon platforms (Auto/Compute/Connectivity/IoT variants). It affects the Audio component; root cause is use-after-free in the audio driver, with impact on confidentiality, integrity, and a...

8.4CVSS7.7AI score0.0015EPSS
CVE
CVE
added 2021/03/17 6:0 a.m.110 views

CVE-2020-11190

CVE-2020-11190 describes a buffer over-read when parsing received SDP values caused by a missing NULL termination check in Qualcomm Snapdragon components. The vulnerability affects Qualcomm/Open-source SSDP handling in Snapdragon Auto, Compute, Connectivity, and related Snapdragon lines (includin...

9.1CVSS9.1AI score0.00959EPSS
CVE
CVE
added 2021/05/07 9:10 a.m.110 views

CVE-2021-1927

CVE-2021-1927 describes a use-after-free in the Qualcomm FastRPC driver affecting Snapdragon devices (Auto, Compute, Connectivity, IoT, Mobile, Wearables, etc.). The root cause is a missing null check while memory is being freed, enabling a local attacker to trigger memory corruption with effects...

8.4CVSS7.7AI score0.0016EPSS
CVE
CVE
added 2021/03/17 6:0 a.m.109 views

CVE-2020-11186

CVE-2020-11186 affects Qualcomm closed‑source components (Snapdragon Auto/Compute/Connectivity/Mobile). The issue arises from improper validation of input in the Qualcomm/ Snapdragon stack, causing the modem to enter a busy state in an infinite loop while parsing histogram dimension. Impact descr...

5.5CVSS5.6AI score0.00184EPSS
CVE
CVE
added 2021/04/07 7:55 a.m.105 views

CVE-2020-11234

CVE-2020-11234 describes a Use-After-Free condition in Qualcomm Snapdragon family firmware: when sending a socket event message to a user application, invalid information can be passed if the socket is freed by another thread, leading to a local impact on Snapdragon Auto, Snapdragon Compute, Snap...

8.4CVSS7.5AI score0.00202EPSS
CVE
CVE
added 2021/03/17 6:0 a.m.104 views

CVE-2020-11189

CVE-2020-11189 is a buffer over-read vulnerability occurring while parsing SDP values due to a missing NULL termination check in Qualcomm Snapdragon components (Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, IoT, Mobile, Voice & Music, Wearables). The issue is triggered by network con...

9.1CVSS9.1AI score0.00959EPSS
CVE
CVE
added 2021/06/09 5:0 a.m.103 views

CVE-2020-11134

CVE-2020-11134 affects Qualcomm Snapdragon family (Snapdragon Auto/Compute/Connectivity, etc.). The root cause is insufficient validation of time bitmap length and bit duration fields in NAN management frame attributes, leading to a possible stack out-of-bounds write within NAN ranging setup. The...

10CVSS9.3AI score0.00796EPSS
CVE
CVE
added 2021/02/22 6:25 a.m.101 views

CVE-2020-11170

CVE-2020-11170 involves an out-of-bounds memory access during Vorbis audio playback due to improper header extraction checks in Qualcomm/ Snapdragon components (Auto, Compute, Connectivity, IOT, Mobile, etc.). Root cause: insufficient validation in header parsing leads to memory access beyond bou...

10CVSS9.2AI score0.00806EPSS
CVE
CVE
added 2021/06/09 5:0 a.m.101 views

CVE-2020-11178

CVE-2020-11178 affects Qualcomm Snapdragon automotive/IoT platforms (Snapdragon Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, Mobile, Voice & Music, Wired Infrastructure & Networking). The issue arises when trusted apps overwrite CPZ memory because the TrustZone (TZ) logic only check...

7.8CVSS7.5AI score0.0016EPSS
CVE
CVE
added 2021/03/17 6:0 a.m.101 views

CVE-2020-11230

CVE-2020-11230 involves a potential arbitrary memory corruption in the Qualcomm qseecom kernel interface used for communications between user land and secure world. The issue stems from updating ion buffer physical addresses, which exposes a physical address to user land in Snapdragon Auto/Comput...

6.4CVSS6.6AI score0.00136EPSS
CVE
CVE
added 2021/02/22 6:26 a.m.101 views

CVE-2020-11296

CVE-2020-11296 concerns an arithmetic overflow in processing NOA IE across multiple Qualcomm Snapdragon platforms (Auto, Compute, Connectivity, etc.). Root cause is improper error handling, leading to an overflow that can impact Snapdragon families including Mobile, IoT, Automotive lines and rela...

7.5CVSS7.7AI score0.00595EPSS
CVE
CVE
added 2021/03/17 6:0 a.m.100 views

CVE-2020-11171

CVE-2020-11171 concerns a buffer over-read during SDP parsing caused by missing NULL termination checks in Qualcomm/Snapdragon components (Auto, Compute, Connectivity, IoT, Wearables, etc.). NVD notes a highly severe impact (CVSSv3.1: CRITICAL, CVSSv2: MEDIUM with Partial confidentiality/availabi...

9.1CVSS9.1AI score0.00959EPSS
CVE
CVE
added 2021/02/22 6:25 a.m.100 views

CVE-2020-11198

CVE-2020-11198 affects Qualcomm Snapdragon components (Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, Mobile, Voice & Music, Wired Infrastructure/Networking). Root cause: improper usage of memset leaves key material and TZ diag/log buffer data un-wiped. Documented impact includes high...

7.2CVSS6.8AI score0.00125EPSS
CVE
CVE
added 2021/03/17 6:1 a.m.100 views

CVE-2020-11299

CVE-2020-11299 describes a buffer overflow in Qualcomm closed‑source components used in Snapdragon software stacks (Auto/Compute/Connectivity/Consumer IoT/Industrial IoT/Mobile/Voice & Music/Wearables). The root cause is a buffer overflow while decoding a non‑standard video clip, which can be tri...

10CVSS9.5AI score0.01093EPSS
CVE
CVE
added 2021/03/17 6:0 a.m.98 views

CVE-2020-11227

CVE-2020-11227 describes an out-of-bounds write during RTT/TTY packet parsing caused by a missing buffer-size check prior to copying into a buffer in multiple Qualcomm/Snapdragon components (Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, IoT, Mobile, Voice & Music, Wearables). Root ca...

9.8CVSS9.4AI score0.00911EPSS
CVE
CVE
added 2021/03/17 6:0 a.m.97 views

CVE-2020-11199

CVE-2020-11199 is linked to Qualcomm’s HLOS component and involves an information-disclosure vulnerability caused by improper access control. The issue allows a local attacker to access the EL3 stack canary by simply mapping the imem region, leading to exposure of sensitive information across mul...

5.5CVSS5.5AI score0.00202EPSS
CVE
CVE
added 2021/03/17 6:0 a.m.97 views

CVE-2020-11218

CVE-2020-11218 describes a Denial of Service in the baseband triggered when a device configures LTE betaOffset-RI-Index. The issue stems from a lack of data validation in Qualcomm’s closed-source baseband components, affecting Snapdragon Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, ...

7.5CVSS7.5AI score0.00811EPSS
CVE
CVE
added 2021/03/17 6:0 a.m.97 views

CVE-2020-11222

CVE-2020-11222 is a buffer over-read in Qualcomm Snapdragon components (Auto, Compute, Connectivity, C IoT, Industrial IoT, IoT, Mobile) triggered when processing MT SMS messages at maximum length due to improper length checking. The vulnerability is described across NVD/Red Hat/PRION/CVE lists a...

9.1CVSS9AI score0.00918EPSS
CVE
CVE
added 2021/06/09 5:0 a.m.96 views

CVE-2020-11159

CVE-2020-11159 is a buffer over-read in Snapdragon/Qualcomm code while processing WPA/RSN IE in beacon and response frames. The flaw occurs when the IE length is shorter than the frame pointer being accessed, potentially affecting multiple Snapdragon product families (Auto, Compute, Connectivity,...

9.4CVSS9.2AI score0.00796EPSS
CVE
CVE
added 2021/03/17 6:0 a.m.95 views

CVE-2020-11166

CVE-2020-11166 affects Qualcomm closed‑source components in Snapdragon stacks (Auto/Compute/Connectivity/IoT family). The vulnerability is an out-of-bounds read triggered when the UE receives an unusually large number of padding octets at the beginning of the ROHC header, leading to potential con...

9.1CVSS9AI score0.00918EPSS
CVE
CVE
added 2021/03/17 6:0 a.m.95 views

CVE-2020-11221

CVE-2020-11221 describes a local information-disclosure vulnerability in Qualcomm/ Snapdragon components where a non-secure entity can exploit insufficient checks in the syscall handler to extract secure QTEE diagnostic information in clear text. Affected families include Snapdragon Auto, Compute...

5.5CVSS5.5AI score0.00206EPSS
CVE
CVE
added 2021/02/22 6:26 a.m.95 views

CVE-2020-11275

CVE-2020-11275 involves a possible buffer over-read when parsing a quiet Information Element in an Rx beacon frame on Qualcomm Snapdragon platforms (Auto/Compute/Connectivity, Consumer Electronics Connectivity, IoT, Industrial IoT, Mobile, etc.). The root cause is an improper check of the IE leng...

9.4CVSS9.2AI score0.00806EPSS
CVE
CVE
added 2021/06/09 5:0 a.m.94 views

CVE-2020-11126

CVE-2020-11126 affects Qualcomm closed‑source components in Snapdragon lineups, tied to WLAN frame parsing. The root cause is an out-of-bounds read caused by missing checks for body and header lengths in parsing WLAN frames across multiple Snapdragon families (Auto, Compute, Connectivity, Consume...

9.4CVSS9AI score0.00796EPSS
CVE
CVE
added 2021/02/22 6:25 a.m.94 views

CVE-2020-11194

CVE-2020-11194 affects Qualcomm Snapdragon platforms (Snapdragon Auto/Compute/Connectivity/Consumer IOT/Industrial IOT/Mobile/Wired Infrastructure and Networking). The issue is a possible out-of-bounds access in the Trust Authority (TA) when processing a command received from the Network Subsyste...

7.8CVSS7.8AI score0.00161EPSS
CVE
CVE
added 2021/02/22 6:25 a.m.94 views

CVE-2020-11270

CVE-2020-11270 : A DoS condition in Qualcomm Snapdragon firmware (across Snapdragon Auto, Compute, Connectivity, and related Snapdragon platforms) arises when an RTT responder consistently rejects all FTMR by sending FTM1 with a failure status in the FTM parameter IE. This vulnerability is descri...

7.8CVSS7.5AI score0.00605EPSS
CVE
CVE
added 2021/02/22 6:25 a.m.93 views

CVE-2020-11147

CVE-2020-11147 affects Snapdragon Compute, Snapdragon Industrial IOT, and Snapdragon Mobile: a use-after-free in audio modules caused by incorrect macro usage during list iteration when removing/freeing objects. Root cause is the macro misuse leading to freeing objects while iterating. Documented...

6.7CVSS7AI score0.00152EPSS
CVE
CVE
added 2021/06/09 5:0 a.m.93 views

CVE-2020-11161

CVE-2020-11161 involves an out-of-bounds memory access in Qualcomm Snapdragon components when computing alignment for a negative width supplied by external components. Affected are Snapdragon Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, Mobile, and Voice & Music stacks. The issue is...

7.1CVSS7AI score0.00146EPSS
CVE
CVE
added 2021/02/22 6:25 a.m.93 views

CVE-2020-11177

CVE-2020-11177 affects Qualcomm closed‑source components in Snapdragon devices (Auto/Compute/Connectivity/IOT/Wearables, etc.). The issue arises from improper validation of the SPC code setting and device lock, allowing a local attacker to overwrite the Security Code NV item without current SPC b...

8.8CVSS8.7AI score0.00161EPSS
CVE
CVE
added 2021/06/09 5:0 a.m.93 views

CVE-2020-11238

CVE-2020-11238 is a buffer over-read in ARP/NS parsing caused by a missing length check on received packets, affecting Qualcomm Snapdragon-based platforms across multiple product families (Auto, Compute, Connectivity, CES, IoT, Industrial IoT, Mobile, V&M, and Wired Networking). The impact is a p...

7.8CVSS7.6AI score0.00598EPSS
CVE
CVE
added 2021/06/09 5:0 a.m.93 views

CVE-2020-11241

CVE-2020-11241 affects Qualcomm Snapdragon family components (e.g., Snapdragon Auto, Compute, Connectivity, and related Snapdragon lines) and is rooted in the NAN shared key descriptor processing when EAPOL Key length is shorter than expected. The vulnerability exposes an out-of-bounds read in th...

7.8CVSS7.6AI score0.00598EPSS
CVE
CVE
added 2021/02/22 6:25 a.m.93 views

CVE-2020-11269

CVE-2020-11269 is a memory corruption issue described as occurring while processing EAPOL frames due to insufficient validation of key length in Qualcomm Snapdragon families (Auto, Compute, Connectivity, and related Snapdragon components). The initial entry lists a high severity (CVSS v3.1 base 8...

8.8CVSS8.8AI score0.00283EPSS
Total number of security vulnerabilities90