90 matches found
CVE-2021-1905
CVE-2021-1905 is a memory-management vulnerability (use-after-free) in Qualcomm Snapdragon chipsets caused by improper handling of memory mapping across multiple processes. Affects a broad range of Snapdragon products (Auto, Compute, Connectivity, IoT, Mobile, Wearables, etc.). The CVE is charact...
CVE-2021-1906
CVE-2021-1906 affects Qualcomm Snapdragon GPU address management across Snapdragon Auto/Compute/Connectivity/Consumer IOT/Industrial IOT/Mobile/Wearables. Root cause: improper handling of address deregistration on failure can lead to a new GPU address allocation failure. CVSS reflects Medium seve...
CVE-2020-11261
CVE-2020-11261 is a memory-corruption vulnerability in Qualcomm Snapdragon chipsets (including Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wearables). Root cause: improper check when an application requests memory allocation for an extremely large ...
CVE-2020-11273
CVE-2020-11273 affects Qualcomm Snapdragon SoCs (Snapdragon Auto/Compute/Connectivity/Mobile) where a histogram binning info missing leads to null pointer access due to a missing null check. Reported CVSSv3.1 base score 7.5 (HIGH) with network attack vector and no user interaction. The issue is d...
CVE-2020-11236
CVE-2020-11236 affects Qualcomm/Snapdragon closed-source components: memory corruption due to an invalid total dimension value in the non-histogram KPI can cause Denial of Service on Snapdragon Auto/Compute/Connectivity/Mobile. Root cause is memory corruption; impact is high (availability) with l...
CVE-2020-11237
The CVE-2020-11237 entry concerns a memory crash caused by not checking the histogram definition before accessing it in Qualcomm Snapdragon components (Snapdragon Auto/Compute/Connectivity/Mobile). The issue is triggered during histogram KPI input handling and is documented as a local issue with ...
CVE-2020-11239
CVE-2020-11239 describes a use-after-free when importing a DMA buffer using the CPU address due to an attachment not being cleaned up. Affected are Qualcomm/Snapdragon platforms (Snapdragon Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, Mobile, Voice & Music, Wearables). The root caus...
CVE-2020-11272
CVE-2020-11272 is a high-severity flaw affecting Qualcomm WLAN components in Snapdragon-based devices. The root cause is a use-after-free condition caused by deleting an entry in a hash table before enqueuing a frame to the PE queue, which can lead to use of a stale object. Documented impact span...
CVE-2020-11290
CVE-2020-11290 is a use-after-free in Qualcomm MSM ioctl event handling caused by a race between ioctl register and deregister. Affected are Snapdragon products including Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, and Wearables. The issue stems from contention in the ioctl...
CVE-2020-11240
CVE-2020-11240 describes a memory corruption issue in Qualcomm Snapdragon components triggered by an ioctl command with an incorrect copy size. The vulnerability affects a broad set of Snapdragon products (Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, Mobile, Voice & Music, Wearables...
CVE-2020-11250
CVE-2020-11250 is a use-after-free vulnerability caused by a race condition when reopening a Snapdragon device driver repeatedly across Snapdragon Auto/Compute/Connectivity/Consumer IoT/Industrial IoT/Mobile/Voice & Music/Wearables/Wired Infrastructure and Networking. Affects Qualcomm components ...
CVE-2020-11262
CVE-2020-11262 describes a race between command submission and context destruction that can cause an invalid context to be added, leading to a use-after-free condition. Reported for Snapdragon Auto/Compute/Connectivity/Consumer IOT/Industrial IOT/Mobile/Voice & Music/Wearables (Qualcomm/Snapdrago...
CVE-2020-11271
CVE-2020-11271 describes a race-condition vulnerability causing possible out-of-bounds access when handling global control elements in Qualcomm Snapdragon firmware across multiple platforms (Snapdragon Auto/Compute/Connectivity, IoT, Mobile, Wearables, etc.). The issue is characterized by local a...
CVE-2020-11308
CVE-2020-11308 describes a buffer overflow in Qualcomm Snapdragon components (e.g., Snapdragon Auto/Compute/Connectivity/Consumer IoT/Industrial IoT/Mobile/Voice & Music and related bootloader) triggered while converting ASCII strings to Unicode when the actual size exceeds the required size. Pub...
CVE-2020-11309
The CVE-2020-11309 issue is a Use-After-Free in Qualcomm Adreno GPU drivers related to mapping user memory to GPU memory, caused by an improper check of referenced memory in Snapdragon GPUs. The vulnerability affects Qualcomm GPU components integrated in Snapdragon devices (Auto/Compute/Connectiv...
CVE-2020-11277
CVE-2020-11277 describes a race condition in Qualcomm/Snapdragon platforms (Compute, Industrial IoT, Mobile) during an async fastrpc session: the fastrpc context can be freed after sending an RPC, creating a potential vulnerability during async processing. The provided sources (Red Hat advisory a...
CVE-2020-11223
CVE-2020-11223 affects Qualcomm camera driver components (Snapdragon family). Root cause: out-of-bounds write due to lack of validation of array index before copying into an array. Impact described as high with local attacker access and potential to compromise confidentiality, integrity, and avai...
CVE-2020-11297
CVE-2020-11297 denotes a Denial of Service in the WLAN module due to an improper check of subtypes in the logic that drops excessive frames. Impact is DoS on devices using Snapdragon family components (Auto, Compute, Connectivity, CE Connectivity, CIoT, Industrial IoT, Mobile, and V&M). Root caus...
CVE-2020-11226
CVE-2020-11226 concerns a memory-read out-of-bounds vulnerability in Qualcomm closed-source Data modem logic, stemming from a missing offset-length check during unpacking. Affected products span Snapdragon Auto/Compute/Connectivity/IoT lines (Qualcomm closed-source components). The underlying fla...
CVE-2021-1891
CVE-2021-1891 is a Qualcomm audio-driver use-after-free vulnerability (pointer mismanagement) impacting Snapdragon platforms (Auto/Compute/Connectivity/IoT variants). It affects the Audio component; root cause is use-after-free in the audio driver, with impact on confidentiality, integrity, and a...
CVE-2020-11190
CVE-2020-11190 describes a buffer over-read when parsing received SDP values caused by a missing NULL termination check in Qualcomm Snapdragon components. The vulnerability affects Qualcomm/Open-source SSDP handling in Snapdragon Auto, Compute, Connectivity, and related Snapdragon lines (includin...
CVE-2021-1927
CVE-2021-1927 describes a use-after-free in the Qualcomm FastRPC driver affecting Snapdragon devices (Auto, Compute, Connectivity, IoT, Mobile, Wearables, etc.). The root cause is a missing null check while memory is being freed, enabling a local attacker to trigger memory corruption with effects...
CVE-2020-11186
CVE-2020-11186 affects Qualcomm closed‑source components (Snapdragon Auto/Compute/Connectivity/Mobile). The issue arises from improper validation of input in the Qualcomm/ Snapdragon stack, causing the modem to enter a busy state in an infinite loop while parsing histogram dimension. Impact descr...
CVE-2020-11234
CVE-2020-11234 describes a Use-After-Free condition in Qualcomm Snapdragon family firmware: when sending a socket event message to a user application, invalid information can be passed if the socket is freed by another thread, leading to a local impact on Snapdragon Auto, Snapdragon Compute, Snap...
CVE-2020-11189
CVE-2020-11189 is a buffer over-read vulnerability occurring while parsing SDP values due to a missing NULL termination check in Qualcomm Snapdragon components (Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, IoT, Mobile, Voice & Music, Wearables). The issue is triggered by network con...
CVE-2020-11134
CVE-2020-11134 affects Qualcomm Snapdragon family (Snapdragon Auto/Compute/Connectivity, etc.). The root cause is insufficient validation of time bitmap length and bit duration fields in NAN management frame attributes, leading to a possible stack out-of-bounds write within NAN ranging setup. The...
CVE-2020-11170
CVE-2020-11170 involves an out-of-bounds memory access during Vorbis audio playback due to improper header extraction checks in Qualcomm/ Snapdragon components (Auto, Compute, Connectivity, IOT, Mobile, etc.). Root cause: insufficient validation in header parsing leads to memory access beyond bou...
CVE-2020-11178
CVE-2020-11178 affects Qualcomm Snapdragon automotive/IoT platforms (Snapdragon Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, Mobile, Voice & Music, Wired Infrastructure & Networking). The issue arises when trusted apps overwrite CPZ memory because the TrustZone (TZ) logic only check...
CVE-2020-11230
CVE-2020-11230 involves a potential arbitrary memory corruption in the Qualcomm qseecom kernel interface used for communications between user land and secure world. The issue stems from updating ion buffer physical addresses, which exposes a physical address to user land in Snapdragon Auto/Comput...
CVE-2020-11296
CVE-2020-11296 concerns an arithmetic overflow in processing NOA IE across multiple Qualcomm Snapdragon platforms (Auto, Compute, Connectivity, etc.). Root cause is improper error handling, leading to an overflow that can impact Snapdragon families including Mobile, IoT, Automotive lines and rela...
CVE-2020-11171
CVE-2020-11171 concerns a buffer over-read during SDP parsing caused by missing NULL termination checks in Qualcomm/Snapdragon components (Auto, Compute, Connectivity, IoT, Wearables, etc.). NVD notes a highly severe impact (CVSSv3.1: CRITICAL, CVSSv2: MEDIUM with Partial confidentiality/availabi...
CVE-2020-11198
CVE-2020-11198 affects Qualcomm Snapdragon components (Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, Mobile, Voice & Music, Wired Infrastructure/Networking). Root cause: improper usage of memset leaves key material and TZ diag/log buffer data un-wiped. Documented impact includes high...
CVE-2020-11299
CVE-2020-11299 describes a buffer overflow in Qualcomm closed‑source components used in Snapdragon software stacks (Auto/Compute/Connectivity/Consumer IoT/Industrial IoT/Mobile/Voice & Music/Wearables). The root cause is a buffer overflow while decoding a non‑standard video clip, which can be tri...
CVE-2020-11227
CVE-2020-11227 describes an out-of-bounds write during RTT/TTY packet parsing caused by a missing buffer-size check prior to copying into a buffer in multiple Qualcomm/Snapdragon components (Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, IoT, Mobile, Voice & Music, Wearables). Root ca...
CVE-2020-11199
CVE-2020-11199 is linked to Qualcomm’s HLOS component and involves an information-disclosure vulnerability caused by improper access control. The issue allows a local attacker to access the EL3 stack canary by simply mapping the imem region, leading to exposure of sensitive information across mul...
CVE-2020-11218
CVE-2020-11218 describes a Denial of Service in the baseband triggered when a device configures LTE betaOffset-RI-Index. The issue stems from a lack of data validation in Qualcomm’s closed-source baseband components, affecting Snapdragon Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, ...
CVE-2020-11222
CVE-2020-11222 is a buffer over-read in Qualcomm Snapdragon components (Auto, Compute, Connectivity, C IoT, Industrial IoT, IoT, Mobile) triggered when processing MT SMS messages at maximum length due to improper length checking. The vulnerability is described across NVD/Red Hat/PRION/CVE lists a...
CVE-2020-11159
CVE-2020-11159 is a buffer over-read in Snapdragon/Qualcomm code while processing WPA/RSN IE in beacon and response frames. The flaw occurs when the IE length is shorter than the frame pointer being accessed, potentially affecting multiple Snapdragon product families (Auto, Compute, Connectivity,...
CVE-2020-11166
CVE-2020-11166 affects Qualcomm closed‑source components in Snapdragon stacks (Auto/Compute/Connectivity/IoT family). The vulnerability is an out-of-bounds read triggered when the UE receives an unusually large number of padding octets at the beginning of the ROHC header, leading to potential con...
CVE-2020-11221
CVE-2020-11221 describes a local information-disclosure vulnerability in Qualcomm/ Snapdragon components where a non-secure entity can exploit insufficient checks in the syscall handler to extract secure QTEE diagnostic information in clear text. Affected families include Snapdragon Auto, Compute...
CVE-2020-11275
CVE-2020-11275 involves a possible buffer over-read when parsing a quiet Information Element in an Rx beacon frame on Qualcomm Snapdragon platforms (Auto/Compute/Connectivity, Consumer Electronics Connectivity, IoT, Industrial IoT, Mobile, etc.). The root cause is an improper check of the IE leng...
CVE-2020-11126
CVE-2020-11126 affects Qualcomm closed‑source components in Snapdragon lineups, tied to WLAN frame parsing. The root cause is an out-of-bounds read caused by missing checks for body and header lengths in parsing WLAN frames across multiple Snapdragon families (Auto, Compute, Connectivity, Consume...
CVE-2020-11194
CVE-2020-11194 affects Qualcomm Snapdragon platforms (Snapdragon Auto/Compute/Connectivity/Consumer IOT/Industrial IOT/Mobile/Wired Infrastructure and Networking). The issue is a possible out-of-bounds access in the Trust Authority (TA) when processing a command received from the Network Subsyste...
CVE-2020-11270
CVE-2020-11270 : A DoS condition in Qualcomm Snapdragon firmware (across Snapdragon Auto, Compute, Connectivity, and related Snapdragon platforms) arises when an RTT responder consistently rejects all FTMR by sending FTM1 with a failure status in the FTM parameter IE. This vulnerability is descri...
CVE-2020-11147
CVE-2020-11147 affects Snapdragon Compute, Snapdragon Industrial IOT, and Snapdragon Mobile: a use-after-free in audio modules caused by incorrect macro usage during list iteration when removing/freeing objects. Root cause is the macro misuse leading to freeing objects while iterating. Documented...
CVE-2020-11161
CVE-2020-11161 involves an out-of-bounds memory access in Qualcomm Snapdragon components when computing alignment for a negative width supplied by external components. Affected are Snapdragon Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, Mobile, and Voice & Music stacks. The issue is...
CVE-2020-11177
CVE-2020-11177 affects Qualcomm closed‑source components in Snapdragon devices (Auto/Compute/Connectivity/IOT/Wearables, etc.). The issue arises from improper validation of the SPC code setting and device lock, allowing a local attacker to overwrite the Security Code NV item without current SPC b...
CVE-2020-11238
CVE-2020-11238 is a buffer over-read in ARP/NS parsing caused by a missing length check on received packets, affecting Qualcomm Snapdragon-based platforms across multiple product families (Auto, Compute, Connectivity, CES, IoT, Industrial IoT, Mobile, V&M, and Wired Networking). The impact is a p...
CVE-2020-11241
CVE-2020-11241 affects Qualcomm Snapdragon family components (e.g., Snapdragon Auto, Compute, Connectivity, and related Snapdragon lines) and is rooted in the NAN shared key descriptor processing when EAPOL Key length is shorter than expected. The vulnerability exposes an out-of-bounds read in th...
CVE-2020-11269
CVE-2020-11269 is a memory corruption issue described as occurring while processing EAPOL frames due to insufficient validation of key length in Qualcomm Snapdragon families (Auto, Compute, Connectivity, and related Snapdragon components). The initial entry lists a high severity (CVSS v3.1 base 8...