18 matches found
CVE-2020-11179
CVE-2020-11179 is a Qualcomm Adreno GPU/kernel-driver vulnerability. The attack targets the KGSL global shared mappings, specifically the scratch buffer used to share data between CPU and GPU. The RPTR (ringbuffer read pointer) is read from the scratch buffer, and the patch for CVE-2019-10567 ran...
CVE-2020-11282
The CVE-2020-11282 issue is an improper access-control vulnerability in the KGSL driver on Snapdragon platforms (Snapdragon Auto/Compute/Connectivity, Consumer IoT, Industrial IoT, Mobile, Wearables, etc.). A special mmap offset can map the GPU memstore into user space, enabling local attacker ac...
CVE-2020-11286
CVE-2020-11286 affects Qualcomm closed-source kernel components (Snapdragon family) with a root cause of an untrusted pointer dereference during USB control transfers when multiple standard USB requests are issued together. This could impact devices running affected Qualcomm/kernel code and is re...
CVE-2020-11283
CVE-2020-11283 is a buffer overflow vulnerability described in the NVD entry as occurring during MKV playback due to insufficient input validation in Qualcomm Snapdragon components (Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, Mobile, Voice & Music, Wearables). The connected Red Hat...
CVE-2020-11136
CVE-2020-11136 corresponds to a buffer over-read in the Qualcomm audio driver caused by not returning NULL for a zero-sized memory request in the vulnerable Snapdragon family (Auto/Compute/Connectivity/IOT/Mobile, etc.). The issue affects Qualcomm closed‑source components and is listed as Critica...
CVE-2020-11213
CVE-2020-11213 describes out-of-bounds reads in Snapdragon components (Auto, Compute, Connectivity, and related Snapdragon devices) caused by improper validation of field lengths while processing a Service descriptor. The issue affects a wide range of Snapdragon platforms (Auto, Compute, Connecti...
CVE-2020-11137
CVE-2020-11137 describes an integer multiplication overflow in Qualcomm Snapdragon components that leads to a smaller-than-expected buffer allocation, causing memory access out of bounds and potential device instability across Snapdragon Auto/Compute/Connectivity/IoT families. Public sources (NVD...
CVE-2020-11144
CVE-2020-11144 affects Qualcomm Snapdragon family components (Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables). Root cause: buffer over-read from decompression of invalid DL ROHC packets due to missing size check on the compressed packet...
CVE-2020-3686
CVE-2020-3686 concerns a memory out-of-bounds issue during music playback when an incorrect bitstream is copied into an array without length checks in Qualcomm Snapdragon components (Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables, and related infr...
CVE-2020-11216
CVE-2020-11216 is a buffer over-read in the video driver when playing a clip where atomsize equals UINT32_MAX, affecting Qualcomm Snapdragon platforms (Auto/Compute/Connectivity/Consumer IOT/Industrial IOT/Mobile/Voice & Music/Wearables). The issue is triggered during video processing and is docu...
CVE-2020-3691
CVE-2020-3691 describes a possible out-of-bounds memory access in audio due to an integer underflow when processing modified contents in Qualcomm Snapdragon closed‑source components (audio path). The root cause is an integer underflow leading to out-of-bounds reads/writes in the affected audio pr...
CVE-2020-11138
CVE-2020-11138 concerns Qualcomm Snapdragon components (notably in Snapdragon Auto/Compute/Connectivity/IoT/Wearables and related Snapdragon media paths) where uninitialized heap memory leads to uninitialized pointers during music playback with an incorrect bitstream, causing instability. The vul...
CVE-2020-11214
CVE-2020-11214 concerns a buffer over-read in processing an NDL attribute on Qualcomm Snapdragon firmware across multiple Snapdragon lines (Auto, Compute, Connectivity, Consumer Electronics Connectivity, Consumer IoT, Industrial IoT, Mobile, Voice & Music, Wired Infrastructure & Networking). The ...
CVE-2020-11212
CVE-2020-11212 describes an out-of-bounds read during parsing of NAN beacon attributes and OUIs caused by an improper length check in Qualcomm Snapdragon components (Auto, Compute, Connectivity, CE Connectivity, Consumer IoT, Industrial IoT, IoT, Mobile, Voice & Music, Wired Infrastructure and Ne...
CVE-2020-3685
CVE-2020-3685 affects Qualcomm closed‑source components used in Snapdragon platforms. The issue arises from a freed pointer variable not being cleared, which can lead to memory corruption and result in a denial of service on devices such as Snapdragon Auto, Compute, Connectivity, IoT, Wearables, ...
CVE-2020-11145
CVE-2020-11145 describes a divide-by-zero flaw in the delta extension header update caused by improper validation of master SN and extension header SN in Qualcomm Snapdragon components (Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, IoT, Mobile, Wearables, etc.). This is reported acro...
CVE-2020-11197
CVE-2020-11197 affects Qualcomm Snapdragon platforms (Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, Mobile, Voice & Music, Wearables). The issue is a possible integer overflow in stream info update when the total number of detected streams is zero while parsing a TS clip with invalid...
CVE-2020-11183
CVE-2020-11183 describes a potential buffer overflow in the Snapdragon platform's display service, enabling local privilege escalation by executing code as the affected service. The vulnerability affects multiple Snapdragon families (Auto, Connectivity, Consumer IoT, Industrial IoT, Mobile, Voice...