Lucene search
+L
QualcommQbt1000 Firmware

37 matches found

CVE
CVE
added 2021/05/07 9:10 a.m.1196 views

CVE-2021-1905

CVE-2021-1905 is a memory-management vulnerability (use-after-free) in Qualcomm Snapdragon chipsets caused by improper handling of memory mapping across multiple processes. Affects a broad range of Snapdragon products (Auto, Compute, Connectivity, IoT, Mobile, Wearables, etc.). The CVE is charact...

8.4CVSS8.3AI score0.0115EPSS
In wild
CVE
CVE
added 2021/05/07 9:10 a.m.1078 views

CVE-2021-1906

CVE-2021-1906 affects Qualcomm Snapdragon GPU address management across Snapdragon Auto/Compute/Connectivity/Consumer IOT/Industrial IOT/Mobile/Wearables. Root cause: improper handling of address deregistration on failure can lead to a new GPU address allocation failure. CVSS reflects Medium seve...

6.2CVSS6.9AI score0.0052EPSS
In wild
CVE
CVE
added 2021/06/09 5:0 a.m.1073 views

CVE-2020-11261

CVE-2020-11261 is a memory-corruption vulnerability in Qualcomm Snapdragon chipsets (including Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wearables). Root cause: improper check when an application requests memory allocation for an extremely large ...

7.8CVSS8.4AI score0.01772EPSS
In wild
CVE
CVE
added 2021/06/09 5:0 a.m.155 views

CVE-2020-11239

CVE-2020-11239 describes a use-after-free when importing a DMA buffer using the CPU address due to an attachment not being cleaned up. Affected are Qualcomm/Snapdragon platforms (Snapdragon Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, Mobile, Voice & Music, Wearables). The root caus...

7.8CVSS8AI score0.00208EPSS
CVE
CVE
added 2021/06/09 5:0 a.m.137 views

CVE-2020-11262

CVE-2020-11262 describes a race between command submission and context destruction that can cause an invalid context to be added, leading to a use-after-free condition. Reported for Snapdragon Auto/Compute/Connectivity/Consumer IOT/Industrial IOT/Mobile/Voice & Music/Wearables (Qualcomm/Snapdrago...

7CVSS7.1AI score0.00104EPSS
CVE
CVE
added 2021/03/17 6:1 a.m.135 views

CVE-2020-11308

CVE-2020-11308 describes a buffer overflow in Qualcomm Snapdragon components (e.g., Snapdragon Auto/Compute/Connectivity/Consumer IoT/Industrial IoT/Mobile/Voice & Music and related bootloader) triggered while converting ASCII strings to Unicode when the actual size exceeds the required size. Pub...

7.2CVSS6.8AI score0.00225EPSS
CVE
CVE
added 2021/03/17 6:0 a.m.113 views

CVE-2020-11226

CVE-2020-11226 concerns a memory-read out-of-bounds vulnerability in Qualcomm closed-source Data modem logic, stemming from a missing offset-length check during unpacking. Affected products span Snapdragon Auto/Compute/Connectivity/IoT lines (Qualcomm closed-source components). The underlying fla...

7.5CVSS7.5AI score0.0087EPSS
CVE
CVE
added 2021/03/17 6:0 a.m.111 views

CVE-2020-11190

CVE-2020-11190 describes a buffer over-read when parsing received SDP values caused by a missing NULL termination check in Qualcomm Snapdragon components. The vulnerability affects Qualcomm/Open-source SSDP handling in Snapdragon Auto, Compute, Connectivity, and related Snapdragon lines (includin...

9.1CVSS9.1AI score0.00959EPSS
CVE
CVE
added 2021/03/17 6:0 a.m.106 views

CVE-2020-11189

CVE-2020-11189 is a buffer over-read vulnerability occurring while parsing SDP values due to a missing NULL termination check in Qualcomm Snapdragon components (Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, IoT, Mobile, Voice & Music, Wearables). The issue is triggered by network con...

9.1CVSS9.1AI score0.00959EPSS
CVE
CVE
added 2021/04/07 7:55 a.m.105 views

CVE-2020-11234

CVE-2020-11234 describes a Use-After-Free condition in Qualcomm Snapdragon family firmware: when sending a socket event message to a user application, invalid information can be passed if the socket is freed by another thread, leading to a local impact on Snapdragon Auto, Snapdragon Compute, Snap...

8.4CVSS7.5AI score0.00202EPSS
CVE
CVE
added 2021/02/22 6:25 a.m.101 views

CVE-2020-11170

CVE-2020-11170 involves an out-of-bounds memory access during Vorbis audio playback due to improper header extraction checks in Qualcomm/ Snapdragon components (Auto, Compute, Connectivity, IOT, Mobile, etc.). Root cause: insufficient validation in header parsing leads to memory access beyond bou...

10CVSS9.2AI score0.00806EPSS
CVE
CVE
added 2021/03/17 6:0 a.m.101 views

CVE-2020-11171

CVE-2020-11171 concerns a buffer over-read during SDP parsing caused by missing NULL termination checks in Qualcomm/Snapdragon components (Auto, Compute, Connectivity, IoT, Wearables, etc.). NVD notes a highly severe impact (CVSSv3.1: CRITICAL, CVSSv2: MEDIUM with Partial confidentiality/availabi...

9.1CVSS9.1AI score0.00959EPSS
CVE
CVE
added 2021/02/22 6:26 a.m.101 views

CVE-2020-11296

CVE-2020-11296 concerns an arithmetic overflow in processing NOA IE across multiple Qualcomm Snapdragon platforms (Auto, Compute, Connectivity, etc.). Root cause is improper error handling, leading to an overflow that can impact Snapdragon families including Mobile, IoT, Automotive lines and rela...

7.5CVSS7.7AI score0.00595EPSS
CVE
CVE
added 2021/03/17 6:1 a.m.101 views

CVE-2020-11299

CVE-2020-11299 describes a buffer overflow in Qualcomm closed‑source components used in Snapdragon software stacks (Auto/Compute/Connectivity/Consumer IoT/Industrial IoT/Mobile/Voice & Music/Wearables). The root cause is a buffer overflow while decoding a non‑standard video clip, which can be tri...

10CVSS9.5AI score0.01093EPSS
CVE
CVE
added 2021/03/17 6:0 a.m.100 views

CVE-2020-11227

CVE-2020-11227 describes an out-of-bounds write during RTT/TTY packet parsing caused by a missing buffer-size check prior to copying into a buffer in multiple Qualcomm/Snapdragon components (Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, IoT, Mobile, Voice & Music, Wearables). Root ca...

9.8CVSS9.4AI score0.00911EPSS
CVE
CVE
added 2021/06/09 5:0 a.m.97 views

CVE-2020-11159

CVE-2020-11159 is a buffer over-read in Snapdragon/Qualcomm code while processing WPA/RSN IE in beacon and response frames. The flaw occurs when the IE length is shorter than the frame pointer being accessed, potentially affecting multiple Snapdragon product families (Auto, Compute, Connectivity,...

9.4CVSS9.2AI score0.00796EPSS
CVE
CVE
added 2021/03/17 6:0 a.m.97 views

CVE-2020-11199

CVE-2020-11199 is linked to Qualcomm’s HLOS component and involves an information-disclosure vulnerability caused by improper access control. The issue allows a local attacker to access the EL3 stack canary by simply mapping the imem region, leading to exposure of sensitive information across mul...

5.5CVSS5.5AI score0.00202EPSS
CVE
CVE
added 2021/02/22 6:26 a.m.97 views

CVE-2020-11275

CVE-2020-11275 involves a possible buffer over-read when parsing a quiet Information Element in an Rx beacon frame on Qualcomm Snapdragon platforms (Auto/Compute/Connectivity, Consumer Electronics Connectivity, IoT, Industrial IoT, Mobile, etc.). The root cause is an improper check of the IE leng...

9.4CVSS9.2AI score0.00806EPSS
CVE
CVE
added 2021/03/17 6:0 a.m.96 views

CVE-2020-11166

CVE-2020-11166 affects Qualcomm closed‑source components in Snapdragon stacks (Auto/Compute/Connectivity/IoT family). The vulnerability is an out-of-bounds read triggered when the UE receives an unusually large number of padding octets at the beginning of the ROHC header, leading to potential con...

9.1CVSS9AI score0.00918EPSS
CVE
CVE
added 2021/03/17 6:0 a.m.96 views

CVE-2020-11221

CVE-2020-11221 describes a local information-disclosure vulnerability in Qualcomm/ Snapdragon components where a non-secure entity can exploit insufficient checks in the syscall handler to extract secure QTEE diagnostic information in clear text. Affected families include Snapdragon Auto, Compute...

5.5CVSS5.5AI score0.00206EPSS
CVE
CVE
added 2021/02/22 6:25 a.m.93 views

CVE-2020-11177

CVE-2020-11177 affects Qualcomm closed‑source components in Snapdragon devices (Auto/Compute/Connectivity/IOT/Wearables, etc.). The issue arises from improper validation of the SPC code setting and device lock, allowing a local attacker to overwrite the Security Code NV item without current SPC b...

8.8CVSS8.7AI score0.00161EPSS
CVE
CVE
added 2021/06/09 5:0 a.m.93 views

CVE-2020-11238

CVE-2020-11238 is a buffer over-read in ARP/NS parsing caused by a missing length check on received packets, affecting Qualcomm Snapdragon-based platforms across multiple product families (Auto, Compute, Connectivity, CES, IoT, Industrial IoT, Mobile, V&M, and Wired Networking). The impact is a p...

7.8CVSS7.6AI score0.00598EPSS
CVE
CVE
added 2021/02/22 6:25 a.m.93 views

CVE-2020-11269

CVE-2020-11269 is a memory corruption issue described as occurring while processing EAPOL frames due to insufficient validation of key length in Qualcomm Snapdragon families (Auto, Compute, Connectivity, and related Snapdragon components). The initial entry lists a high severity (CVSS v3.1 base 8...

8.8CVSS8.8AI score0.00283EPSS
CVE
CVE
added 2021/02/22 6:26 a.m.90 views

CVE-2020-11276

CVE-2020-11276 is a buffer over-read in processing P2P IE and NOA attributes in beacon/probe frames due to improper validation of P2P IE/NOA lengths in Qualcomm Snapdragon firmware (across Snapdragon Auto, Compute, Connectivity, and related Snapdragon lines). Root cause is incorrect length valida...

9.4CVSS9.1AI score0.00806EPSS
CVE
CVE
added 2021/06/09 5:0 a.m.89 views

CVE-2020-11235

CVE-2020-11235 describes a buffer overflow that can occur while parsing a unified command due to insufficient input validation in Qualcomm Snapdragon components (Auto, Compute, Connectivity, etc.). The issue is triggered locally and can impact confidentiality, integrity, and availability, as indi...

7.8CVSS7.9AI score0.00172EPSS
CVE
CVE
added 2021/02/22 6:25 a.m.85 views

CVE-2020-11195

CVE-2020-11195 concerns an out-of-bounds read/write in the Trust Authority (TA) when processing commands from the NS side, caused by an improper length check on command and response buffers. Affected are Snapdragon platforms including Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mob...

7.8CVSS7.7AI score0.00161EPSS
CVE
CVE
added 2021/03/17 6:0 a.m.78 views

CVE-2020-11188

CVE-2020-11188 concerns a buffer over-read during parsing of received SDP values due to a missing NULL termination check in Qualcomm Snapdragon SDP handling across multiple Snapdragon families (Auto, Compute, Connectivity, etc.). The issue stems from the absence of proper NULL termination validat...

9.1CVSS9.1AI score0.00959EPSS
CVE
CVE
added 2021/03/17 6:0 a.m.77 views

CVE-2020-11192

CVE-2020-11192 is a Qualcomm closed‑source component vulnerability affecting Snapdragon platforms listed in the initial document (e.g., Snapdragon Auto/Compute/Connectivity, IoT variants). The issue is described as an out-of-bounds write during SDP string parsing caused by a missing null-terminat...

10CVSS9.3AI score0.01099EPSS
CVE
CVE
added 2021/01/21 9:41 a.m.74 views

CVE-2020-11119

CVE-2020-11119 describes a buffer over-read in Snapdragon components (Auto/Compute/Connectivity/IoT/Industrial IoT, etc.) where a mismatch between the buffer length from response handlers and the payload size can trigger over-read. Affected are Qualcomm Snapdragon platforms as listed; root cause ...

7.5CVSS7.8AI score0.00771EPSS
CVE
CVE
added 2021/02/22 6:25 a.m.74 views

CVE-2020-11204

CVE-2020-11204 affects Qualcomm closed‑source components within Snapdragon Auto/Compute/Connectivity/IoT families. The root cause is a lack of validation and boundary checks for parameters read from shared MSG RAM in multiple sub-systems, causing potential memory corruption and information leakag...

7.8CVSS7.7AI score0.00161EPSS
CVE
CVE
added 2021/04/07 7:55 a.m.72 views

CVE-2020-11191

CVE-2020-11191 concerns an out-of-bounds read during processing of crafted SDP in Qualcomm Snapdragon firmware. The entry specifies a lack of null-string checks affecting multiple Snapdragon subsystems (Auto, Compute, Connectivity, Consumer Electronics Connectivity, Consumer IoT, Industrial IoT, ...

9.4CVSS8.9AI score0.00944EPSS
CVE
CVE
added 2021/05/07 9:10 a.m.67 views

CVE-2020-11293

CVE-2020-11293 details an out-of-bounds read in Widevine Trust Authority (TA) when copying data from user input to a buffer, caused by a missing/incorrect buffer-length check. Affected hardware/software span Snapdragon ranges (Auto/Compute/Connectivity/IoT/etc.) and Widevine components in Qualcom...

6CVSS6.1AI score0.0015EPSS
CVE
CVE
added 2021/05/07 9:10 a.m.67 views

CVE-2021-1925

CVE-2021-1925 is a DoS vulnerability tied to Qualcomm Snapdragon closed‑source components. The root cause, per the available documents, is improper handling of the Group Management Operations Framework in various Snapdragon lines (Auto, Compute, Connectivity, CE Connectivity, IoT, Industrial IoT,...

7.8CVSS7.5AI score0.00598EPSS
CVE
CVE
added 2021/05/07 9:10 a.m.63 views

CVE-2020-11279

CVE-2020-11279 corresponds to a memory corruption issue caused by improper length validation when processing SDES packets in Qualcomm/Qualcomm-derived components (e.g., Snapdragon Auto/Compute/Connectivity and other Snapdragon Family devices). Multiple connected sources (NVD/NCSC/Red Hat/CNNVD/CV...

10CVSS9.4AI score0.00819EPSS
CVE
CVE
added 2021/04/07 7:55 a.m.62 views

CVE-2020-11251

CVE-2020-11251 is an out‑of‑bounds read vulnerability described as a lack of buffer length checks before copying during DTMF payload access in Qualcomm/Snapdragon platforms (Auto, Compute, Connectivity, IOT, Wearables, etc.). The root cause is a missing length check when handling DTMF payloads, l...

9.4CVSS9.1AI score0.00944EPSS
CVE
CVE
added 2021/05/07 9:10 a.m.61 views

CVE-2020-11289

CVE-2020-11289 describes an out-of-bounds write in the TZ command handler due to missing validation of the command ID in Qualcomm Snapdragon SoCs. Affected families include Snapdragon Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, IoT, Mobile, Voice & Music, Wearables, and Wired/WAN p...

7.8CVSS7.8AI score0.00196EPSS
CVE
CVE
added 2021/05/07 9:10 a.m.55 views

CVE-2020-11285

CVE-2020-11285 is a buffer over-read in Qualcomm Snapdragon components when decompressing RTCP packets. Reports in connected sources confirm exploitation potential tied to incorrect RTCP length, affecting multiple Snapdragon product families (Auto, Compute, Connectivity, Consumer IoT, Industrial ...

9.4CVSS9AI score0.00913EPSS