Qcm6490 Firmware Security Vulnerabilities and Issues — Page 3 of Qcm6490 Firmware CVE List

Possible buffer over read due to improper buffer allocation for file length passed from user space in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

8.4CVSS7.1AI score0.00043EPSS

CVE•added 2022/01/13 12:15 p.m.•87 views

CVE-2021-30319

Possible integer overflow due to improper validation of command length parameters while processing WMI command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdr...

7.8CVSS7.9AI score0.0012EPSS

CVE•added 2021/09/09 8:15 a.m.•86 views

CVE-2021-30294

Potential null pointer dereference in KGSL GPU auxiliary command due to improper validation of user input in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

8.4CVSS5.8AI score0.00101EPSS

CVE•added 2022/01/03 8:15 a.m.•86 views

CVE-2021-30337

Possible use after free when process shell memory is freed using IOCTL call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearable...

8.4CVSS7.8AI score0.00037EPSS

CVE•added 2023/02/12 4:15 a.m.•86 views

CVE-2022-40514

Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame.

9.8CVSS9.8AI score0.00144EPSS

CVE•added 2024/05/06 3:15 p.m.•86 views

CVE-2024-21471

Memory corruption when IOMMU unmap of a GPU buffer fails in Linux.

8.4CVSS7.2AI score0.00082EPSS

CVE•added 2024/09/02 12:15 p.m.•86 views

CVE-2024-33045

Memory corruption when BTFM client sends new messages over Slimbus to ADSP.

8.4CVSS8.2AI score0.00039EPSS

CVE•added 2024/09/02 12:15 p.m.•86 views

CVE-2024-33057

Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.

7.5CVSS7.5AI score0.00264EPSS

CVE•added 2024/11/04 10:15 a.m.•86 views

CVE-2024-38422

Memory corruption while processing voice packet with arbitrary data received from ADSP.

7.8CVSS7.9AI score0.00035EPSS

CVE•added 2022/06/14 10:15 a.m.•85 views

CVE-2022-22083

Denial of service due to memory corruption while extracting ape header from clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

7.8CVSS7.7AI score0.00351EPSS

CVE•added 2023/04/13 7:15 a.m.•85 views

CVE-2022-40532

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

8.4CVSS8.2AI score0.00051EPSS

CVE•added 2023/07/04 5:15 a.m.•85 views

CVE-2023-21631

Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network.

9.8CVSS8.2AI score0.00074EPSS

CVE•added 2024/09/02 12:15 p.m.•85 views

CVE-2024-33054

Memory corruption during the handshake between the Primary Virtual Machine and Trusted Virtual Machine.

7.8CVSS7.9AI score0.00082EPSS

CVE•added 2022/04/01 5:15 a.m.•84 views

CVE-2021-1950

Improper cleaning of secure memory between authenticated users can lead to face authentication bypass in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

7.8CVSS7.7AI score0.00031EPSS

CVE•added 2021/10/20 7:15 a.m.•84 views

CVE-2021-30312

Improper authentication of sub-frames of a multicast AMSDU frame can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wire...

7.5CVSS7.2AI score0.00186EPSS

CVE•added 2023/10/03 6:15 a.m.•84 views

CVE-2023-33028

Memory corruption in WLAN Firmware while doing a memory copy of pmk cache.

9.8CVSS9AI score0.00103EPSS

CVE•added 2024/09/02 12:15 p.m.•84 views

CVE-2024-33038

Memory corruption while passing untrusted/corrupted pointers from DSP to EVA.

7.8CVSS7.8AI score0.00039EPSS

CVE•added 2024/09/02 12:15 p.m.•84 views

CVE-2024-33043

Transient DOS while handling PS event when Program Service name length offset value is set to 255.

5.5CVSS5.5AI score0.00036EPSS

CVE•added 2022/06/14 10:15 a.m.•83 views

CVE-2022-22084

Memory corruption when extracting qcp audio file due to lack of check on data length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

8.4CVSS7.8AI score0.00103EPSS

CVE•added 2023/03/10 9:15 p.m.•83 views

CVE-2022-33256

Memory corruption due to improper validation of array index in Multi-mode call processor.

9.8CVSS9.7AI score0.0009EPSS

CVE•added 2023/08/08 10:15 a.m.•83 views

CVE-2022-40510

Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.

9.8CVSS9.8AI score0.00124EPSS

CVE•added 2023/06/06 8:15 a.m.•83 views

CVE-2022-40529

Memory corruption due to improper access control in kernel while processing a mapping request from root process.

7.8CVSS7.3AI score0.00033EPSS

CVE•added 2022/04/01 5:15 a.m.•82 views

CVE-2021-1942

Improper handling of permissions of a shared memory region can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastru...

9.3CVSS8.8AI score0.00029EPSS

CVE•added 2022/06/14 10:15 a.m.•82 views

CVE-2021-30339

Reading PRNG output may lead to improper key generation due to lack of buffer validation in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

9CVSS5.8AI score0.00077EPSS

CVE•added 2022/06/14 10:15 a.m.•82 views

CVE-2021-35071

Possible buffer over read due to lack of size validation while copying data from DBR buffer to RX buffer and can lead to Denial of Service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastruc...

5.5CVSS5.7AI score0.00109EPSS

CVE•added 2022/09/02 12:15 p.m.•82 views

CVE-2021-35133

Use after free in the synx driver issue while performing other functions during multiple invocation of synx release calls in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

6.7CVSS7.2AI score0.00046EPSS

CVE•added 2023/11/07 6:15 a.m.•82 views

CVE-2023-21671

Memory Corruption in Core during syscall for Sectools Fuse comparison feature.

9.3CVSS7.9AI score0.00062EPSS

CVE•added 2024/11/04 10:15 a.m.•82 views

CVE-2024-38423

Memory corruption while processing GPU page table switch.

7.8CVSS7.9AI score0.00035EPSS

CVE•added 2022/06/14 10:15 a.m.•81 views

CVE-2021-35096

Improper memory allocation during counter check DLM handling can lead to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

7.8CVSS7.5AI score0.00245EPSS

CVE•added 2022/06/14 10:15 a.m.•81 views

CVE-2021-35120

Improper handling between export and release functions on the same handle from client can lead to use after free in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

6.7CVSS6.8AI score0.00036EPSS

CVE•added 2023/10/03 6:15 a.m.•81 views

CVE-2023-24855

Memory corruption in Modem while processing security related configuration before AS Security Exchange.

9.8CVSS9.1AI score0.00213EPSS

CVE•added 2023/10/03 6:15 a.m.•80 views

CVE-2023-24849

Information Disclosure in data Modem while parsing an FMTP line in an SDP message.

8.2CVSS7.5AI score0.00137EPSS

CVE•added 2023/08/08 10:15 a.m.•80 views

CVE-2023-28537

Memory corruption while allocating memory in COmxApeDec module in Audio.

8.4CVSS8.1AI score0.00053EPSS

CVE•added 2022/04/01 5:15 a.m.•79 views

CVE-2021-30333

Improper validation of buffer size input to the EFS file can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

7.8CVSS8AI score0.0012EPSS

CVE•added 2022/06/14 10:15 a.m.•79 views

CVE-2021-30344

Improper authorization of a replayed LTE security mode command can lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

7.8CVSS7.6AI score0.00245EPSS

CVE•added 2023/01/09 8:15 a.m.•79 views

CVE-2022-25725

Denial of service in MODEM due to improper pointer handling

6.2CVSS5.6AI score0.00044EPSS

CVE•added 2023/02/12 4:15 a.m.•79 views

CVE-2022-33248

Memory corruption in User Identity Module due to integer overflow to buffer overflow when a segement is received via qmi http.

7.8CVSS8AI score0.00074EPSS

CVE•added 2023/02/12 4:15 a.m.•79 views

CVE-2022-40512

Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.

7.5CVSS7.6AI score0.00123EPSS

CVE•added 2024/11/22 10:15 a.m.•78 views

CVE-2021-30299

Possible out of bound access in audio module due to lack of validation of user provided input.

6.7CVSS6.5AI score0.00027EPSS

CVE•added 2022/02/11 11:15 a.m.•78 views

CVE-2021-30318

Improper validation of input when provisioning the HDCP key can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables

8.4CVSS7.8AI score0.0012EPSS

CVE•added 2022/06/14 10:15 a.m.•78 views

CVE-2022-22086

Memory corruption in video due to double free while parsing 3gp clip with invalid meta data atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

10CVSS9.5AI score0.00163EPSS

CVE•added 2022/01/03 8:15 a.m.•77 views

CVE-2021-30278

Improper input validation in TrustZone memory transfer interface can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

7.1CVSS5.5AI score0.00045EPSS

CVE•added 2022/06/14 10:15 a.m.•77 views

CVE-2021-30281

Possible unauthorized access to secure space due to improper check of data allowed while flashing the no access control device configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wear...

8.4CVSS7.6AI score0.00143EPSS

CVE•added 2022/06/14 10:15 a.m.•77 views

CVE-2021-30341

Improper buffer size validation of DSM packet received can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables

10CVSS9.6AI score0.00218EPSS

CVE•added 2022/06/14 10:15 a.m.•77 views

CVE-2021-35073

Possible assertion due to improper validation of rank restriction field in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

7.8CVSS7.6AI score0.00245EPSS

CVE•added 2022/06/14 10:15 a.m.•77 views

CVE-2021-35118

An out-of-bounds write can occur due to an incorrect input check in the camera driver in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

6.7CVSS6.7AI score0.00036EPSS

CVE•added 2024/04/01 3:15 p.m.•77 views

CVE-2023-33115

Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.

7.8CVSS8AI score0.0006EPSS

Total number of security vulnerabilities480