283 matches found
CVE-2018-13901
CVE-2018-13901 involves information disclosure due to missing permissions in the Android Manifest within the PCI RCS app across a wide range of Qualcomm/Snapdragon devices (Snapdragon Auto, Connectivity, IoT, Mobile, etc.). Affected components are Android apps that rely on these manifests; the ro...
CVE-2018-5913
Technical details about CVE-2018-5913 are not publicly provided in the supplied documents. No affected product/version or remediation information is stated here. Monitor the sources for updates.
CVE-2018-13906
CVE-2018-13906 involves a timing side-channel in the HMAC authentication of messages from QSEE on Qualcomm Snapdragon platforms, affecting a wide range of Snapdragon Auto/Compute/Connectivity/IoT/Wearables/Networking devices (many Snapdragon SoCs listed). Root cause: timing leakage allows an atta...
CVE-2018-11955
CVE-2018-11955: A missing length check on the reason-code in the payload can cause a driver to read memory outside the allocated frame, leading to an out-of-bounds read in Qualcomm/Snapdragon WLAN/driver components across Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon M...
CVE-2018-5903
CVE-2018-5903 is an out-of-bounds read caused by improper validation of an array when processing the VDEV stop response in Qualcomm WLAN firmware (qcacld 3.0). Affected products span Qualcomm/Snapdragon platforms including Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapd...
CVE-2018-13907
The CVE-2018-13907 entry describes a vulnerability in Qualcomm/Snapdragon components where deserializing a key blob during key operations can trigger a buffer overflow, potentially exposing partial key information across a wide range of Snapdragon devices (IPQ4019, IPQ8074, MDM9... and many SD/So...
CVE-2017-8252
CVE-2017-8252 describes a kernel-level information-disclosure vulnerability in TrustZone across Qualcomm/Snapdragon platforms (e.g., IPQ4019, QCS605, SD families). The root cause is the ability for an attacker to induce faults in TrustZone computations, leading to leakage of sensitive data from m...
CVE-2018-13908
CVE-2018-13908 affects Qualcomm Snapdragon platforms (e.g., Snapdragon Auto/Compute/Connectivity families across numerous SoCs). The issue is a truncated access authentication token that weakens access control for stored secure application data, enabling local attacker access with partial confide...
CVE-2019-2257
CVE-2019-2257 involves wrong permissions in a configuration file, enabling unauthorized permissions on numerous Qualcomm Snapdragon platforms. Affected families include Snapdragon Auto, Connectivity, Consumer IoT, Industrial IoT, IoT, Mobile, Voice & Music, Wearables, and related configurations a...
CVE-2018-11939
CVE-2018-11939 affects Qualcomm-based WLAN components (e.g., Snapdragon WLAN host/MDM platforms) where a use-after-issue in WLAN functionality occurs due to multiple ACS scan requests in parallel. The NVD entry lists a Local access vector with Low attack complexity and no authentication, yielding...
CVE-2019-10529
CVE-2019-10529 is a use-after-free race in Qualcomm’s KGSL kernel path when marking user entries dirty via set_page_dirty, occurring if page->mapping is freed concurrently. It affects Snapdragon/KGSL GPU components and is associated with a documented exploit (exploit-db 46941). The provided do...
CVE-2018-11976
The CVE-2018-11976 issue is described in multiple sources as an ECDSA key leakage vulnerability in Qualcomm’s secure environment. Findings indicate that private keys could be exposed from the secure world to the non-secure world via the Qualcomm Secure Execution Environment (QSEE) on Snapdragon-b...
CVE-2018-11271
CVE-2018-11271 is an improper authentication vulnerability affecting Qualcomm Snapdragon platforms (broad range of Snapdragon Auto/Compute/Connectivity/IoT families and related devices). The issue relates to remote command handling caused by improper event handling, enabling potential unauthorize...
CVE-2018-13886
Technical details about CVE-2018-13886 are not publicly available in the provided documents; no affected products, versions, or fixes are specified here. Monitor for updates.
CVE-2018-11953
CVE-2018-11953 describes a potential out-of-bounds access when processing the SSID IE length from a remote AP in Qualcomm WLAN/WiFi stack. Affected are Snapdragon platforms including Auto, CE Connectivity, C IoT, Industrial IoT, IoT, Mobile, Voice & Music, and Wearables (many chipsets listed: MDM...
CVE-2019-2243
CVE-2019-2243 describes a possible buffer overflow at the end of an iteration when retrieving version information, potentially leading to information disclosure. Affected components are Qualcomm Snapdragon family (across numerous Snapdragon Auto/Compute/IoT lines and related SoCs listed in the de...
CVE-2018-11958
CVE-2018-11958 affects a wide range of Qualcomm Snapdragon platforms (e.g., Snapdragon Auto/Consumer/IoT/Industrial IoT, Snapdragon Mobile, Snapdragon Voice & Music) and related Media/SoC components. The root issue is insufficient protection of keypad keys, which could allow a high-security, high...
CVE-2018-13924
The CVE-2018-13924 entry concerns a buffer length validation flaw that can take negative values, causing a stack overflow in Qualcomm components across many Snapdragon platforms (Auto/Compute/Connectivity/IOT/Industrial IOT, Mobile, Wearables, etc.) including IPQ8074 family and various SD/SM/QR s...
CVE-2019-2244
CVE-2019-2244 affects Qualcomm Snapdragon firmware components across a wide range of SoCs. The issue is a possible integer underflow when calculating the length of elementary stream info from an invalid section length, which is then used to read from the input buffer. Impact is described as poten...
CVE-2014-9986
CVE-2014-9986 concerns Android devices with Qualcomm components (e.g., Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear MSM8909W, SD系列) where in playready_licacq_process_response(), the length of the cbResponse is not validated and is controlled by the HLOS. If cbResponse is too large, a...
CVE-2018-12012
CVE-2018-12012 affects Qualcomm Snapdragon platforms where the blacklisting mechanism uses a shared buffered memory region during boot. The root cause described is that updates to the blacklist are not validated against the newly updated blacklist, allowing boot‑up to be compromised on a wide set...
CVE-2018-13895
CVE-2018-13895 describes an issue where missing permissions on several content providers in the RCS app’s Android manifest could enable unprivileged access on Qualcomm Snapdragon platforms (covering a broad set of Snapdragon Auto, Compute, Connectivity, IoT, Wearable, and related devices). The ro...
CVE-2018-13925
CVE-2018-13925 describes a heap-use-after-free in Qualcomm Snapdragon devices caused by an error in parsing the PMT table, where memory is freed but the context map reference is not reset. Affected products span Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, IoT, Mobile, We...
CVE-2015-9165
CVE-2015-9165 affects Android devices with Qualcomm Snapdragon/related SoCs (IPQ4019, MDM9206, MDM9607, MSM8909W, SD 210/212/205, SD 400/410/12/615/16/ SD 415/617/650/52/ SD 808/810) where a flaw in the QTEE file service API allows a double-free due to incorrect error handling. The vulnerability ...
CVE-2015-9131
CVE-2015-9131 corresponds to an input validation flaw in Qualcomm’s qsee on Android devices, affecting Snapdragon targets (SD 400/410/12, 615/16/SD 415, 800, 808, 810). The issue can enable unauthorized memory access due to lack of input validation. Public details in the connected documents show ...
CVE-2019-10497
Technical details about CVE-2019-10497 are not publicly provided in the supplied documents. No specifics on affected products, root cause, or fixes are available here. Monitor for updates.
CVE-2019-2248
CVE-2019-2248 describes a buffer overflow that can occur when an invalid header overwrites an existing buffer with a fixed-size allocation, affecting a wide range of Qualcomm Snapdragon products (e.g., Snapdragon Auto/Compute/Connectivity, Snapdragon IoT/Wearables, Snapdragon 615/16, 625, 820/820...
CVE-2015-9128
CVE-2015-9128 describes a buffer overread caused by lack of validation of the buffer size in Android on Qualcomm Snapdragon platforms (Automobile, Mobile, Wear) across multiple SD/x variants. The issue affects devices with Android before the 2018-04-05 security patch level and is addressed by the...
CVE-2017-18131
In CVE-2017-18131, the issue is in QTEE where an incorrect fuse value can be blown on Qualcomm Snapdragon platforms (list of Snapdragon Automotive/Mobile/Wear variants and chipsets). The connected sources (NVD/NVD listing and CVE records) specify the affected families and device suffixes, with ro...
CVE-2017-11004
CVE-2017-11004 affects Qualcomm Snapdragon components across multiple platforms (e.g., IPQ8074, MDM9xxx, MSM8996AU and a wide range of SD-series chipsets) where a non-secure user can access certain registers in Snapdragon Automotive, Mobile and Wear devices. The impact is local with partial confi...
CVE-2015-9198
Summary of CVE-2015-9198 : An integer underflow in the Qualcomm qsee_register_log_buff function allows writing beyond intended bounds, potentially corrupting secure memory. The public records identify affected Android builds on Qualcomm-based devices (e.g., Snapdragon Automobile, Snapdragon Mobil...
CVE-2018-11938
CVE-2018-11938 affects Qualcomm/Snapdragon components (e.g., IPQ8074, MSM89xx, SDx series, etc.) via improper input validation of an HLOS argument, causing potential buffer overflows and unexpected behavior. Root cause is input validation failure in the argument path from HLOS; impact could invol...
CVE-2019-10491
CVE-2019-10491 affects Qualcomm ADSP (Audio DSP) across a broad set of Snapdragon platforms (e.g., IPQ4019, IPQ8064, IPQ8074, MDM9150/9206/9607/9640/9650, MSM8909W/8996AU, QCS405/605, SD-series like SD 210–435/439, SD 450, 615/16/625/632/636/665/675, 712/710/670, 730, 820/820A, 835, 845/850, 855,...
CVE-2019-2247
CVE-2019-2247 involves a potential double-free condition triggered when running multiple smp2p tests due to missing protection for a global variable across Qualcomm Snapdragon platforms (Auto/Compute/IoT/Industrial IoT/Smart wearables and multiple SoCs). The issue affects a broad set of devices (...
CVE-2014-9997
CVE-2014-9997 affects Android on Qualcomm Snapdragon platforms (various SoCs) where PRDiagMaintenanceHandler lacks input validation, causing a buffer over-read. The issue spans multiple Snapdragon products listed in the initial description; CVSS scores indicate Critical impact (C/H, I/H, A/H) wit...
CVE-2016-10448
CVE-2016-10448 affects Android on Qualcomm Snapdragon platforms (multiple SoCs) where addSA/updateSA commands on the same SA can race. The root cause is that APIs addSA and updateSA access the global ipsec_sa_list[] without mutex protection, enabling memory corruption under concurrent operations....
CVE-2017-18172
CVE-2017-18172 describes a local vulnerability in various Snapdragon Mobile/Automotive platforms where a check of a contiguous buffer can overflow for certain buffer sizes, causing an Integer Overflow or Wraparound in System UI. Affected are devices with large screen resolutions (e.g., 1440x2560)...
CVE-2018-12004
CVE-2018-12004 affects Qualcomm Snapdragon-based mobile/embedded platforms (e.g., Snapdragon Auto, Compute, Consumer Electronics Connectivity, IOT, Industrial IOT, Mobile, Wearables) and related SoCs (e.g., SDM63x/SD 210–SD 845 family). The vulnerability description indicates that the secure keyp...
CVE-2018-5852
CVE-2018-5852 describes an unsigned integer underflow in the Qualcomm IPA driver that results in a buffer over-read when reading NAT entries via the debugfs path /sys/kernel/debug/ipa/ip4_nat. The vulnerability is tied to the IPA driver component and affects Qualcomm chipsets; the underlying issu...
CVE-2017-18146
CVE-2017-18146 affects Android on Qualcomm Snapdragon platforms (Automobile, Mobile, Wear; various SDM/MDM/SD chips). In vulnerable builds prior to the 2018-04-05 patch level, ECDSA signature verification can fail in corner cases, potentially impacting message authentication. The issue is listed ...
CVE-2017-18298
CVE-2017-18298 describes a lack of input validation in the SDMX API that can cause NULL pointer dereference in Qualcomm Snapdragon platforms listed (e.g., MDM9206/9607/9650; MSM8996AU; SD 210/212/205, 410/12, 425, 430, 450, 615/16/ SD 415, 617, 625, 650/52, 810, 820/820A, 835, 845, 850, SDA660). ...
CVE-2017-18313
CVE-2017-18313 affects Qualcomm Snapdragon platforms where DirectX/ DXE memory (DXE-accessible memory) is within the authenticated image, enabling potential access to tamper with the WCNSS firmware stored in DDR. Affected devices include Snapdragon Mobile and Wear variants across MSM8909W, SD 210...
CVE-2017-18329
CVE-2017-18329 describes a potential buffer overflow in RTP packet handling on Qualcomm Snapdragon automotive and wearable platforms. Affected are Snapdragon Automotive/Wear devices across listed Snapdragon/HW variants (e.g., MDM9615/9625/9635M/9640/9645/9650/9655, MSM8909W, MSM8996AU, SD 210–SD ...
CVE-2018-11971
CVE-2018-11971 concerns an interrupt exit code flow issue that may undermine the TrustZone access control on Qualcomm Snapdragon platforms (e.g., Snapdragon Auto/Compute/Consumer devices and various Qualcomm SoCs). Descriptions across sources consistently state risk of secure asset leakage within...
CVE-2018-12013
CVE-2018-12013 : The issue is an improper authentication flaw in a locked memory region that can grant unprivileged access to memory in multiple Qualcomm Snapdragon products (e.g., Snapdragon Auto/Compute/IoT lines and various SDM/SD chips). Root cause: insufficient authentication controls within...
CVE-2018-5876
The CVE-2018-5876 issue affects Snapdragon Automotive, Snapdragon Mobile, and Snapdragon Wear. It stems from a buffer overflow while parsing MP4 files. The documented impact is high: CVSS v3 base score 8.8 (Network attack, no privileges required, user interaction required) with high confidentiali...
CVE-2019-2245
CVE-2019-2245 is a Qualcomm/Snapdragon vulnerability describing a possible integer underflow when calculating the length of an elementary stream map from an invalid packet length, which is then used to read from an input buffer. Affected products include a broad set of Snapdragon platforms (Auto,...
CVE-2015-9122
CVE-2015-9122 describes a possible buffer overflow in Android on Qualcomm Snapdragon/mobile SoCs when a SIM response exceeds 64 KB for a stream APDU command. Affected products include a wide range of Qualcomm/Snapdragon modems and Android devices, with the issue stemming from handling large APDU ...
CVE-2015-9207
CVE-2015-9207 describes a buffer overread in playready_getadditional_responsedata due to insufficient input validation, affecting Android devices on Qualcomm Snapdragon Mobile and Snapdragon Wear (MSM8909W) and a range of Qualcomm SoCs (SD 210/212/205, 400, 410/12, 615/16/415, 617, 650/52, 800, 8...
CVE-2016-10420
CVE-2016-10420 affects Android devices with Qualcomm Snapdragon/mobile platforms listed (e.g., MDM9206/9607/9650 and SD family up to SDX20). The issue arises while playing a .flv clip that lacks an inbuilt seek table, where a dynamic index table access goes out of bounds, causing a crash (availab...