175 matches found
CVE-2018-13901
CVE-2018-13901 involves information disclosure due to missing permissions in the Android Manifest within the PCI RCS app across a wide range of Qualcomm/Snapdragon devices (Snapdragon Auto, Connectivity, IoT, Mobile, etc.). Affected components are Android apps that rely on these manifests; the ro...
CVE-2019-2256
The CVE-2019-2256 entry concerns a vulnerability in Qualcomm closed‑source components affecting Snapdragon devices (e.g., Snapdragon Auto/Compute/Connectivity, Snapdragon Mobile, Wearables, IOT, and related variants listed in the Red Hat/Qualcomm advisories). An unprivileged user can craft a bits...
CVE-2018-11934
CVE-2018-11934 is a Qualcomm WLAN-host vulnerability affecting Snapdragon WLAN components (multiple Qualcomm SoCs). The issue is described as a possible out-of-bounds write caused by improper input validation during processing of the DO_ACS vendor command. The Hazard is memory corruption with LOC...
CVE-2018-5911
CVE-2018-5911 describes a buffer overflow in Qualcomm WLAN/SDP WLAN functionality caused by an improper check of buffer size before copying, affecting Snapdragon Auto, Snapdragon Consumer IoT, Snapdragon Industrial IoT, and Snapdragon Mobile in listed Snapdragon/SDM devices (e.g., SD 625/636/675,...
CVE-2018-13911
CVE-2018-13911 affects Qualcomm Snapdragon GNSS XTRA Parser across multiple Snapdragon platforms (Auto, Compute, IoT, Mobile, Wearables, etc.). Root cause is an out-of-bounds memory read/access that may cause unexpected behavior. The vulnerability is documented with a high/critical CVSS impact by...
CVE-2018-5913
Technical details about CVE-2018-5913 are not publicly provided in the supplied documents. No affected product/version or remediation information is stated here. Monitor the sources for updates.
CVE-2018-13906
CVE-2018-13906 involves a timing side-channel in the HMAC authentication of messages from QSEE on Qualcomm Snapdragon platforms, affecting a wide range of Snapdragon Auto/Compute/Connectivity/IoT/Wearables/Networking devices (many Snapdragon SoCs listed). Root cause: timing leakage allows an atta...
CVE-2018-11942
CVE-2018-11942 describes a vulnerability where failure to initialize the reserved memory sent to the firmware may cause exposure of 1 byte of uninitialized kernel SKB memory to the firmware in multiple Qualcomm/Qualcomm-supplied platforms (e.g., Snapdragon Auto, Snapdragon Mobile, IPQ4019, IPQ806...
CVE-2018-11955
CVE-2018-11955: A missing length check on the reason-code in the payload can cause a driver to read memory outside the allocated frame, leading to an out-of-bounds read in Qualcomm/Snapdragon WLAN/driver components across Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon M...
CVE-2019-2259
CVE-2019-2259 refers to a resource allocation error that occurs when playing a video whose dimensions exceed the supported limit on Qualcomm Snapdragon platforms (including Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, etc.). Affected family spans numerous Snapdrag...
CVE-2018-11947
CVE-2018-11947 concerns a double-free in the txrx stats request during pdev detach as the host driver unloads on Snapdragon platforms (multiple Snapdragon Mobile/IoT/industrial devices and various Qualcomm/QCS/QCA/SDM families). The description notes a potential use-after-free style issue in the ...
CVE-2018-5903
CVE-2018-5903 is an out-of-bounds read caused by improper validation of an array when processing the VDEV stop response in Qualcomm WLAN firmware (qcacld 3.0). Affected products span Qualcomm/Snapdragon platforms including Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapd...
CVE-2018-13907
The CVE-2018-13907 entry describes a vulnerability in Qualcomm/Snapdragon components where deserializing a key blob during key operations can trigger a buffer overflow, potentially exposing partial key information across a wide range of Snapdragon devices (IPQ4019, IPQ8074, MDM9... and many SD/So...
CVE-2018-13902
CVE-2018-13902 is described as an out-of-bounds memory read when decoding XTRA files in Qualcomm Snapdragon components (wide range of Snapdragon Auto/Compute/IoT/Wearables/MI devices and more listed). Root cause: improper array index validation in the decoder. Affected products include numerous S...
CVE-2018-13898
CVE-2018-13898 is an out-of-bounds write caused by an incorrect array index check in the PMIC across Qualcomm Snapdragon platforms (e.g., Snapdragon Auto/Compute/Consumer, IoT, Industrial IOT, and various SDM/SD series). Root cause: improper bounds check on an array leading to write past the inte...
CVE-2017-8252
CVE-2017-8252 describes a kernel-level information-disclosure vulnerability in TrustZone across Qualcomm/Snapdragon platforms (e.g., IPQ4019, QCS605, SD families). The root cause is the ability for an attacker to induce faults in TrustZone computations, leading to leakage of sensitive data from m...
CVE-2018-13908
CVE-2018-13908 affects Qualcomm Snapdragon platforms (e.g., Snapdragon Auto/Compute/Connectivity families across numerous SoCs). The issue is a truncated access authentication token that weakens access control for stored secure application data, enabling local attacker access with partial confide...
CVE-2018-11929
CVE-2018-11929 describes a heap/overflow risk from lack of input validation in WLAN handling within Qualcomm-derived SDP/APIs. Public documents (NVD, Red Hat, CNVD, CVE listings) tie the issue to Qualcomm Snapdragon families (e.g., Auto, Consumer IOT, Industrial IOT, Mobile, Voice & Music) across...
CVE-2018-13919
CVE-2018-13919 is a use-after-free vulnerability that can occur when resetting the routing table if an invalid rule id is encountered during the reset command. Affected devices span Qualcomm Snapdragon platforms including Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon C...
CVE-2019-2257
CVE-2019-2257 involves wrong permissions in a configuration file, enabling unauthorized permissions on numerous Qualcomm Snapdragon platforms. Affected families include Snapdragon Auto, Connectivity, Consumer IoT, Industrial IoT, IoT, Mobile, Voice & Music, Wearables, and related configurations a...
CVE-2018-13909
CVE-2018-13909 involves Qualcomm bootloader metadata verification and partial hash system calls that may corrupt the parallel hashing state, causing unexpected behavior across Snapdragon SoCs (e.g., Auto, Compute, Mobile, etc.). The entry is supported by multiple sources (NVD, Red Hat, Android bu...
CVE-2019-2308
CVE-2019-2308 is described across connected docs as a kernel-level issue where fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages (CID-20c40794eb85), enabling a local escalation path to the fastrpc/DSP subsystem. The Astra Linux e...
CVE-2018-11976
The CVE-2018-11976 issue is described in multiple sources as an ECDSA key leakage vulnerability in Qualcomm’s secure environment. Findings indicate that private keys could be exposed from the secure world to the non-secure world via the Qualcomm Secure Execution Environment (QSEE) on Snapdragon-b...
CVE-2019-10529
CVE-2019-10529 is a use-after-free race in Qualcomm’s KGSL kernel path when marking user entries dirty via set_page_dirty, occurring if page->mapping is freed concurrently. It affects Snapdragon/KGSL GPU components and is associated with a documented exploit (exploit-db 46941). The provided do...
CVE-2018-11271
CVE-2018-11271 is an improper authentication vulnerability affecting Qualcomm Snapdragon platforms (broad range of Snapdragon Auto/Compute/Connectivity/IoT families and related devices). The issue relates to remote command handling caused by improper event handling, enabling potential unauthorize...
CVE-2018-13885
CVE-2018-13885 describes a memory overread in Qualcomm Snapdragon components (e.g., Snapdragon Auto/Compute/IoT, mobile, wearables) that could allow access to sensitive data. The issue is documented across multiple sources (NVD, Red Hat, CVE list, PRION) with consistent wording: a memory overread...
CVE-2019-2264
CVE-2019-2264 describes a null pointer dereference for the channel context when opening the glink channel in Qualcomm Snapdragon families (Snapdragon Auto/Consumer IoT/Mobile/Voice & Music/Wearables) across listed chips (MDM9607, MDM9640, MSM8909W, QCS405, QCS605, SD 425/427/430/435/439/429/450/6...
CVE-2018-13886
Technical details about CVE-2018-13886 are not publicly available in the provided documents; no affected products, versions, or fixes are specified here. Monitor for updates.
CVE-2019-2260
The CVE-2019-2260 entry describes a race condition in perf-event processing that can lead to a use-after-free condition affecting Qualcomm Snapdragon platforms (various Auto/Compute/IoT lines). Concrete details from connected documents identify the vulnerable component(s) as Qualcomm Snapdragon k...
CVE-2019-2277
CVE-2019-2277 affects Qualcomm Snapdragon WLAN-related components (e.g., MSM8996AU and related SD/SDX devices). The issue is described as an out-of-bounds read caused by lack of NULL termination on user-controlled data in WLAN paths across numerous Snapdragon platforms. CVSS metrics in the Datapo...
CVE-2019-2250
CVE-2019-2250 : A kernel flaw in Qualcomm Snapdragon devices allows a local attacker to write to an arbitrary memory address passed by user when freeing/stopping a thread. Affected platforms include Snapdragon Compute/Consumer IOT/Industrial IOT and Snapdragon Mobile (QCS605, SD 675, 712/710/670,...
CVE-2018-11940
CVE-2018-11940 is a Qualcomm WLAN Host vulnerability caused by a lack of length validation before memcpy in the WLAN function, leading to out-of-bounds access in multiple Snapdragon platforms (Auto/Compute/Consumer IOT/Industrial IOT, Mobile) across listed SoCs. Connected sources confirm affected...
CVE-2018-11967
CVE-2018-11967 concerns signature verification of the skel library that could be disabled because the memory region where the library is loaded is allocated from userspace in Qualcomm/Snapdragon subsystems. Affected products span Snapdragon Auto, Compute, Connectivity, Consumer IoT, Industrial Io...
CVE-2018-13896
CVE-2018-13896 affects Qualcomm closed-source components (XBL_SEC image authentication and related crypto checks) across Snapdragon platforms. Root cause: missing lock at the XBL_SEC stage allowing a compromised OEM XBL Loader to access image authentication and crypto validations. Impact per sour...
CVE-2019-2269
CVE-2019-2269 describes a possible buffer overflow in Qualcomm Snapdragon components when processing the high level lim process action frame due to improper buffer length validation. Affected products include Snapdragon Auto/Compute/Consumer IOT/Industrial IOT/Mobile/Voice & Music across numerous...
CVE-2018-11288
CVE-2018-11288 describes a potential undefined behavior caused by a missing size check in a function parameter segment_idx, which can lead to a read outside the intended region. Affected products are Qualcomm Snapdragon lines across automotive, mobile, and wearables, including devices based on MD...
CVE-2019-10538
CVE-2019-10538 is a Qualcomm Qualcomm WLAN/modem/Linux-kernel-driver issue caused by a lack of check of address range received from firmware, allowing the modem to respond with arbitrary pages into the HLOS address space and potentially compromise the device OS. Affected stack includes Snapdragon...
CVE-2019-2243
CVE-2019-2243 describes a possible buffer overflow at the end of an iteration when retrieving version information, potentially leading to information disclosure. Affected components are Qualcomm Snapdragon family (across numerous Snapdragon Auto/Compute/IoT lines and related SoCs listed in the de...
CVE-2019-2261
CVE-2019-2261 describes information disclosure caused by unauthorized access from the GPU subsystem to HLOS/non-secure memory. The vulnerability affects Qualcomm devices across multiple Snapdragon families (e.g., IPQ8074, MDM9xxx, MSM8xxx, SD-series including SD625/SD820/SD835/SD845/SD850, SDM43x...
CVE-2018-13887
CVE-2018-13887 describes an integer overflow vulnerability caused by untrusted header fields in the GNSS XTRA3 function, affecting Qualcomm Snapdragon platforms (Auto, Compute, IOT variants across multiple Snapdragon and QC700-series devices). The root cause is untrusted data in GNSS XTRA3 header...
CVE-2018-13899
CVE-2018-13899 describes a use-after-free memory fault in Qualcomm Snapdragon components when processing messages after an error, affecting a wide range of Snapdragon Auto/Compute/Connectivity/IoT/Wearables platforms (e.g., SDM630/660/665/670/675/820/845/855 and related QCS/SDA/X20/X24/X5 familie...
CVE-2018-13924
The CVE-2018-13924 entry concerns a buffer length validation flaw that can take negative values, causing a stack overflow in Qualcomm components across many Snapdragon platforms (Auto/Compute/Connectivity/IOT/Industrial IOT, Mobile, Wearables, etc.) including IPQ8074 family and various SD/SM/QR s...
CVE-2019-10506
CVE-2019-10506 concerns the QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY path in certain Qualcomm/SDP drivers where data from user space is not validated, causing undesired behavior in a wide range of Snapdragon-based devices. The issue is described as a local vulnerability with low privileges requi...
CVE-2019-10539
CVE-2019-10539 affects Qualcomm WLAN firmware in a wide range of Snapdragon chipsets (e.g., IPQ8074, MSM8xxx, QCA... and SD-series) where a missing length check when parsing the extended cap IE header length can trigger a buffer overflow. Reports describe this as a potential remote WLAN/firmware ...
CVE-2018-12005
CVE-2018-12005: Unprivileged user can issue a binder call to trigger a system halt on Qualcomm Snapdragon devices (wide range of Snapdragon Auto/Compute/IoT/Mobile families listed). Root cause described as Binder/CVE in Qualcomm components; affected products include Snapdragon 210/400/600/800 ser...
CVE-2019-10507
CVE-2019-10507 describes a vulnerability in Qualcomm/Snapdragon firmware where the device fails to validate extscan change results from firmware, allowing an out-of-bounds read in multiple Snapdragon families (Auto, Connectivity, IOT, etc.). The root cause is lack of proper bounds/checks during e...
CVE-2018-12012
CVE-2018-12012 affects Qualcomm Snapdragon platforms where the blacklisting mechanism uses a shared buffered memory region during boot. The root cause described is that updates to the blacklist are not validated against the newly updated blacklist, allowing boot‑up to be compromised on a wide set...
CVE-2019-10540
CVE-2019-10540 is a buffer overflow in the WLAN firmware (Qualcomm/QualPwn context) affecting multiple Snapdragon platforms, where a missing bounds check on the NAN availability attribute count enables overrun in the WLAN/NAN path. Affected hardware includes IPQ8074, MSM8996AU, QCA6174A, QCA6574A...
CVE-2019-2244
CVE-2019-2244 affects Qualcomm Snapdragon firmware components across a wide range of SoCs. The issue is a possible integer underflow when calculating the length of elementary stream info from an invalid section length, which is then used to read from the input buffer. Impact is described as poten...
CVE-2018-11928
CVE-2018-11928 is a buffer-overflow vulnerability caused by a missing length parameter check when processing WMI commands in Qualcomm Snapdragon components. Affected are Snapdragon Auto/Compute/Connectivity devices (various SD/SM/QCA platforms) and related Android stack components that use Qualco...