Lucene search
K
QualcommSd 670 Firmware

175 matches found

CVE
CVE
added 2019/06/14 5:2 p.m.307 views

CVE-2018-13901

CVE-2018-13901 involves information disclosure due to missing permissions in the Android Manifest within the PCI RCS app across a wide range of Qualcomm/Snapdragon devices (Snapdragon Auto, Connectivity, IoT, Mobile, etc.). Affected components are Android apps that rely on these manifests; the ro...

5.5CVSS5.5AI score0.00195EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.283 views

CVE-2019-2256

The CVE-2019-2256 entry concerns a vulnerability in Qualcomm closed‑source components affecting Snapdragon devices (e.g., Snapdragon Auto/Compute/Connectivity, Snapdragon Mobile, Wearables, IOT, and related variants listed in the Red Hat/Qualcomm advisories). An unprivileged user can craft a bits...

10CVSS9.5AI score0.01529EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.277 views

CVE-2018-11934

CVE-2018-11934 is a Qualcomm WLAN-host vulnerability affecting Snapdragon WLAN components (multiple Qualcomm SoCs). The issue is described as a possible out-of-bounds write caused by improper input validation during processing of the DO_ACS vendor command. The Hazard is memory corruption with LOC...

7.8CVSS7.8AI score0.00198EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.274 views

CVE-2018-5911

CVE-2018-5911 describes a buffer overflow in Qualcomm WLAN/SDP WLAN functionality caused by an improper check of buffer size before copying, affecting Snapdragon Auto, Snapdragon Consumer IoT, Snapdragon Industrial IoT, and Snapdragon Mobile in listed Snapdragon/SDM devices (e.g., SD 625/636/675,...

7.8CVSS7.9AI score0.00216EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.273 views

CVE-2018-13911

CVE-2018-13911 affects Qualcomm Snapdragon GNSS XTRA Parser across multiple Snapdragon platforms (Auto, Compute, IoT, Mobile, Wearables, etc.). Root cause is an out-of-bounds memory read/access that may cause unexpected behavior. The vulnerability is documented with a high/critical CVSS impact by...

10CVSS9.2AI score0.00988EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.271 views

CVE-2018-5913

Technical details about CVE-2018-5913 are not publicly provided in the supplied documents. No affected product/version or remediation information is stated here. Monitor the sources for updates.

7.8CVSS7.4AI score0.00208EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.229 views

CVE-2018-13906

CVE-2018-13906 involves a timing side-channel in the HMAC authentication of messages from QSEE on Qualcomm Snapdragon platforms, affecting a wide range of Snapdragon Auto/Compute/Connectivity/IoT/Wearables/Networking devices (many Snapdragon SoCs listed). Root cause: timing leakage allows an atta...

9.1CVSS9AI score0.00665EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.225 views

CVE-2018-11942

CVE-2018-11942 describes a vulnerability where failure to initialize the reserved memory sent to the firmware may cause exposure of 1 byte of uninitialized kernel SKB memory to the firmware in multiple Qualcomm/Qualcomm-supplied platforms (e.g., Snapdragon Auto, Snapdragon Mobile, IPQ4019, IPQ806...

5.5CVSS5.6AI score0.00192EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.223 views

CVE-2018-11955

CVE-2018-11955: A missing length check on the reason-code in the payload can cause a driver to read memory outside the allocated frame, leading to an out-of-bounds read in Qualcomm/Snapdragon WLAN/driver components across Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon M...

9.8CVSS9.1AI score0.00815EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.223 views

CVE-2019-2259

CVE-2019-2259 refers to a resource allocation error that occurs when playing a video whose dimensions exceed the supported limit on Qualcomm Snapdragon platforms (including Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, etc.). Affected family spans numerous Snapdrag...

10CVSS9.3AI score0.00935EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.219 views

CVE-2018-11947

CVE-2018-11947 concerns a double-free in the txrx stats request during pdev detach as the host driver unloads on Snapdragon platforms (multiple Snapdragon Mobile/IoT/industrial devices and various Qualcomm/QCS/QCA/SDM families). The description notes a potential use-after-free style issue in the ...

5.5CVSS5.7AI score0.00195EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.218 views

CVE-2018-5903

CVE-2018-5903 is an out-of-bounds read caused by improper validation of an array when processing the VDEV stop response in Qualcomm WLAN firmware (qcacld 3.0). Affected products span Qualcomm/Snapdragon platforms including Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapd...

7.8CVSS7.6AI score0.0022EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.210 views

CVE-2018-13907

The CVE-2018-13907 entry describes a vulnerability in Qualcomm/Snapdragon components where deserializing a key blob during key operations can trigger a buffer overflow, potentially exposing partial key information across a wide range of Snapdragon devices (IPQ4019, IPQ8074, MDM9... and many SD/So...

5.3CVSS5.6AI score0.00665EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.207 views

CVE-2018-13902

CVE-2018-13902 is described as an out-of-bounds memory read when decoding XTRA files in Qualcomm Snapdragon components (wide range of Snapdragon Auto/Compute/IoT/Wearables/MI devices and more listed). Root cause: improper array index validation in the decoder. Affected products include numerous S...

7.5CVSS7.6AI score0.00678EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.156 views

CVE-2018-13898

CVE-2018-13898 is an out-of-bounds write caused by an incorrect array index check in the PMIC across Qualcomm Snapdragon platforms (e.g., Snapdragon Auto/Compute/Consumer, IoT, Industrial IOT, and various SDM/SD series). Root cause: improper bounds check on an array leading to write past the inte...

9.8CVSS9.3AI score0.00733EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.154 views

CVE-2017-8252

CVE-2017-8252 describes a kernel-level information-disclosure vulnerability in TrustZone across Qualcomm/Snapdragon platforms (e.g., IPQ4019, QCS605, SD families). The root cause is the ability for an attacker to induce faults in TrustZone computations, leading to leakage of sensitive data from m...

5.5CVSS5.5AI score0.00224EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.149 views

CVE-2018-13908

CVE-2018-13908 affects Qualcomm Snapdragon platforms (e.g., Snapdragon Auto/Compute/Connectivity families across numerous SoCs). The issue is a truncated access authentication token that weakens access control for stored secure application data, enabling local attacker access with partial confide...

7.8CVSS7.8AI score0.00192EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.148 views

CVE-2018-11929

CVE-2018-11929 describes a heap/overflow risk from lack of input validation in WLAN handling within Qualcomm-derived SDP/APIs. Public documents (NVD, Red Hat, CNVD, CVE listings) tie the issue to Qualcomm Snapdragon families (e.g., Auto, Consumer IOT, Industrial IOT, Mobile, Voice & Music) across...

7.8CVSS7.8AI score0.00197EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.146 views

CVE-2018-13919

CVE-2018-13919 is a use-after-free vulnerability that can occur when resetting the routing table if an invalid rule id is encountered during the reset command. Affected devices span Qualcomm Snapdragon platforms including Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon C...

7.8CVSS7.7AI score0.00211EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.145 views

CVE-2019-2257

CVE-2019-2257 involves wrong permissions in a configuration file, enabling unauthorized permissions on numerous Qualcomm Snapdragon platforms. Affected families include Snapdragon Auto, Connectivity, Consumer IoT, Industrial IoT, IoT, Mobile, Voice & Music, Wearables, and related configurations a...

7.8CVSS7.6AI score0.00182EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.139 views

CVE-2018-13909

CVE-2018-13909 involves Qualcomm bootloader metadata verification and partial hash system calls that may corrupt the parallel hashing state, causing unexpected behavior across Snapdragon SoCs (e.g., Auto, Compute, Mobile, etc.). The entry is supported by multiple sources (NVD, Red Hat, Android bu...

7CVSS6.9AI score0.00138EPSS
CVE
CVE
added 2019/07/25 4:33 p.m.135 views

CVE-2019-2308

CVE-2019-2308 is described across connected docs as a kernel-level issue where fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages (CID-20c40794eb85), enabling a local escalation path to the fastrpc/DSP subsystem. The Astra Linux e...

7.8CVSS7.5AI score0.00211EPSS
CVE
CVE
added 2019/05/24 4:44 p.m.125 views

CVE-2018-11976

The CVE-2018-11976 issue is described in multiple sources as an ECDSA key leakage vulnerability in Qualcomm’s secure environment. Findings indicate that private keys could be exposed from the secure world to the non-secure world via the Qualcomm Secure Execution Environment (QSEE) on Snapdragon-b...

5.5CVSS5.7AI score0.00204EPSS
CVE
CVE
added 2019/11/06 5:11 p.m.124 views

CVE-2019-10529

CVE-2019-10529 is a use-after-free race in Qualcomm’s KGSL kernel path when marking user entries dirty via set_page_dirty, occurring if page->mapping is freed concurrently. It affects Snapdragon/KGSL GPU components and is associated with a documented exploit (exploit-db 46941). The provided do...

9.3CVSS8.1AI score0.01738EPSS
CVE
CVE
added 2019/05/24 4:32 p.m.99 views

CVE-2018-11271

CVE-2018-11271 is an improper authentication vulnerability affecting Qualcomm Snapdragon platforms (broad range of Snapdragon Auto/Compute/Connectivity/IoT families and related devices). The issue relates to remote command handling caused by improper event handling, enabling potential unauthorize...

9.8CVSS9.6AI score0.00807EPSS
CVE
CVE
added 2019/05/24 4:44 p.m.88 views

CVE-2018-13885

CVE-2018-13885 describes a memory overread in Qualcomm Snapdragon components (e.g., Snapdragon Auto/Compute/IoT, mobile, wearables) that could allow access to sensitive data. The issue is documented across multiple sources (NVD, Red Hat, CVE list, PRION) with consistent wording: a memory overread...

5.5CVSS5.7AI score0.00204EPSS
CVE
CVE
added 2019/07/22 1:47 p.m.88 views

CVE-2019-2264

CVE-2019-2264 describes a null pointer dereference for the channel context when opening the glink channel in Qualcomm Snapdragon families (Snapdragon Auto/Consumer IoT/Mobile/Voice & Music/Wearables) across listed chips (MDM9607, MDM9640, MSM8909W, QCS405, QCS605, SD 425/427/430/435/439/429/450/6...

7.8CVSS7.7AI score0.00215EPSS
CVE
CVE
added 2019/05/24 4:44 p.m.85 views

CVE-2018-13886

Technical details about CVE-2018-13886 are not publicly available in the provided documents; no affected products, versions, or fixes are specified here. Monitor for updates.

10CVSS9.6AI score0.01112EPSS
CVE
CVE
added 2019/07/22 1:47 p.m.85 views

CVE-2019-2260

The CVE-2019-2260 entry describes a race condition in perf-event processing that can lead to a use-after-free condition affecting Qualcomm Snapdragon platforms (various Auto/Compute/IoT lines). Concrete details from connected documents identify the vulnerable component(s) as Qualcomm Snapdragon k...

7CVSS7AI score0.0014EPSS
CVE
CVE
added 2019/07/22 1:47 p.m.84 views

CVE-2019-2277

CVE-2019-2277 affects Qualcomm Snapdragon WLAN-related components (e.g., MSM8996AU and related SD/SDX devices). The issue is described as an out-of-bounds read caused by lack of NULL termination on user-controlled data in WLAN paths across numerous Snapdragon platforms. CVSS metrics in the Datapo...

7.8CVSS7.5AI score0.00198EPSS
CVE
CVE
added 2019/05/24 4:44 p.m.83 views

CVE-2019-2250

CVE-2019-2250 : A kernel flaw in Qualcomm Snapdragon devices allows a local attacker to write to an arbitrary memory address passed by user when freeing/stopping a thread. Affected platforms include Snapdragon Compute/Consumer IOT/Industrial IOT and Snapdragon Mobile (QCS605, SD 675, 712/710/670,...

7.8CVSS7.6AI score0.00208EPSS
CVE
CVE
added 2019/05/24 4:36 p.m.82 views

CVE-2018-11940

CVE-2018-11940 is a Qualcomm WLAN Host vulnerability caused by a lack of length validation before memcpy in the WLAN function, leading to out-of-bounds access in multiple Snapdragon platforms (Auto/Compute/Consumer IOT/Industrial IOT, Mobile) across listed SoCs. Connected sources confirm affected...

10CVSS9.3AI score0.00945EPSS
CVE
CVE
added 2019/05/24 4:44 p.m.81 views

CVE-2018-11967

CVE-2018-11967 concerns signature verification of the skel library that could be disabled because the memory region where the library is loaded is allocated from userspace in Qualcomm/Snapdragon subsystems. Affected products span Snapdragon Auto, Compute, Connectivity, Consumer IoT, Industrial Io...

7.8CVSS7.7AI score0.00211EPSS
CVE
CVE
added 2019/07/22 1:47 p.m.79 views

CVE-2018-13896

CVE-2018-13896 affects Qualcomm closed-source components (XBL_SEC image authentication and related crypto checks) across Snapdragon platforms. Root cause: missing lock at the XBL_SEC stage allowing a compromised OEM XBL Loader to access image authentication and crypto validations. Impact per sour...

7.8CVSS7.7AI score0.0021EPSS
CVE
CVE
added 2019/07/22 1:47 p.m.79 views

CVE-2019-2269

CVE-2019-2269 describes a possible buffer overflow in Qualcomm Snapdragon components when processing the high level lim process action frame due to improper buffer length validation. Affected products include Snapdragon Auto/Compute/Consumer IOT/Industrial IOT/Mobile/Voice & Music across numerous...

9.8CVSS9.6AI score0.00738EPSS
CVE
CVE
added 2019/01/18 10:0 p.m.78 views

CVE-2018-11288

CVE-2018-11288 describes a potential undefined behavior caused by a missing size check in a function parameter segment_idx, which can lead to a read outside the intended region. Affected products are Qualcomm Snapdragon lines across automotive, mobile, and wearables, including devices based on MD...

7.8CVSS7.4AI score0.00234EPSS
CVE
CVE
added 2019/09/30 3:40 p.m.77 views

CVE-2019-10538

CVE-2019-10538 is a Qualcomm Qualcomm WLAN/modem/Linux-kernel-driver issue caused by a lack of check of address range received from firmware, allowing the modem to respond with arbitrary pages into the HLOS address space and potentially compromise the device OS. Affected stack includes Snapdragon...

10CVSS9.3AI score0.01106EPSS
CVE
CVE
added 2019/07/22 1:47 p.m.77 views

CVE-2019-2243

CVE-2019-2243 describes a possible buffer overflow at the end of an iteration when retrieving version information, potentially leading to information disclosure. Affected components are Qualcomm Snapdragon family (across numerous Snapdragon Auto/Compute/IoT lines and related SoCs listed in the de...

5.5CVSS5.8AI score0.00194EPSS
CVE
CVE
added 2019/07/22 1:47 p.m.77 views

CVE-2019-2261

CVE-2019-2261 describes information disclosure caused by unauthorized access from the GPU subsystem to HLOS/non-secure memory. The vulnerability affects Qualcomm devices across multiple Snapdragon families (e.g., IPQ8074, MDM9xxx, MSM8xxx, SD-series including SD625/SD820/SD835/SD845/SD850, SDM43x...

5.5CVSS5.5AI score0.00207EPSS
CVE
CVE
added 2019/05/24 4:44 p.m.76 views

CVE-2018-13887

CVE-2018-13887 describes an integer overflow vulnerability caused by untrusted header fields in the GNSS XTRA3 function, affecting Qualcomm Snapdragon platforms (Auto, Compute, IOT variants across multiple Snapdragon and QC700-series devices). The root cause is untrusted data in GNSS XTRA3 header...

10CVSS9.5AI score0.01118EPSS
CVE
CVE
added 2019/05/24 4:44 p.m.76 views

CVE-2018-13899

CVE-2018-13899 describes a use-after-free memory fault in Qualcomm Snapdragon components when processing messages after an error, affecting a wide range of Snapdragon Auto/Compute/Connectivity/IoT/Wearables platforms (e.g., SDM630/660/665/670/675/820/845/855 and related QCS/SDA/X20/X24/X5 familie...

7.8CVSS7.8AI score0.00211EPSS
CVE
CVE
added 2019/07/22 1:47 p.m.76 views

CVE-2018-13924

The CVE-2018-13924 entry concerns a buffer length validation flaw that can take negative values, causing a stack overflow in Qualcomm components across many Snapdragon platforms (Auto/Compute/Connectivity/IOT/Industrial IOT, Mobile, Wearables, etc.) including IPQ8074 family and various SD/SM/QR s...

10CVSS9.4AI score0.01112EPSS
CVE
CVE
added 2019/09/30 3:40 p.m.76 views

CVE-2019-10506

CVE-2019-10506 concerns the QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY path in certain Qualcomm/SDP drivers where data from user space is not validated, causing undesired behavior in a wide range of Snapdragon-based devices. The issue is described as a local vulnerability with low privileges requi...

7.8CVSS8.2AI score0.00192EPSS
CVE
CVE
added 2019/09/30 3:40 p.m.76 views

CVE-2019-10539

CVE-2019-10539 affects Qualcomm WLAN firmware in a wide range of Snapdragon chipsets (e.g., IPQ8074, MSM8xxx, QCA... and SD-series) where a missing length check when parsing the extended cap IE header length can trigger a buffer overflow. Reports describe this as a potential remote WLAN/firmware ...

10CVSS9.6AI score0.00902EPSS
CVE
CVE
added 2019/05/24 4:44 p.m.75 views

CVE-2018-12005

CVE-2018-12005: Unprivileged user can issue a binder call to trigger a system halt on Qualcomm Snapdragon devices (wide range of Snapdragon Auto/Compute/IoT/Mobile families listed). Root cause described as Binder/CVE in Qualcomm components; affected products include Snapdragon 210/400/600/800 ser...

5.5CVSS5.7AI score0.00175EPSS
CVE
CVE
added 2019/09/30 3:40 p.m.75 views

CVE-2019-10507

CVE-2019-10507 describes a vulnerability in Qualcomm/Snapdragon firmware where the device fails to validate extscan change results from firmware, allowing an out-of-bounds read in multiple Snapdragon families (Auto, Connectivity, IOT, etc.). The root cause is lack of proper bounds/checks during e...

7.8CVSS8.2AI score0.00192EPSS
CVE
CVE
added 2019/05/24 4:44 p.m.74 views

CVE-2018-12012

CVE-2018-12012 affects Qualcomm Snapdragon platforms where the blacklisting mechanism uses a shared buffered memory region during boot. The root cause described is that updates to the blacklist are not validated against the newly updated blacklist, allowing boot‑up to be compromised on a wide set...

7.8CVSS7.6AI score0.00208EPSS
CVE
CVE
added 2019/09/30 3:40 p.m.74 views

CVE-2019-10540

CVE-2019-10540 is a buffer overflow in the WLAN firmware (Qualcomm/QualPwn context) affecting multiple Snapdragon platforms, where a missing bounds check on the NAN availability attribute count enables overrun in the WLAN/NAN path. Affected hardware includes IPQ8074, MSM8996AU, QCA6174A, QCA6574A...

10CVSS9.5AI score0.01135EPSS
CVE
CVE
added 2019/05/24 4:44 p.m.74 views

CVE-2019-2244

CVE-2019-2244 affects Qualcomm Snapdragon firmware components across a wide range of SoCs. The issue is a possible integer underflow when calculating the length of elementary stream info from an invalid section length, which is then used to read from the input buffer. Impact is described as poten...

10CVSS9.2AI score0.00988EPSS
CVE
CVE
added 2019/05/24 4:33 p.m.73 views

CVE-2018-11928

CVE-2018-11928 is a buffer-overflow vulnerability caused by a missing length parameter check when processing WMI commands in Qualcomm Snapdragon components. Affected are Snapdragon Auto/Compute/Connectivity devices (various SD/SM/QCA platforms) and related Android stack components that use Qualco...

7.8CVSS8AI score0.00207EPSS
Total number of security vulnerabilities175