421 matches found
CVE-2019-14113
CVE-2019-14113 is a buffer overflow in WLAN firmware when unwraping data with CCMP during EAPOL handshake parsing across Qualcomm Snapdragon hardware (APQ/SDM/QCA platforms). The issue affects a wide range of Snapdragon devices and SoCs (e.g., APQ8009, SDM630/636/660/670/710/845/850, QCA, Nicobar...
CVE-2018-13901
CVE-2018-13901 involves information disclosure due to missing permissions in the Android Manifest within the PCI RCS app across a wide range of Qualcomm/Snapdragon devices (Snapdragon Auto, Connectivity, IoT, Mobile, etc.). Affected components are Android apps that rely on these manifests; the ro...
CVE-2019-2256
The CVE-2019-2256 entry concerns a vulnerability in Qualcomm closed‑source components affecting Snapdragon devices (e.g., Snapdragon Auto/Compute/Connectivity, Snapdragon Mobile, Wearables, IOT, and related variants listed in the Red Hat/Qualcomm advisories). An unprivileged user can craft a bits...
CVE-2018-11934
CVE-2018-11934 is a Qualcomm WLAN-host vulnerability affecting Snapdragon WLAN components (multiple Qualcomm SoCs). The issue is described as a possible out-of-bounds write caused by improper input validation during processing of the DO_ACS vendor command. The Hazard is memory corruption with LOC...
CVE-2018-13911
CVE-2018-13911 affects Qualcomm Snapdragon GNSS XTRA Parser across multiple Snapdragon platforms (Auto, Compute, IoT, Mobile, Wearables, etc.). Root cause is an out-of-bounds memory read/access that may cause unexpected behavior. The vulnerability is documented with a high/critical CVSS impact by...
CVE-2018-5913
Technical details about CVE-2018-5913 are not publicly provided in the supplied documents. No affected product/version or remediation information is stated here. Monitor the sources for updates.
CVE-2018-3583
The CVE-2018-3583 issue affects Qualcomm Snapdragon lines (e.g., Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables) including MDM9206/MDM9607/MDM9640/MDM9650, MSM8909W, MSM8996AU, QCA9379, QCS...
CVE-2018-13906
CVE-2018-13906 involves a timing side-channel in the HMAC authentication of messages from QSEE on Qualcomm Snapdragon platforms, affecting a wide range of Snapdragon Auto/Compute/Connectivity/IoT/Wearables/Networking devices (many Snapdragon SoCs listed). Root cause: timing leakage allows an atta...
CVE-2018-11942
CVE-2018-11942 describes a vulnerability where failure to initialize the reserved memory sent to the firmware may cause exposure of 1 byte of uninitialized kernel SKB memory to the firmware in multiple Qualcomm/Qualcomm-supplied platforms (e.g., Snapdragon Auto, Snapdragon Mobile, IPQ4019, IPQ806...
CVE-2019-10567
CVE-2019-10567 affects Qualcomm Adreno GPU kernel driver (KGSL) where a randomized scratch buffer in the global shared mappings is used to store the RPTR for the ringbuffer. The attack leverages the RPTR read from scratch to influence ringbuffer space checks, allowing an attacker-controlled RPTR ...
CVE-2019-2259
CVE-2019-2259 refers to a resource allocation error that occurs when playing a video whose dimensions exceed the supported limit on Qualcomm Snapdragon platforms (including Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, etc.). Affected family spans numerous Snapdrag...
CVE-2018-11947
CVE-2018-11947 concerns a double-free in the txrx stats request during pdev detach as the host driver unloads on Snapdragon platforms (multiple Snapdragon Mobile/IoT/industrial devices and various Qualcomm/QCS/QCA/SDM families). The description notes a potential use-after-free style issue in the ...
CVE-2018-5903
CVE-2018-5903 is an out-of-bounds read caused by improper validation of an array when processing the VDEV stop response in Qualcomm WLAN firmware (qcacld 3.0). Affected products span Qualcomm/Snapdragon platforms including Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapd...
CVE-2018-13907
The CVE-2018-13907 entry describes a vulnerability in Qualcomm/Snapdragon components where deserializing a key blob during key operations can trigger a buffer overflow, potentially exposing partial key information across a wide range of Snapdragon devices (IPQ4019, IPQ8074, MDM9... and many SD/So...
CVE-2018-13902
CVE-2018-13902 is described as an out-of-bounds memory read when decoding XTRA files in Qualcomm Snapdragon components (wide range of Snapdragon Auto/Compute/IoT/Wearables/MI devices and more listed). Root cause: improper array index validation in the decoder. Affected products include numerous S...
CVE-2018-13898
CVE-2018-13898 is an out-of-bounds write caused by an incorrect array index check in the PMIC across Qualcomm Snapdragon platforms (e.g., Snapdragon Auto/Compute/Consumer, IoT, Industrial IOT, and various SDM/SD series). Root cause: improper bounds check on an array leading to write past the inte...
CVE-2017-8252
CVE-2017-8252 describes a kernel-level information-disclosure vulnerability in TrustZone across Qualcomm/Snapdragon platforms (e.g., IPQ4019, QCS605, SD families). The root cause is the ability for an attacker to induce faults in TrustZone computations, leading to leakage of sensitive data from m...
CVE-2018-13908
CVE-2018-13908 affects Qualcomm Snapdragon platforms (e.g., Snapdragon Auto/Compute/Connectivity families across numerous SoCs). The issue is a truncated access authentication token that weakens access control for stored secure application data, enabling local attacker access with partial confide...
CVE-2019-2257
CVE-2019-2257 involves wrong permissions in a configuration file, enabling unauthorized permissions on numerous Qualcomm Snapdragon platforms. Affected families include Snapdragon Auto, Connectivity, Consumer IoT, Industrial IoT, IoT, Mobile, Voice & Music, Wearables, and related configurations a...
CVE-2018-11819
CVE-2018-11819 is a use-after-free style issue in Qualcomm/ Snapdragon WLAN code caused by handling multiple ACS scan requests concurrently. Affected products span Snapdragon Auto, Snapdragon Consumer IoT, Snapdragon Industrial IoT, and Snapdragon Mobile platforms (e.g., MDM9206, MDM9607, MDM9640...
CVE-2018-5883
CVE-2018-5883 describes a buffer overflow in WLAN driver event handlers caused by improper validation of array index. Affected products include Qualcomm Snapdragon family devices such as MDM9206/9607/9640/9650, MSM8996AU, QCS405/QCS605, SD 636/675/730/820A/835/855, SDA660, SDM630/660/SDX20/SDX24,...
CVE-2018-13909
CVE-2018-13909 involves Qualcomm bootloader metadata verification and partial hash system calls that may corrupt the parallel hashing state, causing unexpected behavior across Snapdragon SoCs (e.g., Auto, Compute, Mobile, etc.). The entry is supported by multiple sources (NVD, Red Hat, Android bu...
CVE-2019-2308
CVE-2019-2308 is described across connected docs as a kernel-level issue where fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages (CID-20c40794eb85), enabling a local escalation path to the fastrpc/DSP subsystem. The Astra Linux e...
CVE-2019-10529
CVE-2019-10529 is a use-after-free race in Qualcomm’s KGSL kernel path when marking user entries dirty via set_page_dirty, occurring if page->mapping is freed concurrently. It affects Snapdragon/KGSL GPU components and is associated with a documented exploit (exploit-db 46941). The provided do...
CVE-2019-14040
CVE-2019-14040 is a memory-use-after-free condition in the qsee component that can lead to unexpected behavior, including execution of unknown code, on Qualcomm Snapdragon platforms. Affected families include Snapdragon Auto/Compute/IoT/Wearables (covering numerous SoCs such as APQ8xxx, SDM/SMX l...
CVE-2018-11976
The CVE-2018-11976 issue is described in multiple sources as an ECDSA key leakage vulnerability in Qualcomm’s secure environment. Findings indicate that private keys could be exposed from the secure world to the non-secure world via the Qualcomm Secure Execution Environment (QSEE) on Snapdragon-b...
CVE-2019-10557
CVE-2019-10557 : Out-of-bounds read in the WLAN wireless driver of the Linux kernel caused by a missing buffer-length check. Affected Qualcomm Snapdragon families include Snapdragon Auto/Consumer Electronics Connectivity/IoT/Industrial IoT/Mobile/Voice & Music across multiple SoCs (e.g., APQ8009,...
CVE-2020-11174
CVE-2020-11174 concerns an Array index underflow in the ADSP driver caused by an improper check of the channel id before it is used as an array index. Affected products include Snapdragon Auto/Compute/Connectivity/IoT/Wearables and numerous Snapdragon SoCs (e.g., APQ8009, IPQ, QCS, SDM, SXR famil...
CVE-2019-10595
CVE-2019-10595 is a Qualcomm/Qualcomm WLAN issue affecting Snapdragon components (e.g., APQ8009, APQ8053, APQ8064, IPQ4019, MDM9206, SDM660, QCA9880, etc.) where a lack of validation of the tid value parsed from firmware packets can cause a buffer overwrite in the message handler. The vulnerabili...
CVE-2019-10598
CVE-2019-10598 is a Qualcomm/ Snapdragon WLAN host vulnerability where an out-of-bounds access can occur while processing peer info in IBSS mode due to a missing upper-bound check in a loop. Affected products include Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consum...
CVE-2019-10525
CVE-2019-10525 is a buffer-overflow vulnerability reported for Qualcomm components (notably in Snapdragon SoCs used across Snapdragon Auto, Compute, IoT and related devices). The root cause is a buffer overflow during an SIB read when the network configures a complete SIB list together with the f...
CVE-2019-10572
CVE-2019-10572 describes an improper check in the video driver while processing data from video firmware, which can trigger an integer overflow and subsequently a buffer overflow in Qualcomm Snapdragon video components (across Snapdragon Auto/Compute/Connectivity/IoT/Wearables families and numero...
CVE-2019-14041
CVE-2019-14041 affects Qualcomm Snapdragon platforms (listed APQ, SDM, SM etc.) in kernel components. The issue is a buffer overrun caused by a lack of buffer size verification when updating the message buffer with physical address information during listener modified response processing. The vul...
CVE-2019-10480
CVE-2019-10480 describes an out-of-bounds write in the WMI firmware event handler caused by inadequate validation of data from WLAN firmware. Affected are Qualcomm/Snapdragon platforms (e.g., APQ8009, SDM- series, QCS/SC variants) across multiple product families (Auto, Consumer Electronics Conne...
CVE-2019-10513
CVE-2019-10513 concerns a potential null pointer access when SPDM commands are executed in TrustZone on Qualcomm Snapdragon platforms (covering a wide range of Snapdragon/SoC variants). The vulnerability is locally exploitable and could impact memory availability, with no confidentiality/integrit...
CVE-2019-10527
CVE-2019-10527 affects Snapdragon Auto/Compute/Connectivity and related Snapdragon families. The root cause is manipulation of the SMEM (shared memory) partition in a scenario where the HLOS is compromised, which can allow access to memory outside the SMEM address range and lead to memory corrupt...
CVE-2019-10579
CVE-2019-10579 affects Qualcomm Snapdragon devices (wide range listed in the description) where a buffer over-read can occur while playing a video clip. The underlying issue is a video decoding over-read in affected Snapdragon components (Auto/Compute/Connectivity/IoT families). Public references...
CVE-2019-10517
CVE-2019-10517 affects a broad set of Qualcomm Snapdragon components. The issue is that memory is freed twice when two concurrent threads execute in parallel, indicating a double-free in memory management. Root cause: concurrent threads triggering a premature or multiple deallocations in affected...
CVE-2019-10590
CVE-2019-10590 concerns an out-of-bounds access when parsing a dts atom in Qualcomm/Snapdragon components (closed-source). Affected products are listed in the initial record and include Snapdragon Auto, Compute, Connectivity, IoT, Wearables and related Snapdragon families across numerous SoCs (e....
CVE-2019-14003
CVE-2019-14003 describes a NULL pointer dereference during MKV parsing where cue information is parsed before segment information in Snapdragon-based devices (a wide set of Snapdragon Auto/Compute/Connectivity/IoT/Wearables platforms). The issue is triggered when parsing invalid MKV clips and aff...
CVE-2019-10487
CVE-2019-10487 affects Qualcomm Snapdragon family components (e.g., Snapdragon Auto/Compute/IoT lineups) and is caused by a buffer over-read while parsing SMS OTA messages at the transport layer when the network provides unintended values. The issue spans a wide set of Qualcomm/SC/MDM/SDA/SXR dev...
CVE-2019-10536
CVE-2019-10536 describes a potential double-free in Qualcomm Snapdragon drivers when handling DIAG_EVENT_LOG_SUPPORTED events from firmware, due to the pointer not being NULL on the first call. The issue affects a wide range of Snapdragon platforms (e.g., Snapdragon Auto/Compute/Consumer Electron...
CVE-2019-2242
CVE-2019-2242 describes a buffer overflow/underflow in a Qualcomm closed‑source component used on many Snapdragon platforms (APQ/SDM etc.), potentially causing device memory corruption. The vulnerability is classified as Critical with network attack vector and base CVSS 3.1/3.0 scores of 9.8/10.0...
CVE-2019-14002
CVE-2019-14002 describes a local vulnerability where APKs without proper permission may bind to CallEnhancementService, enabling unauthorized access to call status on Qualcomm-based Snapdragon platforms (including Snapdragon Auto/Compute/Consumer IOT/Industrial IOT, Mobile, Wearables; e.g., APQ80...
CVE-2019-14016
CVE-2019-14016 is an integer overflow in Qualcomm Snapdragon components when playing certain clips, spanning numerous Snapdragon Auto/Compute/Connectivity/IoT and related SoCs (e.g., APQ8009/8017/8053/8064/8096/8953, SDM/SM series, Nicobar, etc.). Root cause, as described in Red Hat/NVD entries, ...
CVE-2019-14057
CVE-2019-14057 is a buffer over-read in the codec private data while parsing MKV files, triggered by missing buffer-size validation during read in Qualcomm Snapdragon platforms (including Snapdragon Auto/Compute/Connectivity, IoT variants, and related SoCs such as APQ8xxx, SDM/SM series). Root ca...
CVE-2019-10518
CVE-2019-10518 describes a use-after-free of a pointer in the iWLAN path during the netmgr state transition to CONNECT on Qualcomm Snapdragon platforms (covering APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, IPQ... SXR2130, etc.). The issue spans Snapdragon Auto, Compute, Consumer IoT, ...
CVE-2019-10607
CVE-2019-10607 describes an out-of-bounds memcpy issue in Qualcomm Snapdragon firmware/stack affecting numerous Snapdragon SoCs (APQ/SDX/SM8140 family and related). The root cause is providing an embedded NULL character with a string length greater than the actual string length, leading to out-of...
CVE-2019-10614
CVE-2019-10614 affects Qualcomm Snapdragon firmware across many devices (Auto/Compute/Connectivity, etc.). Root cause: no validation of data length against received packet size in malicious firmware, leading to out-of-bounds access. Impact stated as high-risk, with network attack vector and parti...
CVE-2019-10482
CVE-2019-10482 describes a timing side-channel vulnerability caused by non-time-constant comparison functions, potentially enabling SUI corruption on Qualcomm Snapdragon platforms. Affected products span Snapdragon Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, Mobile, Voice & Music, ...