Lucene search
K
QualcommSda660 Firmware

421 matches found

CVE
CVE
added 2020/04/16 10:46 a.m.665 views

CVE-2019-14113

CVE-2019-14113 is a buffer overflow in WLAN firmware when unwraping data with CCMP during EAPOL handshake parsing across Qualcomm Snapdragon hardware (APQ/SDM/QCA platforms). The issue affects a wide range of Snapdragon devices and SoCs (e.g., APQ8009, SDM630/636/660/670/710/845/850, QCA, Nicobar...

10CVSS9.5AI score0.00902EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.306 views

CVE-2018-13901

CVE-2018-13901 involves information disclosure due to missing permissions in the Android Manifest within the PCI RCS app across a wide range of Qualcomm/Snapdragon devices (Snapdragon Auto, Connectivity, IoT, Mobile, etc.). Affected components are Android apps that rely on these manifests; the ro...

5.5CVSS5.5AI score0.00195EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.279 views

CVE-2019-2256

The CVE-2019-2256 entry concerns a vulnerability in Qualcomm closed‑source components affecting Snapdragon devices (e.g., Snapdragon Auto/Compute/Connectivity, Snapdragon Mobile, Wearables, IOT, and related variants listed in the Red Hat/Qualcomm advisories). An unprivileged user can craft a bits...

10CVSS9.5AI score0.01529EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.277 views

CVE-2018-11934

CVE-2018-11934 is a Qualcomm WLAN-host vulnerability affecting Snapdragon WLAN components (multiple Qualcomm SoCs). The issue is described as a possible out-of-bounds write caused by improper input validation during processing of the DO_ACS vendor command. The Hazard is memory corruption with LOC...

7.8CVSS7.8AI score0.00198EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.269 views

CVE-2018-13911

CVE-2018-13911 affects Qualcomm Snapdragon GNSS XTRA Parser across multiple Snapdragon platforms (Auto, Compute, IoT, Mobile, Wearables, etc.). Root cause is an out-of-bounds memory read/access that may cause unexpected behavior. The vulnerability is documented with a high/critical CVSS impact by...

10CVSS9.2AI score0.00988EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.269 views

CVE-2018-5913

Technical details about CVE-2018-5913 are not publicly provided in the supplied documents. No affected product/version or remediation information is stated here. Monitor the sources for updates.

7.8CVSS7.4AI score0.00208EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.264 views

CVE-2018-3583

The CVE-2018-3583 issue affects Qualcomm Snapdragon lines (e.g., Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables) including MDM9206/MDM9607/MDM9640/MDM9650, MSM8909W, MSM8996AU, QCA9379, QCS...

7.8CVSS7.9AI score0.0021EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.226 views

CVE-2018-13906

CVE-2018-13906 involves a timing side-channel in the HMAC authentication of messages from QSEE on Qualcomm Snapdragon platforms, affecting a wide range of Snapdragon Auto/Compute/Connectivity/IoT/Wearables/Networking devices (many Snapdragon SoCs listed). Root cause: timing leakage allows an atta...

9.1CVSS9AI score0.00665EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.222 views

CVE-2018-11942

CVE-2018-11942 describes a vulnerability where failure to initialize the reserved memory sent to the firmware may cause exposure of 1 byte of uninitialized kernel SKB memory to the firmware in multiple Qualcomm/Qualcomm-supplied platforms (e.g., Snapdragon Auto, Snapdragon Mobile, IPQ4019, IPQ806...

5.5CVSS5.6AI score0.00192EPSS
CVE
CVE
added 2020/02/07 5:0 a.m.222 views

CVE-2019-10567

CVE-2019-10567 affects Qualcomm Adreno GPU kernel driver (KGSL) where a randomized scratch buffer in the global shared mappings is used to store the RPTR for the ringbuffer. The attack leverages the RPTR read from scratch to influence ringbuffer space checks, allowing an attacker-controlled RPTR ...

7.8CVSS7.6AI score0.00247EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.222 views

CVE-2019-2259

CVE-2019-2259 refers to a resource allocation error that occurs when playing a video whose dimensions exceed the supported limit on Qualcomm Snapdragon platforms (including Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, etc.). Affected family spans numerous Snapdrag...

10CVSS9.3AI score0.00935EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.217 views

CVE-2018-11947

CVE-2018-11947 concerns a double-free in the txrx stats request during pdev detach as the host driver unloads on Snapdragon platforms (multiple Snapdragon Mobile/IoT/industrial devices and various Qualcomm/QCS/QCA/SDM families). The description notes a potential use-after-free style issue in the ...

5.5CVSS5.7AI score0.00195EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.217 views

CVE-2018-5903

CVE-2018-5903 is an out-of-bounds read caused by improper validation of an array when processing the VDEV stop response in Qualcomm WLAN firmware (qcacld 3.0). Affected products span Qualcomm/Snapdragon platforms including Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapd...

7.8CVSS7.6AI score0.0022EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.208 views

CVE-2018-13907

The CVE-2018-13907 entry describes a vulnerability in Qualcomm/Snapdragon components where deserializing a key blob during key operations can trigger a buffer overflow, potentially exposing partial key information across a wide range of Snapdragon devices (IPQ4019, IPQ8074, MDM9... and many SD/So...

5.3CVSS5.6AI score0.00665EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.203 views

CVE-2018-13902

CVE-2018-13902 is described as an out-of-bounds memory read when decoding XTRA files in Qualcomm Snapdragon components (wide range of Snapdragon Auto/Compute/IoT/Wearables/MI devices and more listed). Root cause: improper array index validation in the decoder. Affected products include numerous S...

7.5CVSS7.6AI score0.00678EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.153 views

CVE-2018-13898

CVE-2018-13898 is an out-of-bounds write caused by an incorrect array index check in the PMIC across Qualcomm Snapdragon platforms (e.g., Snapdragon Auto/Compute/Consumer, IoT, Industrial IOT, and various SDM/SD series). Root cause: improper bounds check on an array leading to write past the inte...

9.8CVSS9.3AI score0.00733EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.152 views

CVE-2017-8252

CVE-2017-8252 describes a kernel-level information-disclosure vulnerability in TrustZone across Qualcomm/Snapdragon platforms (e.g., IPQ4019, QCS605, SD families). The root cause is the ability for an attacker to induce faults in TrustZone computations, leading to leakage of sensitive data from m...

5.5CVSS5.5AI score0.00224EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.145 views

CVE-2018-13908

CVE-2018-13908 affects Qualcomm Snapdragon platforms (e.g., Snapdragon Auto/Compute/Connectivity families across numerous SoCs). The issue is a truncated access authentication token that weakens access control for stored secure application data, enabling local attacker access with partial confide...

7.8CVSS7.8AI score0.00192EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.143 views

CVE-2019-2257

CVE-2019-2257 involves wrong permissions in a configuration file, enabling unauthorized permissions on numerous Qualcomm Snapdragon platforms. Affected families include Snapdragon Auto, Connectivity, Consumer IoT, Industrial IoT, IoT, Mobile, Voice & Music, Wearables, and related configurations a...

7.8CVSS7.6AI score0.00182EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.139 views

CVE-2018-11819

CVE-2018-11819 is a use-after-free style issue in Qualcomm/ Snapdragon WLAN code caused by handling multiple ACS scan requests concurrently. Affected products span Snapdragon Auto, Snapdragon Consumer IoT, Snapdragon Industrial IoT, and Snapdragon Mobile platforms (e.g., MDM9206, MDM9607, MDM9640...

7.8CVSS7.8AI score0.00198EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.139 views

CVE-2018-5883

CVE-2018-5883 describes a buffer overflow in WLAN driver event handlers caused by improper validation of array index. Affected products include Qualcomm Snapdragon family devices such as MDM9206/9607/9640/9650, MSM8996AU, QCS405/QCS605, SD 636/675/730/820A/835/855, SDA660, SDM630/660/SDX20/SDX24,...

7.8CVSS7.8AI score0.00231EPSS
CVE
CVE
added 2019/06/14 5:2 p.m.137 views

CVE-2018-13909

CVE-2018-13909 involves Qualcomm bootloader metadata verification and partial hash system calls that may corrupt the parallel hashing state, causing unexpected behavior across Snapdragon SoCs (e.g., Auto, Compute, Mobile, etc.). The entry is supported by multiple sources (NVD, Red Hat, Android bu...

7CVSS6.9AI score0.00138EPSS
CVE
CVE
added 2019/07/25 4:33 p.m.134 views

CVE-2019-2308

CVE-2019-2308 is described across connected docs as a kernel-level issue where fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages (CID-20c40794eb85), enabling a local escalation path to the fastrpc/DSP subsystem. The Astra Linux e...

7.8CVSS7.5AI score0.00211EPSS
CVE
CVE
added 2019/11/06 5:11 p.m.123 views

CVE-2019-10529

CVE-2019-10529 is a use-after-free race in Qualcomm’s KGSL kernel path when marking user entries dirty via set_page_dirty, occurring if page->mapping is freed concurrently. It affects Snapdragon/KGSL GPU components and is associated with a documented exploit (exploit-db 46941). The provided do...

9.3CVSS8.1AI score0.01738EPSS
CVE
CVE
added 2020/02/07 5:0 a.m.122 views

CVE-2019-14040

CVE-2019-14040 is a memory-use-after-free condition in the qsee component that can lead to unexpected behavior, including execution of unknown code, on Qualcomm Snapdragon platforms. Affected families include Snapdragon Auto/Compute/IoT/Wearables (covering numerous SoCs such as APQ8xxx, SDM/SMX l...

7.8CVSS7.9AI score0.00516EPSS
CVE
CVE
added 2019/05/24 4:44 p.m.121 views

CVE-2018-11976

The CVE-2018-11976 issue is described in multiple sources as an ECDSA key leakage vulnerability in Qualcomm’s secure environment. Findings indicate that private keys could be exposed from the secure world to the non-secure world via the Qualcomm Secure Execution Environment (QSEE) on Snapdragon-b...

5.5CVSS5.7AI score0.00204EPSS
CVE
CVE
added 2019/12/18 5:25 a.m.121 views

CVE-2019-10557

CVE-2019-10557 : Out-of-bounds read in the WLAN wireless driver of the Linux kernel caused by a missing buffer-length check. Affected Qualcomm Snapdragon families include Snapdragon Auto/Consumer Electronics Connectivity/IoT/Industrial IoT/Mobile/Voice & Music across multiple SoCs (e.g., APQ8009,...

10CVSS8.9AI score0.01145EPSS
CVE
CVE
added 2020/11/02 6:21 a.m.120 views

CVE-2020-11174

CVE-2020-11174 concerns an Array index underflow in the ADSP driver caused by an improper check of the channel id before it is used as an array index. Affected products include Snapdragon Auto/Compute/Connectivity/IoT/Wearables and numerous Snapdragon SoCs (e.g., APQ8009, IPQ, QCS, SDM, SXR famil...

7.8CVSS7.6AI score0.00187EPSS
CVE
CVE
added 2019/12/18 5:25 a.m.117 views

CVE-2019-10595

CVE-2019-10595 is a Qualcomm/Qualcomm WLAN issue affecting Snapdragon components (e.g., APQ8009, APQ8053, APQ8064, IPQ4019, MDM9206, SDM660, QCA9880, etc.) where a lack of validation of the tid value parsed from firmware packets can cause a buffer overwrite in the message handler. The vulnerabili...

7.8CVSS7.8AI score0.0022EPSS
CVE
CVE
added 2019/12/18 5:25 a.m.116 views

CVE-2019-10598

CVE-2019-10598 is a Qualcomm/ Snapdragon WLAN host vulnerability where an out-of-bounds access can occur while processing peer info in IBSS mode due to a missing upper-bound check in a loop. Affected products include Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consum...

7.8CVSS7.8AI score0.0022EPSS
CVE
CVE
added 2019/12/18 5:25 a.m.113 views

CVE-2019-10525

CVE-2019-10525 is a buffer-overflow vulnerability reported for Qualcomm components (notably in Snapdragon SoCs used across Snapdragon Auto, Compute, IoT and related devices). The root cause is a buffer overflow during an SIB read when the network configures a complete SIB list together with the f...

10CVSS9.4AI score0.00902EPSS
CVE
CVE
added 2019/12/18 5:25 a.m.112 views

CVE-2019-10572

CVE-2019-10572 describes an improper check in the video driver while processing data from video firmware, which can trigger an integer overflow and subsequently a buffer overflow in Qualcomm Snapdragon video components (across Snapdragon Auto/Compute/Connectivity/IoT/Wearables families and numero...

9.8CVSS9.6AI score0.00707EPSS
CVE
CVE
added 2020/02/07 5:0 a.m.111 views

CVE-2019-14041

CVE-2019-14041 affects Qualcomm Snapdragon platforms (listed APQ, SDM, SM etc.) in kernel components. The issue is a buffer overrun caused by a lack of buffer size verification when updating the message buffer with physical address information during listener modified response processing. The vul...

7.8CVSS7.6AI score0.00427EPSS
CVE
CVE
added 2019/12/18 5:25 a.m.109 views

CVE-2019-10480

CVE-2019-10480 describes an out-of-bounds write in the WMI firmware event handler caused by inadequate validation of data from WLAN firmware. Affected are Qualcomm/Snapdragon platforms (e.g., APQ8009, SDM- series, QCS/SC variants) across multiple product families (Auto, Consumer Electronics Conne...

7.8CVSS7.7AI score0.0022EPSS
CVE
CVE
added 2019/12/18 5:25 a.m.109 views

CVE-2019-10513

CVE-2019-10513 concerns a potential null pointer access when SPDM commands are executed in TrustZone on Qualcomm Snapdragon platforms (covering a wide range of Snapdragon/SoC variants). The vulnerability is locally exploitable and could impact memory availability, with no confidentiality/integrit...

5.5CVSS5.8AI score0.00185EPSS
CVE
CVE
added 2020/09/08 9:31 a.m.109 views

CVE-2019-10527

CVE-2019-10527 affects Snapdragon Auto/Compute/Connectivity and related Snapdragon families. The root cause is manipulation of the SMEM (shared memory) partition in a scenario where the HLOS is compromised, which can allow access to memory outside the SMEM address range and lead to memory corrupt...

7.8CVSS7.6AI score0.00203EPSS
CVE
CVE
added 2020/01/21 6:30 a.m.109 views

CVE-2019-10579

CVE-2019-10579 affects Qualcomm Snapdragon devices (wide range listed in the description) where a buffer over-read can occur while playing a video clip. The underlying issue is a video decoding over-read in affected Snapdragon components (Auto/Compute/Connectivity/IoT families). Public references...

9.4CVSS9.2AI score0.00876EPSS
CVE
CVE
added 2019/12/18 5:25 a.m.108 views

CVE-2019-10517

CVE-2019-10517 affects a broad set of Qualcomm Snapdragon components. The issue is that memory is freed twice when two concurrent threads execute in parallel, indicating a double-free in memory management. Root cause: concurrent threads triggering a premature or multiple deallocations in affected...

7.8CVSS7.7AI score0.00189EPSS
CVE
CVE
added 2020/02/07 5:0 a.m.108 views

CVE-2019-10590

CVE-2019-10590 concerns an out-of-bounds access when parsing a dts atom in Qualcomm/Snapdragon components (closed-source). Affected products are listed in the initial record and include Snapdragon Auto, Compute, Connectivity, IoT, Wearables and related Snapdragon families across numerous SoCs (e....

10CVSS9.3AI score0.00907EPSS
CVE
CVE
added 2020/01/21 6:30 a.m.108 views

CVE-2019-14003

CVE-2019-14003 describes a NULL pointer dereference during MKV parsing where cue information is parsed before segment information in Snapdragon-based devices (a wide set of Snapdragon Auto/Compute/Connectivity/IoT/Wearables platforms). The issue is triggered when parsing invalid MKV clips and aff...

7.8CVSS7.9AI score0.00814EPSS
CVE
CVE
added 2019/12/18 5:25 a.m.106 views

CVE-2019-10487

CVE-2019-10487 affects Qualcomm Snapdragon family components (e.g., Snapdragon Auto/Compute/IoT lineups) and is caused by a buffer over-read while parsing SMS OTA messages at the transport layer when the network provides unintended values. The issue spans a wide set of Qualcomm/SC/MDM/SDA/SXR dev...

10CVSS9.2AI score0.00907EPSS
CVE
CVE
added 2019/12/18 5:25 a.m.106 views

CVE-2019-10536

CVE-2019-10536 describes a potential double-free in Qualcomm Snapdragon drivers when handling DIAG_EVENT_LOG_SUPPORTED events from firmware, due to the pointer not being NULL on the first call. The issue affects a wide range of Snapdragon platforms (e.g., Snapdragon Auto/Compute/Consumer Electron...

7.8CVSS7.7AI score0.0022EPSS
CVE
CVE
added 2019/12/18 5:25 a.m.106 views

CVE-2019-2242

CVE-2019-2242 describes a buffer overflow/underflow in a Qualcomm closed‑source component used on many Snapdragon platforms (APQ/SDM etc.), potentially causing device memory corruption. The vulnerability is classified as Critical with network attack vector and base CVSS 3.1/3.0 scores of 9.8/10.0...

10CVSS9.4AI score0.01078EPSS
CVE
CVE
added 2020/02/07 5:0 a.m.105 views

CVE-2019-14002

CVE-2019-14002 describes a local vulnerability where APKs without proper permission may bind to CallEnhancementService, enabling unauthorized access to call status on Qualcomm-based Snapdragon platforms (including Snapdragon Auto/Compute/Consumer IOT/Industrial IOT, Mobile, Wearables; e.g., APQ80...

7.8CVSS8.1AI score0.00177EPSS
CVE
CVE
added 2020/01/21 6:30 a.m.105 views

CVE-2019-14016

CVE-2019-14016 is an integer overflow in Qualcomm Snapdragon components when playing certain clips, spanning numerous Snapdragon Auto/Compute/Connectivity/IoT and related SoCs (e.g., APQ8009/8017/8053/8064/8096/8953, SDM/SM series, Nicobar, etc.). Root cause, as described in Red Hat/NVD entries, ...

10CVSS9.5AI score0.00907EPSS
CVE
CVE
added 2020/02/07 5:0 a.m.105 views

CVE-2019-14057

CVE-2019-14057 is a buffer over-read in the codec private data while parsing MKV files, triggered by missing buffer-size validation during read in Qualcomm Snapdragon platforms (including Snapdragon Auto/Compute/Connectivity, IoT variants, and related SoCs such as APQ8xxx, SDM/SM series). Root ca...

9.4CVSS9.1AI score0.00876EPSS
CVE
CVE
added 2019/12/18 5:25 a.m.104 views

CVE-2019-10518

CVE-2019-10518 describes a use-after-free of a pointer in the iWLAN path during the netmgr state transition to CONNECT on Qualcomm Snapdragon platforms (covering APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, IPQ... SXR2130, etc.). The issue spans Snapdragon Auto, Compute, Consumer IoT, ...

7.8CVSS8.4AI score0.00189EPSS
CVE
CVE
added 2019/12/18 5:25 a.m.104 views

CVE-2019-10607

CVE-2019-10607 describes an out-of-bounds memcpy issue in Qualcomm Snapdragon firmware/stack affecting numerous Snapdragon SoCs (APQ/SDX/SM8140 family and related). The root cause is providing an embedded NULL character with a string length greater than the actual string length, leading to out-of...

7.8CVSS7.7AI score0.0022EPSS
CVE
CVE
added 2019/12/18 5:25 a.m.103 views

CVE-2019-10614

CVE-2019-10614 affects Qualcomm Snapdragon firmware across many devices (Auto/Compute/Connectivity, etc.). Root cause: no validation of data length against received packet size in malicious firmware, leading to out-of-bounds access. Impact stated as high-risk, with network attack vector and parti...

9.8CVSS9.4AI score0.00898EPSS
CVE
CVE
added 2019/12/18 5:25 a.m.102 views

CVE-2019-10482

CVE-2019-10482 describes a timing side-channel vulnerability caused by non-time-constant comparison functions, potentially enabling SUI corruption on Qualcomm Snapdragon platforms. Affected products span Snapdragon Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, Mobile, Voice & Music, ...

7.1CVSS6AI score0.00647EPSS
Total number of security vulnerabilities421