CVE-2019-10585

Possible integer overflow happens when mmap find function will increment refcount every time when it invokes and can lead to use after free issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8053, ...

CVE-2019-14117

u'Whenever the page list is updated via privileged user, the previous list elements are freed but are not deleted from the list which results in a use after free causing an unhandled page fault exception in rmnet driver' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon ...

CVE-2023-24849

Information Disclosure in data Modem while parsing an FMTP line in an SDP message.

CVE-2020-3700

Possible out of bounds read due to a missing bounds check and could lead to local information disclosure in the wifi driver with no additional execution privileges needed in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & ...

CVE-2023-28537

Memory corruption while allocating memory in COmxApeDec module in Audio.

CVE-2024-49838

Information disclosure while parsing the OCI IE with invalid length.

CVE-2025-21453

Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.

CVE-2022-25713

Memory corruption in Automotive due to Improper Restriction of Operations within the Bounds of a Memory Buffer while exporting a shared key.

CVE-2024-33052

Memory corruption when user provides data for FM HCI command control operations.

CVE-2020-3656

Out of bound access can happen in MHI command process due to lack of check of command channel id value received from MHI devices in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, ...

CVE-2020-3698

Out of bound write while QoS DSCP mapping due to improper input validation for data received from association response frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice ...

CVE-2023-28575

The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to it.

CVE-2023-33115

Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.

CVE-2024-53014

Memory corruption may occur while validating ports and channels in Audio driver.

CVE-2022-33302

Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.

CVE-2020-11118

u'Information exposure issues while processing IE header due to improper check of beacon IE frame' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearab...

CVE-2022-33275

Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of range.

CVE-2023-28570

Memory corruption while processing audio effects.

CVE-2023-33068

Memory corruption in Audio while processing IIR config data from AFE calibration block.

CVE-2024-38422

Memory corruption while processing voice packet with arbitrary data received from ADSP.

CVE-2023-33049

Transient DOS in Multi-Mode Call Processor due to UE failure because of heap leakage.

CVE-2023-33072

Memory corruption in Core while processing control functions.

CVE-2023-33090

Transient DOS while processing channel information for speaker protection v2 module in ADSP.

CVE-2022-33288

Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection information.

CVE-2023-21673

Improper Access to the VM resource manager can lead to Memory Corruption.

CVE-2023-24843

Transient DOS in Modem while triggering a camping on an 5G cell.

CVE-2023-28554

Information Disclosure in Qualcomm IPC while reading values from shared memory in VM.

CVE-2023-28556

Cryptographic issue in HLOS during key management.

CVE-2023-33069

Memory corruption in Audio while processing the calibration data returned from ACDB loader.

CVE-2024-33043

Transient DOS while handling PS event when Program Service name length offset value is set to 255.

CVE-2019-10580

When kernel thread unregistered listener, Use after free issue happened as the listener client`s private data has been already freed in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM96...

CVE-2023-33023

Memory corruption while processing finish_sign command to pass a rsp buffer.

CVE-2023-33044

Transient DOS in Data modem while handling TLB control messages from the Network.

CVE-2023-33067

Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points.

CVE-2023-43533

Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame.

CVE-2019-13994

u'Lack of check that the current received data fragment size of a particular packet that are read from shared memory are less than the actual packet size can lead to memory corruption and potential information leakage' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Cons...

CVE-2019-14042

Out of bound read in in fingerprint application due to requested data assigned to a local buffer without length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired In...

CVE-2020-11124

u'Possible use-after-free while accessing diag client map table since list can be reallocated due to exceeding max client limit.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, Nicobar, QCS404, QCS4...

CVE-2023-21629

Memory Corruption in Modem due to double free while parsing the PKCS15 sim files.

CVE-2023-33036

Permanent DOS in Hypervisor while untrusted VM without PSCI support makes a PSCI call.

CVE-2023-33037

Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data.

CVE-2024-38423

Memory corruption while processing GPU page table switch.

CVE-2020-11120

u'Calling thread may free the data buffer pointer that was passed to the callback and later when event loop executes the callback, data buffer may not be valid and will lead to use after free scenario' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapd...

CVE-2022-33296

Memory corruption due to integer overflow to buffer overflow in Modem while parsing Traffic Channel Neighbor List Update message.

CVE-2023-24847

Transient DOS in Modem while allocating DSM items.

CVE-2023-33027

Transient DOS in WLAN Firmware while parsing rsn ies.

CVE-2023-33057

Transient DOS in Multi-Mode Call Processor while processing UE policy container.

CVE-2023-33101

Transient DOS while processing DL NAS TRANSPORT message with payload length 0.

CVE-2020-11115

u'Buffer over read occurs while processing information element from beacon due to lack of check of data received from beacon' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice...

CVE-2022-40521

Transient DOS due to improper authorization in Modem