Wcd9370 Firmware Security Vulnerabilities and Issues — Page 17 of Wcd9370 Firmware CVE List

7.8CVSS7.3AI score0.00246EPSS

CVE-2021-1936

Null pointer dereference can occur due to lack of null check for user provided input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables

8.4CVSS7.6AI score0.00098EPSS

CVE-2021-1984

Possible buffer overflow due to improper validation of index value while processing the plugin block in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables

8.4CVSS7.3AI score0.00094EPSS

CVE-2021-30257

Possible out of bound read or write in VR service due to lack of validation of DSP selection values in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT

7.5CVSS7.3AI score0.00228EPSS

CVE-2021-30302

Improper authentication of EAP WAPI EAPOL frames from unauthenticated user can lead to information disclosure in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrast...

CVE•added 2023/01/09 8:15 a.m.•38 views

CVE-2022-40517

Memory corruption in core due to stack-based buffer overflow

8.4CVSS8.3AI score0.00091EPSS

CVE•added 2024/05/06 3:15 p.m.•38 views

CVE-2023-43529

Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received.

7.5CVSS6.9AI score0.00153EPSS

CVE•added 2025/03/03 11:15 a.m.•38 views

CVE-2024-43056

Transient DOS during hypervisor virtual I/O operation in a virtual machine.

6.5CVSS7.1AI score0.0002EPSS

CVE•added 2021/09/08 12:15 p.m.•37 views

CVE-2021-1923

Incorrect pointer argument passed to trusted application TA could result in un-intended memory operations in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT

7.8CVSS7.6AI score0.00043EPSS

CVE•added 2021/10/20 7:15 a.m.•37 views

CVE-2021-30258

Possible buffer overflow due to improper size calculation of payload received in VR service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables

8.4CVSS7.6AI score0.00035EPSS

CVE•added 2022/01/03 8:15 a.m.•37 views

CVE-2021-30293

Possible assertion due to lack of input validation in PUSCH configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT

7.5CVSS7.6AI score0.0026EPSS

CVE•added 2024/12/02 11:15 a.m.•37 views

CVE-2024-33037

Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesn`t validate the IPC message received from the firmware.

6.1CVSS6.2AI score0.00023EPSS

CVE•added 2024/11/04 10:15 a.m.•37 views

CVE-2024-38407

Memory corruption while processing input parameters for any IOCTL call in the JPEG Encoder driver.

7.8CVSS7.5AI score0.00019EPSS

CVE•added 2024/11/04 10:15 a.m.•37 views

CVE-2024-38408

Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.

9.1CVSS9AI score0.00074EPSS

CVE•added 2022/01/03 8:15 a.m.•36 views

CVE-2021-1918

Improper handling of resource allocation in virtual machines can lead to information exposure in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

6.5CVSS6.4AI score0.00045EPSS

CVE•added 2021/10/20 7:15 a.m.•36 views

CVE-2021-1932

Improper access control in trusted application environment can cause unauthorized access to CDSP or ADSP VM memory with either privilege in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastru...

8.4CVSS7.6AI score0.00031EPSS

CVE•added 2024/12/02 11:15 a.m.•36 views

CVE-2024-33053

Memory corruption when multiple threads try to unregister the CVP buffer at the same time.

6.7CVSS6.8AI score0.00025EPSS

CVE•added 2024/11/04 10:15 a.m.•36 views

CVE-2024-38424

Memory corruption during GNSS HAL process initialization.

7.8CVSS7.9AI score0.00033EPSS

CVE•added 2021/09/08 12:15 p.m.•35 views

CVE-2021-1919

Integer underflow can occur when the RTCP length is lesser than than the actual blocks present in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables

10CVSS9.3AI score0.00243EPSS

CVE•added 2022/01/03 8:15 a.m.•35 views

CVE-2021-30289

Possible buffer overflow due to lack of range check while processing a DIAG command for COEX management in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

7.8CVSS8AI score0.00035EPSS

CVE•added 2021/06/09 7:15 a.m.•34 views

CVE-2020-11304

Possible out of bound read in DRM due to improper buffer length check. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

7.8CVSS7AI score0.00043EPSS

CVE•added 2024/11/04 10:15 a.m.•34 views

CVE-2024-33068

Transient DOS while parsing fragments of MBSSID IE from beacon frame.

7.5CVSS7AI score0.0021EPSS

CVE•added 2024/11/04 10:15 a.m.•34 views

CVE-2024-38403

Transient DOS while parsing BTM ML IE when per STA profile is not included.

7.5CVSS7AI score0.0021EPSS

CVE•added 2024/11/04 10:15 a.m.•34 views

CVE-2024-38409

Memory corruption while station LL statistic handling.

7.8CVSS7.9AI score0.00033EPSS

CVE•added 2025/04/07 11:15 a.m.•33 views

CVE-2024-43067

Memory corruption occurs during the copying of read data from the EEPROM because the IO configuration is exposed as shared memory.

7.8CVSS7.1AI score0.00017EPSS

CVE•added 2025/06/03 6:15 a.m.•33 views

CVE-2024-53019

Information disclosure may occur while decoding the RTP packet with improper header length for number of contributing sources.

8.2CVSS8.2AI score0.00049EPSS

CVE•added 2024/06/03 10:15 a.m.•31 views

CVE-2023-43555

Information disclosure in Video while parsing mp2 clip with invalid section length.

8.2CVSS8.1AI score0.00093EPSS

CVE•added 2024/11/04 10:15 a.m.•31 views

CVE-2024-33032

Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it.

6.7CVSS6.6AI score0.00028EPSS

CVE•added 2024/08/05 3:15 p.m.•30 views

CVE-2024-21459

Information disclosure while handling beacon or probe response frame in STA.

7.5CVSS6.5AI score0.00126EPSS

CVE•added 2025/04/07 11:15 a.m.•28 views

CVE-2024-45557

Memory corruption can occur when TME processes addresses from TZ and MPSS requests without proper validation.

7.8CVSS7.3AI score0.00022EPSS

CVE•added 2024/08/05 3:15 p.m.•23 views

CVE-2024-33022

Memory corruption while allocating memory in HGSL driver.

8.4CVSS8.6AI score0.00035EPSS

CVE•added 2024/08/05 3:15 p.m.•22 views

CVE-2024-23357

Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus.

6.2CVSS6.4AI score0.00033EPSS

CVE•added 2024/08/05 3:15 p.m.•20 views

CVE-2024-21481

Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager.

8.4CVSS8.6AI score0.00034EPSS

CVE•added 2024/08/05 3:15 p.m.•20 views

CVE-2024-23352

Transient DOS when NAS receives ODAC criteria of length 1 and type 1 in registration accept OTA.

7.5CVSS7.6AI score0.00066EPSS

CVE•added 2024/08/05 3:15 p.m.•18 views

CVE-2024-23356

Memory corruption during session sign renewal request calls in HLOS.

7.8CVSS7.9AI score0.00035EPSS

CVE•added 2024/08/05 3:15 p.m.•17 views

CVE-2024-23355

Memory corruption when keymaster operation imports a shared key.

7.8CVSS7.9AI score0.00035EPSS

CVE•added 2024/08/05 3:15 p.m.•16 views

CVE-2024-21479

Transient DOS during music playback of ALAC content.

7.5CVSS7.6AI score0.00161EPSS

CVE•added 2024/08/05 3:15 p.m.•16 views

CVE-2024-33021

Memory corruption while processing IOCTL call to set metainfo.

8.4CVSS8.6AI score0.00035EPSS

CVE•added 2024/08/05 3:15 p.m.•13 views

CVE-2024-23353

Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.

7.5CVSS7.5AI score0.00161EPSS

CVE•added 2025/07/08 1:15 p.m.•13 views

CVE-2025-27057

Transient DOS while handling beacon frames with invalid IE header length.

7.5CVSS6.6AI score0.00053EPSS

CVE•added 2025/07/08 1:15 p.m.•13 views

CVE-2025-27061

Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmware.

CVE•added 2025/07/08 1:15 p.m.•12 views

CVE-2025-27042

Memory corruption while processing video packets received from video firmware.

CVE•added 2025/07/08 1:15 p.m.•12 views

CVE-2025-27043

Memory corruption while processing manipulated payload in video firmware.

CVE•added 2025/07/08 1:15 p.m.•11 views

CVE-2025-21422

Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses.

7.8CVSS6.6AI score0.00012EPSS

CVE•added 2025/07/08 1:15 p.m.•11 views

CVE-2025-21450

Cryptographic issue occurs due to use of insecure connection method while downloading.

9.1CVSS6.6AI score0.00034EPSS

CVE•added 2025/07/08 1:15 p.m.•11 views

CVE-2025-27052

Memory corruption while processing data packets in diag received from Unix clients.

7.8CVSS6.8AI score0.00014EPSS

CVE-2024-53009

Memory corruption while operating the mailbox in Automotive.

7.8CVSS6.9AI score0.00015EPSS

CVE-2025-21466

Memory corruption while processing a private escape command in an event trigger.

7.8CVSS6.9AI score0.00015EPSS

CVE-2025-27046

Memory corruption while processing multiple simultaneous escape calls.

CVE-2025-27055

Memory corruption during the image encoding process.