Snapdragon Mobile
by Qualcomm
CVEs (529)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-18125 | Hig | 0.49 | 7.5 | 0.01 | Apr 11, 2018 | In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850, when secure camera is activated it stores captured data in protected buffers. The TEE application which… | ||
| CVE-2017-18073 | Hig | 0.49 | 7.5 | 0.01 | Apr 11, 2018 | In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, the HLOS can gain access to unauthorized memory. | ||
| CVE-2017-18072 | Hig | 0.49 | 7.5 | 0.01 | Apr 11, 2018 | In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427,… | ||
| CVE-2020-11277 | Hig | 0.48 | 7.4 | 0.00 | Feb 22, 2021 | Possible race condition during async fastrpc session after sending RPC message due to the fastrpc ctx gets free during async session in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile | ||
| CVE-2021-35113 | Hig | 0.47 | 7.3 | 0.00 | Sep 2, 2022 | Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | ||
| CVE-2021-35097 | Hig | 0.47 | 7.3 | 0.00 | Sep 2, 2022 | Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice… | ||
| CVE-2022-22087 | Hig | 0.47 | 7.3 | 0.01 | Jun 14, 2022 | memory corruption in video due to buffer overflow while parsing mkv clip with no codechecker in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | ||
| CVE-2021-30283 | Hig | 0.46 | 7.1 | 0.00 | Jan 3, 2022 | Possible denial of service due to improper handling of debug register trap from user applications in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | ||
| CVE-2020-11161 | Hig | 0.46 | 7.1 | 0.00 | Jun 9, 2021 | Out-of-bounds memory access can occur while calculating alignment requirements for a negative width from external components in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &… | ||
| CVE-2020-11203 | Hig | 0.46 | 7.1 | 0.00 | Feb 22, 2021 | Stack overflow may occur if GSM/WCDMA broadcast config size received from user is larger than variable length array in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | ||
| CVE-2020-11132 | Hig | 0.46 | 7.1 | 0.00 | Nov 12, 2020 | u'Buffer over read in boot due to size check ignored before copying GUID attribute from request to response' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure… | ||
| CVE-2019-14101 | Hig | 0.46 | 7.1 | 0.00 | Jul 30, 2020 | Out of bounds read can happen in diag event set mask command handler when user provided length in the command request is less than expected length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer… | ||
| CVE-2019-14104 | Hig | 0.46 | 7.1 | 0.00 | Apr 16, 2020 | Slab-out-of-bounds access can occur if the context pointer is invalid due to lack of null check on pointer before accessing it in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, SC8180X, SDX55, SM8150 | ||
| CVE-2019-2284 | Hig | 0.46 | 7.0 | 0.00 | Sep 30, 2019 | Possible use-after-free issue due to a race condition while calling camera ioctl concurrently in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, QCS405, QCS605, Qualcomm 215,… | ||
| CVE-2017-18309 | Hig | 0.46 | 7.1 | 0.00 | Oct 26, 2018 | A micro-core of QMP transportation may cause a macro-core to read from or write to arbitrary memory in Snapdragon Mobile in version SD 845, SD 850. | ||
| CVE-2017-18305 | Hig | 0.46 | 7.0 | 0.00 | Oct 23, 2018 | XBL sec mem dump system call allows complete control of EL3 by unlocking all XPUs if enable fuse is not blown in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835. | ||
| CVE-2022-25666 | Med | 0.44 | 6.7 | 0.00 | Oct 19, 2022 | Memory corruption due to use after free in service while trying to access maps by different threads in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | ||
| CVE-2022-25665 | Med | 0.44 | 6.8 | 0.00 | Oct 19, 2022 | Information disclosure due to buffer over read in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile | ||
| CVE-2021-35133 | Med | 0.44 | 6.7 | 0.00 | Sep 2, 2022 | Use after free in the synx driver issue while performing other functions during multiple invocation of synx release calls in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | ||
| CVE-2021-35109 | Med | 0.44 | 6.8 | 0.00 | Sep 2, 2022 | Possible address manipulation from APP-NS while APP-S is configuring an RG where it tries to merge the address ranges in Snapdragon Connectivity, Snapdragon Mobile |
- risk 0.49cvss 7.5epss 0.01
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850, when secure camera is activated it stores captured data in protected buffers. The TEE application which…
- risk 0.49cvss 7.5epss 0.01
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, the HLOS can gain access to unauthorized memory.
- risk 0.49cvss 7.5epss 0.01
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427,…
- risk 0.48cvss 7.4epss 0.00
Possible race condition during async fastrpc session after sending RPC message due to the fastrpc ctx gets free during async session in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile
- risk 0.47cvss 7.3epss 0.00
Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
- risk 0.47cvss 7.3epss 0.00
Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice…
- risk 0.47cvss 7.3epss 0.01
memory corruption in video due to buffer overflow while parsing mkv clip with no codechecker in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
- risk 0.46cvss 7.1epss 0.00
Possible denial of service due to improper handling of debug register trap from user applications in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
- risk 0.46cvss 7.1epss 0.00
Out-of-bounds memory access can occur while calculating alignment requirements for a negative width from external components in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &…
- risk 0.46cvss 7.1epss 0.00
Stack overflow may occur if GSM/WCDMA broadcast config size received from user is larger than variable length array in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
- risk 0.46cvss 7.1epss 0.00
u'Buffer over read in boot due to size check ignored before copying GUID attribute from request to response' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure…
- risk 0.46cvss 7.1epss 0.00
Out of bounds read can happen in diag event set mask command handler when user provided length in the command request is less than expected length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer…
- risk 0.46cvss 7.1epss 0.00
Slab-out-of-bounds access can occur if the context pointer is invalid due to lack of null check on pointer before accessing it in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, SC8180X, SDX55, SM8150
- risk 0.46cvss 7.0epss 0.00
Possible use-after-free issue due to a race condition while calling camera ioctl concurrently in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, QCS405, QCS605, Qualcomm 215,…
- risk 0.46cvss 7.1epss 0.00
A micro-core of QMP transportation may cause a macro-core to read from or write to arbitrary memory in Snapdragon Mobile in version SD 845, SD 850.
- risk 0.46cvss 7.0epss 0.00
XBL sec mem dump system call allows complete control of EL3 by unlocking all XPUs if enable fuse is not blown in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835.
- risk 0.44cvss 6.7epss 0.00
Memory corruption due to use after free in service while trying to access maps by different threads in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
- risk 0.44cvss 6.8epss 0.00
Information disclosure due to buffer over read in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile
- risk 0.44cvss 6.7epss 0.00
Use after free in the synx driver issue while performing other functions during multiple invocation of synx release calls in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
- risk 0.44cvss 6.8epss 0.00
Possible address manipulation from APP-NS while APP-S is configuring an RG where it tries to merge the address ranges in Snapdragon Connectivity, Snapdragon Mobile
Page 24 of 27