MSM
by Qualcomm
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-31885 | Cri | 0.69 | 9.8 | 0.31 | Jun 28, 2022 | Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of VBScripts. | ||
| CVE-2022-31887 | Cri | 0.64 | 9.8 | 0.01 | Jun 28, 2022 | Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password. | ||
| CVE-2017-9709 | Cri | 0.64 | 9.8 | 0.00 | Dec 5, 2017 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a privilege escalation vulnerability exists in telephony. | ||
| CVE-2022-31883 | Hig | 0.57 | 8.8 | 0.01 | Jun 28, 2022 | Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys. | ||
| CVE-2018-5898 | Hig | 0.51 | 7.8 | 0.00 | Jul 6, 2018 | Integer overflow can occur in msm_pcm_adsp_stream_cmd_put() function if the user supplied data "param_length" goes beyond certain limit in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | ||
| CVE-2014-9786 | Hig | 0.51 | 7.8 | 0.01 | Jul 11, 2016 | Heap-based buffer overflow in drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug… | ||
| CVE-2014-9783 | Hig | 0.51 | 7.8 | 0.01 | Jul 11, 2016 | drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate certain values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28441831… | ||
| CVE-2022-31886 | Med | 0.45 | 6.5 | 0.02 | Jun 28, 2022 | Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery (CSRF). An attacker can disable the 2FA by sending the user a malicious form. | ||
| CVE-2024-45543 | Med | 0.43 | 6.6 | 0.00 | Apr 7, 2025 | Memory corruption while accessing MSM channel map and mixer functions. | ||
| CVE-2022-31884 | Med | 0.42 | 6.5 | 0.01 | Jun 28, 2022 | Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys. | ||
| CVE-2017-9681 | Med | 0.42 | 6.5 | 0.00 | Mar 30, 2018 | In Android before 2017-08-05 on Qualcomm MSM, Firefox OS for MSM, QRD Android, and all Android releases from CAF using the Linux kernel, if kernel memory address is passed from userspace through iris_vidioc_s_ext_ctrls ioctl, it will print kernel address data. A user could set… |
- risk 0.69cvss 9.8epss 0.31
Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of VBScripts.
- risk 0.64cvss 9.8epss 0.01
Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password.
- risk 0.64cvss 9.8epss 0.00
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a privilege escalation vulnerability exists in telephony.
- risk 0.57cvss 8.8epss 0.01
Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys.
- risk 0.51cvss 7.8epss 0.00
Integer overflow can occur in msm_pcm_adsp_stream_cmd_put() function if the user supplied data "param_length" goes beyond certain limit in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.
- risk 0.51cvss 7.8epss 0.01
Heap-based buffer overflow in drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug…
- risk 0.51cvss 7.8epss 0.01
drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate certain values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28441831…
- risk 0.45cvss 6.5epss 0.02
Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery (CSRF). An attacker can disable the 2FA by sending the user a malicious form.
- risk 0.43cvss 6.6epss 0.00
Memory corruption while accessing MSM channel map and mixer functions.
- risk 0.42cvss 6.5epss 0.01
Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys.
- risk 0.42cvss 6.5epss 0.00
In Android before 2017-08-05 on Qualcomm MSM, Firefox OS for MSM, QRD Android, and all Android releases from CAF using the Linux kernel, if kernel memory address is passed from userspace through iris_vidioc_s_ext_ctrls ioctl, it will print kernel address data. A user could set…