Vendor CVEs
Qualcomm
All CVEs
2,042 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-9685 | Hig | 0.53 | 8.1 | 0.00 | Aug 18, 2017 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition. | ||
| CVE-2016-10383 | Hig | 0.53 | 8.1 | 0.01 | Aug 18, 2017 | In all Qualcomm products with Android releases from CAF using the Linux kernel, there is a TOCTOU race condition in Secure UI. | ||
| CVE-2018-5872 | Hig | 0.52 | 8.0 | 0.00 | Jul 6, 2018 | While parsing over-the-air information elements in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, the use of an out-of-range pointer offset can occur. | ||
| CVE-2015-9222 | Hig | 0.52 | 7.5 | 0.04 | Apr 18, 2018 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630,… | ||
| CVE-2000-0342 | Hig | 0.52 | 7.5 | 0.03 | Apr 28, 2000 | Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment." | ||
| CVE-2026-25260 | Hig | 0.51 | 7.8 | 0.00 | Jun 1, 2026 | Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications. | ||
| CVE-2026-25259 | Hig | 0.51 | 7.8 | 0.00 | Jun 1, 2026 | Memory corruption while processing multiple IOCTL command for escape operations. | ||
| CVE-2026-25258 | Hig | 0.51 | 7.8 | 0.00 | Jun 1, 2026 | Memory corruption while processing IOCTL calls for escape operations. | ||
| CVE-2025-59606 | Hig | 0.51 | 7.8 | 0.00 | Jun 1, 2026 | Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization. | ||
| CVE-2025-59605 | Hig | 0.51 | 7.8 | 0.00 | Jun 1, 2026 | Memory Corruption when processing device identifier strings that exceed the expected maximum length. | ||
| CVE-2025-59604 | Hig | 0.51 | 7.8 | 0.00 | Jun 1, 2026 | Memory Corruption when running a memory copy operation due to invalid writes caused by a null pointer. | ||
| CVE-2026-24082 | Hig | 0.51 | 7.8 | 0.00 | May 4, 2026 | Memory Corruption when copying data from a freed source while executing performance counter deselect operation. | ||
| CVE-2025-47408 | Hig | 0.51 | 7.8 | 0.00 | May 4, 2026 | Memory corruption when another driver calls an IOCTL with invalid input/output buffer. | ||
| CVE-2025-47407 | Hig | 0.51 | 7.8 | 0.00 | May 4, 2026 | Memory corruption while creating a process on the digital signal processor due to allocation failure at the kernel level. | ||
| CVE-2025-47405 | Hig | 0.51 | 7.8 | 0.00 | May 4, 2026 | Memory corruption when processing camera sensor input/output control codes with invalid output buffers. | ||
| CVE-2026-21382 | Hig | 0.51 | 7.8 | 0.00 | Apr 6, 2026 | Memory Corruption when handling power management requests with improperly sized input/output buffers. | ||
| CVE-2026-21380 | Hig | 0.51 | 7.8 | 0.00 | Apr 6, 2026 | Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memory. | ||
| CVE-2026-21378 | Hig | 0.51 | 7.8 | 0.00 | Apr 6, 2026 | Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver. | ||
| CVE-2026-21376 | Hig | 0.51 | 7.8 | 0.00 | Apr 6, 2026 | Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver. | ||
| CVE-2026-21375 | Hig | 0.51 | 7.8 | 0.00 | Apr 6, 2026 | Memory Corruption when accessing an output buffer without validating its size during IOCTL processing. | ||
| CVE-2026-21374 | Hig | 0.51 | 7.8 | 0.00 | Apr 6, 2026 | Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation. | ||
| CVE-2026-21373 | Hig | 0.51 | 7.8 | 0.00 | Apr 6, 2026 | Memory Corruption when accessing an output buffer without validating its size during IOCTL processing. | ||
| CVE-2026-21372 | Hig | 0.51 | 7.8 | 0.00 | Apr 6, 2026 | Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations. | ||
| CVE-2026-21371 | Hig | 0.51 | 7.8 | 0.00 | Apr 6, 2026 | Memory Corruption when retrieving output buffer with insufficient size validation. | ||
| CVE-2025-47391 | Hig | 0.51 | 7.8 | 0.00 | Apr 6, 2026 | Memory corruption while processing a frame request from user. | ||
| CVE-2025-47390 | Hig | 0.51 | 7.8 | 0.00 | Apr 6, 2026 | Memory corruption while preprocessing IOCTL request in JPEG driver. | ||
| CVE-2025-47389 | Hig | 0.51 | 7.8 | 0.00 | Apr 6, 2026 | Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation. | ||
| CVE-2018-11292 | Hig | 0.51 | 7.8 | 0.00 | Sep 20, 2018 | In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SDM429, SDM439, SDM630, SDM632,… | ||
| CVE-2018-11285 | Hig | 0.51 | 7.8 | 0.01 | Sep 20, 2018 | In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, SDM429, SDM439, SDM630, SDM632,… | ||
| CVE-2018-11277 | Hig | 0.51 | 7.8 | 0.00 | Sep 20, 2018 | In Snapdragon (Automobile, Mobile, Wear) in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, the com.qualcomm.embms is a vendor package deployed in the system image… | ||
| CVE-2018-11269 | Hig | 0.51 | 7.8 | 0.00 | Sep 20, 2018 | In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660,… | ||
| CVE-2018-11268 | Hig | 0.51 | 7.8 | 0.00 | Sep 20, 2018 | In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660,… | ||
| CVE-2018-11267 | Hig | 0.51 | 7.8 | 0.00 | Sep 20, 2018 | In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD… | ||
| CVE-2017-18280 | Hig | 0.51 | 7.8 | 0.00 | Sep 20, 2018 | In Snapdragon (Automobile, Mobile, Wear) in version MDM9607, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDM429, SDM439, SDM632, Snapdragon_High_Med_2016, when a Trusted Application has… | ||
| CVE-2018-11297 | Hig | 0.51 | 7.8 | 0.00 | Sep 18, 2018 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a buffer over-read can occur In the WMA NDP event handler functions due to lack of validation of input value event_info which is received from FW. | ||
| CVE-2018-11281 | Hig | 0.51 | 7.8 | 0.00 | Sep 18, 2018 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while calling IPA_IOC_MDFY_RT_RULE IPA IOCTL, header entry is not checked before use. If IPA_IOC_MDFY_RT_RULE IOCTL called for header entries formerly deleted, a Use after… | ||
| CVE-2017-18155 | Hig | 0.51 | 7.8 | 0.00 | Jul 12, 2018 | While playing HEVC content using HD DMB in Snapdragon Automobile and Snapdragon Mobile in version MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, an uninitialized variable can be used leading to a kernel fault. | ||
| CVE-2018-5862 | Hig | 0.51 | 7.8 | 0.00 | Jul 6, 2018 | In __wlan_hdd_cfg80211_vendor_scan() in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, when SCAN_SSIDS and QCA_WLAN_VENDOR_ATTR_SCAN_FREQUENCIES are parsed, a buffer overwrite can… | ||
| CVE-2018-3570 | Hig | 0.51 | 7.8 | 0.00 | Jul 6, 2018 | In the cpuidle driver in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, the list_for_each macro was not used correctly which could lead to an untrusted pointer dereference. | ||
| CVE-2018-5898 | Hig | 0.51 | 7.8 | 0.00 | Jul 6, 2018 | Integer overflow can occur in msm_pcm_adsp_stream_cmd_put() function if the user supplied data "param_length" goes beyond certain limit in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | ||
| CVE-2018-5893 | Hig | 0.51 | 7.8 | 0.00 | Jul 6, 2018 | While processing a message from firmware in htt_t2h_msg_handler_fast() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a buffer overwrite can occur. | ||
| CVE-2018-5889 | Hig | 0.51 | 7.8 | 0.00 | Jul 6, 2018 | While processing a compressed kernel image, a buffer overflow can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | ||
| CVE-2018-5888 | Hig | 0.51 | 7.8 | 0.00 | Jul 6, 2018 | While processing the system path, an out of bounds access can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | ||
| CVE-2018-5887 | Hig | 0.51 | 7.8 | 0.00 | Jul 6, 2018 | While processing the USB StrSerialDescriptor array, an array index out of bounds can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | ||
| CVE-2018-5831 | Hig | 0.51 | 7.8 | 0.00 | Jul 6, 2018 | In the KGSL driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a reference counting error can lead to a Use After Free condition. | ||
| CVE-2018-3597 | Hig | 0.51 | 7.8 | 0.00 | Jul 6, 2018 | In the ADSP RPC driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, an arbitrary kernel write can occur. | ||
| CVE-2018-3569 | Hig | 0.51 | 7.8 | 0.00 | Jul 6, 2018 | A buffer over-read can occur during a fast initial link setup (FILS) connection in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | ||
| CVE-2018-11258 | Hig | 0.51 | 7.8 | 0.00 | Jul 6, 2018 | In ADSP RPC in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, a Use After Free condition can occur in versions MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD… | ||
| CVE-2018-11257 | Hig | 0.51 | 7.8 | 0.00 | Jul 6, 2018 | Permissions, Privileges, and Access Controls in TA in Snapdragon Mobile has an options that allows RPMB erase for secure devices in versions SD 210/SD 212/SD 205, SD 845, SD 850. | ||
| CVE-2017-18159 | Hig | 0.51 | 7.8 | 0.00 | Jul 6, 2018 | In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, while processing a StrHwPlatform with length smaller than EFICHIPINFO_MAX_ID_LENGTH, an array out of bounds access may occur. |
- risk 0.53cvss 8.1epss 0.00
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition.
- risk 0.53cvss 8.1epss 0.01
In all Qualcomm products with Android releases from CAF using the Linux kernel, there is a TOCTOU race condition in Secure UI.
- risk 0.52cvss 8.0epss 0.00
While parsing over-the-air information elements in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, the use of an out-of-range pointer offset can occur.
- risk 0.52cvss 7.5epss 0.04
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630,…
- risk 0.52cvss 7.5epss 0.03
Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment."
- risk 0.51cvss 7.8epss 0.00
Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications.
- risk 0.51cvss 7.8epss 0.00
Memory corruption while processing multiple IOCTL command for escape operations.
- risk 0.51cvss 7.8epss 0.00
Memory corruption while processing IOCTL calls for escape operations.
- risk 0.51cvss 7.8epss 0.00
Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization.
- risk 0.51cvss 7.8epss 0.00
Memory Corruption when processing device identifier strings that exceed the expected maximum length.
- risk 0.51cvss 7.8epss 0.00
Memory Corruption when running a memory copy operation due to invalid writes caused by a null pointer.
- risk 0.51cvss 7.8epss 0.00
Memory Corruption when copying data from a freed source while executing performance counter deselect operation.
- risk 0.51cvss 7.8epss 0.00
Memory corruption when another driver calls an IOCTL with invalid input/output buffer.
- risk 0.51cvss 7.8epss 0.00
Memory corruption while creating a process on the digital signal processor due to allocation failure at the kernel level.
- risk 0.51cvss 7.8epss 0.00
Memory corruption when processing camera sensor input/output control codes with invalid output buffers.
- risk 0.51cvss 7.8epss 0.00
Memory Corruption when handling power management requests with improperly sized input/output buffers.
- risk 0.51cvss 7.8epss 0.00
Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memory.
- risk 0.51cvss 7.8epss 0.00
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.
- risk 0.51cvss 7.8epss 0.00
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.
- risk 0.51cvss 7.8epss 0.00
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.
- risk 0.51cvss 7.8epss 0.00
Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation.
- risk 0.51cvss 7.8epss 0.00
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.
- risk 0.51cvss 7.8epss 0.00
Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations.
- risk 0.51cvss 7.8epss 0.00
Memory Corruption when retrieving output buffer with insufficient size validation.
- risk 0.51cvss 7.8epss 0.00
Memory corruption while processing a frame request from user.
- risk 0.51cvss 7.8epss 0.00
Memory corruption while preprocessing IOCTL request in JPEG driver.
- risk 0.51cvss 7.8epss 0.00
Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation.
- risk 0.51cvss 7.8epss 0.00
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SDM429, SDM439, SDM630, SDM632,…
- risk 0.51cvss 7.8epss 0.01
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, SDM429, SDM439, SDM630, SDM632,…
- risk 0.51cvss 7.8epss 0.00
In Snapdragon (Automobile, Mobile, Wear) in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, the com.qualcomm.embms is a vendor package deployed in the system image…
- risk 0.51cvss 7.8epss 0.00
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660,…
- risk 0.51cvss 7.8epss 0.00
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660,…
- risk 0.51cvss 7.8epss 0.00
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD…
- risk 0.51cvss 7.8epss 0.00
In Snapdragon (Automobile, Mobile, Wear) in version MDM9607, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDM429, SDM439, SDM632, Snapdragon_High_Med_2016, when a Trusted Application has…
- risk 0.51cvss 7.8epss 0.00
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a buffer over-read can occur In the WMA NDP event handler functions due to lack of validation of input value event_info which is received from FW.
- risk 0.51cvss 7.8epss 0.00
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while calling IPA_IOC_MDFY_RT_RULE IPA IOCTL, header entry is not checked before use. If IPA_IOC_MDFY_RT_RULE IOCTL called for header entries formerly deleted, a Use after…
- risk 0.51cvss 7.8epss 0.00
While playing HEVC content using HD DMB in Snapdragon Automobile and Snapdragon Mobile in version MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, an uninitialized variable can be used leading to a kernel fault.
- risk 0.51cvss 7.8epss 0.00
In __wlan_hdd_cfg80211_vendor_scan() in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, when SCAN_SSIDS and QCA_WLAN_VENDOR_ATTR_SCAN_FREQUENCIES are parsed, a buffer overwrite can…
- risk 0.51cvss 7.8epss 0.00
In the cpuidle driver in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, the list_for_each macro was not used correctly which could lead to an untrusted pointer dereference.
- risk 0.51cvss 7.8epss 0.00
Integer overflow can occur in msm_pcm_adsp_stream_cmd_put() function if the user supplied data "param_length" goes beyond certain limit in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.
- risk 0.51cvss 7.8epss 0.00
While processing a message from firmware in htt_t2h_msg_handler_fast() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a buffer overwrite can occur.
- risk 0.51cvss 7.8epss 0.00
While processing a compressed kernel image, a buffer overflow can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.
- risk 0.51cvss 7.8epss 0.00
While processing the system path, an out of bounds access can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.
- risk 0.51cvss 7.8epss 0.00
While processing the USB StrSerialDescriptor array, an array index out of bounds can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.
- risk 0.51cvss 7.8epss 0.00
In the KGSL driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a reference counting error can lead to a Use After Free condition.
- risk 0.51cvss 7.8epss 0.00
In the ADSP RPC driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, an arbitrary kernel write can occur.
- risk 0.51cvss 7.8epss 0.00
A buffer over-read can occur during a fast initial link setup (FILS) connection in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.
- risk 0.51cvss 7.8epss 0.00
In ADSP RPC in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, a Use After Free condition can occur in versions MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD…
- risk 0.51cvss 7.8epss 0.00
Permissions, Privileges, and Access Controls in TA in Snapdragon Mobile has an options that allows RPMB erase for secure devices in versions SD 210/SD 212/SD 205, SD 845, SD 850.
- risk 0.51cvss 7.8epss 0.00
In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, while processing a StrHwPlatform with length smaller than EFICHIPINFO_MAX_ID_LENGTH, an array out of bounds access may occur.
Page 8 of 41