Qualcomm Agatti Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Qualcomm Agatti Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2020-3673 — CVSS 9.8 (critical): u'Buffer overflow can happen as part of SIP message packet processing while storing values in array due to lack of check to validate the…
CVE-2020-3692 — CVSS 9.8 (critical): u'Possible buffer overflow while updating output buffer for IMEI and Gateway Address due to lack of check of input validation for…
CVE-2020-3654 — CVSS 9.8 (critical): u'Buffer overflow occurs while processing SIP message packet due to lack of check of index validation before copying into it' in Snapdragon…
CVE-2020-3670 — CVSS 9.1 (critical): u'Potential out of bounds read while processing downlink NAS transport message due to improper length check of Information Element(IEI) NAS…
CVE-2020-3638 — CVSS 7.8 (high): u'An Unaligned address or size can propagate to the database due to improper page permissions and can lead to improper access control' in…
CVE-2020-3678 — CVSS 7.8 (high): u'A buffer overflow could occur if the API is improperly used due to UIE init does not contain a buffer size a param' in Snapdragon…
CVE-2020-3684 — CVSS 7.8 (high): u'QSEE reads the access permission policy for the SMEM TOC partition from the SMEM TOC contents populated by XBL Loader and applies them…
CVE-2020-3690 — CVSS 7.8 (high): u'Due to an incorrect SMMU configuration, the modem crypto engine can potentially compromise the hypervisor' in Snapdragon Auto, Snapdragon…
CVE-2020-11125 — CVSS 7.8 (high): u'Out of bound access can happen in MHI command process due to lack of check of channel id value received from MHI devices' in Snapdragon…
CVE-2020-11162 — CVSS 7.8 (high): u'Possible buffer overflow in MHI driver due to lack of input parameter validation of EOT events received from MHI device side' in…
CVE-2020-11164 — CVSS 7.8 (high): u'Third-party app may also call the broadcasts in Perfdump and cause privilege escalation issue due to improper access control' in…
CVE-2020-11174 — CVSS 7.8 (high): u'Array index underflow issue in adsp driver due to improper check of channel id before used as array index.' in Snapdragon Auto…
CVE-2020-3704 — CVSS 7.5 (high): u'While processing invalid connection request PDU which is nonstandard (interval or timeout is 0) from central device may lead peripheral…
CVE-2020-11173 — CVSS 7.0 (high): u'Two threads running simultaneously from user space can lead to race condition in fastRPC driver' in Snapdragon Auto, Snapdragon Compute…