Qualcomm Kamorta Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Qualcomm Kamorta Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (80)
CVE-2020-11116 — CVSS 9.8 (critical): u'Possible out of bound write while processing association response received from host due to lack of check of IE length' in Snapdragon…
CVE-2020-3667 — CVSS 9.8 (critical): u'Buffer Overflow in mic calculation for WPA due to copying data into buffer without validating the length of buffer' in Snapdragon Auto…
CVE-2020-3688 — CVSS 9.8 (critical): Possible buffer overflow while parsing mp4 clip with corrupted sample atoms due to improper validation of index in Snapdragon Auto…
CVE-2020-3663 — CVSS 9.8 (critical): Buffer over-write may occur during fetching track decoder specific information if cb size exceeds buffer size in Snapdragon Auto…
CVE-2019-14080 — CVSS 9.8 (critical): Out of bound write can happen due to lack of check of array index value while parsing SDP attribute for SAR in Snapdragon Auto, Snapdragon…
CVE-2020-3703 — CVSS 9.8 (critical): u'Buffer over-read issue in Bluetooth peripheral firmware due to lack of check for invalid opcode and length of opcode received from…
CVE-2020-3661 — CVSS 9.8 (critical): Buffer overflow will happen while parsing mp4 clip with corrupted sample atoms values which exceeds MAX_UINT32 range due to lack of…
CVE-2020-3675 — CVSS 9.8 (critical): u'Potential integer underflow while parsing Service Info and IPv6 link-local TLVs that comes as part of NDPE attribute' in Snapdragon Auto…
CVE-2020-3673 — CVSS 9.8 (critical): u'Buffer overflow can happen as part of SIP message packet processing while storing values in array due to lack of check to validate the…
CVE-2020-3692 — CVSS 9.8 (critical): u'Possible buffer overflow while updating output buffer for IMEI and Gateway Address due to lack of check of input validation for…
CVE-2019-14062 — CVSS 9.8 (critical): Buffer overflows while decoding setup message from Network due to lack of check of IE message length received from network in Snapdragon…
CVE-2020-3668 — CVSS 9.8 (critical): u'Buffer overflow while parsing PMF enabled MCBC frames due to frame length being lesser than what is expected while parsing' in Snapdragon…
CVE-2020-3669 — CVSS 9.8 (critical): u'Buffer Overflow issue in WLAN tcp ip verification due to usage of out of range pointer offset' in Snapdragon Auto, Snapdragon Compute…
CVE-2020-3654 — CVSS 9.8 (critical): u'Buffer overflow occurs while processing SIP message packet due to lack of check of index validation before copying into it' in Snapdragon…
CVE-2020-3641 — CVSS 9.8 (critical): Integer overflow may occur if atom size is less than atom offset as there is improper validation of atom size in Snapdragon Auto…
CVE-2020-3633 — CVSS 9.8 (critical): Array out of bound may occur while playing mp3 file as no check is there on offset if it is greater than the buffer allocated or not in…
CVE-2019-14073 — CVSS 9.8 (critical): Copying RTCP messages into the output buffer without checking the destination buffer size which could lead to a remote stack overflow when…
CVE-2020-3658 — CVSS 9.1 (critical): Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms in Snapdragon Auto, Snapdragon…
CVE-2020-3670 — CVSS 9.1 (critical): u'Potential out of bounds read while processing downlink NAS transport message due to improper length check of Information Element(IEI) NAS…
CVE-2020-3634 — CVSS 9.1 (critical): u'Multiple Read overflows issue due to improper length check while decoding Generic NAS transport/EMM info' in Snapdragon Auto, Snapdragon…
CVE-2020-11125 — CVSS 7.8 (high): u'Out of bound access can happen in MHI command process due to lack of check of channel id value received from MHI devices' in Snapdragon…
CVE-2020-11129 — CVSS 7.8 (high): u'During the error occurrence in capture request, the buffer is freed and later accessed causing the camera APP to fail due to memory…
CVE-2020-11162 — CVSS 7.8 (high): u'Possible buffer overflow in MHI driver due to lack of input parameter validation of EOT events received from MHI device side' in…
CVE-2020-11164 — CVSS 7.8 (high): u'Third-party app may also call the broadcasts in Perfdump and cause privilege escalation issue due to improper access control' in…
CVE-2020-11174 — CVSS 7.8 (high): u'Array index underflow issue in adsp driver due to improper check of channel id before used as array index.' in Snapdragon Auto…
CVE-2020-3611 — CVSS 7.8 (high): u'XBL SEC clears only ZI region when loading Qualcomm-signed segments can lead to improper access issue' in Snapdragon Compute, Snapdragon…
CVE-2020-3622 — CVSS 7.8 (high): u'Channel name string which has been read from shared memory is potentially subjected to string manipulations but not validated for NULL…
CVE-2020-3624 — CVSS 7.8 (high): u'A potential buffer overflow exists due to integer overflow when parsing handler options due to wrong data type usage in operation' in…
CVE-2020-3629 — CVSS 7.8 (high): u'Stack out of bound issue occurs when making query to DSP capabilities due to wrong assumption was made on determining the buffer size for…
CVE-2020-3630 — CVSS 7.8 (high): Possibility of out of bound access while processing the responses from video firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2019-14054 — CVSS 7.8 (high): Improper permissions in XBL_SEC region enable user to update XBL_SEC code and data and divert the RAM dump path to normal cold boot path in…
CVE-2019-10562 — CVSS 7.8 (high): u'Improper authentication and signature verification of debug polices in secure boot loader will allow unverified debug policies to be…
CVE-2019-10615 — CVSS 7.8 (high): u'Possibility of integer overflow in keymaster 4 while allocating memory due to multiplication of large numcerts value and size of…
CVE-2019-13994 — CVSS 7.8 (high): u'Lack of check that the current received data fragment size of a particular packet that are read from shared memory are less than the…
CVE-2019-13995 — CVSS 7.8 (high): u'Lack of integer overflow check for addition of fragment size and remaining size that are read from shared memory can lead to memory…
CVE-2019-13998 — CVSS 7.8 (high): u'Lack of check that the TX FIFO write and read indices that are read from shared RAM are less than the FIFO size results into memory…
CVE-2019-13999 — CVSS 7.8 (high): u'Lack of check for integer overflow for round up and addition operations result into memory corruption and potential information leakage'…
CVE-2019-10527 — CVSS 7.8 (high): u'SMEM partition can be manipulated in case of any compromise on HLOS, thus resulting in access to memory outside of SMEM address range…
CVE-2019-14056 — CVSS 7.8 (high): u'Possible integer overflow in API due to lack of check on large oid range count in cert extension field' in Snapdragon Auto, Snapdragon…
CVE-2019-14065 — CVSS 7.8 (high): u'Pointer double free in HavenSvc due to not setting the pointer to NULL after freeing it' in Snapdragon Auto, Snapdragon Compute…
CVE-2019-14066 — CVSS 7.8 (high): Integer overflow in calculating estimated output buffer size when getting a list of installed Feature IDs, Serial Numbers or checking…
CVE-2019-14074 — CVSS 7.8 (high): u'Heap overflow in diag command handler due to lack of check of packet length received from user' in Snapdragon Auto, Snapdragon Compute…
CVE-2019-14076 — CVSS 7.8 (high): Buffer overflow occurs while processing an subsample data length out of range due to lack of user input validation in Snapdragon Auto…
CVE-2019-14077 — CVSS 7.8 (high): Out of bound memory access while processing ese transmit command due to passing Response buffer received from user in Snapdragon Auto…
CVE-2019-14089 — CVSS 7.8 (high): u'Keymaster attestation key and device IDs provisioning which is a one time process is incorrectly allowed to be re-provisioned after a…
CVE-2019-14094 — CVSS 7.8 (high): Integer overflow in diag command handler when user inputs a large value for number of tasks field in the request packet in Snapdragon Auto…
CVE-2019-14123 — CVSS 7.8 (high): Possible buffer overflow and over read possible due to missing bounds checks for fixed limits if we consider widevine HLOS client as…
CVE-2019-14124 — CVSS 7.8 (high): Memory failure in content protection module due to not having pointer within the scope in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2019-14130 — CVSS 7.8 (high): Memory corruption can occurs in trusted application if offset size from HLOS is more than actual mapped buffer size in Snapdragon Auto…
CVE-2020-11120 — CVSS 7.8 (high): u'Calling thread may free the data buffer pointer that was passed to the callback and later when event loop executes the callback, data…
CVE-2020-3636 — CVSS 7.8 (high): u'Out of bound writes happen when accessing usage_table header entry beyond the memory allocated for the header' in Snapdragon Auto…
CVE-2020-3638 — CVSS 7.8 (high): u'An Unaligned address or size can propagate to the database due to improper page permissions and can lead to improper access control' in…
CVE-2020-3640 — CVSS 7.8 (high): u'Resizing the usage table header before passing all the checks leads to the function exiting with a usage table in invalid state when a…
CVE-2020-3642 — CVSS 7.8 (high): Use after free issue in camera applications when used randomly over multiple operations due to pointer not set to NULL after free/destroy…
CVE-2020-3656 — CVSS 7.8 (high): Out of bound access can happen in MHI command process due to lack of check of command channel id value received from MHI devices in…
CVE-2020-3676 — CVSS 7.8 (high): Possible memory corruption in perfservice due to improper validation array length taken from user application. in Snapdragon Auto…
CVE-2020-3678 — CVSS 7.8 (high): u'A buffer overflow could occur if the API is improperly used due to UIE init does not contain a buffer size a param' in Snapdragon…
CVE-2020-3684 — CVSS 7.8 (high): u'QSEE reads the access permission policy for the SMEM TOC partition from the SMEM TOC contents populated by XBL Loader and applies them…
CVE-2020-3690 — CVSS 7.8 (high): u'Due to an incorrect SMMU configuration, the modem crypto engine can potentially compromise the hypervisor' in Snapdragon Auto, Snapdragon…
CVE-2020-3645 — CVSS 7.5 (high): Firmware will hit assert in WLAN firmware If encrypted data length in FILS IE of reassoc response is more than 528 bytes in Snapdragon…
CVE-2020-11118 — CVSS 7.5 (high): u'Information exposure issues while processing IE header due to improper check of beacon IE frame' in Snapdragon Auto, Snapdragon Compute…
CVE-2020-11115 — CVSS 7.5 (high): u'Buffer over read occurs while processing information element from beacon due to lack of check of data received from beacon' in Snapdragon…
CVE-2020-3704 — CVSS 7.5 (high): u'While processing invalid connection request PDU which is nonstandard (interval or timeout is 0) from central device may lead peripheral…
CVE-2020-11135 — CVSS 7.5 (high): u'Reachable assertion when wrong data size is returned by parser for ape clips' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon…
CVE-2019-14101 — CVSS 7.1 (high): Out of bounds read can happen in diag event set mask command handler when user provided length in the command request is less than expected…
CVE-2020-3617 — CVSS 7.1 (high): u'Buffer over-read Issue in Q6 testbus framework due to diag packet length is not completely validated before accessing the field and leads…
CVE-2019-14043 — CVSS 7.1 (high): Out of bound read in Fingerprint application due to requested data is being used without length check in Snapdragon Auto, Snapdragon…
CVE-2019-14042 — CVSS 7.1 (high): Out of bound read in in fingerprint application due to requested data assigned to a local buffer without length check in Snapdragon Auto…
CVE-2020-11173 — CVSS 7.0 (high): u'Two threads running simultaneously from user space can lead to race condition in fastRPC driver' in Snapdragon Auto, Snapdragon Compute…
CVE-2020-3619 — CVSS 7.0 (high): u'Non-secure memory is touched multiple times during TrustZone\u2019s execution and can lead to privilege escalation or memory corruption'…
CVE-2019-14119 — CVSS 7.0 (high): u'While processing SMCInvoke asynchronous message header, message count is modified leading to a TOCTOU race condition and lead to memory…
CVE-2020-3621 — CVSS 5.5 (medium): u'Lack of check to ensure that the TX read index & RX write index that are read from shared memory are less than the FIFO size results into…
CVE-2020-3620 — CVSS 5.5 (medium): u'Lack of check of integer overflow while doing a round up operation for data read from shared memory for G-link SMEM transport can lead to…
CVE-2019-14115 — CVSS 5.5 (medium): u'Information disclosure issue occurs as in current logic as secure touch is released without clearing the display session which can result…
CVE-2020-3679 — CVSS 5.5 (medium): u'During execution after Address Space Layout Randomization is turned on for QTEE, part of code is still mapped at known address including…
CVE-2019-14025 — CVSS 5.5 (medium): u'When a new session is created, Object is returned that contains TZ addresses and it get passed to HLOS as an handle to refer to a…
CVE-2020-3643 — CVSS 5.5 (medium): u'Information disclosure issue can occur due to partial secure display-touch session tear-down' in Snapdragon Auto, Snapdragon Compute…
CVE-2020-3644 — CVSS 5.5 (medium): u'Information disclosure issue occurs as in current logic Secure Touch session is released without terminating display session' in…
CVE-2020-11122 — CVSS 5.5 (medium): u'Null Pointer exception while playing crafted mkv file as data stream get deleted on secondary invalid configuration' in Snapdragon Auto…
CVE-2019-14067 — CVSS 5.5 (medium): Using non-time-constant functions like memcmp to compare sensitive data can lead to information leakage through timing side channel issue…