Qualcomm Mdm9655 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Qualcomm Mdm9655 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200)
CVE-2015-9139 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615…
CVE-2020-11170 — CVSS 9.8 (critical): Out of bound memory access while playing music playbacks with crafted vorbis content due to improper checks in header extraction in…
CVE-2020-11192 — CVSS 9.8 (critical): Out of bound write while parsing SDP string due to missing check on null termination in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2020-11227 — CVSS 9.8 (critical): Out of bound write while parsing RTT/TTY packet parsing due to lack of check of buffer size before copying into buffer in Snapdragon Auto…
CVE-2015-9148 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, MDM9635M…
CVE-2015-9191 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M…
CVE-2015-9195 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, MDM9635M, MDM9650, MDM9655, SD 400, SD…
CVE-2015-9198 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear…
CVE-2015-9199 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile IPQ4019, MDM9625…
CVE-2015-9201 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear…
CVE-2015-9209 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615…
CVE-2014-10052 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055…
CVE-2015-9224 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear, and…
CVE-2016-10410 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615…
CVE-2016-10414 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, and…
CVE-2016-10419 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9640, MDM9645, MDM9650, MDM9655, SD 450, SD…
CVE-2016-10421 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615…
CVE-2016-10422 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, and…
CVE-2014-10045 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607…
CVE-2015-9126 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9607, MDM9635M, MDM9640…
CVE-2016-10448 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615…
CVE-2014-10051 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M…
CVE-2016-10466 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9625…
CVE-2016-10482 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9625…
CVE-2016-10484 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear…
CVE-2016-10485 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607…
CVE-2016-10487 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear…
CVE-2016-10490 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear…
CVE-2016-10491 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9625…
CVE-2016-10493 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear…
CVE-2015-9138 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear, and…
CVE-2016-10498 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, MDM9645, MDM9650, MDM9655, SD 210/SD…
CVE-2016-10501 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055…
CVE-2017-18074 — CVSS 9.8 (critical): In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9607, MDM9625, MDM9635M, MDM9640…
CVE-2017-18135 — CVSS 9.8 (critical): In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9650, MDM9655, SD 450, SD 625, SD 650/52, SD 835, SD…
CVE-2017-18137 — CVSS 9.8 (critical): In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9640, MDM9645, MDM9650, MDM9655, SD 450, SD 625, SD…
CVE-2017-18138 — CVSS 9.8 (critical): In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640…
CVE-2017-18139 — CVSS 9.8 (critical): In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640…
CVE-2017-18142 — CVSS 9.8 (critical): In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9650, MDM9655, SD 835, SD 845, SD 850, while processing…
CVE-2017-18160 — CVSS 9.8 (critical): AGPS session failure in GNSS module due to cyphersuites are hardcoded and needed manual update everytime in snapdragon mobile and…
CVE-2017-18314 — CVSS 9.8 (critical): In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD…
CVE-2021-1920 — CVSS 9.8 (critical): Integer underflow can occur due to improper handling of incoming RTCP packets in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-1919 — CVSS 9.8 (critical): Integer underflow can occur when the RTCP length is lesser than than the actual blocks present in Snapdragon Auto, Snapdragon Compute…
CVE-2021-1916 — CVSS 9.8 (critical): Possible buffer underflow due to lack of check for negative indices values when processing user provided input in Snapdragon Auto…
CVE-2018-11945 — CVSS 9.8 (critical): Improper input validation in wireless service messaging module for data received from broadcast messages can lead to heap overflow in…
CVE-2018-13886 — CVSS 9.8 (critical): Unchecked OTA field in GNSS XTRA3 lead to integer overflow and then buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2018-13887 — CVSS 9.8 (critical): Untrusted header fields in GNSS XTRA3 function can lead to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer…
CVE-2018-13898 — CVSS 9.8 (critical): Out-of-Bounds write due to incorrect array index check in PMIC in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics…
CVE-2015-9122 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M…
CVE-2018-13904 — CVSS 9.8 (critical): Improper input validation in SCM handler to access storage in TZ can lead to unauthorized access in Snapdragon Auto, Snapdragon Compute…
CVE-2018-13911 — CVSS 9.8 (critical): Out of bounds memory read and access may lead to unexpected behavior in GNSS XTRA Parser in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2018-13924 — CVSS 9.8 (critical): Lack of check to prevent the buffer length taking negative values can lead to stack overflow. in Snapdragon Auto, Snapdragon Compute…
CVE-2018-3589 — CVSS 9.8 (critical): In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9650, MDM9655, SD 835, SD 845, SD 850, the vswr capture…
CVE-2018-3591 — CVSS 9.8 (critical): In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9650…
CVE-2018-3592 — CVSS 9.8 (critical): In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640…
CVE-2015-9143 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607…
CVE-2019-10487 — CVSS 9.8 (critical): Buffer over read can happen while parsing SMS OTA messages at transport layer if network sends un-intended values in Snapdragon Auto…
CVE-2019-10493 — CVSS 9.8 (critical): Position determination accuracy may be degraded due to wrongly decoded information in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2019-10500 — CVSS 9.8 (critical): While processing MT Secondary PDP request, Buffer overflow will happen due to incorrect calculation of buffer size in Snapdragon Auto…
CVE-2019-10511 — CVSS 9.8 (critical): Possibility of memory overflow while decoding GSNDCP compressed mode PDU in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT…
CVE-2019-10516 — CVSS 9.8 (critical): Multiple read overflows in MM while decoding service accept,service reject,attach reject and MT detach in Snapdragon Auto, Snapdragon…
CVE-2019-10525 — CVSS 9.8 (critical): Buffer overflow during SIB read when network configures complete sib list along with first and last segment of other SIB in Snapdragon…
CVE-2019-10586 — CVSS 9.8 (critical): Filling media attribute tag names without validating the destination buffer size which can result in the buffer overflow in Snapdragon…
CVE-2019-10587 — CVSS 9.8 (critical): Possible Stack overflow can occur when processing a large SDP body or non standard SDP body without right delimiters in Snapdragon Auto…
CVE-2019-10588 — CVSS 9.8 (critical): Copying RTCP messages into the output buffer without checking the destination buffer size which could lead to a remote stack overflow. in…
CVE-2019-10593 — CVSS 9.8 (critical): Buffer overflow can occur when processing non standard SDP video Image attribute parameter in a VILTE\VOLTE call in Snapdragon Auto…
CVE-2019-10594 — CVSS 9.8 (critical): Stack overflow can occur when SDP is received with multiple payload types in the FMTP attribute of a video M line in Snapdragon Auto…
CVE-2019-10609 — CVSS 9.8 (critical): Out of bound write can happen due to lack of check of array index value while calculating it. in Snapdragon Auto, Snapdragon Compute…
CVE-2019-14052 — CVSS 9.8 (critical): u'Accessing an uninitialized data structure could result in partially copying of contents and thus incorrect processing' in Snapdragon…
CVE-2019-14062 — CVSS 9.8 (critical): Buffer overflows while decoding setup message from Network due to lack of check of IE message length received from network in Snapdragon…
CVE-2019-14073 — CVSS 9.8 (critical): Copying RTCP messages into the output buffer without checking the destination buffer size which could lead to a remote stack overflow when…
CVE-2020-11272 — CVSS 9.8 (critical): Before enqueuing a frame to the PE queue for further processing, an entry in a hash table can be deleted and using a stale version later…
CVE-2019-2242 — CVSS 9.8 (critical): Device memory may get corrupted because of buffer overflow/underflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer…
CVE-2019-2254 — CVSS 9.8 (critical): Position determination accuracy may be degraded due to wrongly decoded information in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2019-2258 — CVSS 9.8 (critical): Improper validation of array index causes OOB write and then leads to memory corruption in MMCP in Snapdragon Auto, Snapdragon Compute…
CVE-2019-2271 — CVSS 9.8 (critical): Buffer over read can happen while parsing downlink session management OTA messages if network sends un-intended values in Snapdragon Auto…
CVE-2019-2289 — CVSS 9.8 (critical): Lack of integrity check allows MODEM to accept any NAS messages which can result into authentication bypass of NAS in Snapdragon Auto…
CVE-2019-2294 — CVSS 9.8 (critical): Usage of hard-coded magic number for calculating heap guard bytes can allow users to corrupt heap blocks without heap algorithm knowledge…
CVE-2019-2303 — CVSS 9.8 (critical): SNDCP module may access array out side its boundary when it receives malformed XID message. in Snapdragon Auto, Snapdragon Compute…
CVE-2019-2320 — CVSS 9.8 (critical): Possible out of bounds write in a MT SMS/SS scenario due to improper validation of array index in Snapdragon Auto, Snapdragon Compute…
CVE-2015-9144 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615…
CVE-2015-9145 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear…
CVE-2015-9146 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, MDM9635M, MDM9645, MDM9650, MDM9655, SD…
CVE-2020-3634 — CVSS 9.1 (critical): u'Multiple Read overflows issue due to improper length check while decoding Generic NAS transport/EMM info' in Snapdragon Auto, Snapdragon…
CVE-2019-14019 — CVSS 9.1 (critical): Multiple Read overflows issue due to improper length check while decoding RAU accept/PDN disconnect Rej/Modify EPS ctxt req/bearer resource…
CVE-2019-14020 — CVSS 9.1 (critical): Multiple Read overflows issue due to improper length check while decoding dedicated_eps_bearer_req/ act_def_context_req/…
CVE-2018-13906 — CVSS 9.1 (critical): The HMAC authenticating the message from QSEE is vulnerable to timing side channel analysis leading to potentially forged application…
CVE-2019-10551 — CVSS 9.1 (critical): String error while processing non standard SIP messages received can lead to buffer overread and then denial of service in Snapdragon Auto…
CVE-2019-10552 — CVSS 9.1 (critical): Multiple Buffer Over-read issue can happen due to improper length checks while decoding Service Reject/RAU Reject/PTMSI Realloc cmd in…
CVE-2020-11301 — CVSS 9.1 (critical): Improper authentication of un-encrypted plaintext Wi-Fi frames in an encrypted network can lead to information disclosure in Snapdragon…
CVE-2019-10553 — CVSS 9.1 (critical): Multiple Read overflows due to improper length checks while decoding authentication in Cs domain/RAU Reject and TC cmd in Snapdragon Auto…
CVE-2019-10554 — CVSS 9.1 (critical): Multiple Read overflows issue due to improper length check while decoding Identity Request in CSdomain/Authentication Reject in CS domain/…
CVE-2020-11171 — CVSS 9.1 (critical): Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Snapdragon…
CVE-2020-11275 — CVSS 9.1 (critical): Possible buffer over-read while parsing quiet IE in Rx beacon frame due to improper check of IE length in received beacon in Snapdragon…
CVE-2021-30342 — CVSS 9.1 (critical): Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in…
CVE-2020-11188 — CVSS 9.1 (critical): Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Snapdragon…
CVE-2020-11189 — CVSS 9.1 (critical): Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Snapdragon…
CVE-2020-11190 — CVSS 9.1 (critical): Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Snapdragon…
CVE-2019-10577 — CVSS 9.1 (critical): Improper input validation while processing SIP URI received from the network will lead to buffer over-read and then to denial of service in…
CVE-2020-3670 — CVSS 9.1 (critical): u'Potential out of bounds read while processing downlink NAS transport message due to improper length check of Information Element(IEI) NAS…
CVE-2019-14011 — CVSS 9.1 (critical): Multiple Read overflows issue due to improper length check while decoding 3G attach accept/ SMS/ pdn connection reject/ esm data transport/…
CVE-2020-11159 — CVSS 9.1 (critical): Buffer over-read can happen while processing WPA,RSN IE of beacon and response frames if IE length is less than length of frame pointer…
CVE-2020-11276 — CVSS 9.1 (critical): Possible buffer over read while processing P2P IE and NOA attribute of beacon and probe response frames due to improper validation of P2P…
CVE-2019-14033 — CVSS 9.1 (critical): Multiple Read overflows issue due to improper length check while decoding tau reject/tau accept/detach request/attach reject/attach accept…
CVE-2020-11166 — CVSS 9.1 (critical): Potential out of bound read exception when UE receives unusually large number of padding octets in the beginning of ROHC header in…
CVE-2019-10610 — CVSS 9.1 (critical): Possible buffer over read when trying to process SDP message Video media line with frame-size attribute in video Media line in Snapdragon…
CVE-2018-11932 — CVSS 9.1 (critical): Improper input validation can lead RW access to secure subsystem from HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity…
CVE-2021-1924 — CVSS 9.0 (critical): Information disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon Compute…
CVE-2020-11177 — CVSS 8.8 (high): User can overwrite Security Code NV item without knowing current SPC due to improper validation of SPC code setting and device lock in…
CVE-2018-11982 — CVSS 8.8 (high): In Snapdragon (Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205…
CVE-2020-11269 — CVSS 8.8 (high): Possible memory corruption while processing EAPOL frames due to lack of validation of key length before using it in Snapdragon Auto…
CVE-2018-11279 — CVSS 8.8 (high): Lack of check of input size can make device memory get corrupted because of buffer overflow in snapdragon automobile, snapdragon mobile and…
CVE-2020-11303 — CVSS 8.6 (high): Accepting AMSDU frames with mismatched destination and source address can lead to information disclosure in Snapdragon Auto, Snapdragon…
CVE-2020-11234 — CVSS 8.4 (high): When sending a socket event message to a user application, invalid information will be passed if socket is freed by other thread resulting…
CVE-2021-30261 — CVSS 8.4 (high): Possible integer and heap overflow due to lack of input command size validation while handling beacon template update command from HLOS in…
CVE-2021-1886 — CVSS 8.4 (high): Incorrect handling of pointers in trusted application key import mechanism could cause memory corruption in Snapdragon Auto, Snapdragon…
CVE-2021-1888 — CVSS 8.4 (high): Memory corruption in key parsing and import function due to double freeing the same heap allocation in Snapdragon Auto, Snapdragon Compute…
CVE-2021-1889 — CVSS 8.4 (high): Possible buffer overflow due to lack of length check in Trusted Application in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2022-25682 — CVSS 8.4 (high): Memory corruption in MODEM UIM due to usage of out of range pointer offset while decoding command from card in Snapdragon Auto, Snapdragon…
CVE-2021-1890 — CVSS 8.4 (high): Improper length check of public exponent in RSA import key function could cause memory corruption. in Snapdragon Auto, Snapdragon Compute…
CVE-2020-11251 — CVSS 8.2 (high): Out-of-bounds read vulnerability while accessing DTMF payload due to lack of check of buffer length before copying in Snapdragon Auto…
CVE-2020-11285 — CVSS 8.2 (high): Buffer over-read while unpacking the RTCP packet we may read extra byte if wrong length is provided in RTCP packets in Snapdragon Auto…
CVE-2020-11191 — CVSS 8.2 (high): Out of bound read occurs while processing crafted SDP due to lack of check of null string in Snapdragon Auto, Snapdragon Compute…
CVE-2016-10417 — CVSS 8.1 (high): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear…
CVE-2017-18330 — CVSS 7.8 (high): Buffer overflow in AES-CCM and AES-GCM encryption via initialization vector in snapdragon automobile, snapdragon mobile and snapdragon wear…
CVE-2019-14074 — CVSS 7.8 (high): u'Heap overflow in diag command handler due to lack of check of packet length received from user' in Snapdragon Auto, Snapdragon Compute…
CVE-2018-11888 — CVSS 7.8 (high): Unauthorized access may be allowed by the SCP11 Crypto Services TA will processing commands from other TA in Snapdragon Auto, Snapdragon…
CVE-2018-11268 — CVSS 7.8 (high): In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD…
CVE-2018-11269 — CVSS 7.8 (high): In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD…
CVE-2018-11288 — CVSS 7.8 (high): Possible undefined behavior due to lack of size check in function for parameter segment_idx can lead to a read outside of the intended…
CVE-2018-11289 — CVSS 7.8 (high): Data truncation during higher to lower type conversion which causes less memory allocation than desired can lead to a buffer overflow in…
CVE-2019-14094 — CVSS 7.8 (high): Integer overflow in diag command handler when user inputs a large value for number of tasks field in the request packet in Snapdragon Auto…
CVE-2018-11830 — CVSS 7.8 (high): Improper input validation in QCPE create function may lead to integer overflow in Snapdragon Auto, Snapdragon Consumer Electronics…
CVE-2018-11847 — CVSS 7.8 (high): Malicious TA can tag QSEE kernel memory and map to EL0, there by corrupting the physical memory as well it can be used to corrupt the QSEE…
CVE-2018-11855 — CVSS 7.8 (high): If an end user makes use of SCP11 sample OCE code without modification it could lead to a buffer overflow when transmitting a CAPDU in…
CVE-2018-11267 — CVSS 7.8 (high): In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205…
CVE-2019-2274 — CVSS 7.8 (high): Improper Access Control for RPU write access from secure processor in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics…
CVE-2018-11966 — CVSS 7.8 (high): Undefined behavior in UE while processing unknown IEI in OTA message in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT…
CVE-2018-11970 — CVSS 7.8 (high): TZ App dynamic allocations not protected from XBL loader in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics…
CVE-2018-11996 — CVSS 7.8 (high): When a malformed command is sent to the device programmer, an out-of-bounds access can occur in Snapdragon Automobile, Snapdragon Mobile…
CVE-2020-3624 — CVSS 7.8 (high): u'A potential buffer overflow exists due to integer overflow when parsing handler options due to wrong data type usage in operation' in…
CVE-2020-3622 — CVSS 7.8 (high): u'Channel name string which has been read from shared memory is potentially subjected to string manipulations but not validated for NULL…
CVE-2018-12012 — CVSS 7.8 (high): While updating blacklisting region shared buffered memory region is not validated against newly updated black list, causing boot-up to be…
CVE-2020-11195 — CVSS 7.8 (high): Out of bound write and read in TA while processing command from NS side due to improper length check on command and response buffers in…
CVE-2018-12013 — CVSS 7.8 (high): Improper authentication in locked memory region can lead to unprivilged access to the memory in Snapdragon Auto, Snapdragon Compute…
CVE-2020-11204 — CVSS 7.8 (high): Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for parameters…
CVE-2020-11207 — CVSS 7.8 (high): Buffer overflow in LibFastCV library due to improper size checks with respect to buffer length' in Snapdragon Auto, Snapdragon Compute…
CVE-2019-2235 — CVSS 7.8 (high): Buffer overflow occurs when emulated RPMB is used due to sector size assumptions in the TA rollback protection logic. in Snapdragon Auto…
CVE-2018-13896 — CVSS 7.8 (high): XBL_SEC image authentication and other crypto related validations are accessible to a compromised OEM XBL Loader due to missing lock at…
CVE-2019-13994 — CVSS 7.8 (high): u'Lack of check that the current received data fragment size of a particular packet that are read from shared memory are less than the…
CVE-2018-13908 — CVSS 7.8 (high): Truncated access authentication token leads to weakened access control for stored secure application data in Snapdragon Auto, Snapdragon…
CVE-2020-11292 — CVSS 7.8 (high): Possible buffer overflow in voice service due to lack of input validation of parameters in QMI Voice API in Snapdragon Auto, Snapdragon…
CVE-2018-13910 — CVSS 7.8 (high): Out-of-Bounds access in TZ due to invalid index calculated to check against DDR in Snapdragon Auto, Snapdragon Connectivity, Snapdragon…
CVE-2019-13995 — CVSS 7.8 (high): u'Lack of integer overflow check for addition of fragment size and remaining size that are read from shared memory can lead to memory…
CVE-2018-13916 — CVSS 7.8 (high): Out-of-bounds memory access in Qurt kernel function when using the identifier to access Qurt kernel buffer to retrieve thread data. in…
CVE-2019-13998 — CVSS 7.8 (high): u'Lack of check that the TX FIFO write and read indices that are read from shared RAM are less than the FIFO size results into memory…
CVE-2018-13927 — CVSS 7.8 (high): Debug policy with invalid signature can be loaded when the debug policy functionality is disabled by using the parallel image loading in…
CVE-2019-13999 — CVSS 7.8 (high): u'Lack of check for integer overflow for round up and addition operations result into memory corruption and potential information leakage'…
CVE-2019-14000 — CVSS 7.8 (high): Lack of check that the RX FIFO write index that is read from shared RAM is less than the FIFO size results into memory corruption and…
CVE-2020-11289 — CVSS 7.8 (high): Out of bound write can occur in TZ command handler due to lack of validation of command ID in Snapdragon Auto, Snapdragon Compute…
CVE-2018-5867 — CVSS 7.8 (high): Lack of checking input size can lead to buffer overflow In WideVine in snapdragon automobile, snapdragon mobile and snapdragon wear in…
CVE-2018-5877 — CVSS 7.8 (high): In the device programmer target-side code for firehose, a string may not be properly NULL terminated can lead to a incorrect buffer size in…
CVE-2018-5913 — CVSS 7.8 (high): A non-time constant function memcmp is used which creates a side channel that could leak information in Snapdragon Auto, Snapdragon…
CVE-2019-14018 — CVSS 7.8 (high): Possible out of bound array access as there is no check on carrier index passed in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer…
CVE-2022-25705 — CVSS 7.8 (high): Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response
CVE-2019-2238 — CVSS 7.8 (high): Lack of check of data type can lead to subsequent loop-expression potentially go negative and the condition will still evaluate to true…
CVE-2017-18124 — CVSS 7.8 (high): During secure boot, addition is performed on uint8 ptrs which led to overflow issue in Small Cell SoC, Snapdragon Automobile, Snapdragon…
CVE-2020-11239 — CVSS 7.8 (high): Use after free issue when importing a DMA buffer by using the CPU address of the buffer due to attachment is not cleaned up properly in…
CVE-2020-11235 — CVSS 7.8 (high): Buffer overflow might occur while parsing unified command due to lack of check of input data received in Snapdragon Auto, Snapdragon…
CVE-2017-18141 — CVSS 7.8 (high): When a 3rd party TEE has been loaded it is possible for the non-secure world to create a secure monitor call which will give it access to…
CVE-2017-18311 — CVSS 7.8 (high): XPU Master privilege escalation is possible due to improper access control of unused configuration xPU ports where unused configuration…
CVE-2021-30323 — CVSS 7.8 (high): Improper validation of maximum size of data write to EFS file can lead to memory corruption in Snapdragon Auto, Snapdragon Compute…
CVE-2021-30322 — CVSS 7.8 (high): Possible out of bounds write due to improper validation of number of GPIOs configured in an internal parameters array in Snapdragon Auto…
CVE-2021-30259 — CVSS 7.8 (high): Possible out of bound access due to improper validation of function table entries in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2017-18328 — CVSS 7.8 (high): Use after free in QSH client rule processing in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9635M, MDM9640…
CVE-2017-18329 — CVSS 7.8 (high): Possible Buffer overflow when transmitting an RTP packet in snapdragon automobile and snapdragon wear in versions MDM9615, MDM9625…
CVE-2018-11259 — CVSS 7.7 (high): Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a…
CVE-2016-10427 — CVSS 7.5 (high): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615…
CVE-2015-9119 — CVSS 7.5 (high): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615…
CVE-2015-9123 — CVSS 7.5 (high): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055…
CVE-2015-9137 — CVSS 7.5 (high): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615…
CVE-2015-9140 — CVSS 7.5 (high): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055…
CVE-2015-9213 — CVSS 7.5 (high): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615…
CVE-2016-10429 — CVSS 7.5 (high): In Android before 2018-04-05 or earlier security patch level on Qualcomm Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, and…
CVE-2016-10455 — CVSS 7.5 (high): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615…
CVE-2016-10497 — CVSS 7.5 (high): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615…
CVE-2016-10499 — CVSS 7.5 (high): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615…
CVE-2018-13902 — CVSS 7.5 (high): Out of bounds memory read and access due to improper array index validation may lead to unexpected behavior while decoding XTRA file in…
CVE-2019-10485 — CVSS 7.5 (high): Infinite loop while decoding compressed data can lead to overrun condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT…
CVE-2019-2335 — CVSS 7.5 (high): While processing Attach Reject message, Valid exit condition is not met resulting into an infinite loop in Snapdragon Auto, Snapdragon…
CVE-2019-2337 — CVSS 7.5 (high): While Skipping unknown IES, EMM is reading the buffer even if the no of bytes to read are more than message length which may cause device…
CVE-2020-11119 — CVSS 7.5 (high): Buffer over-read can happen when the buffer length received from response handlers is more than the size of the payload in Snapdragon Auto…
CVE-2020-11226 — CVSS 7.5 (high): Out of bound memory read in Data modem while unpacking data due to lack of offset length check in Snapdragon Auto, Snapdragon Compute…
CVE-2020-11241 — CVSS 7.5 (high): Out of bound read will happen if EAPOL Key length is less than expected while processing NAN shared key descriptor attribute in Snapdragon…
CVE-2020-11255 — CVSS 7.5 (high): Denial of service while processing RTCP packets containing multiple SDES reports due to memory for last SDES packet is freed and rest of…
CVE-2020-11279 — CVSS 7.5 (high): Memory corruption while processing crafted SDES packets due to improper length check in sdes packets recieved in Snapdragon Auto…
CVE-2020-11296 — CVSS 7.5 (high): Arithmetic overflow can happen while processing NOA IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-30310 — CVSS 7.5 (high): Possible buffer overflow due to Improper validation of received CF-ACK and CF-Poll data frames in Snapdragon Auto, Snapdragon Connectivity…
CVE-2021-30344 — CVSS 7.5 (high): Improper authorization of a replayed LTE security mode command can lead to a denial of service in Snapdragon Auto, Snapdragon Compute…