Qualcomm Qca6564 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Qualcomm Qca6564 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200)
CVE-2022-25748 — CVSS 9.8 (critical): Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Compute…
CVE-2021-35104 — CVSS 9.8 (critical): Possible buffer overflow due to improper parsing of headers while playing the FLAC audio clip in Snapdragon Auto, Snapdragon Compute…
CVE-2021-35081 — CVSS 9.8 (critical): Possible buffer overflow due to improper validation of SSID length received from beacon or probe response during an IBSS session in…
CVE-2021-30351 — CVSS 9.8 (critical): An out of bound memory access can occur due to improper validation of number of frames being passed during music playback in Snapdragon…
CVE-2020-11307 — CVSS 9.8 (critical): Buffer overflow in modem due to improper array index check before copying into it in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2019-14031 — CVSS 9.8 (critical): Buffer overflow can occur while parsing RSN IE containing list of PMK ID`s which are more than the buffer size in Snapdragon Auto…
CVE-2019-14098 — CVSS 9.8 (critical): Possible buffer overflow in data offload handler due to lack of check of keydata length when copying data in Snapdragon Auto, Snapdragon…
CVE-2019-14110 — CVSS 9.8 (critical): Buffer overflow can occur in function wlan firmware while copying association frame content if frame length is more than the maximum buffer…
CVE-2020-11272 — CVSS 9.8 (critical): Before enqueuing a frame to the PE queue for further processing, an entry in a hash table can be deleted and using a stale version later…
CVE-2019-14113 — CVSS 9.8 (critical): Buffer overflow can occur in In WLAN firmware while unwraping data using CCMP cipher suite during parsing of EAPOL handshake frame in…
CVE-2019-14114 — CVSS 9.8 (critical): Buffer overflow in WLAN firmware while parsing GTK IE containing GTK key having length more than the buffer size in Snapdragon Auto…
CVE-2021-1972 — CVSS 9.8 (critical): Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-1976 — CVSS 9.8 (critical): A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snapdragon Compute…
CVE-2020-11170 — CVSS 9.8 (critical): Out of bound memory access while playing music playbacks with crafted vorbis content due to improper checks in header extraction in…
CVE-2020-11182 — CVSS 9.8 (critical): Possible heap overflow while parsing NAL header due to lack of check of length of data received from user in Snapdragon Auto, Snapdragon…
CVE-2020-11299 — CVSS 9.8 (critical): Buffer overflow can occur in video while playing the non-standard clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity…
CVE-2022-25720 — CVSS 9.8 (critical): Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-1942 — CVSS 9.3 (critical): Improper handling of permissions of a shared memory region can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-30275 — CVSS 9.3 (critical): Possible integer overflow in page alignment interface due to lack of address and size validation before alignment in Snapdragon Auto…
CVE-2021-30285 — CVSS 9.3 (critical): Improper validation of memory region in Hypervisor can lead to incorrect region mapping in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2020-11276 — CVSS 9.1 (critical): Possible buffer over read while processing P2P IE and NOA attribute of beacon and probe response frames due to improper validation of P2P…
CVE-2020-11159 — CVSS 9.1 (critical): Buffer over-read can happen while processing WPA,RSN IE of beacon and response frames if IE length is less than length of frame pointer…
CVE-2020-11275 — CVSS 9.1 (critical): Possible buffer over-read while parsing quiet IE in Rx beacon frame due to improper check of IE length in received beacon in Snapdragon…
CVE-2022-25718 — CVSS 9.1 (critical): Cryptographic issue in WLAN due to improper check on return value while authentication handshake in Snapdragon Auto, Snapdragon…
CVE-2020-11301 — CVSS 9.1 (critical): Improper authentication of un-encrypted plaintext Wi-Fi frames in an encrypted network can lead to information disclosure in Snapdragon…
CVE-2021-1924 — CVSS 9.0 (critical): Information disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon Compute…
CVE-2020-11269 — CVSS 8.8 (high): Possible memory corruption while processing EAPOL frames due to lack of validation of key length before using it in Snapdragon Auto…
CVE-2020-11303 — CVSS 8.6 (high): Accepting AMSDU frames with mismatched destination and source address can lead to information disclosure in Snapdragon Auto, Snapdragon…
CVE-2022-25743 — CVSS 8.4 (high): Memory corruption in graphics due to use-after-free while importing graphics buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2022-22068 — CVSS 8.4 (high): kernel event may contain unexpected content which is not generated by NPU software in asynchronous execution mode in Snapdragon Auto…
CVE-2021-1886 — CVSS 8.4 (high): Incorrect handling of pointers in trusted application key import mechanism could cause memory corruption in Snapdragon Auto, Snapdragon…
CVE-2021-1888 — CVSS 8.4 (high): Memory corruption in key parsing and import function due to double freeing the same heap allocation in Snapdragon Auto, Snapdragon Compute…
CVE-2021-1889 — CVSS 8.4 (high): Possible buffer overflow due to lack of length check in Trusted Application in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-1890 — CVSS 8.4 (high): Improper length check of public exponent in RSA import key function could cause memory corruption. in Snapdragon Auto, Snapdragon Compute…
CVE-2021-1891 — CVSS 8.4 (high): A possible use-after-free occurrence in audio driver can happen when pointers are not properly handled in Snapdragon Auto, Snapdragon…
CVE-2022-22066 — CVSS 8.4 (high): Memory corruption occurs while processing command received from HLOS due to improper length check in Snapdragon Auto, Snapdragon Compute…
CVE-2022-25724 — CVSS 8.4 (high): Memory corruption in graphics due to buffer overflow while validating the user address in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-35105 — CVSS 8.4 (high): Possible out of bounds access due to improper input validation during graphics profiling in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2024-33027 — CVSS 8.4 (high): Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page…
CVE-2021-1940 — CVSS 8.4 (high): Use after free can occur due to improper handling of response from firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer…
CVE-2021-1949 — CVSS 8.4 (high): Possible integer overflow due to improper check of batch count value while sanitizer is enabled in Snapdragon Auto, Snapdragon Compute…
CVE-2021-30337 — CVSS 8.4 (high): Possible use after free when process shell memory is freed using IOCTL call and process initialization is in progress in Snapdragon Auto…
CVE-2021-30335 — CVSS 8.4 (high): Possible assertion in QOS request due to improper validation when multiple add or update request are received simultaneously in Snapdragon…
CVE-2021-30334 — CVSS 8.4 (high): Possible use after free due to lack of null check of DRM file status after file structure is freed in Snapdragon Auto, Snapdragon Compute…
CVE-2021-30260 — CVSS 8.4 (high): Possible Integer overflow to buffer overflow issue can occur due to improper validation of input parameters when extscan hostlist…
CVE-2021-30262 — CVSS 8.4 (high): Improper validation of a socket state when socket events are being sent to clients can lead to invalid access of memory in Snapdragon Auto…
CVE-2021-30318 — CVSS 8.4 (high): Improper validation of input when provisioning the HDCP key can lead to memory corruption in Snapdragon Auto, Snapdragon Compute…
CVE-2021-30274 — CVSS 8.4 (high): Possible integer overflow in access control initialization interface due to lack and size and address validation in Snapdragon Auto…
CVE-2021-30281 — CVSS 8.4 (high): Possible unauthorized access to secure space due to improper check of data allowed while flashing the no access control device…
CVE-2021-30282 — CVSS 8.4 (high): Possible out of bound write in RAM partition table due to improper validation on number of partitions provided in Snapdragon Auto…
CVE-2020-11267 — CVSS 8.4 (high): Stack out-of-bounds write occurs while setting up a cipher device if the provided IV length exceeds the max limit value in Snapdragon Auto…
CVE-2022-22085 — CVSS 8.4 (high): Memory corruption in video due to buffer overflow while reading the dts file in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2022-22084 — CVSS 8.4 (high): Memory corruption when extracting qcp audio file due to lack of check on data length in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2022-22082 — CVSS 8.4 (high): Memory corruption due to possible buffer overflow while parsing DSF header with corrupted channel count in Snapdragon Auto, Snapdragon…
CVE-2022-22080 — CVSS 8.4 (high): Improper validation of backend id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2025-21488 — CVSS 8.2 (high): Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set.
CVE-2025-21487 — CVSS 8.2 (high): Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the…
CVE-2025-21484 — CVSS 8.2 (high): Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet.
CVE-2025-21427 — CVSS 8.2 (high): Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network.
CVE-2024-53026 — CVSS 8.2 (high): Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.
CVE-2024-53020 — CVSS 8.2 (high): Information disclosure may occur while decoding the RTP packet with invalid header extension from network.
CVE-2024-45552 — CVSS 8.2 (high): Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t adhere to RFC…
CVE-2021-30349 — CVSS 8.2 (high): Improper access control sequence for AC database after memory allocation can lead to possible memory corruption in Snapdragon Auto…
CVE-2021-35088 — CVSS 8.2 (high): Possible out of bound read due to improper validation of IE length during SSID IE parse when channel is DFS in Snapdragon Auto, Snapdragon…
CVE-2021-35117 — CVSS 8.2 (high): An Out of Bounds read may potentially occur while processing an IBSS beacon, in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2022-22062 — CVSS 8.2 (high): An out-of-bounds read can occur while parsing a server certificate due to improper length check in Snapdragon Auto, Snapdragon Compute…
CVE-2024-53011 — CVSS 7.9 (high): Information disclosure may occur due to improper permission and access controls to Video Analytics engine.
CVE-2024-43066 — CVSS 7.8 (high): Memory corruption while handling file descriptor during listener registration/de-registration.
CVE-2021-30259 — CVSS 7.8 (high): Possible out of bound access due to improper validation of function table entries in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2018-11849 — CVSS 7.8 (high): Lack of check on out of range of bssid parameter When processing scan start command will lead to buffer flow in Snapdragon Automobile…
CVE-2025-47379 — CVSS 7.8 (high): Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of…
CVE-2022-33242 — CVSS 7.8 (high): Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.
CVE-2019-14028 — CVSS 7.8 (high): Buffer overwrite during memcpy due to lack of check on SSID length validation in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2020-11178 — CVSS 7.8 (high): Trusted APPS to overwrite the CPZ memory of another use-case as TZ only checks the physical address not overlapping with its memory and its…
CVE-2021-35069 — CVSS 7.8 (high): Improper validation of data length received from DMA buffer can lead to memory corruption. in Snapdragon Auto, Snapdragon Compute…
CVE-2018-11871 — CVSS 7.8 (high): Buffer overwrite can happen in WLAN function while processing set pdev parameter command due to lack of input validation in Snapdragon…
CVE-2021-1915 — CVSS 7.8 (high): Buffer overflow can occur due to improper validation of NDP application information length in Snapdragon Auto, Snapdragon Compute…
CVE-2020-11235 — CVSS 7.8 (high): Buffer overflow might occur while parsing unified command due to lack of check of input data received in Snapdragon Auto, Snapdragon…
CVE-2020-11239 — CVSS 7.8 (high): Use after free issue when importing a DMA buffer by using the CPU address of the buffer due to attachment is not cleaned up properly in…
CVE-2020-11195 — CVSS 7.8 (high): Out of bound write and read in TA while processing command from NS side due to improper length check on command and response buffers in…
CVE-2025-21453 — CVSS 7.8 (high): Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.
CVE-2020-11309 — CVSS 7.8 (high): Use after free in GPU driver while mapping the user memory to GPU memory due to improper check of referenced memory in Snapdragon Auto…
CVE-2022-22070 — CVSS 7.8 (high): Memory corruption in audio due to lack of check of invalid routing address into APR Routing table in Snapdragon Auto, Snapdragon Compute…
CVE-2024-21475 — CVSS 7.8 (high): Memory corruption when the payload received from firmware is not as per the expected protocol size.
CVE-2020-11304 — CVSS 7.8 (high): Possible out of bound read in DRM due to improper buffer length check. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity…
CVE-2018-11968 — CVSS 7.8 (high): Improper check before assigning value can lead to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity…
CVE-2018-11928 — CVSS 7.8 (high): Lack of check on length parameter may cause buffer overflow while processing WMI commands in Snapdragon Auto, Snapdragon Compute…
CVE-2020-11289 — CVSS 7.8 (high): Out of bound write can occur in TZ command handler due to lack of validation of command ID in Snapdragon Auto, Snapdragon Compute…
CVE-2020-11288 — CVSS 7.8 (high): Out of bound write can occur in playready while processing command due to lack of input validation in Snapdragon Auto, Snapdragon Compute…
CVE-2023-43542 — CVSS 7.8 (high): Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.
CVE-2020-11271 — CVSS 7.8 (high): Possible out of bounds while accessing global control elements due to race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2020-11204 — CVSS 7.8 (high): Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for parameters…
CVE-2025-27061 — CVSS 7.8 (high): Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmware.
CVE-2021-30303 — CVSS 7.8 (high): Possible buffer overflow due to lack of buffer length check when segmented WMI command is received in Snapdragon Auto, Snapdragon Compute…
CVE-2025-47323 — CVSS 7.8 (high): Memory corruption while routing GPR packets between user and root when handling large data packet.
CVE-2021-30319 — CVSS 7.8 (high): Possible integer overflow due to improper validation of command length parameters while processing WMI command in Snapdragon Auto…
CVE-2018-11291 — CVSS 7.5 (high): In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564…
CVE-2020-11119 — CVSS 7.5 (high): Buffer over-read can happen when the buffer length received from response handlers is more than the size of the payload in Snapdragon Auto…
CVE-2020-11241 — CVSS 7.5 (high): Out of bound read will happen if EAPOL Key length is less than expected while processing NAN shared key descriptor attribute in Snapdragon…
CVE-2020-11296 — CVSS 7.5 (high): Arithmetic overflow can happen while processing NOA IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2020-11297 — CVSS 7.5 (high): Denial of service in WLAN module due to improper check of subtypes in logic where excessive frames are dropped in Snapdragon Auto…
CVE-2021-1936 — CVSS 7.5 (high): Null pointer dereference can occur due to lack of null check for user provided input in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-1941 — CVSS 7.5 (high): Possible buffer over read issue due to improper length check on WPA IE string sent by peer in Snapdragon Auto, Snapdragon Compute…
CVE-2021-1945 — CVSS 7.5 (high): Possible out of bound read due to lack of length check of Bandwidth-NSS IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity…
CVE-2021-1948 — CVSS 7.5 (high): Possible out of bound read due to lack of length check of data while parsing the beacon or probe response in Snapdragon Auto, Snapdragon…
CVE-2021-1955 — CVSS 7.5 (high): Denial of service in SAP case due to improper handling of connections when association is rejected in Snapdragon Auto, Snapdragon Compute…
CVE-2021-1964 — CVSS 7.5 (high): Possible buffer over read due to improper validation of IE size while parsing beacon from peer device in Snapdragon Auto, Snapdragon…
CVE-2021-1970 — CVSS 7.5 (high): Possible out of bound read due to lack of length check of FT sub-elements in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity…
CVE-2021-1974 — CVSS 7.5 (high): Possible buffer over read due to lack of alignment between map or unmap length of IPA SMMU and WLAN SMMU in Snapdragon Auto, Snapdragon…
CVE-2021-1980 — CVSS 7.5 (high): Possible buffer over read due to lack of length check while parsing beacon IE response in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-30310 — CVSS 7.5 (high): Possible buffer overflow due to Improper validation of received CF-ACK and CF-Poll data frames in Snapdragon Auto, Snapdragon Connectivity…
CVE-2021-30330 — CVSS 7.5 (high): Possible null pointer dereference due to improper validation of APE clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity…
CVE-2021-30353 — CVSS 7.5 (high): Improper validation of function pointer type with actual function signature can lead to assertion in Snapdragon Auto, Snapdragon Compute…
CVE-2022-22064 — CVSS 7.5 (high): Possible buffer over read due to lack of size validation while unpacking frame in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2022-22065 — CVSS 7.5 (high): Out of bound read in WLAN HOST due to improper length check can lead to DOS in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2022-22083 — CVSS 7.5 (high): Denial of service due to memory corruption while extracting ape header from clips in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2022-25669 — CVSS 7.5 (high): Denial of service in video due to buffer over read while parsing MP4 clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity…
CVE-2022-25690 — CVSS 7.5 (high): Information disclosure in WLAN due to improper validation of array index while parsing crafted ANQP action frames in Snapdragon Auto…
CVE-2022-25749 — CVSS 7.5 (high): Transient Denial-of-Service in WLAN due to buffer over-read while parsing MDNS frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2022-33238 — CVSS 7.5 (high): Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Snapdragon…
CVE-2022-33239 — CVSS 7.5 (high): Transient DOS due to loop with unreachable exit condition in WLAN firmware while parsing IPV6 extension header. in Snapdragon Auto…
CVE-2023-33080 — CVSS 7.5 (high): Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.
CVE-2023-43511 — CVSS 7.5 (high): Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next…
CVE-2017-18072 — CVSS 7.5 (high): In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650…
CVE-2025-21430 — CVSS 7.5 (high): Transient DOS while connecting STA to AP and initiating ADD TS request from AP to establish TSpec session.
CVE-2021-30270 — CVSS 7.3 (high): Possible null pointer dereference in thread profile trap handler due to lack of thread ID validation before dereferencing it in Snapdragon…
CVE-2022-33234 — CVSS 7.3 (high): Memory corruption in video due to configuration weakness. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon…
CVE-2022-25659 — CVSS 7.3 (high): Memory corruption due to buffer overflow while parsing MKV clips with invalid bitmap size in Snapdragon Auto, Snapdragon Compute…
CVE-2022-25658 — CVSS 7.3 (high): Memory corruption due to incorrect pointer arithmetic when attempting to change the endianness in video parser function in Snapdragon Auto…
CVE-2022-40515 — CVSS 7.3 (high): Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms.
CVE-2022-22087 — CVSS 7.3 (high): memory corruption in video due to buffer overflow while parsing mkv clip with no codechecker in Snapdragon Auto, Snapdragon Compute…
CVE-2022-22086 — CVSS 7.3 (high): Memory corruption in video due to double free while parsing 3gp clip with invalid meta data atoms in Snapdragon Auto, Snapdragon Compute…
CVE-2021-1909 — CVSS 7.3 (high): Buffer overflow occurs in trusted applications due to lack of length check of parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-30271 — CVSS 7.3 (high): Possible null pointer dereference in trap handler due to lack of thread ID validation before dereferencing it in Snapdragon Auto…
CVE-2022-25688 — CVSS 7.3 (high): Memory corruption in video due to buffer overflow while parsing ps video clips in Snapdragon Auto, Snapdragon Compute, Snapdragon…