Qualcomm Qsm8250 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Qualcomm Qsm8250 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200)
CVE-2022-25748 — CVSS 9.8 (critical): Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Compute…
CVE-2022-40510 — CVSS 9.8 (critical): Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.
CVE-2022-40514 — CVSS 9.8 (critical): Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame.
CVE-2021-30351 — CVSS 9.8 (critical): An out of bound memory access can occur due to improper validation of number of frames being passed during music playback in Snapdragon…
CVE-2020-11170 — CVSS 9.8 (critical): Out of bound memory access while playing music playbacks with crafted vorbis content due to improper checks in header extraction in…
CVE-2020-11182 — CVSS 9.8 (critical): Possible heap overflow while parsing NAL header due to lack of check of length of data received from user in Snapdragon Auto, Snapdragon…
CVE-2021-35104 — CVSS 9.8 (critical): Possible buffer overflow due to improper parsing of headers while playing the FLAC audio clip in Snapdragon Auto, Snapdragon Compute…
CVE-2021-30276 — CVSS 9.3 (critical): Improper access control while doing XPU re-configuration dynamically can lead to unauthorized access to a secure resource in Snapdragon…
CVE-2022-33232 — CVSS 9.3 (critical): Memory corruption due to buffer copy without checking size of input while running memory sharing tests with large scattered memory.
CVE-2021-30275 — CVSS 9.3 (critical): Possible integer overflow in page alignment interface due to lack of address and size validation before alignment in Snapdragon Auto…
CVE-2023-21651 — CVSS 9.3 (critical): Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.
CVE-2021-30285 — CVSS 9.3 (critical): Improper validation of memory region in Hypervisor can lead to incorrect region mapping in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-1942 — CVSS 9.3 (critical): Improper handling of permissions of a shared memory region can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2022-33288 — CVSS 9.3 (critical): Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection…
CVE-2022-33257 — CVSS 9.3 (critical): Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone.
CVE-2020-11301 — CVSS 9.1 (critical): Improper authentication of un-encrypted plaintext Wi-Fi frames in an encrypted network can lead to information disclosure in Snapdragon…
CVE-2021-1924 — CVSS 9.0 (critical): Information disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon Compute…
CVE-2021-1889 — CVSS 8.4 (high): Possible buffer overflow due to lack of length check in Trusted Application in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-1890 — CVSS 8.4 (high): Improper length check of public exponent in RSA import key function could cause memory corruption. in Snapdragon Auto, Snapdragon Compute…
CVE-2021-1927 — CVSS 8.4 (high): Possible use after free due to lack of null check while memory is being freed in FastRPC driver in Snapdragon Auto, Snapdragon Compute…
CVE-2021-1939 — CVSS 8.4 (high): Null pointer dereference occurs due to improper validation when the preemption feature enablement is toggled in Snapdragon Auto, Snapdragon…
CVE-2021-1949 — CVSS 8.4 (high): Possible integer overflow due to improper check of batch count value while sanitizer is enabled in Snapdragon Auto, Snapdragon Compute…
CVE-2021-30262 — CVSS 8.4 (high): Improper validation of a socket state when socket events are being sent to clients can lead to invalid access of memory in Snapdragon Auto…
CVE-2021-30274 — CVSS 8.4 (high): Possible integer overflow in access control initialization interface due to lack and size and address validation in Snapdragon Auto…
CVE-2021-35105 — CVSS 8.4 (high): Possible out of bounds access due to improper input validation during graphics profiling in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2022-40532 — CVSS 8.4 (high): Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.
CVE-2022-40531 — CVSS 8.4 (high): Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.
CVE-2022-40530 — CVSS 8.4 (high): Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.
CVE-2022-25724 — CVSS 8.4 (high): Memory corruption in graphics due to buffer overflow while validating the user address in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2022-25743 — CVSS 8.4 (high): Memory corruption in graphics due to use-after-free while importing graphics buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2020-11245 — CVSS 8.4 (high): Unintended reads and writes by NS EL2 in access control driver due to lack of check of input validation in Snapdragon Auto, Snapdragon…
CVE-2021-1886 — CVSS 8.4 (high): Incorrect handling of pointers in trusted application key import mechanism could cause memory corruption in Snapdragon Auto, Snapdragon…
CVE-2021-1888 — CVSS 8.4 (high): Memory corruption in key parsing and import function due to double freeing the same heap allocation in Snapdragon Auto, Snapdragon Compute…
CVE-2021-30334 — CVSS 8.4 (high): Possible use after free due to lack of null check of DRM file status after file structure is freed in Snapdragon Auto, Snapdragon Compute…
CVE-2021-30335 — CVSS 8.4 (high): Possible assertion in QOS request due to improper validation when multiple add or update request are received simultaneously in Snapdragon…
CVE-2021-30337 — CVSS 8.4 (high): Possible use after free when process shell memory is freed using IOCTL call and process initialization is in progress in Snapdragon Auto…
CVE-2021-30281 — CVSS 8.4 (high): Possible unauthorized access to secure space due to improper check of data allowed while flashing the no access control device…
CVE-2021-30282 — CVSS 8.4 (high): Possible out of bound write in RAM partition table due to improper validation on number of partitions provided in Snapdragon Auto…
CVE-2024-38408 — CVSS 8.2 (high): Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.
CVE-2022-33235 — CVSS 8.2 (high): Information disclosure due to buffer over-read in WLAN firmware while parsing security context info attributes. in Snapdragon Auto…
CVE-2021-30349 — CVSS 8.2 (high): Improper access control sequence for AC database after memory allocation can lead to possible memory corruption in Snapdragon Auto…
CVE-2020-11127 — CVSS 7.8 (high): u'Integer overflow can cause a buffer overflow due to lack of table length check in the extensible boot Loader during the validation of…
CVE-2020-11165 — CVSS 7.8 (high): Memory corruption due to buffer overflow while copying the message provided by HLOS into buffer without validating the length of buffer in…
CVE-2020-11178 — CVSS 7.8 (high): Trusted APPS to overwrite the CPZ memory of another use-case as TZ only checks the physical address not overlapping with its memory and its…
CVE-2020-11181 — CVSS 7.8 (high): Out of bound access issue while handling cvp process control command due to improper validation of buffer pointer received from HLOS in…
CVE-2020-11194 — CVSS 7.8 (high): Possible out of bound access in TA while processing a command from NS side due to improper length check of response buffer in Snapdragon…
CVE-2020-11195 — CVSS 7.8 (high): Out of bound write and read in TA while processing command from NS side due to improper length check on command and response buffers in…
CVE-2020-11204 — CVSS 7.8 (high): Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for parameters…
CVE-2020-11206 — CVSS 7.8 (high): Possible buffer overflow in Fastrpc while handling received parameters due to lack of validation on input parameters' in Snapdragon Auto…
CVE-2020-11207 — CVSS 7.8 (high): Buffer overflow in LibFastCV library due to improper size checks with respect to buffer length' in Snapdragon Auto, Snapdragon Compute…
CVE-2020-11239 — CVSS 7.8 (high): Use after free issue when importing a DMA buffer by using the CPU address of the buffer due to attachment is not cleaned up properly in…
CVE-2020-11240 — CVSS 7.8 (high): Memory corruption due to ioctl command size was incorrectly set to the size of a pointer and not enough storage is allocated for the copy…
CVE-2020-11253 — CVSS 7.8 (high): Arbitrary memory write issue in video driver while setting the internal buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2020-11288 — CVSS 7.8 (high): Out of bound write can occur in playready while processing command due to lack of input validation in Snapdragon Auto, Snapdragon Compute…
CVE-2020-11289 — CVSS 7.8 (high): Out of bound write can occur in TZ command handler due to lack of validation of command ID in Snapdragon Auto, Snapdragon Compute…
CVE-2020-11298 — CVSS 7.8 (high): While waiting for a response to a callback or listener request, non-secure clients can change permissions to shared memory buffers used by…
CVE-2020-11304 — CVSS 7.8 (high): Possible out of bound read in DRM due to improper buffer length check. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity…
CVE-2020-11306 — CVSS 7.8 (high): Possible integer overflow in RPMB counter due to lack of length check on user provided data in Snapdragon Auto, Snapdragon Compute…
CVE-2021-1950 — CVSS 7.8 (high): Improper cleaning of secure memory between authenticated users can lead to face authentication bypass in Snapdragon Auto, Snapdragon…
CVE-2021-1952 — CVSS 7.8 (high): Possible buffer over read occurs due to lack of length check of request buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-30259 — CVSS 7.8 (high): Possible out of bound access due to improper validation of function table entries in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-30279 — CVSS 7.8 (high): Possible access control violation while setting current permission for VMIDs due to improper permission masking in Snapdragon Compute…
CVE-2022-33242 — CVSS 7.8 (high): Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.
CVE-2024-43067 — CVSS 7.8 (high): Memory corruption occurs during the copying of read data from the EEPROM because the IO configuration is exposed as shared memory.
CVE-2025-27061 — CVSS 7.8 (high): Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmware.
CVE-2021-1974 — CVSS 7.5 (high): Possible buffer over read due to lack of alignment between map or unmap length of IPA SMMU and WLAN SMMU in Snapdragon Auto, Snapdragon…
CVE-2021-30293 — CVSS 7.5 (high): Possible assertion due to lack of input validation in PUSCH configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity…
CVE-2023-43511 — CVSS 7.5 (high): Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next…
CVE-2024-23364 — CVSS 7.5 (high): Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon…
CVE-2022-33239 — CVSS 7.5 (high): Transient DOS due to loop with unreachable exit condition in WLAN firmware while parsing IPV6 extension header. in Snapdragon Auto…
CVE-2022-33238 — CVSS 7.5 (high): Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Snapdragon…
CVE-2022-33237 — CVSS 7.5 (high): Transient DOS due to buffer over-read in WLAN firmware while processing PPE threshold. in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2022-40512 — CVSS 7.5 (high): Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.
CVE-2022-25749 — CVSS 7.5 (high): Transient Denial-of-Service in WLAN due to buffer over-read while parsing MDNS frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2022-25736 — CVSS 7.5 (high): Denial of service in WLAN due to out-of-bound read happens while processing VHT action frame in Snapdragon Auto, Snapdragon Compute…
CVE-2021-30353 — CVSS 7.5 (high): Improper validation of function pointer type with actual function signature can lead to assertion in Snapdragon Auto, Snapdragon Compute…
CVE-2021-30312 — CVSS 7.5 (high): Improper authentication of sub-frames of a multicast AMSDU frame can lead to information disclosure in Snapdragon Auto, Snapdragon Compute…
CVE-2022-33234 — CVSS 7.3 (high): Memory corruption in video due to configuration weakness. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon…
CVE-2020-11263 — CVSS 7.3 (high): An integer overflow due to improper check performed after the address and size passed are aligned in Snapdragon Compute, Snapdragon…
CVE-2024-21469 — CVSS 7.3 (high): Memory corruption when an invoke call and a TEE call are bound for the same trusted application.
CVE-2021-30269 — CVSS 7.3 (high): Possible null pointer dereference due to lack of TLB validation for user provided address in Snapdragon Auto, Snapdragon Compute…
CVE-2021-1909 — CVSS 7.3 (high): Buffer overflow occurs in trusted applications due to lack of length check of parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-30270 — CVSS 7.3 (high): Possible null pointer dereference in thread profile trap handler due to lack of thread ID validation before dereferencing it in Snapdragon…
CVE-2020-11252 — CVSS 7.2 (high): Trustzone initialization code will disable xPU`s when memory dumps are enabled and lead to information disclosure in Snapdragon Auto…
CVE-2022-40529 — CVSS 7.1 (high): Memory corruption due to improper access control in kernel while processing a mapping request from root process.
CVE-2021-1935 — CVSS 7.1 (high): Possible null pointer dereference due to lack of validation check for passed pointer during key import in Snapdragon Auto, Snapdragon…
CVE-2021-30278 — CVSS 7.1 (high): Improper input validation in TrustZone memory transfer interface can lead to information disclosure in Snapdragon Auto, Snapdragon Compute…
CVE-2020-11132 — CVSS 7.1 (high): u'Buffer over read in boot due to size check ignored before copying GUID attribute from request to response' in Snapdragon Auto, Snapdragon…
CVE-2020-11161 — CVSS 7.1 (high): Out-of-bounds memory access can occur while calculating alignment requirements for a negative width from external components in Snapdragon…
CVE-2021-1894 — CVSS 7.1 (high): Improper access control in TrustZone due to improper error handling while handling the signing key in Snapdragon Auto, Snapdragon Compute…
CVE-2020-11250 — CVSS 7.0 (high): Use after free due to race condition when reopening the device driver repeatedly in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2020-11262 — CVSS 7.0 (high): A race between command submission and destroying the context can cause an invalid context being added to the list leads to use after free…
CVE-2020-11290 — CVSS 7.0 (high): Use after free condition in msm ioctl events due to race between the ioctl register and deregister events in Snapdragon Auto, Snapdragon…
CVE-2022-25666 — CVSS 6.7 (medium): Memory corruption due to use after free in service while trying to access maps by different threads in Snapdragon Auto, Snapdragon Compute…
CVE-2021-30313 — CVSS 6.7 (medium): Use after free condition can occur in wired connectivity due to a race condition while creating and deleting folders in Snapdragon Auto…
CVE-2022-25677 — CVSS 6.7 (medium): Memory corruption in diag due to use after free while processing dci packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer…
CVE-2024-33032 — CVSS 6.7 (medium): Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it.
CVE-2024-33036 — CVSS 6.7 (medium): Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing…
CVE-2020-11198 — CVSS 6.7 (medium): Key material used for TZ diag buffer encryption and other data related to log buffer is not wiped securely due to improper usage of memset…
CVE-2021-1963 — CVSS 6.7 (medium): Possible use-after-free due to lack of validation for the rule count in filter table in IPA driver in Snapdragon Auto, Snapdragon Compute…
CVE-2021-1961 — CVSS 6.7 (medium): Possible buffer overflow due to lack of offset length check while updating the buffer value in Snapdragon Auto, Snapdragon Compute…