Qualcomm Wsa8830 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Qualcomm Wsa8830 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200)
CVE-2021-1920 — CVSS 9.8 (critical): Integer underflow can occur due to improper handling of incoming RTCP packets in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-1975 — CVSS 9.8 (critical): Possible heap overflow due to improper length check of domain while parsing the DNS response in Snapdragon Auto, Snapdragon Compute…
CVE-2021-1946 — CVSS 9.8 (critical): Null Pointer Dereference may occur due to improper validation while processing crafted SDP body in Snapdragon Auto, Snapdragon Compute…
CVE-2021-1976 — CVSS 9.8 (critical): A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snapdragon Compute…
CVE-2022-25748 — CVSS 9.8 (critical): Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Compute…
CVE-2022-25720 — CVSS 9.8 (critical): Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2020-11299 — CVSS 9.8 (critical): Buffer overflow can occur in video while playing the non-standard clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity…
CVE-2020-11307 — CVSS 9.8 (critical): Buffer overflow in modem due to improper array index check before copying into it in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2022-22088 — CVSS 9.8 (critical): Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote
CVE-2021-30351 — CVSS 9.8 (critical): An out of bound memory access can occur due to improper validation of number of frames being passed during music playback in Snapdragon…
CVE-2020-11170 — CVSS 9.8 (critical): Out of bound memory access while playing music playbacks with crafted vorbis content due to improper checks in header extraction in…
CVE-2021-35081 — CVSS 9.8 (critical): Possible buffer overflow due to improper validation of SSID length received from beacon or probe response during an IBSS session in…
CVE-2021-1972 — CVSS 9.8 (critical): Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2022-22096 — CVSS 9.8 (critical): Memory corruption in Bluetooth HOST due to stack-based buffer overflow when when extracting data using command length parameter in…
CVE-2021-30321 — CVSS 9.8 (critical): Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Compute, Snapdragon Connectivity…
CVE-2020-11134 — CVSS 9.8 (critical): Possible stack out of bound write might happen due to time bitmap length and bit duration fields of the attributes like NAN ranging setup…
CVE-2020-11182 — CVSS 9.8 (critical): Possible heap overflow while parsing NAL header due to lack of check of length of data received from user in Snapdragon Auto, Snapdragon…
CVE-2021-35104 — CVSS 9.8 (critical): Possible buffer overflow due to improper parsing of headers while playing the FLAC audio clip in Snapdragon Auto, Snapdragon Compute…
CVE-2020-11291 — CVSS 9.8 (critical): Possible buffer overflow while updating ikev2 parameters for delete payloads received during informational exchange due to lack of check of…
CVE-2020-11176 — CVSS 9.8 (critical): While processing server certificate from IPSec server, certificate validation for subject alternative name API can cause heap overflow…
CVE-2022-25708 — CVSS 9.8 (critical): Memory corruption in WLAN due to buffer copy without checking size of input while parsing keys in Snapdragon Connectivity, Snapdragon Mobile
CVE-2021-1916 — CVSS 9.8 (critical): Possible buffer underflow due to lack of check for negative indices values when processing user provided input in Snapdragon Auto…
CVE-2022-40514 — CVSS 9.8 (critical): Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame.
CVE-2020-11272 — CVSS 9.8 (critical): Before enqueuing a frame to the PE queue for further processing, an entry in a hash table can be deleted and using a stale version later…
CVE-2021-1965 — CVSS 9.8 (critical): Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto, Snapdragon Compute…
CVE-2022-40510 — CVSS 9.8 (critical): Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.
CVE-2021-30341 — CVSS 9.8 (critical): Improper buffer size validation of DSM packet received can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-1919 — CVSS 9.8 (critical): Integer underflow can occur when the RTCP length is lesser than than the actual blocks present in Snapdragon Auto, Snapdragon Compute…
CVE-2022-33257 — CVSS 9.3 (critical): Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone.
CVE-2021-35122 — CVSS 9.3 (critical): Non-secure region can try modifying RG permissions of IO space xPUs due to improper input validation in Snapdragon Auto, Snapdragon…
CVE-2022-33288 — CVSS 9.3 (critical): Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection…
CVE-2021-30275 — CVSS 9.3 (critical): Possible integer overflow in page alignment interface due to lack of address and size validation before alignment in Snapdragon Auto…
CVE-2021-30276 — CVSS 9.3 (critical): Improper access control while doing XPU re-configuration dynamically can lead to unauthorized access to a secure resource in Snapdragon…
CVE-2021-30285 — CVSS 9.3 (critical): Improper validation of memory region in Hypervisor can lead to incorrect region mapping in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2022-33232 — CVSS 9.3 (critical): Memory corruption due to buffer copy without checking size of input while running memory sharing tests with large scattered memory.
CVE-2021-35090 — CVSS 9.3 (critical): Possible hypervisor memory corruption due to TOC TOU race condition when updating address mappings in Snapdragon Auto, Snapdragon Compute…
CVE-2021-1942 — CVSS 9.3 (critical): Improper handling of permissions of a shared memory region can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-30317 — CVSS 9.3 (critical): Improper validation of program headers containing ELF metadata can lead to image verification bypass in Snapdragon Auto, Snapdragon…
CVE-2021-30347 — CVSS 9.1 (critical): Improper integrity check can lead to race condition between tasks PDCP and RRC? right after a valid RRC Command packet has been received in…
CVE-2020-11264 — CVSS 9.1 (critical): Improper authentication of Non-EAPOL/WAPI plaintext frames during four-way handshake can lead to arbitrary network packet injection in…
CVE-2020-11275 — CVSS 9.1 (critical): Possible buffer over-read while parsing quiet IE in Rx beacon frame due to improper check of IE length in received beacon in Snapdragon…
CVE-2020-11126 — CVSS 9.1 (critical): Possible out of bound read while WLAN frame parsing due to lack of check for body and header length in Snapdragon Auto, Snapdragon Compute…
CVE-2020-11276 — CVSS 9.1 (critical): Possible buffer over read while processing P2P IE and NOA attribute of beacon and probe response frames due to improper validation of P2P…
CVE-2023-43551 — CVSS 9.1 (critical): Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send…
CVE-2021-30342 — CVSS 9.1 (critical): Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in…
CVE-2021-30343 — CVSS 9.1 (critical): Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in…
CVE-2020-11301 — CVSS 9.1 (critical): Improper authentication of un-encrypted plaintext Wi-Fi frames in an encrypted network can lead to information disclosure in Snapdragon…
CVE-2020-11159 — CVSS 9.1 (critical): Buffer over-read can happen while processing WPA,RSN IE of beacon and response frames if IE length is less than length of frame pointer…
CVE-2022-25718 — CVSS 9.1 (critical): Cryptographic issue in WLAN due to improper check on return value while authentication handshake in Snapdragon Auto, Snapdragon…
CVE-2021-1924 — CVSS 9.0 (critical): Information disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon Compute…
CVE-2021-30339 — CVSS 9.0 (critical): Reading PRNG output may lead to improper key generation due to lack of buffer validation in Snapdragon Connectivity, Snapdragon Industrial…
CVE-2020-11269 — CVSS 8.8 (high): Possible memory corruption while processing EAPOL frames due to lack of validation of key length before using it in Snapdragon Auto…
CVE-2026-25268 — CVSS 8.8 (high): Memory Corruption when processing invalid HT40 channel layouts during dynamic channel switching operations.
CVE-2021-35123 — CVSS 8.8 (high): Buffer copy in GATT multi notification due to improper length check for the data coming over-the-air in Snapdragon Connectivity, Snapdragon…
CVE-2025-47392 — CVSS 8.8 (high): Memory corruption when decoding corrupted satellite data files with invalid signature offsets.
CVE-2023-43520 — CVSS 8.6 (high): Memory corruption when AP includes TID to link mapping IE in the beacons and STA is parsing the beacon TID to link mapping IE.
CVE-2023-43534 — CVSS 8.6 (high): Memory corruption while validating the TID to Link Mapping action request frame, when a station connects to an access point.
CVE-2023-43535 — CVSS 8.4 (high): Memory corruption when negative display IDs are sent as input while processing DISPLAYESCAPE event trigger.
CVE-2021-30288 — CVSS 8.4 (high): Possible stack overflow due to improper length check of TLV while copying the TLV to a local stack variable in Snapdragon Auto, Snapdragon…
CVE-2021-30290 — CVSS 8.4 (high): Possible null pointer dereference due to race condition between timeline fence signal and time line fence destroy in Snapdragon Auto…
CVE-2021-30291 — CVSS 8.4 (high): Possible memory corruption due to lack of validation of client data used for memory allocation in Snapdragon Auto, Snapdragon Compute…
CVE-2021-30292 — CVSS 8.4 (high): Possible memory corruption due to lack of validation of client data used for memory allocation in Snapdragon Auto, Snapdragon Compute…
CVE-2021-30294 — CVSS 8.4 (high): Potential null pointer dereference in KGSL GPU auxiliary command due to improper validation of user input in Snapdragon Auto, Snapdragon…
CVE-2021-30295 — CVSS 8.4 (high): Possible heap overflow due to improper validation of local variable while storing current task information locally in Snapdragon Auto…
CVE-2021-30297 — CVSS 8.4 (high): Possible out of bound read due to improper validation of packet length while handling data transfer in VR service in Snapdragon Auto…
CVE-2023-43514 — CVSS 8.4 (high): Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem UNMAP.
CVE-2023-33119 — CVSS 8.4 (high): Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache.
CVE-2023-33114 — CVSS 8.4 (high): Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time.
CVE-2023-33113 — CVSS 8.4 (high): Memory corruption when resource manager sends the host kernel a reply message with multiple fragments.
CVE-2021-30305 — CVSS 8.4 (high): Possible out of bound access due to lack of validation of page offset before page is inserted in Snapdragon Auto, Snapdragon Connectivity…
CVE-2021-30306 — CVSS 8.4 (high): Possible buffer over read due to improper buffer allocation for file length passed from user space in Snapdragon Auto, Snapdragon…
CVE-2023-33108 — CVSS 8.4 (high): Memory corruption in Graphics Driver when destroying a context with KGSL_GPU_AUX_COMMAND_TIMELINE objects queued.
CVE-2020-11267 — CVSS 8.4 (high): Stack out-of-bounds write occurs while setting up a cipher device if the provided IV length exceeds the max limit value in Snapdragon Auto…
CVE-2023-33092 — CVSS 8.4 (high): Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size.
CVE-2021-30316 — CVSS 8.4 (high): Possible out of bound memory access due to improper boundary check while creating HSYNC fence in Snapdragon Auto, Snapdragon Connectivity…
CVE-2021-30318 — CVSS 8.4 (high): Improper validation of input when provisioning the HDCP key can lead to memory corruption in Snapdragon Auto, Snapdragon Compute…
CVE-2021-30334 — CVSS 8.4 (high): Possible use after free due to lack of null check of DRM file status after file structure is freed in Snapdragon Auto, Snapdragon Compute…
CVE-2021-30335 — CVSS 8.4 (high): Possible assertion in QOS request due to improper validation when multiple add or update request are received simultaneously in Snapdragon…
CVE-2021-30336 — CVSS 8.4 (high): Possible out of bound read due to lack of domain input validation while processing APK close session request in Snapdragon Auto, Snapdragon…
CVE-2021-30337 — CVSS 8.4 (high): Possible use after free when process shell memory is freed using IOCTL call and process initialization is in progress in Snapdragon Auto…
CVE-2021-30274 — CVSS 8.4 (high): Possible integer overflow in access control initialization interface due to lack and size and address validation in Snapdragon Auto…
CVE-2022-25661 — CVSS 8.4 (high): Memory corruption due to untrusted pointer dereference in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT…
CVE-2022-33307 — CVSS 8.4 (high): Memory Corruption due to double free in automotive when a bad HLOS address for one of the lists to be mapped is passed.
CVE-2022-33277 — CVSS 8.4 (high): Memory corruption in modem due to buffer copy without checking size of input while receiving WMI command.
CVE-2022-33276 — CVSS 8.4 (high): Memory corruption due to buffer copy without checking size of input in modem while receiving WMI_REQUEST_STATS_CMDID command.
CVE-2022-33275 — CVSS 8.4 (high): Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of range.
CVE-2022-25681 — CVSS 8.4 (high): Possible memory corruption in kernel while performing memory access due to hypervisor not correctly invalidated the processor translation…
CVE-2022-25682 — CVSS 8.4 (high): Memory corruption in MODEM UIM due to usage of out of range pointer offset while decoding command from card in Snapdragon Auto, Snapdragon…
CVE-2022-25693 — CVSS 8.4 (high): Memory corruption in graphics due to use-after-free while graphics profiling in Snapdragon Connectivity, Snapdragon Mobile
CVE-2022-25695 — CVSS 8.4 (high): Memory corruption in MODEM due to Improper Validation of Array Index while processing GSTK Proactive commands in Snapdragon Auto…
CVE-2022-25696 — CVSS 8.4 (high): Memory corruption in display due to time-of-check time-of-use race condition during map or unmap in Snapdragon Auto, Snapdragon Compute…
CVE-2022-25697 — CVSS 8.4 (high): Memory corruption in i2c buses due to improper input validation while reading address configuration from i2c driver in Snapdragon Mobile…
CVE-2022-25698 — CVSS 8.4 (high): Memory corruption in SPI buses due to improper input validation while reading address configuration from spi buses in Snapdragon Mobile…
CVE-2022-25723 — CVSS 8.4 (high): Memory corruption in multimedia due to use after free during callback registration failure in Snapdragon Mobile
CVE-2022-25724 — CVSS 8.4 (high): Memory corruption in graphics due to buffer overflow while validating the user address in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2022-33214 — CVSS 8.4 (high): Memory corruption in display due to time-of-check time-of-use of metadata reserved size in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2022-25743 — CVSS 8.4 (high): Memory corruption in graphics due to use-after-free while importing graphics buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-1886 — CVSS 8.4 (high): Incorrect handling of pointers in trusted application key import mechanism could cause memory corruption in Snapdragon Auto, Snapdragon…
CVE-2021-1888 — CVSS 8.4 (high): Memory corruption in key parsing and import function due to double freeing the same heap allocation in Snapdragon Auto, Snapdragon Compute…
CVE-2021-1889 — CVSS 8.4 (high): Possible buffer overflow due to lack of length check in Trusted Application in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-1890 — CVSS 8.4 (high): Improper length check of public exponent in RSA import key function could cause memory corruption. in Snapdragon Auto, Snapdragon Compute…
CVE-2021-1891 — CVSS 8.4 (high): A possible use-after-free occurrence in audio driver can happen when pointers are not properly handled in Snapdragon Auto, Snapdragon…
CVE-2021-1913 — CVSS 8.4 (high): Possible integer overflow due to improper length check while updating grace period and count record in Snapdragon Auto, Snapdragon Compute…
CVE-2020-11236 — CVSS 8.4 (high): Memory corruption due to invalid value of total dimension in the non-histogram type KPI could lead to a denial of service in Snapdragon…
CVE-2021-1917 — CVSS 8.4 (high): Null pointer dereference can occur due to memory allocation failure in DIAG in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2020-11237 — CVSS 8.4 (high): Memory crash when accessing histogram type KPI input received due to lack of check of histogram definition before accessing it in…
CVE-2024-33035 — CVSS 8.4 (high): Memory corruption while calculating total metadata size when a very high reserved size is requested by gralloc clients.
CVE-2021-1927 — CVSS 8.4 (high): Possible use after free due to lack of null check while memory is being freed in FastRPC driver in Snapdragon Auto, Snapdragon Compute…
CVE-2024-33034 — CVSS 8.4 (high): Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory…
CVE-2024-33028 — CVSS 8.4 (high): Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released.
CVE-2024-33023 — CVSS 8.4 (high): Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events.
CVE-2021-1934 — CVSS 8.4 (high): Possible memory corruption due to improper check when application loader object is explicitly destructed while application is unloading in…
CVE-2021-1939 — CVSS 8.4 (high): Null pointer dereference occurs due to improper validation when the preemption feature enablement is toggled in Snapdragon Auto, Snapdragon…
CVE-2021-1947 — CVSS 8.4 (high): Use-after-free vulnerability in kernel graphics driver because of storing an invalid pointer in Snapdragon Compute, Snapdragon…
CVE-2024-23373 — CVSS 8.4 (high): Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.
CVE-2021-1949 — CVSS 8.4 (high): Possible integer overflow due to improper check of batch count value while sanitizer is enabled in Snapdragon Auto, Snapdragon Compute…
CVE-2024-23372 — CVSS 8.4 (high): Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected size.
CVE-2020-11245 — CVSS 8.4 (high): Unintended reads and writes by NS EL2 in access control driver due to lack of check of input validation in Snapdragon Auto, Snapdragon…
CVE-2024-21464 — CVSS 8.4 (high): Memory corruption while processing IPA statistics, when there are no active clients registered.
CVE-2020-11246 — CVSS 8.4 (high): A double free condition can occur when the device moves to suspend mode during secure playback in Snapdragon Auto, Snapdragon Compute…
CVE-2021-1983 — CVSS 8.4 (high): Possible buffer overflow due to improper handling of negative data length while processing write request in VR service in Snapdragon Auto…
CVE-2021-1984 — CVSS 8.4 (high): Possible buffer overflow due to improper validation of index value while processing the plugin block in Snapdragon Auto, Snapdragon…
CVE-2021-1985 — CVSS 8.4 (high): Possible buffer over read due to lack of data length check in QVR Service configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-30256 — CVSS 8.4 (high): Possible stack overflow due to improper validation of camera name length before copying the name in VR Service in Snapdragon Compute…