Vulnerabilities > Qualcomm > Fsm10056 Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2021-09-09 CVE-2021-1974 Out-of-bounds Read vulnerability in Qualcomm products
Possible buffer over read due to lack of alignment between map or unmap length of IPA SMMU and WLAN SMMU in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
network
low complexity
qualcomm CWE-125
7.5
7.5
2021-09-09 CVE-2021-30295 Classic Buffer Overflow vulnerability in Qualcomm products
Possible heap overflow due to improper validation of local variable while storing current task information locally in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
local
low complexity
qualcomm CWE-120
7.8
7.8
2021-07-13 CVE-2021-1886 Out-of-bounds Write vulnerability in Qualcomm products
Incorrect handling of pointers in trusted application key import mechanism could cause memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
local
low complexity
qualcomm CWE-787
7.8
7.8
2021-07-13 CVE-2021-1888 Double Free vulnerability in Qualcomm products
Memory corruption in key parsing and import function due to double freeing the same heap allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
local
low complexity
qualcomm CWE-415
7.8
7.8
2021-07-13 CVE-2021-1889 Classic Buffer Overflow vulnerability in Qualcomm products
Possible buffer overflow due to lack of length check in Trusted Application in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
local
low complexity
qualcomm CWE-120
7.8
7.8
2021-07-13 CVE-2021-1890 Out-of-bounds Write vulnerability in Qualcomm products
Improper length check of public exponent in RSA import key function could cause memory corruption.
local
low complexity
qualcomm CWE-787
7.8
7.8
2021-07-13 CVE-2021-1940 Use After Free vulnerability in Qualcomm products
Use after free can occur due to improper handling of response from firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
local
low complexity
qualcomm CWE-416
7.8
7.8
2021-06-09 CVE-2020-11267 Out-of-bounds Write vulnerability in Qualcomm products
Stack out-of-bounds write occurs while setting up a cipher device if the provided IV length exceeds the max limit value in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
local
low complexity
qualcomm CWE-787
7.8
7.8
2021-06-09 CVE-2020-11304 Out-of-bounds Read vulnerability in Qualcomm products
Possible out of bound read in DRM due to improper buffer length check.
local
low complexity
qualcomm CWE-125
7.1
7.1
2021-06-09 CVE-2020-11178 Improper Input Validation vulnerability in Qualcomm products
Trusted APPS to overwrite the CPZ memory of another use-case as TZ only checks the physical address not overlapping with its memory and its RoT memory in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
local
low complexity
qualcomm CWE-20
7.8
7.8