Vulnerabilities > Qualcomm > Mdm9650 Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-10-23 CVE-2017-18299 Resource Exhaustion vulnerability in Qualcomm products
Improper translation table consolidation logic leads to resource exhaustion and QSEE error in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660
local
low complexity
qualcomm CWE-400
4.9
4.9
2018-10-23 CVE-2017-18277 Infinite Loop vulnerability in Qualcomm products
When dynamic memory allocation fails, currently the process sleeps for one second and continues with infinite loop without retrying for memory allocation in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, QCN5502, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835.
local
low complexity
qualcomm CWE-835
4.9
4.9
2018-09-20 CVE-2018-5837 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Qualcomm products
In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests is not done properly due to a flawed RNG which produced repeating output much earlier than expected.
network
low complexity
qualcomm CWE-338
5.0
5.0
2018-09-20 CVE-2018-11291 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Qualcomm products
In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, cryptographic issues due to the random number generator was not a strong one in NAN.
network
low complexity
qualcomm CWE-338
5.0
5.0
2018-09-20 CVE-2018-11290 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Qualcomm products
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820A, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests is not done properly due to a flawed RNG in use.
network
low complexity
qualcomm CWE-338
5.0
5.0
2018-09-20 CVE-2017-18301 NULL Pointer Dereference vulnerability in Qualcomm products
In Small Cell SoC and Snapdragon (Automobile, Mobile, Wear) in version FSM9055, FSM9955, MDM9607, MDM9640, MDM9650, MSM8909W, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDM630, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, providing the NULL argument of ICE regulator while processing create key IOCTL results in system restart.
local
low complexity
qualcomm CWE-476
4.9
4.9
2018-07-06 CVE-2018-5894 Out-of-bounds Read vulnerability in Qualcomm products
Improper Validation of Array Index in Multimedia While parsing an mp4 file in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur.
network
qualcomm CWE-125
4.3
4.3
2018-07-06 CVE-2018-5892 Information Exposure vulnerability in Qualcomm products
The Touch Pal application can collect user behavior data without awareness by the user in Snapdragon Mobile and Snapdragon Wear.
network
low complexity
qualcomm CWE-200
5.0
5.0
2018-07-06 CVE-2018-5884 Improper Privilege Management vulnerability in Qualcomm products
Improper Access Control in Multimedia in Snapdragon Mobile and Snapdragon Wear, Non-standard applications without permission may acquire permission of Qualcomm-specific proprietary intents.
local
low complexity
qualcomm CWE-269
4.6
4.6
2018-07-06 CVE-2018-5876 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products
While parsing an mp4 file, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.
network
qualcomm CWE-119
6.8
6.8