Vulnerabilities > Qualcomm > Msm8909W Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2018-09-20 CVE-2017-18280 Unspecified vulnerability in Qualcomm products
In Snapdragon (Automobile, Mobile, Wear) in version MDM9607, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDM429, SDM439, SDM632, Snapdragon_High_Med_2016, when a Trusted Application has opened the SPI/I2C interface to a particular device, it is possible for another Trusted Application to read the data on this open interface by calling the SPI/I2C read function.
local
low complexity
qualcomm
7.8
2018-07-06 CVE-2018-5891 Use After Free vulnerability in Qualcomm products
While processing modem SSR after IMS is registered, the IMS data daemon is restarted but the ipc_dataHandle is no longer available.
local
low complexity
qualcomm CWE-416
8.4
2018-07-06 CVE-2018-5876 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products
While parsing an mp4 file, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.
network
low complexity
qualcomm CWE-119
8.8
2018-07-06 CVE-2018-5875 Integer Overflow or Wraparound vulnerability in Qualcomm products
While parsing an mp4 file, an integer overflow leading to a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.
network
low complexity
qualcomm CWE-190
8.8
2018-07-06 CVE-2018-5874 Out-of-bounds Write vulnerability in Qualcomm products
While parsing an mp4 file, a stack-based buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.
network
low complexity
qualcomm CWE-787
8.8
2018-07-06 CVE-2018-5838 Improper Validation of Array Index vulnerability in Qualcomm products
Improper Validation of Array Index In the adreno OpenGL driver in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur in SurfaceFlinger.
local
low complexity
qualcomm CWE-129
7.8
2018-07-06 CVE-2018-11259 Incorrect Permission Assignment for Critical Resource vulnerability in Qualcomm products
Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased.
local
low complexity
qualcomm CWE-732
7.7
2018-07-06 CVE-2018-11258 Use After Free vulnerability in Qualcomm products
In ADSP RPC in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, a Use After Free condition can occur in versions MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDX20.
local
low complexity
qualcomm CWE-416
7.8
2018-04-18 CVE-2016-10499 Resource Management Errors vulnerability in Qualcomm products
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, memory leak may occur in the IPSecurity module when repeating IKE-Rekey.
network
low complexity
qualcomm CWE-399
7.5
2018-04-18 CVE-2016-10497 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, improper CFG allocation can cause heap leak.
network
low complexity
qualcomm CWE-119
7.5