Vulnerabilities > Qualcomm > Qca6431 Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2022-09-16 CVE-2022-22092 Use After Free vulnerability in Qualcomm products
Memory corruption in kernel due to use after free issue in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
local
low complexity
qualcomm CWE-416
7.8
2022-09-16 CVE-2022-22093 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products
Memory corruption or temporary denial of service due to improper handling of concurrent hypervisor operations to attach or detach IRQs from virtual interrupt sources in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
local
high complexity
qualcomm CWE-367
7.0
2022-09-16 CVE-2022-22094 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products
memory corruption in Kernel due to race condition while getting mapping reference in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
local
high complexity
qualcomm CWE-367
7.0
2022-09-16 CVE-2022-25690 Improper Validation of Array Index vulnerability in Qualcomm products
Information disclosure in WLAN due to improper validation of array index while parsing crafted ANQP action frames in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
network
low complexity
qualcomm CWE-129
7.5
2022-09-02 CVE-2021-35122 Improper Input Validation vulnerability in Qualcomm products
Non-secure region can try modifying RG permissions of IO space xPUs due to improper input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
local
low complexity
qualcomm CWE-20
7.8
2022-09-02 CVE-2021-35132 Improper Validation of Specified Quantity in Input vulnerability in Qualcomm products
Out of bound write in DSP service due to improper bound check for response buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
local
low complexity
qualcomm CWE-1284
7.8
2022-09-02 CVE-2022-22061 Unspecified vulnerability in Qualcomm products
Out of bounds writing is possible while verifying device IDs due to improper length check before copying the data in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
local
low complexity
qualcomm
7.8
2022-09-02 CVE-2022-22067 Memory Leak vulnerability in Qualcomm products
Potential memory leak in modem during the processing of NSA RRC Reconfiguration with invalid Radio Bearer Config in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
local
low complexity
qualcomm CWE-401
7.8
2022-09-02 CVE-2022-22069 Cleartext Storage of Sensitive Information vulnerability in Qualcomm products
Devices with keyprotect off may store unencrypted keybox in RPMB and cause cryptographic issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
local
low complexity
qualcomm CWE-312
7.8
2022-09-02 CVE-2022-22070 Out-of-bounds Write vulnerability in Qualcomm products
Memory corruption in audio due to lack of check of invalid routing address into APR Routing table in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
local
low complexity
qualcomm CWE-787
7.8