Vulnerabilities > Qualcomm > Qcm4290 Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-09 | CVE-2020-11298 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products While waiting for a response to a callback or listener request, non-secure clients can change permissions to shared memory buffers used by HLOS Invoke Call to secure kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 6.9 |
| 2021-06-09 | CVE-2020-11304 | Out-of-bounds Read vulnerability in Qualcomm products Possible out of bound read in DRM due to improper buffer length check. | 3.6 |
| 2021-06-09 | CVE-2020-11306 | Integer Overflow or Wraparound vulnerability in Qualcomm products Possible integer overflow in RPMB counter due to lack of length check on user provided data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | 4.6 |
| 2021-06-09 | CVE-2020-11165 | Out-of-bounds Write vulnerability in Qualcomm products Memory corruption due to buffer overflow while copying the message provided by HLOS into buffer without validating the length of buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | 7.2 |
| 2021-06-09 | CVE-2020-11178 | Improper Input Validation vulnerability in Qualcomm products Trusted APPS to overwrite the CPZ memory of another use-case as TZ only checks the physical address not overlapping with its memory and its RoT memory in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 7.2 |
| 2021-06-09 | CVE-2020-11182 | Out-of-bounds Write vulnerability in Qualcomm products Possible heap overflow while parsing NAL header due to lack of check of length of data received from user in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | 10.0 |
| 2021-06-09 | CVE-2020-11238 | Out-of-bounds Read vulnerability in Qualcomm products Possible Buffer over-read in ARP/NS parsing due to lack of check of packet length received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 7.8 |
| 2021-06-09 | CVE-2020-11241 | Out-of-bounds Read vulnerability in Qualcomm products Out of bound read will happen if EAPOL Key length is less than expected while processing NAN shared key descriptor attribute in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 7.8 |
| 2021-06-09 | CVE-2020-11261 | Improper Input Validation vulnerability in Qualcomm products Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.2 |
| 2021-06-09 | CVE-2020-11262 | Use After Free vulnerability in Qualcomm products A race between command submission and destroying the context can cause an invalid context being added to the list leads to use after free issue. | 4.4 |