Vulnerabilities > Qualcomm > Qcs605 Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2019-12-12 CVE-2019-10530 Integer Overflow or Wraparound vulnerability in Qualcomm products
Lack of check of data truncation on user supplied data in kernel leads to buffer overflow in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24
local
low complexity
qualcomm CWE-190
7.8
2019-12-12 CVE-2019-10494 Improper Locking vulnerability in Qualcomm products
Race condition between the camera functions due to lack of resource lock which will lead to memory corruption and UAF issue in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150
network
high complexity
qualcomm CWE-667
8.1
2019-12-12 CVE-2019-10485 Infinite Loop vulnerability in Qualcomm products
Infinite loop while decoding compressed data can lead to overrun condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130
network
low complexity
qualcomm CWE-835
7.5
2019-11-21 CVE-2019-2339 Improper Validation of Array Index vulnerability in Qualcomm products
Out of bound access due to lack of check of whiltelist array size while reading the image elf segments.
local
low complexity
qualcomm CWE-129
7.8
2019-11-21 CVE-2019-2335 Infinite Loop vulnerability in Qualcomm products
While processing Attach Reject message, Valid exit condition is not met resulting into an infinite loop in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130
network
low complexity
qualcomm CWE-835
7.5
2019-11-21 CVE-2019-2329 Use After Free vulnerability in Qualcomm products
Use after free issue in cleanup routine due to missing pointer sanitization for a failed start of a trusted application.
local
low complexity
qualcomm CWE-416
7.8
2019-11-21 CVE-2019-2315 Unspecified vulnerability in Qualcomm products
While invoking the API to copy from fd or local buffer to the secure buffer, Parameters being populated are from non secure environment.
local
low complexity
qualcomm
7.8
2019-11-21 CVE-2019-2297 Integer Overflow or Wraparound vulnerability in Qualcomm products
Buffer overflow can occur while processing non-standard NAN message from user space.
local
low complexity
qualcomm CWE-190
7.8
2019-11-21 CVE-2019-2266 Double Free vulnerability in Qualcomm products
Possible double free issue in kernel while handling the camera sensor and its sub modules power sequence in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MDM9206, MDM9207C, MDM9607, MSM8909, MSM8909W, Nicobar, QCA9980, QCS405, QCS605, SDM845, SDX24, SM7150, SM8150
local
low complexity
qualcomm CWE-415
7.8
2019-11-21 CVE-2019-2251 Out-of-bounds Write vulnerability in Qualcomm products
If a bitmap file is loaded from any un-authenticated source, there is a possibility that the bitmap can potentially cause stack buffer overflow.
local
low complexity
qualcomm CWE-787
7.8