Vulnerabilities > Qualcomm > Sa8195P Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-05-07 CVE-2021-1891 Use After Free vulnerability in Qualcomm products
A possible use-after-free occurrence in audio driver can happen when pointers are not properly handled in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
local
low complexity
qualcomm CWE-416
4.6
2021-04-07 CVE-2020-11252 Out-of-bounds Read vulnerability in Qualcomm products
Trustzone initialization code will disable xPU`s when memory dumps are enabled and lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
4.7
2021-03-17 CVE-2020-11290 Use After Free vulnerability in Qualcomm products
Use after free condition in msm ioctl events due to race between the ioctl register and deregister events in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
6.9
2021-03-17 CVE-2020-11230 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products
Potential arbitrary memory corruption when the qseecom driver updates ion physical addresses in the buffer as it exposes a physical address to user land in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
4.4
2021-03-17 CVE-2020-11228 Improper Privilege Management vulnerability in Qualcomm products
Part of RPM region was not protected from xblSec itself due to improper policy and leads to unprivileged access in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
local
low complexity
qualcomm CWE-269
4.6
2021-03-17 CVE-2020-11220 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products
While processing storage SCM commands there is a time of check or time of use window where a pointer used could be invalid at a specific time while executing the storage SCM call in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
4.4
2021-02-22 CVE-2020-11281 Information Exposure vulnerability in Qualcomm products
Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers can lead to information disclosure.
network
low complexity
qualcomm CWE-200
5.0
2021-01-21 CVE-2020-11119 Out-of-bounds Read vulnerability in Qualcomm products
Buffer over-read can happen when the buffer length received from response handlers is more than the size of the payload in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
network
low complexity
qualcomm CWE-125
5.0