Vulnerabilities > Qualcomm > SD 212 Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-10-23 CVE-2017-18305 Unspecified vulnerability in Qualcomm products
XBL sec mem dump system call allows complete control of EL3 by unlocking all XPUs if enable fuse is not blown in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835.
local
qualcomm
6.9
2018-10-23 CVE-2017-18300 Information Exposure vulnerability in Qualcomm products
Secure display content could be accessed by third party trusted application after creating a fault in other trusted applications in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SDA660.
local
low complexity
qualcomm CWE-200
4.9
2018-10-23 CVE-2017-18299 Resource Exhaustion vulnerability in Qualcomm products
Improper translation table consolidation logic leads to resource exhaustion and QSEE error in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660
local
low complexity
qualcomm CWE-400
4.9
2018-10-23 CVE-2017-18292 Improper Input Validation vulnerability in Qualcomm products
Secure app running in non secure space can restart TZ by calling Widevine app API repeatedly in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A.
local
low complexity
qualcomm CWE-20
4.9
2018-10-23 CVE-2017-18283 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products
Possible memory corruption when Read Val Blob Req is received with invalid parameters in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 625, SD 835, SD 845, SD 850, SDA660.
low complexity
qualcomm CWE-119
6.1
2018-10-23 CVE-2017-18277 Infinite Loop vulnerability in Qualcomm products
When dynamic memory allocation fails, currently the process sleeps for one second and continues with infinite loop without retrying for memory allocation in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, QCN5502, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835.
local
low complexity
qualcomm CWE-835
4.9
2018-07-06 CVE-2018-5894 Out-of-bounds Read vulnerability in Qualcomm products
Improper Validation of Array Index in Multimedia While parsing an mp4 file in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur.
network
qualcomm CWE-125
4.3
2018-07-06 CVE-2018-5892 Information Exposure vulnerability in Qualcomm products
The Touch Pal application can collect user behavior data without awareness by the user in Snapdragon Mobile and Snapdragon Wear.
network
low complexity
qualcomm CWE-200
5.0
2018-07-06 CVE-2018-5891 Use After Free vulnerability in Qualcomm products
While processing modem SSR after IMS is registered, the IMS data daemon is restarted but the ipc_dataHandle is no longer available.
local
low complexity
qualcomm CWE-416
4.6
2018-07-06 CVE-2018-5884 Improper Privilege Management vulnerability in Qualcomm products
Improper Access Control in Multimedia in Snapdragon Mobile and Snapdragon Wear, Non-standard applications without permission may acquire permission of Qualcomm-specific proprietary intents.
local
low complexity
qualcomm CWE-269
4.6