Vulnerabilities > Qualcomm > SD 450 Firmware

DATE CVE VULNERABILITY TITLE RISK
2019-07-25 CVE-2019-2301 Out-of-bounds Read vulnerability in Qualcomm products
Possibility of out-of-bound read if id received from SPI is not in range of FIFO in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9980, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SD 855, SDM439, SDM660, SDX24
local
low complexity
qualcomm CWE-125
7.8
2019-07-25 CVE-2019-2299 Out-of-bounds Write vulnerability in Qualcomm products
An out-of-bound write can be triggered by a specially-crafted command supplied by a userspace application.
local
low complexity
qualcomm CWE-787
7.8
2019-07-25 CVE-2019-2298 Use After Free vulnerability in Qualcomm products
Protection is missing while accessing md sessions info via macro which can lead to use-after-free in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 845 / SD 850, SD 855, SDM660, SDX20, SDX24
local
low complexity
qualcomm CWE-416
7.8
2019-07-25 CVE-2019-2293 Use After Free vulnerability in Qualcomm products
Pointer dereference while freeing IFE resources due to lack of length check of in port resource.
local
low complexity
qualcomm CWE-416
7.8
2019-07-25 CVE-2019-2290 Use After Free vulnerability in Qualcomm products
Multiple open and close from multiple threads will lead camera driver to access destroyed session data pointer in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDM660, SDX20, SDX24, Snapdragon_High_Med_2016
local
low complexity
qualcomm CWE-416
7.8
2019-07-25 CVE-2019-2278 Improper Verification of Cryptographic Signature vulnerability in Qualcomm products
User keystore signature is ignored in boot and can lead to bypass boot image signature verification in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in MDM9607, MDM9640, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 845 / SD 850, SDM660
local
low complexity
qualcomm CWE-347
7.8
2019-07-25 CVE-2019-2273 Out-of-bounds Read vulnerability in Qualcomm products
IOMMU page fault while playing h265 video file leads to denial of service issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 845 / SD 850, SD 855, SD 8CX, SDM439, Snapdragon_High_Med_2016, SXR1130
network
low complexity
qualcomm CWE-125
7.5
2019-07-25 CVE-2019-2272 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products
Buffer overflow can occur in display function due to lack of validation of header block size set by user.
local
low complexity
qualcomm CWE-119
7.8
2019-07-25 CVE-2019-2263 Use After Free vulnerability in Qualcomm products
Access to freed memory can happen while reading from diag driver due to use after free issue in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA9531, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDM660, SDX20, Snapdragon_High_Med_2016
local
low complexity
qualcomm CWE-416
7.8
2019-07-25 CVE-2019-2254 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products
Position determination accuracy may be degraded due to wrongly decoded information in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130
network
low complexity
qualcomm CWE-119
critical
9.8