Vulnerabilities > Qualcomm > SD 670 Firmware > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-07-25 | CVE-2019-2299 | Out-of-bounds Write vulnerability in Qualcomm products An out-of-bound write can be triggered by a specially-crafted command supplied by a userspace application. | 7.8 |
2019-07-25 | CVE-2019-2298 | Use After Free vulnerability in Qualcomm products Protection is missing while accessing md sessions info via macro which can lead to use-after-free in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 845 / SD 850, SD 855, SDM660, SDX20, SDX24 | 7.8 |
2019-07-25 | CVE-2019-2293 | Use After Free vulnerability in Qualcomm products Pointer dereference while freeing IFE resources due to lack of length check of in port resource. | 7.8 |
2019-07-25 | CVE-2019-2290 | Use After Free vulnerability in Qualcomm products Multiple open and close from multiple threads will lead camera driver to access destroyed session data pointer in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDM660, SDX20, SDX24, Snapdragon_High_Med_2016 | 7.8 |
2019-07-25 | CVE-2019-2281 | Unspecified vulnerability in Qualcomm products An unauthenticated bitmap image can be loaded in to memory and subsequently cause execution of unverified code. | 7.8 |
2019-07-25 | CVE-2019-2278 | Improper Verification of Cryptographic Signature vulnerability in Qualcomm products User keystore signature is ignored in boot and can lead to bypass boot image signature verification in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in MDM9607, MDM9640, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 845 / SD 850, SDM660 | 7.8 |
2019-07-25 | CVE-2019-2273 | Out-of-bounds Read vulnerability in Qualcomm products IOMMU page fault while playing h265 video file leads to denial of service issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 845 / SD 850, SD 855, SD 8CX, SDM439, Snapdragon_High_Med_2016, SXR1130 | 7.5 |
2019-07-25 | CVE-2019-2272 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products Buffer overflow can occur in display function due to lack of validation of header block size set by user. | 7.8 |
2019-07-25 | CVE-2019-2263 | Use After Free vulnerability in Qualcomm products Access to freed memory can happen while reading from diag driver due to use after free issue in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA9531, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDM660, SDX20, Snapdragon_High_Med_2016 | 7.8 |
2019-07-25 | CVE-2019-2238 | Out-of-bounds Write vulnerability in Qualcomm products Lack of check of data type can lead to subsequent loop-expression potentially go negative and the condition will still evaluate to true leading to buffer underflow. | 7.8 |