Vulnerabilities > Qualcomm > SD 820A Firmware

DATE CVE VULNERABILITY TITLE RISK
2018-07-06 CVE-2018-5894 Improper Validation of Array Index vulnerability in Qualcomm products
Improper Validation of Array Index in Multimedia While parsing an mp4 file in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur.
network
low complexity
qualcomm CWE-129
6.5
6.5
2018-07-06 CVE-2018-5882 Out-of-bounds Read vulnerability in Qualcomm products
While parsing a Flac file with a corrupted comment block, a buffer over-read can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.
network
low complexity
qualcomm CWE-125
critical
 9.8
9.8
2018-07-06 CVE-2018-5876 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products
While parsing an mp4 file, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.
network
low complexity
qualcomm CWE-119
8.8
8.8
2018-07-06 CVE-2018-5875 Integer Overflow or Wraparound vulnerability in Qualcomm products
While parsing an mp4 file, an integer overflow leading to a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.
network
low complexity
qualcomm CWE-190
8.8
8.8
2018-07-06 CVE-2018-5874 Out-of-bounds Write vulnerability in Qualcomm products
While parsing an mp4 file, a stack-based buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.
network
low complexity
qualcomm CWE-787
8.8
8.8
2018-07-06 CVE-2018-5838 Improper Validation of Array Index vulnerability in Qualcomm products
Improper Validation of Array Index In the adreno OpenGL driver in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur in SurfaceFlinger.
local
low complexity
qualcomm CWE-129
7.8
7.8
2018-07-06 CVE-2018-11259 Incorrect Permission Assignment for Critical Resource vulnerability in Qualcomm products
Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased.
local
low complexity
qualcomm CWE-732
7.7
7.7
2018-07-06 CVE-2018-11258 Use After Free vulnerability in Qualcomm products
In ADSP RPC in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, a Use After Free condition can occur in versions MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDX20.
local
low complexity
qualcomm CWE-416
7.8
7.8
2018-04-18 CVE-2016-10494 Integer Overflow or Wraparound vulnerability in Qualcomm products
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9625, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, integer overflow may lead to buffer overflows in IPC router Root-PD driver.
network
low complexity
qualcomm CWE-190
critical
 9.8
9.8
2018-04-18 CVE-2016-10493 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, NPA routines on the rootPD that handle resource requests remoted over QDI may not validate pointers passed from user space which may result in guest OS memory corruption.
network
low complexity
qualcomm CWE-119
critical
 9.8
9.8