Vulnerabilities > Qualcomm > Sd480 Firmware

DATE CVE VULNERABILITY TITLE RISK
2021-04-07 CVE-2020-11237 Improper Input Validation vulnerability in Qualcomm products
Memory crash when accessing histogram type KPI input received due to lack of check of histogram definition before accessing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
local
low complexity
qualcomm CWE-20
7.2
2021-04-07 CVE-2020-11236 Out-of-bounds Write vulnerability in Qualcomm products
Memory corruption due to invalid value of total dimension in the non-histogram type KPI could lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
network
low complexity
qualcomm CWE-787
7.8
2021-04-07 CVE-2020-11210 Out-of-bounds Write vulnerability in Qualcomm products
Possible memory corruption in RPM region due to improper XPU configuration in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
local
low complexity
qualcomm CWE-787
7.2
2021-03-17 CVE-2020-11309 Use After Free vulnerability in Qualcomm products
Use after free in GPU driver while mapping the user memory to GPU memory due to improper check of referenced memory in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
local
low complexity
qualcomm CWE-416
7.2
2021-03-17 CVE-2020-11308 Improper Validation of Array Index vulnerability in Qualcomm products
Buffer overflow occurs when trying to convert ASCII string to Unicode string if the actual size is more than required in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
local
low complexity
qualcomm CWE-129
7.2
2021-03-17 CVE-2020-11299 Classic Buffer Overflow vulnerability in Qualcomm products
Buffer overflow can occur in video while playing the non-standard clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
network
low complexity
qualcomm CWE-120
critical
10.0
2021-03-17 CVE-2020-11228 Improper Privilege Management vulnerability in Qualcomm products
Part of RPM region was not protected from xblSec itself due to improper policy and leads to unprivileged access in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
local
low complexity
qualcomm CWE-269
4.6
2021-03-17 CVE-2020-11220 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products
While processing storage SCM commands there is a time of check or time of use window where a pointer used could be invalid at a specific time while executing the storage SCM call in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
4.4