Vulnerabilities > Qualcomm > Sd888 5G Firmware

DATE CVE VULNERABILITY TITLE RISK
2021-09-08 CVE-2021-1923 Incorrect Type Conversion or Cast vulnerability in Qualcomm products
Incorrect pointer argument passed to trusted application TA could result in un-intended memory operations in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT
local
low complexity
qualcomm CWE-704
7.8
7.8
2021-09-08 CVE-2021-1929 Unspecified vulnerability in Qualcomm products
Lack of strict validation of bootmode can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
local
low complexity
qualcomm
5.5
5.5
2021-09-08 CVE-2021-1930 Out-of-bounds Read vulnerability in Qualcomm products
Possible out of bounds read due to incorrect validation of incoming buffer length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
local
low complexity
qualcomm CWE-125
7.1
7.1
2021-09-08 CVE-2021-1972 Classic Buffer Overflow vulnerability in Qualcomm products
Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
network
low complexity
qualcomm CWE-120
critical
 9.8
9.8
2021-07-13 CVE-2020-11307 Improper Validation of Array Index vulnerability in Qualcomm products
Buffer overflow in modem due to improper array index check before copying into it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables
network
low complexity
qualcomm CWE-129
critical
 9.8
9.8
2021-07-13 CVE-2021-1886 Out-of-bounds Write vulnerability in Qualcomm products
Incorrect handling of pointers in trusted application key import mechanism could cause memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
local
low complexity
qualcomm CWE-787
7.8
7.8
2021-07-13 CVE-2021-1888 Double Free vulnerability in Qualcomm products
Memory corruption in key parsing and import function due to double freeing the same heap allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
local
low complexity
qualcomm CWE-415
7.8
7.8
2021-07-13 CVE-2021-1889 Classic Buffer Overflow vulnerability in Qualcomm products
Possible buffer overflow due to lack of length check in Trusted Application in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
local
low complexity
qualcomm CWE-120
7.8
7.8
2021-07-13 CVE-2021-1890 Out-of-bounds Write vulnerability in Qualcomm products
Improper length check of public exponent in RSA import key function could cause memory corruption.
local
low complexity
qualcomm CWE-787
7.8
7.8
2021-07-13 CVE-2021-1907 Classic Buffer Overflow vulnerability in Qualcomm products
Possible buffer overflow due to lack of length check in BA request in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
network
low complexity
qualcomm CWE-120
7.5
7.5