Vulnerabilities > Qualcomm > Sd888 5G Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-09-09 CVE-2021-30294 NULL Pointer Dereference vulnerability in Qualcomm products
Potential null pointer dereference in KGSL GPU auxiliary command due to improper validation of user input in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
local
low complexity
qualcomm CWE-476
5.5
2021-09-08 CVE-2021-1904 Incorrect Comparison vulnerability in Qualcomm products
Child process can leak information from parent process due to numeric pids are getting compared and these pid can be reused in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
local
low complexity
qualcomm CWE-697
5.5
2021-09-08 CVE-2021-1929 Unspecified vulnerability in Qualcomm products
Lack of strict validation of bootmode can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
local
low complexity
qualcomm
5.5
2021-07-13 CVE-2021-1931 Classic Buffer Overflow vulnerability in Qualcomm products
Possible buffer overflow due to improper validation of buffer length while processing fast boot commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
local
low complexity
qualcomm CWE-120
6.7
2021-05-07 CVE-2020-11293 Out-of-bounds Read vulnerability in Qualcomm products
Out of bound read can happen in Widevine TA while copying data to buffer from user data due to lack of check of buffer length received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
local
low complexity
qualcomm CWE-125
6.0
2021-03-17 CVE-2020-11230 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products
Potential arbitrary memory corruption when the qseecom driver updates ion physical addresses in the buffer as it exposes a physical address to user land in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
local
high complexity
qualcomm CWE-367
6.4
2021-03-17 CVE-2020-11220 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products
While processing storage SCM commands there is a time of check or time of use window where a pointer used could be invalid at a specific time while executing the storage SCM call in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
local
high complexity
qualcomm CWE-367
6.4
2021-02-22 CVE-2020-11147 Use After Free vulnerability in Qualcomm products
Use after free issue in audio modules while removing and freeing objects during list iteration due to incorrect usage of macro in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile
local
low complexity
qualcomm CWE-416
6.7