Vulnerabilities > Qualcomm > Sdm630 Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2021-06-09 CVE-2020-11267 Out-of-bounds Write vulnerability in Qualcomm products
Stack out-of-bounds write occurs while setting up a cipher device if the provided IV length exceeds the max limit value in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
local
low complexity
qualcomm CWE-787
7.8
2021-06-09 CVE-2020-11292 Classic Buffer Overflow vulnerability in Qualcomm products
Possible buffer overflow in voice service due to lack of input validation of parameters in QMI Voice API in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
local
low complexity
qualcomm CWE-120
7.8
2021-06-09 CVE-2020-11304 Out-of-bounds Read vulnerability in Qualcomm products
Possible out of bound read in DRM due to improper buffer length check.
local
low complexity
qualcomm CWE-125
7.1
2021-06-09 CVE-2021-1900 Use After Free vulnerability in Qualcomm products
Possible use after free in Display due to race condition while creating an external display in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
local
high complexity
qualcomm CWE-416
7.0
2021-06-09 CVE-2021-1937 Reachable Assertion vulnerability in Qualcomm products
Reachable assertion is possible while processing peer association WLAN message from host and nonstandard incoming packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
network
low complexity
qualcomm CWE-617
7.5
2021-06-09 CVE-2020-11235 Integer Overflow or Wraparound vulnerability in Qualcomm products
Buffer overflow might occur while parsing unified command due to lack of check of input data received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
local
low complexity
qualcomm CWE-190
7.8
2021-06-09 CVE-2020-11238 Out-of-bounds Read vulnerability in Qualcomm products
Possible Buffer over-read in ARP/NS parsing due to lack of check of packet length received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
network
low complexity
qualcomm CWE-125
7.5
2021-06-09 CVE-2020-11239 Use After Free vulnerability in Qualcomm products
Use after free issue when importing a DMA buffer by using the CPU address of the buffer due to attachment is not cleaned up properly in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
local
low complexity
qualcomm CWE-416
7.8
2021-06-09 CVE-2020-11261 Improper Input Validation vulnerability in Qualcomm products
Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
local
low complexity
qualcomm CWE-20
7.8
2021-06-09 CVE-2020-11262 Use After Free vulnerability in Qualcomm products
A race between command submission and destroying the context can cause an invalid context being added to the list leads to use after free issue.
local
high complexity
qualcomm CWE-416
7.0