Vulnerabilities > Qualcomm > Sm4125 Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2021-02-22 CVE-2020-11269 Integer Overflow or Wraparound vulnerability in Qualcomm products
Possible memory corruption while processing EAPOL frames due to lack of validation of key length before using it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
low complexity
qualcomm CWE-190
8.8
2021-02-22 CVE-2020-11204 Out-of-bounds Write vulnerability in Qualcomm products
Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for parameters that are read from shared MSG RAM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
local
low complexity
qualcomm CWE-787
7.8
2021-02-22 CVE-2020-11195 Out-of-bounds Write vulnerability in Qualcomm products
Out of bound write and read in TA while processing command from NS side due to improper length check on command and response buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
local
low complexity
qualcomm CWE-787
7.8
2021-02-22 CVE-2020-11194 Improper Input Validation vulnerability in Qualcomm products
Possible out of bound access in TA while processing a command from NS side due to improper length check of response buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
local
low complexity
qualcomm CWE-20
7.8
2021-02-22 CVE-2020-11177 Unspecified vulnerability in Qualcomm products
User can overwrite Security Code NV item without knowing current SPC due to improper validation of SPC code setting and device lock in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
local
low complexity
qualcomm
8.8
2021-01-21 CVE-2020-11119 Out-of-bounds Read vulnerability in Qualcomm products
Buffer over-read can happen when the buffer length received from response handlers is more than the size of the payload in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
network
low complexity
qualcomm CWE-125
7.5
2020-11-12 CVE-2020-11132 Out-of-bounds Read vulnerability in Qualcomm products
u'Buffer over read in boot due to size check ignored before copying GUID attribute from request to response' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8096AU, APQ8098, MDM8207, MDM9150, MDM9205, MDM9206, MDM9207, MDM9250, MDM9607, MDM9628, MDM9650, MSM8108, MSM8208, MSM8209, MSM8608, MSM8905, MSM8909, MSM8998, QCM4290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QSM8250, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180X+SDX55, SC8180XP, SDA640, SDA670, SDA845, SDA855, SDM1000, SDM640, SDM670, SDM710, SDM712, SDM830, SDM845, SDM850, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR1120, SXR1130, SXR2130, SXR2130P, WCD9330
local
low complexity
qualcomm CWE-125
7.1
2020-11-12 CVE-2020-11127 Integer Overflow or Wraparound vulnerability in Qualcomm products
u'Integer overflow can cause a buffer overflow due to lack of table length check in the extensible boot Loader during the validation of security metadata while processing objects to be loaded' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in MDM9205, QCM4290, QCS405, QCS410, QCS4290, QCS610, QSM8250, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180X+SDX55, SC8180XP, SDA640, SDA845, SDA855, SDM1000, SDM640, SDM830, SDM845, SDM850, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR2130, SXR2130P
local
low complexity
qualcomm CWE-190
7.8