Vulnerabilities > Qualcomm > Sm6225 Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2022-02-11 CVE-2021-30318 Classic Buffer Overflow vulnerability in Qualcomm products
Improper validation of input when provisioning the HDCP key can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables
local
low complexity
qualcomm CWE-120
7.8
2022-02-11 CVE-2021-35069 Integer Overflow or Wraparound vulnerability in Qualcomm products
Improper validation of data length received from DMA buffer can lead to memory corruption.
local
low complexity
qualcomm CWE-190
7.8
2022-02-11 CVE-2021-35077 Use After Free vulnerability in Qualcomm products
Possible use after free scenario in compute offloads to DSP while multiple calls spawn a dynamic process in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
local
low complexity
qualcomm CWE-416
7.8
2022-01-13 CVE-2021-30285 Improper Input Validation vulnerability in Qualcomm products
Improper validation of memory region in Hypervisor can lead to incorrect region mapping in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
local
low complexity
qualcomm CWE-20
8.8
2022-01-13 CVE-2021-30300 Incorrect Type Conversion or Cast vulnerability in Qualcomm products
Possible denial of service due to incorrectly decoding hex data for the SIB2 OTA message and assigning a garbage value to choice when processing the SRS configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables
network
low complexity
qualcomm CWE-704
7.5
2022-01-13 CVE-2021-30307 Reachable Assertion vulnerability in Qualcomm products
Possible denial of service due to improper validation of DNS response when DNS client requests with PTR, NAPTR or SRV query type in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT
network
low complexity
qualcomm CWE-617
7.5
2022-01-13 CVE-2021-30311 Improper Validation of Array Index vulnerability in Qualcomm products
Possible heap overflow due to lack of index validation before allocating and writing to heap buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
local
low complexity
qualcomm CWE-129
7.8
2022-01-13 CVE-2021-30319 Integer Overflow or Wraparound vulnerability in Qualcomm products
Possible integer overflow due to improper validation of command length parameters while processing WMI command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
local
low complexity
qualcomm CWE-190
7.8
2022-01-13 CVE-2021-30330 NULL Pointer Dereference vulnerability in Qualcomm products
Possible null pointer dereference due to improper validation of APE clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables
network
low complexity
qualcomm CWE-476
7.5
2022-01-13 CVE-2021-30353 Reachable Assertion vulnerability in Qualcomm products
Improper validation of function pointer type with actual function signature can lead to assertion in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables
network
low complexity
qualcomm CWE-617
7.5