Vulnerabilities > Qualcomm > Wcd9360 Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2022-01-03 CVE-2021-30267 Integer Overflow or Wraparound vulnerability in Qualcomm products
Possible integer overflow to buffer overflow due to improper input validation in FTM ARA commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
local
low complexity
qualcomm CWE-190
7.8
2022-01-03 CVE-2021-30268 Classic Buffer Overflow vulnerability in Qualcomm products
Possible heap Memory Corruption Issue due to lack of input validation when sending HWTC IQ Capture command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
local
low complexity
qualcomm CWE-120
7.8
2022-01-03 CVE-2021-30269 NULL Pointer Dereference vulnerability in Qualcomm products
Possible null pointer dereference due to lack of TLB validation for user provided address in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
local
low complexity
qualcomm CWE-476
7.8
2022-01-03 CVE-2021-30303 Classic Buffer Overflow vulnerability in Qualcomm products
Possible buffer overflow due to lack of buffer length check when segmented WMI command is received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
local
low complexity
qualcomm CWE-120
7.8
2022-01-03 CVE-2021-30335 Reachable Assertion vulnerability in Qualcomm products
Possible assertion in QOS request due to improper validation when multiple add or update request are received simultaneously in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
local
low complexity
qualcomm CWE-617
7.8
2022-01-03 CVE-2021-30337 Use After Free vulnerability in Qualcomm products
Possible use after free when process shell memory is freed using IOCTL call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
local
low complexity
qualcomm CWE-416
7.8
2021-11-12 CVE-2021-1921 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products
Possible memory corruption due to Improper handling of hypervisor unmap operations for concurrent memory operations in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
local
high complexity
qualcomm CWE-367
7.0
2021-11-12 CVE-2021-1973 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products
A FTM Diag command can allow an arbitrary write into modem OS space in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
local
low complexity
qualcomm CWE-119
7.8
2021-11-12 CVE-2021-1979 Out-of-bounds Write vulnerability in Qualcomm products
Possible buffer overflow due to improper validation of FTM command payload in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
local
low complexity
qualcomm CWE-787
7.8
2021-11-12 CVE-2021-1982 Reachable Assertion vulnerability in Qualcomm products
Possible denial of service scenario due to improper input validation of received NAS OTA message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
network
low complexity
qualcomm CWE-617
7.5