Vulnerabilities > Qualcomm > Wsa8830 Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-03-17 CVE-2020-11230 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products
Potential arbitrary memory corruption when the qseecom driver updates ion physical addresses in the buffer as it exposes a physical address to user land in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
local
high complexity
qualcomm CWE-367
6.4
2021-02-22 CVE-2020-3664 Out-of-bounds Read vulnerability in Qualcomm products
Out of bound read access in hypervisor due to an invalid read access attempt by passing invalid addresses in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
local
low complexity
qualcomm CWE-125
6.0
2021-02-22 CVE-2020-11198 Improper Cross-boundary Removal of Sensitive Data vulnerability in Qualcomm products
Key material used for TZ diag buffer encryption and other data related to log buffer is not wiped securely due to improper usage of memset in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
local
low complexity
qualcomm CWE-212
6.7
2021-02-22 CVE-2020-11147 Use After Free vulnerability in Qualcomm products
Use after free issue in audio modules while removing and freeing objects during list iteration due to incorrect usage of macro in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile
local
low complexity
qualcomm CWE-416
6.7