ipq8074 firmware · threatengine.sh

Home/Product/qualcomm ipq8074 firmware

Product

qualcomm ipq8074 firmware

223 known vulnerabilities across versions

Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.

Sort Min CVSS Published since

Memory corruption while deinitializing a HDCP session.

Information disclosure while processing system calls with invalid parameters.

Memory corruption while processing a GP command response.

Information disclosure may occur while processing the hypervisor log.

Cryptographic issue while performing RSA PKCS padding decoding.

Transient DOS while processing an ANQP message.

Memory corruption when allocating and accessing an entry in an SMEM partition continuously.

Memory corruption while redirecting log file to any file location with any file name.

Transient DOS in WLAN Host and Firmware when large number of open authentication frames are sent with an invalid transaction seque

Transient DOS while parse fils IE with length equal to 1.

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains IPPROTO_NONE as the n

Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.

Information disclosure in WLAN HAL while handling command through WMI interfaces.

Information disclosure in IOE Firmware while handling WMI command.

Transient DOS in WLAN Firmware while parsing rsn ies.

Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon frame.

Memory corruption in WLAN HAL while parsing WMI command parameters.

Memory corruption in WLAN HAL while handling command through WMI interfaces.

Memory corruption in WLAN HAL while handling command streams through WMI interfaces.

Memory corruption in WLAN HAL while passing command parameters through WMI interfaces.

Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.

Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload.

Memory corruption in WLAN handler while processing PhyID in Tx status handler.

Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload.

Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV payload.

Memory corruption in WLAN while sending transmit command from HLOS to UTF handlers.

Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of range.

Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.

information disclosure due to cryptographic issue in Core during RPMB read request.

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.

Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.

Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload.

Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.

Memory corruption in modem due to buffer copy without checking size of input while receiving WMI command.

Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames.

Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames.

Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Sna

Information disclosure due to buffer over-read in WLAN firmware while parsing security context info attributes. in Snapdragon Auto

Transient DOS due to buffer over-read in WLAN firmware while processing PPE threshold. in Snapdragon Auto, Snapdragon Compute, Sna

Transient Denial-of-Service in WLAN due to buffer over-read while parsing MDNS frames. in Snapdragon Auto, Snapdragon Compute, Sna

Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Comp

Denial of service in WLAN due to out-of-bound read happens while processing VHT action frame in Snapdragon Auto, Snapdragon Comput

Cryptographic issues in BSP due to improper hash verification in Snapdragon Wired Infrastructure and Networking

Possible buffer overflow due to improper parsing of headers while playing the FLAC audio clip in Snapdragon Auto, Snapdragon Compu

Possible buffer over read due to lack of size validation while copying data from DBR buffer to RX buffer and can lead to Denial of

Possible out of bound read due to improper validation of IE length during SSID IE parse when channel is DFS in Snapdragon Auto, Sn

Improper validation of data length received from DMA buffer can lead to memory corruption. in Snapdragon Auto, Snapdragon Compute,

Possible out of bound access of DCI resources due to lack of validation process and resource allocation in Snapdragon Auto, Snapdr

Possible out of bound write due to lack of boundary check for the maximum size of buffer when sending a DCI packet to remote proce

Use after free condition can occur in wired connectivity due to a race condition while creating and deleting folders in Snapdragon

An out of bound memory access can occur due to improper validation of number of frames being passed during music playback in Snapd

Possible use after free when process shell memory is freed using IOCTL call and process initialization is in progress in Snapdrago

Possible assertion in QOS request due to improper validation when multiple add or update request are received simultaneously in Sn

Possible buffer overflow due to lack of buffer length check when segmented WMI command is received in Snapdragon Auto, Snapdragon

Possible null pointer dereference in thread cache operation handler due to lack of validation of user provided input in Snapdragon

Possible null pointer dereference in thread profile trap handler due to lack of thread ID validation before dereferencing it in Sn

Possible use after free due to improper memory validation when initializing new interface via Interface add command in Snapdragon

Possible use after free due improper validation of reference from call back to internal store table in Snapdragon Auto, Snapdragon

Information disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon

Possible denial of service scenario can occur due to lack of length check on Channel Switch Announcement IE in beacon or probe res

Improper authentication of sub-frames of a multicast AMSDU frame can lead to information disclosure in Snapdragon Auto, Snapdragon

Improper authentication of EAP WAPI EAPOL frames from unauthenticated user can lead to information disclosure in Snapdragon Comput

Possible stack overflow due to improper length check of TLV while copying the TLV to a local stack variable in Snapdragon Auto, Sn

Possible buffer over read due to lack of length check while parsing beacon IE response in Snapdragon Auto, Snapdragon Compute, Sna

Possible Integer overflow to buffer overflow issue can occur due to improper validation of input parameters when extscan hostlist

A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snapdragon Com

Possible buffer over read due to lack of alignment between map or unmap length of IPA SMMU and WLAN SMMU in Snapdragon Auto, Snapd

Possible assertion due to lack of physical layer state validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,

Possible out of bound read due to lack of length check of data while parsing the beacon or probe response in Snapdragon Auto, Snap

Possible buffer over read issue due to improper length check on WPA IE string sent by peer in Snapdragon Auto, Snapdragon Compute,

Buffer overflow occurs in trusted applications due to lack of length check of parameters in Snapdragon Auto, Snapdragon Compute, S

Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Compute, Snap

Buffer over read could occur due to incorrect check of buffer size while flashing emmc devices in Snapdragon Connectivity, Snapdra

Improper authentication of un-encrypted plaintext Wi-Fi frames in an encrypted network can lead to information disclosure in Snapd

Possible buffer over read due to improper validation of IE size while parsing beacon from peer device in Snapdragon Auto, Snapdrag

Possible buffer over read due to improper validation of data pointer while parsing FILS indication IE in Snapdragon Auto, Snapdrag

Improper handling of received malformed FTMR request frame can lead to reachable assertion while responding with FTM1 frame in Sna

Possible out of bound read due to lack of length check of Bandwidth-NSS IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Conn

Possible buffer out of bound read can occur due to improper validation of TBTT count and length while parsing the beacon response

Possible assertion due to improper verification while creating and deleting the peer in Snapdragon Auto, Snapdragon Compute, Snapd

An assertion can be reached in the WLAN subsystem while using the Wi-Fi Fine Timing Measurement protocol in Snapdragon Wired Infra

Reachable assertion is possible while processing peer association WLAN message from host and nonstandard incoming packet in Snapdr

Stack out-of-bounds write occurs while setting up a cipher device if the provided IV length exceeds the max limit value in Snapdra

Out of bound read will happen if EAPOL Key length is less than expected while processing NAN shared key descriptor attribute in Sn

Possible Buffer over-read in ARP/NS parsing due to lack of check of packet length received in Snapdragon Auto, Snapdragon Compute,

Buffer overflow might occur while parsing unified command due to lack of check of input data received in Snapdragon Auto, Snapdrag

Buffer over-read can happen while processing WPA,RSN IE of beacon and response frames if IE length is less than length of frame po

Possible stack out of bound write might happen due to time bitmap length and bit duration fields of the attributes like NAN rangin

Possible out of bound read while WLAN frame parsing due to lack of check for body and header length in Snapdragon Auto, Snapdragon

Possible use after free due to lack of null check while memory is being freed in FastRPC driver in Snapdragon Auto, Snapdragon Com

Possible denial of service scenario due to improper handling of group management action frame in Snapdragon Auto, Snapdragon Compu

Buffer overflow can occur due to improper validation of NDP application information length in Snapdragon Auto, Snapdragon Compute,

Possible integer overflow due to improper length check while flashing an image in Snapdragon Consumer IOT, Snapdragon Industrial I

A possible use-after-free occurrence in audio driver can happen when pointers are not properly handled in Snapdragon Auto, Snapdra

Out of bound write can occur in TZ command handler due to lack of validation of command ID in Snapdragon Auto, Snapdragon Compute,

Out of bound read occurs while processing crafted SDP due to lack of check of null string in Snapdragon Auto, Snapdragon Compute,

Arithmetic overflow can happen while processing NOA IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snap

Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers can lead to information disclos

Denial of service while processing fine timing measurement request (FTMR) frame with reserved bits set in the FTM parameter IE due

Possible denial of service while handling host WMI command due to improper validation in Snapdragon Auto, Snapdragon Compute, Snap

Possible buffer over read while processing P2P IE and NOA attribute of beacon and probe response frames due to improper validation

Possible buffer over-read while parsing quiet IE in Rx beacon frame due to improper check of IE length in received beacon in Snapd

Possible out of bounds while accessing global control elements due to race condition in Snapdragon Auto, Snapdragon Compute, Snapd

Possible denial of service due to RTT responder consistently rejects all FTMR by transmitting FTM1 with failure status in the FTM

Possible memory corruption while processing EAPOL frames due to lack of validation of key length before using it in Snapdragon Aut

Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for par

Buffer over-read can happen when the buffer length received from response handlers is more than the size of the payload in Snapdra

u'Use after free while installing new security rule in ipcrtr as old one is deleted and this rule could still be in use for checki

u'Remote code execution can happen by sending a carefully crafted POST query when Device configuration is accessed from a tethered

u'Array index underflow issue in adsp driver due to improper check of channel id before used as array index.' in Snapdragon Auto,

u'Two threads running simultaneously from user space can lead to race condition in fastRPC driver' in Snapdragon Auto, Snapdragon

u'fscanf reads a string from a file and stores its contents on a statically allocated stack memory which leads to stack overflow'

u'Possible buffer overflow in MHI driver due to lack of input parameter validation of EOT events received from MHI device side' in

u'Out of bound access can happen in MHI command process due to lack of check of channel id value received from MHI devices' in Sna

u'Potential integer underflow while parsing Service Info and IPv6 link-local TLVs that comes as part of NDPE attribute' in Snapdra

u'Buffer Overflow issue in WLAN tcp ip verification due to usage of out of range pointer offset' in Snapdragon Auto, Snapdragon Co

u'Buffer overflow while parsing PMF enabled MCBC frames due to frame length being lesser than what is expected while parsing' in S

u'Buffer Overflow in mic calculation for WPA due to copying data into buffer without validating the length of buffer' in Snapdrago

u'Out of bounds memory access during memory copy while processing Host command' in Snapdragon Auto, Snapdragon Compute, Snapdragon

u'Channel name string which has been read from shared memory is potentially subjected to string manipulations but not validated fo

u'Lack of check to ensure that the TX read index & RX write index that are read from shared memory are less than the FIFO size res

u'Lack of check of integer overflow while doing a round up operation for data read from shared memory for G-link SMEM transport ca

u'Non-secure memory is touched multiple times during TrustZone\u2019s execution and can lead to privilege escalation or memory cor

u'In the lbd service, an external user can issue a specially crafted debug command to overwrite arbitrary files with arbitrary con

u'Heap overflow in diag command handler due to lack of check of packet length received from user' in Snapdragon Auto, Snapdragon C

u'Lack of check for integer overflow for round up and addition operations result into memory corruption and potential information

u'Lack of check that the TX FIFO write and read indices that are read from shared RAM are less than the FIFO size results into mem

u'Lack of integer overflow check for addition of fragment size and remaining size that are read from shared memory can lead to mem

u'Lack of check that the current received data fragment size of a particular packet that are read from shared memory are less than

u'Out of bound memory access if stack push and pop operation are performed without doing a bound check on stack top' in Snapdragon

u'User Process can potentially corrupt kernel virtual page by passing a crafted page in API' in Snapdragon Auto, Snapdragon Comput

u'SMEM partition can be manipulated in case of any compromise on HLOS, thus resulting in access to memory outside of SMEM address

Possible out of bounds read due to a missing bounds check and could lead to local information disclosure in the wifi driver with n

Possible buffer overflow while copying the frame to local buffer due to lack of check of length before copying in Snapdragon Auto,

Integer overflow in diag command handler when user inputs a large value for number of tasks field in the request packet in Snapdra

Payload size is not validated before reading memory that may cause issue of accessing invalid pointer or some garbage data in Snap

kernel writes to user passed address without any checks can lead to arbitrary memory write in Snapdragon Auto, Snapdragon Compute,

Firmware will hit assert in WLAN firmware If encrypted data length in FILS IE of reassoc response is more than 528 bytes in Snapdr

NULL exception due to accessing bad pointer while posting events on RT FIFO in Snapdragon Compute, Snapdragon Mobile, Snapdragon W

When attempting to create a new XFRM policy, a stack out-of-bounds read will occur if the user provides a template where the mode

Possible integer overflow to buffer overflow in WLAN while parsing nonstandard NAN IE messages. in Snapdragon Auto, Snapdragon Com

Possible out of bound access in WLAN handler when the received value of length in rx path is shorter than the expected value of co

Buffer overflow in WLAN firmware while parsing GTK IE containing GTK key having length more than the buffer size in Snapdragon Aut

Buffer overflow can occur in WLAN firmware while unwraping data using CCMP cipher suite during parsing of EAPOL handshake frame

Potential buffer overflow while processing CBF frames due to lack of check of buffer length before copy in Snapdragon Auto, Snapdr

Possible buffer overflow while handling NAN reception of NMF in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snap

Buffer overflow can occur in function wlan firmware while copying association frame content if frame length is more than the maxim

Possible use after free issue in pcm volume controls due to race condition exist in private data used in mixer controls in Snapdra

Out of bound memory access can happen while parsing ADSP message due to lack of check of size of payload received from userspace i

When issuing IOCTL calls to ION, Memory leak can occur due to failure in unassign pages under certain conditions in Snapdragon Aut

Side channel issue in QTEE due to usage of non-time-constant comparison function such as memcmp or strcmp in Snapdragon Auto, Snap

Possible buffer overflow in WLAN handler due to lack of validation of destination buffer size before copying it in Snapdragon Auto

Possible buffer overflow in WLAN handler due to lack of validation of destination buffer size before copying into it in Snapdragon

Possible buffer overflow in data offload handler due to lack of check of keydata length when copying data in Snapdragon Auto, Snap

Possible buffer overflow in WLAN Parser due to lack of length check when copying data in Snapdragon Auto, Snapdragon Compute, Snap

While parsing Service Descriptor Extended Attribute received as part of SDF frame, there is a possibility that incorrect length is

Potential buffer over-read due to lack of bound check of memory offset passed in WLAN firmware in Snapdragon Compute, Snapdragon C

Buffer Over-read when WLAN module gets a WMI message for SAR limits with invalid number of limits to be enforced in Snapdragon Com

Buffer overflow can occur while parsing RSN IE containing list of PMK ID`s which are more than the buffer size in Snapdragon Auto,

Buffer overwrite during memcpy due to lack of check on SSID length validation in Snapdragon Auto, Snapdragon Compute, Snapdragon C

Buffer overflow due to lack of upper bound check on channel length which is used for a loop. in Snapdragon Compute, Snapdragon Con

Possible buffer overflow in WLAN WMI handler due to lack of ssid length check when copying data in Snapdragon Auto, Snapdragon Com

Lack of check that the RX FIFO write index that is read from shared RAM is less than the FIFO size results into memory corruption

Buffer overflow can occur in WLAN firmware while parsing beacon/probe_response frames during roaming in Snapdragon Auto, Snapdrago

Out of bound access due to Invalid inputs to dapm mux settings which results into kernel failure in Snapdragon Auto, Snapdragon Co

Uninitialized stack data gets used If memory is not allocated for blob or if the allocated blob is less than the struct size requi

Possible buffer overflow issue in error processing due to improper validation of array index value in Snapdragon Auto, Snapdragon

Integer overflow to buffer overflow due to lack of validation of event arguments received from firmware. in Snapdragon Auto, Snapd

Improper Access Control for RPU write access from secure processor in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Ele

Out of bounds memcpy can occur by providing the embedded NULL character string and length greater than the actual string length in

Buffer overwrite can occur in IEEE80211 header filling function due to lack of range check of array index received from firmware i

Out of bound access can occur while processing firmware event due to lack of validation of WMI message received from firmware in S

Use of local variable as argument to netlink CB callback goes out of it scope when callback triggered lead to invalid stack memory

Potential double free scenario if driver receives another DIAG_EVENT_LOG_SUPPORTED event from firmware as the pointer is not set t

Use after free of a pointer in iWLAN scenario during netmgr state transition to CONNECT in Snapdragon Auto, Snapdragon Compute, Sn

Possibility of Null pointer access if the SPDM commands are executed in the non-standard way in Trustzone in Snapdragon Auto, Snap

Out of bound access occurs while handling the WMI FW event due to lack of check of buffer argument which comes directly from the W

Out of bound write can happen in WMI firmware event handler due to lack of validation of data received from WLAN firmware in Snapd

Incorrect length used while validating the qsee log buffer sent from HLOS which could then lead to remap conflict in Snapdragon Au

Out of bound write in TZ while copying the secure dump structure on HLOS provided buffer as a part of memory dump in Snapdragon Au

Non Secure Kernel can cause Trustzone to do an arbitrary memory read which will result into DOS in Snapdragon Auto, Snapdragon Con

Buffer overflow can occur while processing non-standard NAN message from user space. in Snapdragon Auto, Snapdragon Consumer Elect

Out-of-bounds memory access in Qurt kernel function when using the identifier to access Qurt kernel buffer to retrieve thread data

Kernel can do a memory read from arbitrary address passed by user during execution of a syscall in Snapdragon Auto, Snapdragon Com

Payload size is not checked before using it as array index in audio in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IO

ADSP can be compromised since it`s a general-purpose CPU processing untrusted data in Snapdragon Auto, Snapdragon Compute, Snapdra

Buffer overflow in WLAN NAN function due to lack of check of count value received in NAN availability attribute in Snapdragon Auto

Possible buffer overflow issue due to lack of length check when parsing the extended cap IE header length in Snapdragon Auto, Snap

Improper validation of read and write index of tx and rx fifo`s before using for data copy from fifo can lead to out-of-bound acce

Firmware is getting into loop of overwriting memory when scan command is given from host because of improper validation. in Snapdr

improper input validation in allocation request for secure allocations can lead to page fault. in Snapdragon Auto, Snapdragon Comp

An out-of-bound write can be triggered by a specially-crafted command supplied by a userspace application. in Snapdragon Auto, Sna

While sending the rendered surface content to the screen, Error handling is not properly checked results in an unpredictable behav

Null pointer dereference during secure application termination using specific application ids. in Snapdragon Auto, Snapdragon Comp

Unauthorized access from GPU subsystem to HLOS or other non secure subsystem memory can lead to information disclosure in Snapdrag

Lack of check to prevent the buffer length taking negative values can lead to stack overflow. in Snapdragon Auto, Snapdragon Compu

Out-of-Bounds access in TZ due to invalid index calculated to check against DDR in Snapdragon Auto, Snapdragon Connectivity, Snapd

Truncated access authentication token leads to weakened access control for stored secure application data in Snapdragon Auto, Snap

While deserializing any key blob during key operations, buffer overflow could occur, exposing partial key information if any key o

The HMAC authenticating the message from QSEE is vulnerable to timing side channel analysis leading to potentially forged applicat

Failure to initialize the reserved memory which is sent to the firmware might lead to exposure of 1 byte of uninitialized kernel S

Kernel can inject faults in computations during the execution of TrustZone leading to information disclosure in Snapdragon Auto, S

ECDSA signature code leaks private keys from secure world to non-secure world in Snapdragon Auto, Snapdragon Compute, Snapdragon C

Improper check before assigning value can lead to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity

Lack of check on length parameter may cause buffer overflow while processing WMI commands in Snapdragon Auto, Snapdragon Compute,

Data length received from firmware is not validated against the max allowed size which can result in buffer overflow. in Snapdrago

Improper input validation for argument received from HLOS can lead to buffer overflows and unexpected behavior in Snapdragon Auto,

Bytes can be written to fuses from Secure region which can be read later by HLOS in Snapdragon Auto, Snapdragon Compute, Snapdrago

Use of non-time constant memcmp function creates side channel that leaks information and leads to cryptographic issues in Snapdrag

Data truncation during higher to lower type conversion which causes less memory allocation than desired can lead to a buffer overf

Malicious TA can tag QSEE kernel memory and map to EL0, there by corrupting the physical memory as well it can be used to corrupt

Buffer overflow in AES-CCM and AES-GCM encryption via initialization vector in snapdragon automobile, snapdragon mobile and snapdr

When a 3rd party TEE has been loaded it is possible for the non-secure world to create a secure monitor call which will give it ac

A non-secure user may be able to access certain registers in snapdragon automobile, snapdragon mobile and snapdragon wear in versi

Buffer overwrite can happen in WLAN function while processing set pdev parameter command due to lack of input validation in Snapdr

Integer overflow may happen in WLAN when calculating an internal structure size due to lack of validation of the input length in S

Lack of check on out of range for channels When processing channel list set command will lead to buffer flow in Snapdragon Mobile,

Lack of check on out of range of bssid parameter When processing scan start command will lead to buffer flow in Snapdragon Automob

Possible integer overflow may happen in WLAN during memory allocation in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MD

In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 2

In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin