kamorta firmware · threatengine.sh

Home/Product/qualcomm kamorta firmware

Product

qualcomm kamorta firmware

80 known vulnerabilities across versions

Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.

Sort Min CVSS Published since

u'While processing invalid connection request PDU which is nonstandard (interval or timeout is 0) from central device may lead per

u'Buffer over-read issue in Bluetooth peripheral firmware due to lack of check for invalid opcode and length of opcode received fr

u'Possible buffer overflow while updating output buffer for IMEI and Gateway Address due to lack of check of input validation for

u'Due to an incorrect SMMU configuration, the modem crypto engine can potentially compromise the hypervisor' in Snapdragon Auto, S

u'QSEE reads the access permission policy for the SMEM TOC partition from the SMEM TOC contents populated by XBL Loader and applie

u'A buffer overflow could occur if the API is improperly used due to UIE init does not contain a buffer size a param' in Snapdrago

u'Buffer overflow can happen as part of SIP message packet processing while storing values in array due to lack of check to valida

u'Potential out of bounds read while processing downlink NAS transport message due to improper length check of Information Element

u'Buffer overflow occurs while processing SIP message packet due to lack of check of index validation before copying into it' in S

u'An Unaligned address or size can propagate to the database due to improper page permissions and can lead to improper access cont

u'Array index underflow issue in adsp driver due to improper check of channel id before used as array index.' in Snapdragon Auto,

u'Two threads running simultaneously from user space can lead to race condition in fastRPC driver' in Snapdragon Auto, Snapdragon

u'Third-party app may also call the broadcasts in Perfdump and cause privilege escalation issue due to improper access control' in

u'Possible buffer overflow in MHI driver due to lack of input parameter validation of EOT events received from MHI device side' in

u'Out of bound access can happen in MHI command process due to lack of check of channel id value received from MHI devices' in Sna

u'During execution after Address Space Layout Randomization is turned on for QTEE, part of code is still mapped at known address i

Out of bound access can happen in MHI command process due to lack of check of command channel id value received from MHI devices i

u'Multiple Read overflows issue due to improper length check while decoding Generic NAS transport/EMM info' in Snapdragon Auto, Sn

u'Buffer over-read Issue in Q6 testbus framework due to diag packet length is not completely validated before accessing the field

u'Reachable assertion when wrong data size is returned by parser for ape clips' in Snapdragon Auto, Snapdragon Consumer IOT, Snapd

u'During the error occurrence in capture request, the buffer is freed and later accessed causing the camera APP to fail due to mem

u'Potential integer underflow while parsing Service Info and IPv6 link-local TLVs that comes as part of NDPE attribute' in Snapdra

u'Buffer Overflow issue in WLAN tcp ip verification due to usage of out of range pointer offset' in Snapdragon Auto, Snapdragon Co

u'Buffer overflow while parsing PMF enabled MCBC frames due to frame length being lesser than what is expected while parsing' in S

u'Buffer Overflow in mic calculation for WPA due to copying data into buffer without validating the length of buffer' in Snapdrago

u'Information disclosure issue occurs as in current logic Secure Touch session is released without terminating display session' in

u'Information disclosure issue can occur due to partial secure display-touch session tear-down' in Snapdragon Auto, Snapdragon Com

u'Resizing the usage table header before passing all the checks leads to the function exiting with a usage table in invalid state

u'Out of bound writes happen when accessing usage_table header entry beyond the memory allocated for the header' in Snapdragon Aut

u'Stack out of bound issue occurs when making query to DSP capabilities due to wrong assumption was made on determining the buffer

u'A potential buffer overflow exists due to integer overflow when parsing handler options due to wrong data type usage in operatio

u'Channel name string which has been read from shared memory is potentially subjected to string manipulations but not validated fo

u'Lack of check to ensure that the TX read index & RX write index that are read from shared memory are less than the FIFO size res

u'Lack of check of integer overflow while doing a round up operation for data read from shared memory for G-link SMEM transport ca

u'Non-secure memory is touched multiple times during TrustZone\u2019s execution and can lead to privilege escalation or memory cor

u'XBL SEC clears only ZI region when loading Qualcomm-signed segments can lead to improper access issue' in Snapdragon Compute, Sn

u'Null Pointer exception while playing crafted mkv file as data stream get deleted on secondary invalid configuration' in Snapdrag

u'Calling thread may free the data buffer pointer that was passed to the callback and later when event loop executes the callback,

u'Information exposure issues while processing IE header due to improper check of beacon IE frame' in Snapdragon Auto, Snapdragon

u'Possible out of bound write while processing association response received from host due to lack of check of IE length' in Snapd

u'Buffer over read occurs while processing information element from beacon due to lack of check of data received from beacon' in S

u'While processing SMCInvoke asynchronous message header, message count is modified leading to a TOCTOU race condition and lead to

u'Information disclosure issue occurs as in current logic as secure touch is released without clearing the display session which c

u'Keymaster attestation key and device IDs provisioning which is a one time process is incorrectly allowed to be re-provisioned af

u'Heap overflow in diag command handler due to lack of check of packet length received from user' in Snapdragon Auto, Snapdragon C

u'Pointer double free in HavenSvc due to not setting the pointer to NULL after freeing it' in Snapdragon Auto, Snapdragon Compute,

u'Possible integer overflow in API due to lack of check on large oid range count in cert extension field' in Snapdragon Auto, Snap

u'When a new session is created, Object is returned that contains TZ addresses and it get passed to HLOS as an handle to refer to

u'Lack of check for integer overflow for round up and addition operations result into memory corruption and potential information

u'Lack of check that the TX FIFO write and read indices that are read from shared RAM are less than the FIFO size results into mem

u'Lack of integer overflow check for addition of fragment size and remaining size that are read from shared memory can lead to mem

u'Lack of check that the current received data fragment size of a particular packet that are read from shared memory are less than

u'Possibility of integer overflow in keymaster 4 while allocating memory due to multiplication of large numcerts value and size of

u'Improper authentication and signature verification of debug polices in secure boot loader will allow unverified debug policies t

u'SMEM partition can be manipulated in case of any compromise on HLOS, thus resulting in access to memory outside of SMEM address

Possible buffer overflow while parsing mp4 clip with corrupted sample atoms due to improper validation of index in Snapdragon Auto

Memory corruption can occurs in trusted application if offset size from HLOS is more than actual mapped buffer size in Snapdragon

Memory failure in content protection module due to not having pointer within the scope in Snapdragon Auto, Snapdragon Compute, Sna

Possible buffer overflow and over read possible due to missing bounds checks for fixed limits if we consider widevine HLOS client

Out of bounds read can happen in diag event set mask command handler when user provided length in the command request is less than

Possible memory corruption in perfservice due to improper validation array length taken from user application. in Snapdragon Auto,

Buffer over-write may occur during fetching track decoder specific information if cb size exceeds buffer size in Snapdragon Auto,

Buffer overflow will happen while parsing mp4 clip with corrupted sample atoms values which exceeds MAX_UINT32 range due to lack o

Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms in Snapdragon Auto, Snapdrago

Use after free issue in camera applications when used randomly over multiple operations due to pointer not set to NULL after free/

Integer overflow in diag command handler when user inputs a large value for number of tasks field in the request packet in Snapdra

Out of bound write can happen due to lack of check of array index value while parsing SDP attribute for SAR in Snapdragon Auto, Sn

Buffer overflow occurs while processing an subsample data length out of range due to lack of user input validation in Snapdragon A

Copying RTCP messages into the output buffer without checking the destination buffer size which could lead to a remote stack overf

Buffer overflows while decoding setup message from Network due to lack of check of IE message length received from network in Snap

Firmware will hit assert in WLAN firmware If encrypted data length in FILS IE of reassoc response is more than 528 bytes in Snapdr

Integer overflow may occur if atom size is less than atom offset as there is improper validation of atom size in Snapdragon Auto,

Array out of bound may occur while playing mp3 file as no check is there on offset if it is greater than the buffer allocated or n

Possibility of out of bound access while processing the responses from video firmware in Snapdragon Auto, Snapdragon Compute, Snap

Out of bound memory access while processing ese transmit command due to passing Response buffer received from user in Snapdragon A

Using non-time-constant functions like memcmp to compare sensitive data can lead to information leakage through timing side channe

Integer overflow in calculating estimated output buffer size when getting a list of installed Feature IDs, Serial Numbers or check

Improper permissions in XBL_SEC region enable user to update XBL_SEC code and data and divert the RAM dump path to normal cold boo

Out of bound read in Fingerprint application due to requested data is being used without length check in Snapdragon Auto, Snapdrag

Out of bound read in fingerprint application due to requested data assigned to a local buffer without length check in Snapdrago

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin