CVE-2020-11262

all versions

A race between command submission and destroying the context can cause an invalid context being added to the list leads to use aft

7.0HIGH

CVE-2020-11261

all versions

Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdra

7.8HIGH

CVE-2020-11260

all versions

An improper free of uninitialized memory can occur in DIAG services in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon M

8.4HIGH

CVE-2020-11250

all versions

Use after free due to race condition when reopening the device driver repeatedly in Snapdragon Auto, Snapdragon Compute, Snapdrago

7.0HIGH

CVE-2020-11241

all versions

Out of bound read will happen if EAPOL Key length is less than expected while processing NAN shared key descriptor attribute in Sn

7.5HIGH

CVE-2020-11240

all versions

Memory corruption due to ioctl command size was incorrectly set to the size of a pointer and not enough storage is allocated for t

7.8HIGH

CVE-2020-11239

all versions

Use after free issue when importing a DMA buffer by using the CPU address of the buffer due to attachment is not cleaned up proper

7.8HIGH

CVE-2020-11238

all versions

Possible Buffer over-read in ARP/NS parsing due to lack of check of packet length received in Snapdragon Auto, Snapdragon Compute,

7.5HIGH

CVE-2020-11235

all versions

Buffer overflow might occur while parsing unified command due to lack of check of input data received in Snapdragon Auto, Snapdrag

7.8HIGH

CVE-2020-11165

all versions

Memory corruption due to buffer overflow while copying the message provided by HLOS into buffer without validating the length of b

7.8HIGH

CVE-2020-11161

all versions

Out-of-bounds memory access can occur while calculating alignment requirements for a negative width from external components in Sn

7.1HIGH

CVE-2020-11159

all versions

Buffer over-read can happen while processing WPA,RSN IE of beacon and response frames if IE length is less than length of frame po

9.1CRITICAL

CVE-2020-11134

all versions

Possible stack out of bound write might happen due to time bitmap length and bit duration fields of the attributes like NAN rangin

9.8CRITICAL

CVE-2020-11126

all versions

Possible out of bound read while WLAN frame parsing due to lack of check for body and header length in Snapdragon Auto, Snapdragon

9.1CRITICAL

CVE-2021-1927

all versions

Possible use after free due to lack of null check while memory is being freed in FastRPC driver in Snapdragon Auto, Snapdragon Com

8.4HIGH

CVE-2021-1925

all versions

Possible denial of service scenario due to improper handling of group management action frame in Snapdragon Auto, Snapdragon Compu

7.5HIGH

CVE-2021-1915

all versions

Buffer overflow can occur due to improper validation of NDP application information length in Snapdragon Auto, Snapdragon Compute,

7.8HIGH

CVE-2021-1910

all versions

Double free in video due to lack of input buffer length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Sna

7.3HIGH

CVE-2021-1906

all versions

Improper handling of address deregistration on failure can lead to new GPU address allocation failure. in Snapdragon Auto, Snapdra

6.2MEDIUM

CVE-2021-1905

all versions

Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapd

8.4HIGH

CVE-2021-1895

all versions

Possible integer overflow due to improper length check while flashing an image in Snapdragon Consumer IOT, Snapdragon Industrial I

6.8MEDIUM

CVE-2021-1891

all versions

A possible use-after-free occurrence in audio driver can happen when pointers are not properly handled in Snapdragon Auto, Snapdra

8.4HIGH

CVE-2020-11295

all versions

Use after free in camera If the threadmanager is being cleaned up while the worker thread is processing objects in Snapdragon Auto

6.8MEDIUM

CVE-2020-11294

all versions

Out of bound write in logger due to prefix size is not validated while prepended to logging string in Snapdragon Auto, Snapdragon

5.9MEDIUM

CVE-2020-11289

all versions

Out of bound write can occur in TZ command handler due to lack of validation of command ID in Snapdragon Auto, Snapdragon Compute,

7.8HIGH

CVE-2020-11288

all versions

Out of bound write can occur in playready while processing command due to lack of input validation in Snapdragon Auto, Snapdragon

7.8HIGH

CVE-2020-11274

all versions

Denial of service in MODEM due to assert to the invalid configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectiv

7.5HIGH

CVE-2020-11273

all versions

Histogram type KPI was teardown with the assumption of the existence of histogram binning info and will lead to null pointer acces

7.5HIGH

CVE-2020-11247

all versions

Out of bound memory read while unpacking data due to lack of offset length check in Snapdragon Auto, Snapdragon Compute, Snapdrago

8.2HIGH

CVE-2020-11246

all versions

A double free condition can occur when the device moves to suspend mode during secure playback in Snapdragon Auto, Snapdragon Comp

8.4HIGH

CVE-2020-11236

all versions

Memory corruption due to invalid value of total dimension in the non-histogram type KPI could lead to a denial of service in Snapd

8.4HIGH

CVE-2020-11231

all versions

Two threads call one or both functions concurrently leading to corruption of pointers and reference counters which in turn can lea

6.7MEDIUM

CVE-2020-11191

all versions

Out of bound read occurs while processing crafted SDP due to lack of check of null string in Snapdragon Auto, Snapdragon Compute,

8.2HIGH

CVE-2020-11309

all versions

Use after free in GPU driver while mapping the user memory to GPU memory due to improper check of referenced memory in Snapdragon

7.8HIGH

CVE-2020-11308

all versions

Buffer overflow occurs when trying to convert ASCII string to Unicode string if the actual size is more than required in Snapdrago

6.8MEDIUM

CVE-2020-11299

all versions

Buffer overflow can occur in video while playing the non-standard clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connecti

9.8CRITICAL

CVE-2020-11290

all versions

Use after free condition in msm ioctl events due to race between the ioctl register and deregister events in Snapdragon Auto, Snap

7.0HIGH

CVE-2020-11230

all versions

Potential arbitrary memory corruption when the qseecom driver updates ion physical addresses in the buffer as it exposes a physica

6.4MEDIUM

CVE-2020-11297

all versions

Denial of service in WLAN module due to improper check of subtypes in logic where excessive frames are dropped in Snapdragon Auto,

7.5HIGH

CVE-2020-11296

all versions

Arithmetic overflow can happen while processing NOA IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snap

7.5HIGH

CVE-2020-11281

all versions

Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers can lead to information disclos

7.5HIGH

CVE-2020-11280

all versions

Denial of service while processing fine timing measurement request (FTMR) frame with reserved bits set in the FTM parameter IE due

7.5HIGH

CVE-2020-11278

all versions

Possible denial of service while handling host WMI command due to improper validation in Snapdragon Auto, Snapdragon Compute, Snap

7.5HIGH

CVE-2020-11277

all versions

Possible race condition during async fastrpc session after sending RPC message due to the fastrpc ctx gets free during async sessi

7.4HIGH

CVE-2020-11276

all versions

Possible buffer over read while processing P2P IE and NOA attribute of beacon and probe response frames due to improper validation

9.1CRITICAL

CVE-2020-11275

all versions

Possible buffer over-read while parsing quiet IE in Rx beacon frame due to improper check of IE length in received beacon in Snapd

9.1CRITICAL

CVE-2020-11272

all versions

Before enqueuing a frame to the PE queue for further processing, an entry in a hash table can be deleted and using a stale version

9.8CRITICAL

CVE-2020-11271

all versions

Possible out of bounds while accessing global control elements due to race condition in Snapdragon Auto, Snapdragon Compute, Snapd

7.8HIGH

CVE-2020-11270

all versions

Possible denial of service due to RTT responder consistently rejects all FTMR by transmitting FTM1 with failure status in the FTM

7.5HIGH

CVE-2020-11269

all versions

Possible memory corruption while processing EAPOL frames due to lack of validation of key length before using it in Snapdragon Aut

8.8HIGH

CVE-2020-11223

all versions

Out of bound in camera driver due to lack of check of validation of array index before copying into array in Snapdragon Auto, Snap

7.8HIGH

CVE-2020-11204

all versions

Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for par

7.8HIGH

CVE-2020-11195

all versions

Out of bound write and read in TA while processing command from NS side due to improper length check on command and response buffe

7.8HIGH

CVE-2020-11194

all versions

Possible out of bound access in TA while processing a command from NS side due to improper length check of response buffer in Snap

7.8HIGH

CVE-2020-11170

all versions

Out of bound memory access while playing music playbacks with crafted vorbis content due to improper checks in header extraction i

9.8CRITICAL

CVE-2020-11147

all versions

Use after free issue in audio modules while removing and freeing objects during list iteration due to incorrect usage of macro in

6.7MEDIUM

CVE-2020-11119

all versions

Buffer over-read can happen when the buffer length received from response handlers is more than the size of the payload in Snapdra

7.5HIGH