qca4004 firmware · threatengine.sh

Home/Product/qualcomm qca4004 firmware

Product

qualcomm qca4004 firmware

163 known vulnerabilities across versions

Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.

Sort Min CVSS Published since

Memory corruption while processing a malformed license file during reboot.

Memory corruption during PlayReady APP usecase while processing TA commands.

Information disclosure while processing the hash segment in an MBN file.

Information disclosure while reading data from an image using specified offset and size parameters.

There may be information disclosure during memory re-allocation in TZ Secure OS.

While processing the authentication message in UE, improper authentication may lead to information disclosure.

Memory corruption when allocating and accessing an entry in an SMEM partition continuously.

memory corruption when an invalid firehose patch command is invoked.

Cryptographic issue while parsing RSA keys in COBR format.

Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.

Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.

Memory corruption when an invoke call and a TEE call are bound for the same trusted application.

Memory corruption while processing key blob passed by the user.

Transient DOS while loading the TA ELF file.

Memory corruption while performing finish HMAC operation when context is freed by keymaster.

Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immedia

Memory corruption while copying a keyblobs material when the key materials size is not accurately checked.

Memory corruption in SPS Application while requesting for public key in sorter TA.

Memory corruption in Audio while processing RT proxy port register driver.

Memory corruption in Core while processing control functions.

Memory corruption in Audio during playback with speaker protection.

Memory corruption in TZ Secure OS while requesting a memory allocation from TA region.

Memory corruption in HLOS while running playready use-case.

Memory corruption while using the UIM diag command to get the operators name.

Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.

Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.

Memory corruption while loading an ELF segment in TEE Kernel.

Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.

Memory corruption in MPP performance while accessing DSM watermark using external memory address.

Memory Corruption in SPS Application while exporting public key in sorter TA.

Information disclosure in IOE Firmware while handling WMI command.

Cryptographic issue in HLOS during key management.

Memory corruption in TZ Secure OS while loading an app ELF.

Memory Corruption in Core due to secure memory access by user while loading modem image.

Memory Corruption in Multi-mode Call Processor while processing bit mask API.

Memory Corruption in Data Modem while making a MO call or MT VOLTE call.

Memory corruption in WLAN HAL while handling command streams through WMI interfaces.

Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.

Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.

Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key.

Information disclosure in Network Services due to buffer over-read while the device receives DNS response.

Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from netw

Information disclosure in Kernel due to indirect branch misprediction.

Transient DOS due to improper authorization in Modem

Memory corruption due to double free in Core while mapping HLOS address to the list.

information disclosure due to cryptographic issue in Core during RPMB read request.

Information disclosure due to buffer over-read in Modem while parsing DNS hostname.

Transient DOS due to NULL pointer dereference in Modem while performing pullup for received TCP/UDP packet.

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command le

Information disclosure in Modem due to buffer over-read while parsing the wms message received given the buffer and its length.

Transient DOS in Modem due to NULL pointer dereference while receiving response of lwm2m registration/update/bootstrap request mes

Information disclosure in Modem due to buffer over-read while receiving a IP header with malformed length.

Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card.

Information disclosure in Modem due to buffer over-read while getting length of Unfragmented headers in an IPv6 packet.

Memory corruption due to buffer copy without checking the size of input in modem while decoding raw SMS received.

Information disclosure due to buffer over-read in modem while reading configuration parameters.

Memory corruption due to double free in core while initializing the encryption key.

Information disclosure sue to buffer over-read in modem while processing ipv6 packet with hop-by-hop or destination option in head

Transient DOS in Modem due to null pointer dereference while processing the incoming packet with http chunked encoding.

Information disclosure due to buffer over-read while parsing DNS response packets in Modem.

memory corruption in modem due to improper check while calculating size of serialized CoAP message

Information disclosure in modem due to improper input validation during parsing of upcoming CoAP message

Memory corruption in modem due to improper input validation while handling the incoming CoAP message

Memory corruption in modem due to buffer overwrite while building an IPv6 multicast address based on the MAC address of the iface

Denial of service in modem due to missing null check while processing the ipv6 packet received during ECM call

Information disclosure in modem due to missing NULL check while reading packets received from local network

Information disclosure in modem due to buffer over-read while processing packets from DNS server

Information disclosure in modem due to improper check of IP type while processing DNS server query

Information disclosure in modem data due to array out of bound access while handling the incoming DNS response packet

Memory correction in modem due to buffer overwrite during coap connection

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.

Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone.

Memory corruption in modem due to buffer overflow while processing a PPP packet

Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response

Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM

Memory corruption due to configuration weakness in modem wile sending command to write protected files.

Information disclosure due to buffer over-read in Modem while using static array to process IPv4 packets.

Information disclosure in modem due to buffer over-red while performing checksum of packet received

Denial of service in modem due to missing null check while processing TCP or UDP packets from server

Denial of service in modem due to missing null check while processing IP packets with padding

Denial of service in modem due to null pointer dereference while processing DNS packets

Information disclosure in modem due to buffer over read in dns client due to missing length check

Memory corruption in modem due to improper length check while copying into memory

Information disclosure in modem due to buffer over-read while processing response from DNS server

Memory corruption due to stack-based buffer overflow in Core

Information disclosure due to buffer overread in Core

Information disclosure due to buffer overread in Core

Memory corruption in core due to stack-based buffer overflow

Memory corruption in Core due to stack-based buffer overflow.

Memory corruption in MODEM due to Improper Validation of Array Index while processing GSTK Proactive commands in Snapdragon Auto,

Memory corruption in MODEM UIM due to usage of out of range pointer offset while decoding command from card in Snapdragon Auto, Sn

Denial of service in modem due to infinite loop while parsing IGMPv2 packet from server in Snapdragon Consumer IOT, Snapdragon Ind

Memory Corruption in modem due to improper length check while copying into memory in Snapdragon Consumer IOT, Snapdragon Industria

Cryptographic issues in WLAN during the group key handshake of the WPA/WPA2 protocol in Snapdragon Consumer IOT, Snapdragon Indust

Information disclosure in WLAN due to improper length check while processing authentication handshake in Snapdragon Auto, Snapdrag

Cryptographic issue in WLAN due to improper check on return value while authentication handshake in Snapdragon Auto, Snapdragon Co

Improper access control sequence for AC database after memory allocation can lead to possible memory corruption in Snapdragon Auto

Improper authorization of a replayed LTE security mode command can lead to a denial of service in Snapdragon Auto, Snapdragon Comp

Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received

Improper buffer size validation of DSM packet received can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapd

Possible unauthorized access to secure space due to improper check of data allowed while flashing the no access control device con

Improper validation of maximum size of data write to EFS file can lead to memory corruption in Snapdragon Auto, Snapdragon Compute

Possible denial of service due to incorrectly decoding hex data for the SIB2 OTA message and assigning a garbage value to choice w

Improper validation of memory region in Hypervisor can lead to incorrect region mapping in Snapdragon Auto, Snapdragon Compute, Sn

Possible buffer overflow due to lack of range check while processing a DIAG command for COEX management in Snapdragon Auto, Snapdr

Possible out of bound write in RAM partition table due to improper validation on number of partitions provided in Snapdragon Auto,

Improper input validation in TrustZone memory transfer interface can lead to information disclosure in Snapdragon Auto, Snapdragon

Possible integer overflow in page alignment interface due to lack of address and size validation before alignment in Snapdragon Au

Possible integer overflow in access control initialization interface due to lack and size and address validation in Snapdragon Aut

Possible assertion due to improper handling of IPV6 packet with invalid length in destination options header in Snapdragon Auto, S

Possible null pointer dereference in thread cache operation handler due to lack of validation of user provided input in Snapdragon

Possible null pointer dereference in trap handler due to lack of thread ID validation before dereferencing it in Snapdragon Auto,

Possible null pointer dereference in thread profile trap handler due to lack of thread ID validation before dereferencing it in Sn

Possible null pointer dereference due to lack of TLB validation for user provided address in Snapdragon Auto, Snapdragon Compute,

Possible heap Memory Corruption Issue due to lack of input validation when sending HWTC IQ Capture command in Snapdragon Auto, Sna

Improper access control in TrustZone due to improper error handling while handling the signing key in Snapdragon Auto, Snapdragon

Possible information exposure and denial of service due to NAS not dropping messages when integrity check fails in Snapdragon Auto

Possible out of bound access due to improper validation of function table entries in Snapdragon Auto, Snapdragon Compute, Snapdrag

Possible buffer overflow due to improper input validation in PDM DIAG command in FTM in Snapdragon Auto, Snapdragon Compute, Snapd

Possible buffer overflow due to improper input validation in factory calibration and test DIAG command in Snapdragon Auto, Snapdra

Possible heap overflow due to improper length check of domain while parsing the DNS response in Snapdragon Auto, Snapdragon Comput

A FTM Diag command can allow an arbitrary write into modem OS space in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivit

Information disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon

Possible integer and heap overflow due to lack of input command size validation while handling beacon template update command from

Possible buffer over read occurs due to lack of length check of request buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon

Possible null pointer dereference due to lack of validation check for passed pointer during key import in Snapdragon Auto, Snapdra

Buffer overflow occurs in trusted applications due to lack of length check of parameters in Snapdragon Auto, Snapdragon Compute, S

Integer underflow can occur due to improper handling of incoming RTCP packets in Snapdragon Auto, Snapdragon Compute, Snapdragon C

Possible buffer underflow due to lack of check for negative indices values when processing user provided input in Snapdragon Auto,

Loop with unreachable exit condition may occur due to improper handling of unsupported input in Snapdragon Auto, Snapdragon Comput

Improper length check of public exponent in RSA import key function could cause memory corruption. in Snapdragon Auto, Snapdragon

Possible buffer overflow due to lack of length check in Trusted Application in Snapdragon Auto, Snapdragon Compute, Snapdragon Con

Memory corruption in key parsing and import function due to double freeing the same heap allocation in Snapdragon Auto, Snapdragon

Incorrect handling of pointers in trusted application key import mechanism could cause memory corruption in Snapdragon Auto, Snapd

Possible out of bound read in DRM due to improper buffer length check. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connecti

While waiting for a response to a callback or listener request, non-secure clients can change permissions to shared memory buffers

Possible buffer overflow in voice service due to lack of input validation of parameters in QMI Voice API in Snapdragon Auto, Snapd

Trusted APPS to overwrite the CPZ memory of another use-case as TZ only checks the physical address not overlapping with its memor

Out of bound read can happen in Widevine TA while copying data to buffer from user data due to lack of check of buffer length rece

Out of bound write can occur in TZ command handler due to lack of validation of command ID in Snapdragon Auto, Snapdragon Compute,

Out of bound write can occur in playready while processing command due to lack of input validation in Snapdragon Auto, Snapdragon

Buffer over-read while unpacking the RTCP packet we may read extra byte if wrong length is provided in RTCP packets in Snapdragon

Memory corruption while processing crafted SDES packets due to improper length check in sdes packets recieved in Snapdragon Auto,

Denial of service while processing RTCP packets containing multiple SDES reports due to memory for last SDES packet is freed and r

Trustzone initialization code will disable xPU`s when memory dumps are enabled and lead to information disclosure in Snapdragon Au

Out-of-bounds read vulnerability while accessing DTMF payload due to lack of check of buffer length before copying in Snapdragon A

Out of bound read occurs while processing crafted SDP due to lack of check of null string in Snapdragon Auto, Snapdragon Compute,

Out of bound write while parsing RTT/TTY packet parsing due to lack of check of buffer size before copying into buffer in Snapdrag

Out of bound memory read in Data modem while unpacking data due to lack of offset length check in Snapdragon Auto, Snapdragon Comp

Usage of syscall by non-secure entity can allow extraction of secure QTEE diagnostic information in clear text form due to insuffi

HLOS to access EL3 stack canary by just mapping imem region due to Improper access control and can lead to information exposure in

Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Sna

Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Sna

Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Sna

Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Sna

Potential out of bound read exception when UE receives unusually large number of padding octets in the beginning of ROHC header in

Out of bound read access in hypervisor due to an invalid read access attempt by passing invalid addresses in Snapdragon Auto, Snap

Possible memory corruption while processing EAPOL frames due to lack of validation of key length before using it in Snapdragon Aut

Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for par

Out of bound write and read in TA while processing command from NS side due to improper length check on command and response buffe

User can overwrite Security Code NV item without knowing current SPC due to improper validation of SPC code setting and device loc

Out of bound memory access while playing music playbacks with crafted vorbis content due to improper checks in header extraction i

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin