qcn7605 firmware · threatengine.sh

Home/Product/qualcomm qcn7605 firmware

Product

qualcomm qcn7605 firmware

191 known vulnerabilities across versions

Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.

Sort Min CVSS Published since

Transient DOS when a remote device sends an invalid connection request during BT connectable LE scan.

Transient DOS while parsing the EPTM test control message to get the test pattern.

Transient DOS while processing an ANQP message.

Memory corruption may occur while reading board data via IOCTL call when the WLAN driver copies the content to the provided output

Memory corruption while IOCTL call is invoked from user-space to read board data.

Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.

Memory corruption when IOCTL call is invoked from user-space to read board data.

Memory corruption while invoking IOCTL calls from user space to issue factory test command inside WLAN driver.

Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.

Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.

Transient DOS while parse fils IE with length equal to 1.

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains IPPROTO_NONE as the n

Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.

Transient DOS in WLAN Firmware while parsing a BTM request.

Transient DOS while parsing WPA IES, when it is passed with length more than expected size.

Memory corruption when processing cmd parameters while parsing vdev.

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.

Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level.

Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.

Memory corruption in MPP performance while accessing DSM watermark using external memory address.

Information disclosure in WLAN HAL while handling command through WMI interfaces.

Information disclosure in WLAN HAL while handling the WMI state info command.

Information disclosure in IOE Firmware while handling WMI command.

Transient DOS in WLAN Firmware while parsing rsn ies.

Transient DOS in Modem while allocating DSM items.

Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon frame.

Memory corruption in WLAN HAL while handling command through WMI interfaces.

Memory corruption in WLAN HAL while handling command streams through WMI interfaces.

Memory corruption in WLAN HAL while passing command parameters through WMI interfaces.

Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.

Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload.

Memory corruption in WLAN handler while processing PhyID in Tx status handler.

Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload.

Memory corruption in WLAN while sending transmit command from HLOS to UTF handlers.

Memory Corruption in Data Modem while processing DMA buffer release event about CFR data.

Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.

Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.

Memory corruption in WLAN due to use after free

Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.

Memory corruption in modem due to buffer copy without checking size of input while receiving WMI command.

Information disclosure due to buffer over-read in WLAN while parsing NMF frame.

Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames.

Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames.

Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Sna

Information disclosure due to buffer over-read in WLAN firmware while parsing security context info attributes. in Snapdragon Auto

Transient DOS due to loop with unreachable exit condition in WLAN firmware while parsing IPV6 extension header. in Snapdragon Auto

Transient DOS due to buffer over-read in WLAN firmware while processing PPE threshold. in Snapdragon Auto, Snapdragon Compute, Sna

Transient Denial-of-Service in WLAN due to buffer over-read while parsing MDNS frames. in Snapdragon Auto, Snapdragon Compute, Sna

Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Comp

Denial of service in WLAN due to out-of-bound read happens while processing VHT action frame in Snapdragon Auto, Snapdragon Comput

Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute, Snapdrag

Memory corruption due to use after free issue in kernel while processing ION handles in Snapdragon Auto, Snapdragon Compute, Snapd

Information disclosure in WLAN due to improper validation of array index while parsing crafted ANQP action frames in Snapdragon Au

An out-of-bounds read can occur while parsing a server certificate due to improper length check in Snapdragon Auto, Snapdragon Com

Out of bound read in WLAN HOST due to improper length check can lead to DOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Con

Possible buffer over read due to lack of size validation while unpacking frame in Snapdragon Auto, Snapdragon Compute, Snapdragon

Possible out of bound read due to lack of length check of data length for a DIAG event in Snapdragon Auto, Snapdragon Compute, Sna

Possible out of bound read due to improper validation of certificate chain in SSL or Internet key exchange in Snapdragon Auto, Sna

Possible buffer overflow due to improper validation of SSID length received from beacon or probe response during an IBSS session i

Buffer overflow in sahara protocol while processing commands leads to overwrite of secure configuration data in Snapdragon Mobile,

Improper validation of program headers containing ELF metadata can lead to image verification bypass in Snapdragon Auto, Snapdrago

Improper validation of LLM utility timers availability can lead to denial of service in Snapdragon Auto, Snapdragon Compute, Snapd

Possible buffer overflow due to lack of buffer length check when segmented WMI command is received in Snapdragon Auto, Snapdragon

Possible null pointer dereference in thread cache operation handler due to lack of validation of user provided input in Snapdragon

Possible null pointer dereference in trap handler due to lack of thread ID validation before dereferencing it in Snapdragon Auto,

Possible null pointer dereference due to lack of TLB validation for user provided address in Snapdragon Auto, Snapdragon Compute,

Possible denial of service scenario can occur due to lack of length check on Channel Switch Announcement IE in beacon or probe res

Possible stack overflow due to improper length check of TLV while copying the TLV to a local stack variable in Snapdragon Auto, Sn

Possible Integer overflow to buffer overflow issue can occur due to improper validation of input parameters when extscan hostlist

Improper handling of ASB-C broadcast packets with crafted opcode in LMP can lead to uncontrolled resource consumption in Snapdrago

Improper handling of ASB-U packet with L2CAP channel ID by slave host can lead to interference with piconet in Snapdragon Auto, Sn

Buffer overflow occurs in trusted applications due to lack of length check of parameters in Snapdragon Auto, Snapdragon Compute, S

Improper authentication of un-encrypted plaintext Wi-Fi frames in an encrypted network can lead to information disclosure in Snapd

Improper handling of received malformed FTMR request frame can lead to reachable assertion while responding with FTM1 frame in Sna

Possible assertion due to improper verification while creating and deleting the peer in Snapdragon Auto, Snapdragon Compute, Snapd

Out of bound read will happen if EAPOL Key length is less than expected while processing NAN shared key descriptor attribute in Sn

Possible Buffer over-read in ARP/NS parsing due to lack of check of packet length received in Snapdragon Auto, Snapdragon Compute,

Buffer overflow might occur while parsing unified command due to lack of check of input data received in Snapdragon Auto, Snapdrag

Buffer over-read can happen while processing WPA,RSN IE of beacon and response frames if IE length is less than length of frame po

Possible stack out of bound write might happen due to time bitmap length and bit duration fields of the attributes like NAN rangin

Possible out of bound read while WLAN frame parsing due to lack of check for body and header length in Snapdragon Auto, Snapdragon

Possible denial of service scenario due to improper handling of group management action frame in Snapdragon Auto, Snapdragon Compu

Buffer overflow can occur due to improper validation of NDP application information length in Snapdragon Auto, Snapdragon Compute,

Memory corruption due to improper input validation while processing IO control which is nonstandard in Snapdragon Compute, Snapdra

When sending a socket event message to a user application, invalid information will be passed if socket is freed by other thread r

Denial of service in WLAN module due to improper check of subtypes in logic where excessive frames are dropped in Snapdragon Auto,

Arithmetic overflow can happen while processing NOA IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snap

Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers can lead to information disclos

Denial of service while processing fine timing measurement request (FTMR) frame with reserved bits set in the FTM parameter IE due

Possible denial of service while handling host WMI command due to improper validation in Snapdragon Auto, Snapdragon Compute, Snap

Possible buffer over read while processing P2P IE and NOA attribute of beacon and probe response frames due to improper validation

Possible buffer over-read while parsing quiet IE in Rx beacon frame due to improper check of IE length in received beacon in Snapd

Before enqueuing a frame to the PE queue for further processing, an entry in a hash table can be deleted and using a stale version

Possible denial of service due to RTT responder consistently rejects all FTMR by transmitting FTM1 with failure status in the FTM

Possible memory corruption while processing EAPOL frames due to lack of validation of key length before using it in Snapdragon Aut

Buffer over-read can happen when the buffer length received from response handlers is more than the size of the payload in Snapdra

u'While processing invalid connection request PDU which is nonstandard (interval or timeout is 0) from central device may lead per

u'Buffer over-read while processing received L2CAP packet due to lack of integer overflow check' in Snapdragon Auto, Snapdragon Co

u'Buffer over-read issue in Bluetooth estack due to lack of check for invalid length of L2cap packet received from peer device.' i

u'Buffer overflow while processing PDU packet in bluetooth due to lack of check of buffer length before copying into it.' in Snapd

u'Buffer overflow while processing a crafted PDU data packet in bluetooth due to lack of check of buffer size before copying' in S

u'Out of bound memory access while processing GATT data received due to lack of check of pdu data length and leads to remote code

u'Buffer over-read issue in Bluetooth estack due to lack of check for invalid length of L2cap configuration request received from

u'Potential integer underflow while parsing Service Info and IPv6 link-local TLVs that comes as part of NDPE attribute' in Snapdra

u'Buffer Overflow issue in WLAN tcp ip verification due to usage of out of range pointer offset' in Snapdragon Auto, Snapdragon Co

u'Buffer overflow while parsing PMF enabled MCBC frames due to frame length being lesser than what is expected while parsing' in S

u'A potential buffer overflow exists due to integer overflow when parsing handler options due to wrong data type usage in operatio

u'Channel name string which has been read from shared memory is potentially subjected to string manipulations but not validated fo

u'Lack of check to ensure that the TX read index & RX write index that are read from shared memory are less than the FIFO size res

u'Lack of check of integer overflow while doing a round up operation for data read from shared memory for G-link SMEM transport ca

u'Information exposure issues while processing IE header due to improper check of beacon IE frame' in Snapdragon Auto, Snapdragon

u'Possible out of bound write while processing association response received from host due to lack of check of IE length' in Snapd

u'Buffer over read occurs while processing information element from beacon due to lack of check of data received from beacon' in S

u'Heap overflow in diag command handler due to lack of check of packet length received from user' in Snapdragon Auto, Snapdragon C

u'Lack of check for integer overflow for round up and addition operations result into memory corruption and potential information

u'Lack of check that the TX FIFO write and read indices that are read from shared RAM are less than the FIFO size results into mem

u'Lack of integer overflow check for addition of fragment size and remaining size that are read from shared memory can lead to mem

u'Lack of check that the current received data fragment size of a particular packet that are read from shared memory are less than

u'Out of bound memory access if stack push and pop operation are performed without doing a bound check on stack top' in Snapdragon

u'User Process can potentially corrupt kernel virtual page by passing a crafted page in API' in Snapdragon Auto, Snapdragon Comput

u'Memory can be potentially corrupted if random index is allowed to manipulate TLB entries in Kernel from user library' in Snapdra

u'SMEM partition can be manipulated in case of any compromise on HLOS, thus resulting in access to memory outside of SMEM address

Possible out of bound access while processing assoc response from host due to improper length check before copying into buffer in

Out of bound write while QoS DSCP mapping due to improper input validation for data received from association response frame in Sn

Out of bounds read can happen in diag event set mask command handler when user provided length in the command request is less than

Close and bind operations done on a socket can lead to a Use-After-Free condition. in Snapdragon Auto, Snapdragon Compute, Snapdra

Integer overflow in diag command handler when user inputs a large value for number of tasks field in the request packet in Snapdra

While IPA driver processes route add rule IOCTL, there is no input validation of the rule ID prior to adding the rule to the IPA H

Firmware will hit assert in WLAN firmware If encrypted data length in FILS IE of reassoc response is more than 528 bytes in Snapdr

Valid deauth/disassoc frames is dropped in case if RMF is enabled and some rouge peer keep on sending rogue deauth/disassoc frames

When attempting to create a new XFRM policy, a stack out-of-bounds read will occur if the user provides a template where the mode

Active command timeout since WM status change cmd is not removed from active queue if peer sends multiple deauth frames. in Snapdr

Possible integer overflow to buffer overflow in WLAN while parsing nonstandard NAN IE messages. in Snapdragon Auto, Snapdragon Com

Buffer overflow in WLAN firmware while parsing GTK IE containing GTK key having length more than the buffer size in Snapdragon Aut

Buffer overflow can occur in WLAN firmware while unwraping data using CCMP cipher suite during parsing of EAPOL handshake frame

Potential buffer overflow while processing CBF frames due to lack of check of buffer length before copy in Snapdragon Auto, Snapdr

Possible buffer overflow while handling NAN reception of NMF in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snap

Buffer overflow can occur in function wlan firmware while copying association frame content if frame length is more than the maxim

While handling the vendor command there is an integer truncation issue that could yield a buffer overflow due to int data type cop

Possible integer overflow can happen in host driver while processing user controlled string due to improper validation on data rec

Out of bound memory access can happen while parsing ADSP message due to lack of check of size of payload received from userspace i

Kernel memory error in debug module due to improper check of user data length before copying into memory in Snapdragon Auto, Snapd

Missing length check before copying the data from kernel space to userspace through the copy function can lead to buffer overflow

When issuing IOCTL calls to ION, Memory leak can occur due to failure in unassign pages under certain conditions in Snapdragon Aut

Possible buffer overflow in WLAN Parser due to lack of length check when copying data in Snapdragon Auto, Snapdragon Compute, Snap

Buffer overflow occurs while processing LMP packet in which name length parameter exceeds value specified in BT-specification in S

Possible integer overflow while checking the length of frame which is a 32 bit integer and is added to another 32 bit integer whic

Possible Integer underflow in WLAN function due to lack of check of data received from user side in Snapdragon Auto, Snapdragon Co

While parsing Service Descriptor Extended Attribute received as part of SDF frame, there is a possibility that incorrect length is

Potential buffer over-read due to lack of bound check of memory offset passed in WLAN firmware in Snapdragon Compute, Snapdragon C

Buffer Over-read when WLAN module gets a WMI message for SAR limits with invalid number of limits to be enforced in Snapdragon Com

Buffer overflow can occur while parsing RSN IE containing list of PMK ID`s which are more than the buffer size in Snapdragon Auto,

Buffer overwrite during memcpy due to lack of check on SSID length validation in Snapdragon Auto, Snapdragon Compute, Snapdragon C

Buffer overflow due to lack of upper bound check on channel length which is used for a loop. in Snapdragon Compute, Snapdragon Con

Possible buffer overflow in WLAN WMI handler due to lack of ssid length check when copying data in Snapdragon Auto, Snapdragon Com

Use after free issue occurs If the real device interface goes down and a route lookup is performed while sending a raw IPv6 messag

Out of bound write in WLAN driver due to NULL character not properly placed after SSID name in Snapdragon Auto, Snapdragon Compute

Possibility of use-after-free and double free because of not marking buffer as NULL after freeing can lead to dangling pointer acc

Stage-2 fault will occur while writing to an ION system allocation which has been assigned to non-HLOS memory which is non-standar

Possible buffer overflow issue in error processing due to improper validation of array index value in Snapdragon Auto, Snapdragon

While transferring data from APPS to DSP, Out of bound in FastRPC HLOS Driver due to the data buffer which can be controlled by DS

Integer overflow to buffer overflow due to lack of validation of event arguments received from firmware. in Snapdragon Auto, Snapd

Improper Access Control for RPU write access from secure processor in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Ele

Out of boundary access is possible as there is no validation of data accessed against the received size of the packet in case of m

Out of bounds memcpy can occur by providing the embedded NULL character string and length greater than the actual string length in

Buffer overwrite can occur in IEEE80211 header filling function due to lack of range check of array index received from firmware i

Out of bound access can occur while processing firmware event due to lack of validation of WMI message received from firmware in S

Out of bound access can occur while processing peer info in IBSS connection mode due to lack of upper bounds check to ensure that

Possibility of out of bound access in debug queue, if packet size field is corrupted in Snapdragon Auto, Snapdragon Compute, Snapd

Out-of-bound read in the wireless driver in the Linux kernel due to lack of check of buffer length. in Snapdragon Auto, Snapdragon

Improper length check on source buffer to handle userspace data received can lead to out-of-bound access in diag handlers in Snapd

Improper validation of event buffer extracted from FW response can lead to integer overflow, which will allow to pass the length c

Potential double free scenario if driver receives another DIAG_EVENT_LOG_SUPPORTED event from firmware as the pointer is not set t

Out of bound access occurs while handling the WMI FW event due to lack of check of buffer argument which comes directly from the W

Out of bound write can happen in WMI firmware event handler due to lack of validation of data received from WLAN firmware in Snapd

When a fake broadcast/multicast 11w rmf without mmie received, since no proper length check in wma_process_bip, buffer overflow wi

Out of bound read would occur while trying to read action category and action ID without validating the action length of the Rx Fr

Snapshot of IB can lead to invalid address access due to missing check for size in the related function in Snapdragon Auto, Snapdr

Buffer overflow can occur due to usage of wrong datatype and missing length check before copying into buffer in Snapdragon Auto, S

Race condition between the camera functions due to lack of resource lock which will lead to memory corruption and UAF issue in Sna

Buffer overflow can occur while processing non-standard NAN message from user space. in Snapdragon Auto, Snapdragon Consumer Elect

Buffer overflow can occur in wlan module if supported rates or extended rates element length is greater than max rate set length i

Buffer over-read can occur in fast message handler due to improper input validation while processing a message from firmware in Sn

Improper validation for loop variable received from firmware can lead to out of bound access in WLAN function while iterating thro

Out-of-bounds access can occur in camera driver due to improper validation of array index in Snapdragon Auto, Snapdragon Consumer

Race condition due to the lack of resource lock which will be concurrently modified in the memcpy statement leads to out of bound

Out-of-bounds memory access in Qurt kernel function when using the identifier to access Qurt kernel buffer to retrieve thread data

While processing vendor command which contains corrupted channel count, an integer overflow occurs and finally will lead to heap o

Double free issue can happen when sensor power settings is freed by some thread while another thread try to access. in Snapdragon

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin