qcn7606 firmware · threatengine.sh

Home/Product/qualcomm qcn7606 firmware

Product

qualcomm qcn7606 firmware

166 known vulnerabilities across versions

Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.

Sort Min CVSS Published since

Transient DOS when a remote device sends an invalid connection request during BT connectable LE scan.

Memory corruption while processing a malformed license file during reboot.

Memory corruption during PlayReady APP usecase while processing TA commands.

Transient DOS while parsing the EPTM test control message to get the test pattern.

Memory corruption while performing private key encryption in trusted application.

Transient DOS while processing an ANQP message.

Information disclosure while processing the hash segment in an MBN file.

Information disclosure while reading data from an image using specified offset and size parameters.

Transient DOS when importing a PKCS#8-encoded RSA private key with a zero-sized modulus.

Memory corruption while retrieving the CBOR data from TA.

Memory corruption while reading secure file.

Memory corruption may occur while reading board data via IOCTL call when the WLAN driver copies the content to the provided output

Memory corruption while IOCTL call is invoked from user-space to read board data.

Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification fai

There may be information disclosure during memory re-allocation in TZ Secure OS.

Information disclosure while deriving keys for a session for any Widevine use case.

Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.

Memory corruption when IOCTL call is invoked from user-space to read board data.

Memory corruption while invoking IOCTL calls from user space to issue factory test command inside WLAN driver.

Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.

Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.

memory corruption when an invalid firehose patch command is invoked.

Cryptographic issue while parsing RSA keys in COBR format.

Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus.

Memory corruption during session sign renewal request calls in HLOS.

Memory corruption when an invoke call and a TEE call are bound for the same trusted application.

Memory corruption while processing key blob passed by the user.

Transient DOS while loading the TA ELF file.

Memory corruption while performing finish HMAC operation when context is freed by keymaster.

Memory corruption while copying a keyblobs material when the key materials size is not accurately checked.

Memory corruption while processing finish_sign command to pass a rsp buffer.

Memory corruption in SPS Application while requesting for public key in sorter TA.

Memory corruption while parsing qcp clip with invalid chunk data size.

Transient DOS while parse fils IE with length equal to 1.

Memory corruption in video while parsing the Videoinfo, when the size of atom is greater than the videoinfo size.

Memory corruption in video while parsing invalid mp2 clip.

Memory corruption in Core while processing control functions.

Transient DOS while parsing GATT service data when the total amount of memory that is required by the multiple services is greater

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains IPPROTO_NONE as the n

Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.

Transient DOS in WLAN Firmware while parsing a BTM request.

Memory corruption in HLOS while running playready use-case.

Transient DOS while parsing WPA IES, when it is passed with length more than expected size.

Memory corruption when processing cmd parameters while parsing vdev.

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.

Memory corruption in HLOS while invoking IOCTL calls from user-space.

Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.

Transient DOS in Bluetooth Host while rfc slot allocation.

Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level.

Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.

Memory corruption while loading an ELF segment in TEE Kernel.

Memory corruption in MPP performance while accessing DSM watermark using external memory address.

Memory Corruption in SPS Application while exporting public key in sorter TA.

Information disclosure in WLAN HAL while handling command through WMI interfaces.

Information disclosure in WLAN HAL while handling the WMI state info command.

Information disclosure in IOE Firmware while handling WMI command.

Cryptographic issue in HLOS during key management.

Memory corruption in TZ Secure OS while loading an app ELF.

Memory Corruption in Core due to secure memory access by user while loading modem image.

Transient DOS in WLAN Firmware while parsing rsn ies.

Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application.

Transient DOS in Modem while allocating DSM items.

Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon frame.

Memory corruption in WLAN HAL while handling command through WMI interfaces.

Memory corruption in WLAN HAL while handling command streams through WMI interfaces.

Memory corruption in WLAN HAL while passing command parameters through WMI interfaces.

Memory corruption while handling payloads from remote ESL.

Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.

Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload.

Memory corruption in WLAN handler while processing PhyID in Tx status handler.

Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload.

Memory corruption in WLAN while sending transmit command from HLOS to UTF handlers.

Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region.

Memory corruption in QESL while processing payload from external ESL device to firmware.

Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use.

Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.

Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key.

Memory Corruption in Data Modem while processing DMA buffer release event about CFR data.

Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.

Information disclosure in Kernel due to indirect branch misprediction.

Memory corruption due to double free in Core while mapping HLOS address to the list.

information disclosure due to cryptographic issue in Core during RPMB read request.

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.

Memory corruption due to double free in core while initializing the encryption key.

Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response.

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.

Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.

Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms.

Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer

Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone.

Memory corruption in WLAN due to use after free

Information Disclosure in Graphics during GPU context switch.

Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.

Memory corruption in modem due to buffer copy without checking size of input while receiving WMI command.

Information disclosure due to buffer over-read in WLAN while parsing NMF frame.

Information disclosure due to buffer overread in Core

Information disclosure due to buffer overread in Core

Memory corruption in core due to stack-based buffer overflow

Memory corruption in Core due to stack-based buffer overflow.

Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames.

Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames.

Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote

Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Sna

Information disclosure due to buffer over-read in WLAN firmware while parsing security context info attributes. in Snapdragon Auto

Transient DOS due to loop with unreachable exit condition in WLAN firmware while parsing IPV6 extension header. in Snapdragon Auto

Transient DOS due to buffer over-read in WLAN firmware while processing PPE threshold. in Snapdragon Auto, Snapdragon Compute, Sna

Memory corruption in video due to configuration weakness. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdra

Denial of service in video due to improper access control in broadcast receivers in Snapdragon Compute, Snapdragon Consumer IOT, S

Information disclosure in video due to buffer over-read while parsing avi files in Snapdragon Auto, Snapdragon Compute, Snapdragon

Memory corruption in display due to time-of-check time-of-use of metadata reserved size in Snapdragon Auto, Snapdragon Compute, Sn

Transient Denial-of-Service in WLAN due to buffer over-read while parsing MDNS frames. in Snapdragon Auto, Snapdragon Compute, Sna

Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Comp

Denial of service in WLAN due to out-of-bound read happens while processing VHT action frame in Snapdragon Auto, Snapdragon Comput

Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute, Snapdrag

memory corruption in video due to buffer overflow while parsing asf clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Conne

Memory corruption due to use after free issue in kernel while processing ION handles in Snapdragon Auto, Snapdragon Compute, Snapd

Information disclosure in WLAN due to improper validation of array index while parsing crafted ANQP action frames in Snapdragon Au

An out-of-bounds read can occur while parsing a server certificate due to improper length check in Snapdragon Auto, Snapdragon Com

Out of bound read in WLAN HOST due to improper length check can lead to DOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Con

Possible buffer over read due to lack of size validation while unpacking frame in Snapdragon Auto, Snapdragon Compute, Snapdragon

Possible out of bound read due to lack of length check of data length for a DIAG event in Snapdragon Auto, Snapdragon Compute, Sna

Possible out of bound read due to improper validation of certificate chain in SSL or Internet key exchange in Snapdragon Auto, Sna

Possible buffer overflow due to improper validation of SSID length received from beacon or probe response during an IBSS session i

Buffer overflow in sahara protocol while processing commands leads to overwrite of secure configuration data in Snapdragon Mobile,

Improper validation of program headers containing ELF metadata can lead to image verification bypass in Snapdragon Auto, Snapdrago

Improper validation of LLM utility timers availability can lead to denial of service in Snapdragon Auto, Snapdragon Compute, Snapd

Possible buffer overflow due to lack of buffer length check when segmented WMI command is received in Snapdragon Auto, Snapdragon

Possible null pointer dereference in thread cache operation handler due to lack of validation of user provided input in Snapdragon

Possible null pointer dereference in trap handler due to lack of thread ID validation before dereferencing it in Snapdragon Auto,

Possible null pointer dereference due to lack of TLB validation for user provided address in Snapdragon Auto, Snapdragon Compute,

Possible denial of service scenario can occur due to lack of length check on Channel Switch Announcement IE in beacon or probe res

Possible stack overflow due to improper length check of TLV while copying the TLV to a local stack variable in Snapdragon Auto, Sn

Possible Integer overflow to buffer overflow issue can occur due to improper validation of input parameters when extscan hostlist

Improper handling of ASB-C broadcast packets with crafted opcode in LMP can lead to uncontrolled resource consumption in Snapdrago

Improper handling of ASB-U packet with L2CAP channel ID by slave host can lead to interference with piconet in Snapdragon Auto, Sn

Buffer overflow occurs in trusted applications due to lack of length check of parameters in Snapdragon Auto, Snapdragon Compute, S

Improper authentication of un-encrypted plaintext Wi-Fi frames in an encrypted network can lead to information disclosure in Snapd

Improper handling of received malformed FTMR request frame can lead to reachable assertion while responding with FTM1 frame in Sna

Possible assertion due to improper verification while creating and deleting the peer in Snapdragon Auto, Snapdragon Compute, Snapd

Out of bound read will happen if EAPOL Key length is less than expected while processing NAN shared key descriptor attribute in Sn

Possible Buffer over-read in ARP/NS parsing due to lack of check of packet length received in Snapdragon Auto, Snapdragon Compute,

Buffer overflow might occur while parsing unified command due to lack of check of input data received in Snapdragon Auto, Snapdrag

Buffer over-read can happen while processing WPA,RSN IE of beacon and response frames if IE length is less than length of frame po

Possible stack out of bound write might happen due to time bitmap length and bit duration fields of the attributes like NAN rangin

Possible out of bound read while WLAN frame parsing due to lack of check for body and header length in Snapdragon Auto, Snapdragon

Possible denial of service scenario due to improper handling of group management action frame in Snapdragon Auto, Snapdragon Compu

Buffer overflow can occur due to improper validation of NDP application information length in Snapdragon Auto, Snapdragon Compute,

Memory corruption due to improper input validation while processing IO control which is nonstandard in Snapdragon Compute, Snapdra

When sending a socket event message to a user application, invalid information will be passed if socket is freed by other thread r

Denial of service in WLAN module due to improper check of subtypes in logic where excessive frames are dropped in Snapdragon Auto,

Arithmetic overflow can happen while processing NOA IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snap

Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers can lead to information disclos

Denial of service while processing fine timing measurement request (FTMR) frame with reserved bits set in the FTM parameter IE due

Possible denial of service while handling host WMI command due to improper validation in Snapdragon Auto, Snapdragon Compute, Snap

Possible buffer over read while processing P2P IE and NOA attribute of beacon and probe response frames due to improper validation

Possible buffer over-read while parsing quiet IE in Rx beacon frame due to improper check of IE length in received beacon in Snapd

Before enqueuing a frame to the PE queue for further processing, an entry in a hash table can be deleted and using a stale version

Possible denial of service due to RTT responder consistently rejects all FTMR by transmitting FTM1 with failure status in the FTM

Possible memory corruption while processing EAPOL frames due to lack of validation of key length before using it in Snapdragon Aut

Buffer over-read can happen when the buffer length received from response handlers is more than the size of the payload in Snapdra

u'Buffer over-read while processing received L2CAP packet due to lack of integer overflow check' in Snapdragon Auto, Snapdragon Co

u'Buffer overflow while processing PDU packet in bluetooth due to lack of check of buffer length before copying into it.' in Snapd

u'Buffer overflow while processing a crafted PDU data packet in bluetooth due to lack of check of buffer size before copying' in S

u'SMEM partition can be manipulated in case of any compromise on HLOS, thus resulting in access to memory outside of SMEM address

Close and bind operations done on a socket can lead to a Use-After-Free condition. in Snapdragon Auto, Snapdragon Compute, Snapdra

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin