qcs404 firmware · threatengine.sh

Home/Product/qualcomm qcs404 firmware

Product

qualcomm qcs404 firmware

98 known vulnerabilities across versions

Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.

Sort Min CVSS Published since

Buffer overflow in sahara protocol while processing commands leads to overwrite of secure configuration data in Snapdragon Mobile,

u'While processing invalid connection request PDU which is nonstandard (interval or timeout is 0) from central device may lead per

u'Buffer over-read issue in Bluetooth peripheral firmware due to lack of check for invalid opcode and length of opcode received fr

u'Due to an incorrect SMMU configuration, the modem crypto engine can potentially compromise the hypervisor' in Snapdragon Auto, S

u'QSEE reads the access permission policy for the SMEM TOC partition from the SMEM TOC contents populated by XBL Loader and applie

u'A buffer overflow could occur if the API is improperly used due to UIE init does not contain a buffer size a param' in Snapdrago

u'An Unaligned address or size can propagate to the database due to improper page permissions and can lead to improper access cont

u'Array index underflow issue in adsp driver due to improper check of channel id before used as array index.' in Snapdragon Auto,

u'Two threads running simultaneously from user space can lead to race condition in fastRPC driver' in Snapdragon Auto, Snapdragon

u'Possible buffer overflow in MHI driver due to lack of input parameter validation of EOT events received from MHI device side' in

u'Buffer over-read issue in Bluetooth estack due to lack of check for invalid length of L2cap packet received from peer device.' i

u'Out of bound access can happen in MHI command process due to lack of check of channel id value received from MHI devices' in Sna

u'During execution after Address Space Layout Randomization is turned on for QTEE, part of code is still mapped at known address i

u'Possible use-after-free while accessing diag client map table since list can be reallocated due to exceeding max client limit.'

u'Potential integer underflow while parsing Service Info and IPv6 link-local TLVs that comes as part of NDPE attribute' in Snapdra

u'Buffer Overflow issue in WLAN tcp ip verification due to usage of out of range pointer offset' in Snapdragon Auto, Snapdragon Co

u'Buffer overflow while parsing PMF enabled MCBC frames due to frame length being lesser than what is expected while parsing' in S

u'Buffer Overflow in mic calculation for WPA due to copying data into buffer without validating the length of buffer' in Snapdrago

u'Out of bounds memory access during memory copy while processing Host command' in Snapdragon Auto, Snapdragon Compute, Snapdragon

u'Information disclosure issue occurs as in current logic Secure Touch session is released without terminating display session' in

u'Information disclosure issue can occur due to partial secure display-touch session tear-down' in Snapdragon Auto, Snapdragon Com

u'Resizing the usage table header before passing all the checks leads to the function exiting with a usage table in invalid state

u'Out of bound writes happen when accessing usage_table header entry beyond the memory allocated for the header' in Snapdragon Aut

u'Channel name string which has been read from shared memory is potentially subjected to string manipulations but not validated fo

u'Lack of check to ensure that the TX read index & RX write index that are read from shared memory are less than the FIFO size res

u'Lack of check of integer overflow while doing a round up operation for data read from shared memory for G-link SMEM transport ca

u'Non-secure memory is touched multiple times during TrustZone\u2019s execution and can lead to privilege escalation or memory cor

u'XBL SEC clears only ZI region when loading Qualcomm-signed segments can lead to improper access issue' in Snapdragon Compute, Sn

u'While processing SMCInvoke asynchronous message header, message count is modified leading to a TOCTOU race condition and lead to

u'Information disclosure issue occurs as in current logic as secure touch is released without clearing the display session which c

u'Keymaster attestation key and device IDs provisioning which is a one time process is incorrectly allowed to be re-provisioned af

u'Heap overflow in diag command handler due to lack of check of packet length received from user' in Snapdragon Auto, Snapdragon C

u'Pointer double free in HavenSvc due to not setting the pointer to NULL after freeing it' in Snapdragon Auto, Snapdragon Compute,

u'Possible integer overflow in API due to lack of check on large oid range count in cert extension field' in Snapdragon Auto, Snap

u'When a new session is created, Object is returned that contains TZ addresses and it get passed to HLOS as an handle to refer to

u'Lack of check for integer overflow for round up and addition operations result into memory corruption and potential information

u'Lack of check that the TX FIFO write and read indices that are read from shared RAM are less than the FIFO size results into mem

u'Lack of integer overflow check for addition of fragment size and remaining size that are read from shared memory can lead to mem

u'Lack of check that the current received data fragment size of a particular packet that are read from shared memory are less than

u'Out of bound memory access if stack push and pop operation are performed without doing a bound check on stack top' in Snapdragon

u'User Process can potentially corrupt kernel virtual page by passing a crafted page in API' in Snapdragon Auto, Snapdragon Comput

u'Memory can be potentially corrupted if random index is allowed to manipulate TLB entries in Kernel from user library' in Snapdra

u'Possibility of integer overflow in keymaster 4 while allocating memory due to multiplication of large numcerts value and size of

u'Improper authentication and signature verification of debug polices in secure boot loader will allow unverified debug policies t

u'SMEM partition can be manipulated in case of any compromise on HLOS, thus resulting in access to memory outside of SMEM address

Memory corruption can occurs in trusted application if offset size from HLOS is more than actual mapped buffer size in Snapdragon

Memory failure in content protection module due to not having pointer within the scope in Snapdragon Auto, Snapdragon Compute, Sna

Possible buffer overflow and over read possible due to missing bounds checks for fixed limits if we consider widevine HLOS client

Out of bounds read can happen in diag event set mask command handler when user provided length in the command request is less than

Integer overflow in diag command handler when user inputs a large value for number of tasks field in the request packet in Snapdra

Buffer overflow occurs while processing an subsample data length out of range due to lack of user input validation in Snapdragon A

Firmware will hit assert in WLAN firmware If encrypted data length in FILS IE of reassoc response is more than 528 bytes in Snapdr

Out of bound memory access while processing ese transmit command due to passing Response buffer received from user in Snapdragon A

Using non-time-constant functions like memcmp to compare sensitive data can lead to information leakage through timing side channe

Integer overflow in calculating estimated output buffer size when getting a list of installed Feature IDs, Serial Numbers or check

Improper permissions in XBL_SEC region enable user to update XBL_SEC code and data and divert the RAM dump path to normal cold boo

Out of bound read in Fingerprint application due to requested data is being used without length check in Snapdragon Auto, Snapdrag

Out of bound read in fingerprint application due to requested data assigned to a local buffer without length check in Snapdrago

Buffer overflow in WLAN firmware while parsing GTK IE containing GTK key having length more than the buffer size in Snapdragon Aut

Buffer overflow can occur in WLAN firmware while unwraping data using CCMP cipher suite during parsing of EAPOL handshake frame

Potential buffer overflow while processing CBF frames due to lack of check of buffer length before copy in Snapdragon Auto, Snapdr

Possible buffer overflow while handling NAN reception of NMF in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snap

Buffer overflow can occur in function wlan firmware while copying association frame content if frame length is more than the maxim

Due to the use of non-time-constant comparison functions there is issue in timing side channels which can be used as a potential s

Side channel issue in QTEE due to usage of non-time-constant comparison function such as memcmp or strcmp in Snapdragon Auto, Snap

Buffer overflow occurs while processing LMP packet in which name length parameter exceeds value specified in BT-specification in S

While parsing Service Descriptor Extended Attribute received as part of SDF frame, there is a possibility that incorrect length is

Compromised reset handler may bypass access control due to AC config is being reset if debug path is enabled to collect secure or

The size of a buffer is determined by addition and multiplications operations that have the potential to overflow due to lack of b

Buffer overwrite during memcpy due to lack of check on SSID length validation in Snapdragon Auto, Snapdragon Compute, Snapdragon C

Buffer overflow due to lack of upper bound check on channel length which is used for a loop. in Snapdragon Compute, Snapdragon Con

Possible buffer overflow in WLAN WMI handler due to lack of ssid length check when copying data in Snapdragon Auto, Snapdragon Com

A stack-based buffer overflow exists in the initialization of the identification stage due to lack of check on the number of templ

Lack of check that the RX FIFO write index that is read from shared RAM is less than the FIFO size results into memory corruption

Buffer overflow can occur in WLAN firmware while parsing beacon/probe_response frames during roaming in Snapdragon Auto, Snapdrago

Locked regions may be modified through other interfaces in secure boot loader image due to improper access control. in Snapdragon

Possibility of Null pointer access if the SPDM commands are executed in the non-standard way in Trustzone in Snapdragon Auto, Snap

Due to the use of non-time-constant comparison functions there is issue in timing side channels which can be used as a potential s

Crafted image that has a valid signature from a non-QC entity can be loaded which can read/write memory that belongs to the secure

Incorrect length used while validating the qsee log buffer sent from HLOS which could then lead to remap conflict in Snapdragon Au

HLOS could corrupt CPZ page table memory for S1 managed VMs in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapd

Out of bound access due to lack of check of whiltelist array size while reading the image elf segments. in Snapdragon Auto, Snapdr

Subsequent use of the CBO listener may result in further memory corruption due to use after free issue. in Snapdragon Auto, Snapdr

Use after free issue in cleanup routine due to missing pointer sanitization for a failed start of a trusted application. in Snapdr

While invoking the API to copy from fd or local buffer to the secure buffer, Parameters being populated are from non secure enviro

Information disclosure due to lack of address range check done on the SysDBG buffers in SDI code. in Snapdragon Auto, Snapdragon C

Out-of-bounds memory access in Qurt kernel function when using the identifier to access Qurt kernel buffer to retrieve thread data

While deserializing any key blob during key operations, buffer overflow could occur exposing partial key information if any key op

Buffer overflow in WLAN NAN function due to lack of check of count value received in NAN availability attribute in Snapdragon Auto

Possible buffer overflow issue due to lack of length check when parsing the extended cap IE header length in Snapdragon Auto, Snap

Firmware is getting into loop of overwriting memory when scan command is given from host because of improper validation. in Snapdr

While rendering the layout background, Error status check is not caught properly and also incorrect status handling is being done

While sending the rendered surface content to the screen, Error handling is not properly checked results in an unpredictable behav

Sanity checks are missing in layout which can lead to SUI Corruption or can lead to Denial of Service in Snapdragon Auto, Snapdrag

Buffer overflow occurs when emulated RPMB is used due to sector size assumptions in the TA rollback protection logic. in Snapdrago

Debug policy with invalid signature can be loaded when the debug policy functionality is disabled by using the parallel image load

Lack of check to prevent the buffer length taking negative values can lead to stack overflow. in Snapdragon Auto, Snapdragon Compu

XBL_SEC image authentication and other crypto related validations are accessible to a compromised OEM XBL Loader due to missing lo

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin