qcs405 firmware · threatengine.sh

Home/Product/qualcomm qcs405 firmware

Product

qualcomm qcs405 firmware

468 known vulnerabilities across versions

Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.

Sort Min CVSS Published since

Possible out of bound access in audio module due to lack of validation of user provided input.

A malformed DLC can trigger Memory Corruption in SNPE library due to out of bounds read, such as by loading an untrusted model (e.

Memory Corruption in Audio while playing amrwbplus clips with modified content.

Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use.

Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.

Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key.

Information disclosure in Network Services due to buffer over-read while the device receives DNS response.

Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.

Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response.

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.

Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.

Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms.

Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer

Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone.

Memory corruption in WLAN due to use after free

Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.

Memory corruption in modem due to buffer overflow while processing a PPP packet

Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response

Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM

Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload.

Information Disclosure in Graphics during GPU context switch.

Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc respo

Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.

Memory corruption due to access of uninitialized pointer in Bluetooth HOST while processing the AVRCP packet.

Memory corruption in modem due to buffer copy without checking size of input while receiving WMI command.

Information disclosure due to buffer over-read in WLAN while parsing NMF frame.

Memory corruption in User Identity Module due to integer overflow to buffer overflow when a segement is received via qmi http.

Memory corruption due to configuration weakness in modem wile sending command to write protected files.

Information disclosure due to buffer over-read in Modem while using static array to process IPv4 packets.

Information disclosure in modem due to buffer over-red while performing checksum of packet received

Denial of service in modem due to missing null check while processing TCP or UDP packets from server

Denial of service in modem due to missing null check while processing IP packets with padding

Denial of service in modem due to null pointer dereference while processing DNS packets

Information disclosure in modem due to buffer over read in dns client due to missing length check

Memory corruption in modem due to improper length check while copying into memory

Information disclosure in modem due to buffer over-read while processing response from DNS server

Information disclosure due to buffer overread in Core

Information disclosure due to buffer overread in Core

Memory corruption in core due to stack-based buffer overflow

Memory corruption in Core due to stack-based buffer overflow.

Transient DOS due to null pointer dereference in Bluetooth HOST while receiving an attribute protocol PDU with zero length data.

Transient DOS in Bluetooth HOST due to null pointer dereference when a mismatched argument is passed.

Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames.

Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames.

Memory corruption in Audio due to integer overflow to buffer overflow while music playback of clips like amr,evrc,qcelp with modif

Information disclosure due to buffer over-read in Bluetooth HOST while processing GetFolderItems and GetItemAttribute Cmds from pe

Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote

Information disclosure due to buffer over-read in Bluetooth HOST while pairing and connecting A2DP. in Snapdragon Auto, Snapdragon

Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Sna

Information disclosure due to buffer over-read in WLAN firmware while parsing security context info attributes. in Snapdragon Auto

Memory corruption in MODEM due to Improper Validation of Array Index while processing GSTK Proactive commands in Snapdragon Auto,

Denial of service in Modem module due to improper authorization while error handling in Snapdragon Auto, Snapdragon Compute, Snapd

Memory corruption in MODEM UIM due to usage of out of range pointer offset while decoding command from card in Snapdragon Auto, Sn

Transient DOS due to loop with unreachable exit condition in WLAN firmware while parsing IPV6 extension header. in Snapdragon Auto

Transient DOS due to buffer over-read in WLAN firmware while processing PPE threshold. in Snapdragon Auto, Snapdragon Compute, Sna

Memory corruption in graphics due to use-after-free while importing graphics buffer in Snapdragon Auto, Snapdragon Compute, Snapdr

Denial of service in modem due to infinite loop while parsing IGMPv2 packet from server in Snapdragon Consumer IOT, Snapdragon Ind

Denial of service in WLAN due to potential null pointer dereference while accessing the memory location in Snapdragon Auto, Snapdr

Memory Corruption in modem due to improper length check while copying into memory in Snapdragon Consumer IOT, Snapdragon Industria

Memory corruption in graphics due to buffer overflow while validating the user address in Snapdragon Auto, Snapdragon Compute, Sna

Denial of service due to null pointer dereference when GATT is disconnected in Snapdragon Auto, Snapdragon Consumer IOT, Snapdrago

Cryptographic issues in WLAN during the group key handshake of the WPA/WPA2 protocol in Snapdragon Consumer IOT, Snapdragon Indust

Transient Denial-of-Service in WLAN due to buffer over-read while parsing MDNS frames. in Snapdragon Auto, Snapdragon Compute, Sna

Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Comp

Denial of service in WLAN due to out-of-bound read happens while processing VHT action frame in Snapdragon Auto, Snapdragon Comput

Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute, Snapdrag

Information disclosure in WLAN due to improper length check while processing authentication handshake in Snapdragon Auto, Snapdrag

Cryptographic issue in WLAN due to improper check on return value while authentication handshake in Snapdragon Auto, Snapdragon Co

memory corruption in video due to buffer overflow while parsing asf clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Conne

Information disclosure in WLAN due to improper validation of array index while parsing crafted ANQP action frames in Snapdragon Au

Memory corruption in video due to buffer overflow while parsing ps video clips in Snapdragon Auto, Snapdragon Compute, Snapdragon

Denial of service in WLAN HOST due to buffer over read while unpacking frames in Snapdragon Auto, Snapdragon Compute, Snapdragon C

Denial of service in video due to buffer over read while parsing MP4 clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Conne

Memory corruption in bluetooth due to integer overflow while processing HFP-UNIT profile in Snapdragon Auto, Snapdragon Consumer I

Memory Corruption during wma file playback due to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity

Memory corruption occurs while processing command received from HLOS due to improper length check in Snapdragon Auto, Snapdragon C

Memory corruption in video driver due to double free while parsing ASF clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Con

Memory corruption due to buffer overflow while parsing MKV clips with invalid bitmap size in Snapdragon Auto, Snapdragon Compute,

Memory corruption due to incorrect pointer arithmetic when attempting to change the endianness in video parser function in Snapdra

Improper validation of backend id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Sna

Memory corruption in audio due to lack of check of invalid routing address into APR Routing table in Snapdragon Auto, Snapdragon C

An out-of-bounds read can occur while parsing a server certificate due to improper length check in Snapdragon Auto, Snapdragon Com

A null pointer dereference may potentially occur during RSA key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connecti

Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in S

Memory corruption in bluetooth host due to integer overflow while processing BT HFP-UNIT profile in Snapdragon Auto, Snapdragon Co

memory corruption in video due to buffer overflow while parsing mkv clip with no codechecker in Snapdragon Auto, Snapdragon Comput

Memory corruption in video due to double free while parsing 3gp clip with invalid meta data atoms in Snapdragon Auto, Snapdragon C

Memory corruption in video due to buffer overflow while reading the dts file in Snapdragon Auto, Snapdragon Compute, Snapdragon Co

Memory corruption when extracting qcp audio file due to lack of check on data length in Snapdragon Auto, Snapdragon Compute, Snapd

Denial of service due to memory corruption while extracting ape header from clips in Snapdragon Auto, Snapdragon Compute, Snapdrag

Memory corruption due to possible buffer overflow while parsing DSF header with corrupted channel count in Snapdragon Auto, Snapdr

Buffer overflow can occur due to improper validation of NDP application information length in Snapdragon Auto, Snapdragon Compute,

Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Sn

kernel event may contain unexpected content which is not generated by NPU software in asynchronous execution mode in Snapdragon Au

Out of bound read in WLAN HOST due to improper length check can lead to DOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Con

Possible buffer over read due to lack of size validation while unpacking frame in Snapdragon Auto, Snapdragon Compute, Snapdragon

Improper handling between export and release functions on the same handle from client can lead to use after free in Snapdragon Com

An out-of-bounds write can occur due to an incorrect input check in the camera driver in Snapdragon Auto, Snapdragon Compute, Snap

A user with user level permission can access graphics protected region due to improper access control in register configuration in

Possible buffer overflow due to improper parsing of headers while playing the FLAC audio clip in Snapdragon Auto, Snapdragon Compu

Possible buffer over read due to improper calculation of string length while parsing Id3 tag in Snapdragon Auto, Snapdragon Comput

Improper validation of session id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Sna

Processing DCB/AVB algorithm with an invalid queue index from IOCTL request could lead to arbitrary address modification in Snapdr

Possible out of bound read due to lack of length check of data length for a DIAG event in Snapdragon Auto, Snapdragon Compute, Sna

Possible out of bound read due to improper validation of certificate chain in SSL or Internet key exchange in Snapdragon Auto, Sna

Improper access control sequence for AC database after memory allocation can lead to possible memory corruption in Snapdragon Auto

RPM secure Stream can access any secure resource due to improper SMMU configuration in Snapdragon Industrial IOT, Snapdragon Mobil

RPM secure Stream can access any secure resource due to improper SMMU configuration in Snapdragon Industrial IOT, Snapdragon Mobil

Reading PRNG output may lead to improper key generation due to lack of buffer validation in Snapdragon Connectivity, Snapdragon In

Possible use after free due to lack of null check of DRM file status after file structure is freed in Snapdragon Auto, Snapdragon

Buffer overflow in sahara protocol while processing commands leads to overwrite of secure configuration data in Snapdragon Mobile,

Possible unauthorized access to secure space due to improper check of data allowed while flashing the no access control device con

An Out of Bounds read may potentially occur while processing an IBSS beacon, in Snapdragon Auto, Snapdragon Compute, Snapdragon Co

Possible out of bound read due to improper length calculation of WMI message. in Snapdragon Auto, Snapdragon Compute, Snapdragon C

Possible out of bounds access due to improper input validation during graphics profiling in Snapdragon Auto, Snapdragon Compute, S

Improper cleaning of secure memory between authenticated users can lead to face authentication bypass in Snapdragon Auto, Snapdrag

Improper handling of permissions of a shared memory region can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, S

Improper validation of data length received from DMA buffer can lead to memory corruption. in Snapdragon Auto, Snapdragon Compute,

Lack of null check while freeing the device information buffer in the Bluetooth HFP protocol can lead to a NULL pointer dereferenc

Possible out of bound access of DCI resources due to lack of validation process and resource allocation in Snapdragon Auto, Snapdr

Possible out of bound write due to lack of boundary check for the maximum size of buffer when sending a DCI packet to remote proce

Improper validation of input when provisioning the HDCP key can lead to memory corruption in Snapdragon Auto, Snapdragon Compute,

Improper validation of program headers containing ELF metadata can lead to image verification bypass in Snapdragon Auto, Snapdrago

Improper validation of function pointer type with actual function signature can lead to assertion in Snapdragon Auto, Snapdragon C

Possible null pointer dereference due to improper validation of APE clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connec

Possible integer overflow due to improper validation of command length parameters while processing WMI command in Snapdragon Auto,

Use after free condition can occur in wired connectivity due to a race condition while creating and deleting folders in Snapdragon

Improper validation of memory region in Hypervisor can lead to incorrect region mapping in Snapdragon Auto, Snapdragon Compute, Sn

An out of bound memory access can occur due to improper validation of number of frames being passed during music playback in Snapd

Improper validation of LLM utility timers availability can lead to denial of service in Snapdragon Auto, Snapdragon Compute, Snapd

Possible use after free when process shell memory is freed using IOCTL call and process initialization is in progress in Snapdrago

Possible assertion in QOS request due to improper validation when multiple add or update request are received simultaneously in Sn

Possible buffer overflow due to lack of buffer length check when segmented WMI command is received in Snapdragon Auto, Snapdragon

Possible out of bound access due to improper validation of item size and DIAG memory pools data while switching between USB and PC

Possible out of bound write in RAM partition table due to improper validation on number of partitions provided in Snapdragon Auto,

Possible access control violation while setting current permission for VMIDs due to improper permission masking in Snapdragon Comp

Improper input validation in TrustZone memory transfer interface can lead to information disclosure in Snapdragon Auto, Snapdragon

Improper access control while doing XPU re-configuration dynamically can lead to unauthorized access to a secure resource in Snapd

Possible integer overflow in page alignment interface due to lack of address and size validation before alignment in Snapdragon Au

Possible integer overflow in access control initialization interface due to lack and size and address validation in Snapdragon Aut

Possible null pointer dereference in thread cache operation handler due to lack of validation of user provided input in Snapdragon

Possible null pointer dereference in trap handler due to lack of thread ID validation before dereferencing it in Snapdragon Auto,

Possible null pointer dereference in thread profile trap handler due to lack of thread ID validation before dereferencing it in Sn

Possible null pointer dereference due to lack of TLB validation for user provided address in Snapdragon Auto, Snapdragon Compute,

Improper validation of a socket state when socket events are being sent to clients can lead to invalid access of memory in Snapdra

Improper access control in TrustZone due to improper error handling while handling the signing key in Snapdragon Auto, Snapdragon

An integer overflow due to improper check performed after the address and size passed are aligned in Snapdragon Compute, Snapdrago

Possible use after free due to improper memory validation when initializing new interface via Interface add command in Snapdragon

Possible memory corruption due to improper validation of memory address while processing user-space IOCTL for clearing Filter and

Possible use after free due improper validation of reference from call back to internal store table in Snapdragon Auto, Snapdragon

Possible race condition can occur due to lack of synchronization mechanism when On-Device Logging node open twice concurrently in

Possible out of bound access due to improper validation of function table entries in Snapdragon Auto, Snapdragon Compute, Snapdrag

Information disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon

Possible denial of service scenario can occur due to lack of length check on Channel Switch Announcement IE in beacon or probe res

Possible out of bound memory access due to improper boundary check while creating HSYNC fence in Snapdragon Auto, Snapdragon Conne

Improper authentication of sub-frames of a multicast AMSDU frame can lead to information disclosure in Snapdragon Auto, Snapdragon

Possible stack overflow due to improper length check of TLV while copying the TLV to a local stack variable in Snapdragon Auto, Sn

Possible buffer over read due to lack of length check while parsing beacon IE response in Snapdragon Auto, Snapdragon Compute, Sna

Possible buffer over read due to improper validation of frame length while processing AEAD decryption during ASSOC response in Sna

Improper validation of kernel buffer address while copying information back to user buffer can lead to kernel memory information e

Improper validation of kernel buffer address while copying information back to user buffer can lead to kernel memory information e

Possible stack buffer overflow due to lack of check on the maximum number of post NAN discovery attributes while processing a NAN

Possible buffer overflow due to lack of length check of source and destination buffer before copying in Snapdragon Auto, Snapdrago

Possible integer overflow due to improper check of batch count value while sanitizer is enabled in Snapdragon Auto, Snapdragon Com

Improper access control in trusted application environment can cause unauthorized access to CDSP or ADSP VM memory with either pri

Possible integer overflow due to improper length check while updating grace period and count record in Snapdragon Auto, Snapdragon

Accepting AMSDU frames with mismatched destination and source address can lead to information disclosure in Snapdragon Auto, Snapd

Possible Integer overflow to buffer overflow issue can occur due to improper validation of input parameters when extscan hostlist

A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snapdragon Com

Possible heap overflow due to improper validation of local variable while storing current task information locally in Snapdragon A

Possible use-after-free due to lack of validation for the rule count in filter table in IPA driver in Snapdragon Auto, Snapdragon

Possible buffer overflow due to lack of offset length check while updating the buffer value in Snapdragon Auto, Snapdragon Compute

Improper handling of ASB-C broadcast packets with crafted opcode in LMP can lead to uncontrolled resource consumption in Snapdrago

Possible buffer over read occurs due to lack of length check of request buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon

Possible out of bound read due to lack of length check of data while parsing the beacon or probe response in Snapdragon Auto, Snap

Possible buffer over read issue due to improper length check on WPA IE string sent by peer in Snapdragon Auto, Snapdragon Compute,

Possible null pointer dereference due to lack of validation check for passed pointer during key import in Snapdragon Auto, Snapdra

Buffer overflow occurs in trusted applications due to lack of length check of parameters in Snapdragon Auto, Snapdragon Compute, S

Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Compute, Snap

Child process can leak information from parent process due to numeric pids are getting compared and these pid can be reused in Sna

Improper authentication of un-encrypted plaintext Wi-Fi frames in an encrypted network can lead to information disclosure in Snapd

Improper authentication of Non-EAPOL/WAPI plaintext frames during four-way handshake can lead to arbitrary network packet injectio

Possible out of bound read due to lack of length check of FT sub-elements in Snapdragon Auto, Snapdragon Compute, Snapdragon Conne

Denial of service in SAP case due to improper handling of connections when association is rejected in Snapdragon Auto, Snapdragon

Improper handling of received malformed FTMR request frame can lead to reachable assertion while responding with FTM1 frame in Sna

Possible out of bound read due to lack of length check of Bandwidth-NSS IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Conn

Use after free can occur due to improper handling of response from firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Con

Possible assertion due to improper verification while creating and deleting the peer in Snapdragon Auto, Snapdragon Compute, Snapd

Possible buffer overflow due to improper validation of buffer length while processing fast boot commands in Snapdragon Auto, Snapd

Improper length check of public exponent in RSA import key function could cause memory corruption. in Snapdragon Auto, Snapdragon

Possible buffer overflow due to lack of length check in Trusted Application in Snapdragon Auto, Snapdragon Compute, Snapdragon Con

Memory corruption in key parsing and import function due to double freeing the same heap allocation in Snapdragon Auto, Snapdragon

Incorrect handling of pointers in trusted application key import mechanism could cause memory corruption in Snapdragon Auto, Snapd

Reachable assertion is possible while processing peer association WLAN message from host and nonstandard incoming packet in Snapdr

Possible use after free in Display due to race condition while creating an external display in Snapdragon Auto, Snapdragon Compute

Possible integer overflow in RPMB counter due to lack of length check on user provided data in Snapdragon Auto, Snapdragon Compute

Possible out of bound read in DRM due to improper buffer length check. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connecti

While waiting for a response to a callback or listener request, non-secure clients can change permissions to shared memory buffers

Stack out-of-bounds write occurs while setting up a cipher device if the provided IV length exceeds the max limit value in Snapdra

A race between command submission and destroying the context can cause an invalid context being added to the list leads to use aft

Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdra

Use after free due to race condition when reopening the device driver repeatedly in Snapdragon Auto, Snapdragon Compute, Snapdrago

Out of bound read will happen if EAPOL Key length is less than expected while processing NAN shared key descriptor attribute in Sn

Memory corruption due to ioctl command size was incorrectly set to the size of a pointer and not enough storage is allocated for t

Use after free issue when importing a DMA buffer by using the CPU address of the buffer due to attachment is not cleaned up proper

Possible Buffer over-read in ARP/NS parsing due to lack of check of packet length received in Snapdragon Auto, Snapdragon Compute,

Buffer overflow might occur while parsing unified command due to lack of check of input data received in Snapdragon Auto, Snapdrag

Trusted APPS to overwrite the CPZ memory of another use-case as TZ only checks the physical address not overlapping with its memor

Memory corruption due to buffer overflow while copying the message provided by HLOS into buffer without validating the length of b

Out-of-bounds memory access can occur while calculating alignment requirements for a negative width from external components in Sn

Resource leakage issue during dci client registration due to reference count is not decremented if dci client registration fails i

Buffer over-read can happen while processing WPA,RSN IE of beacon and response frames if IE length is less than length of frame po

Possible stack out of bound write might happen due to time bitmap length and bit duration fields of the attributes like NAN rangin

Possible out of bound read while WLAN frame parsing due to lack of check for body and header length in Snapdragon Auto, Snapdragon

Possible use after free due to lack of null check while memory is being freed in FastRPC driver in Snapdragon Auto, Snapdragon Com

Possible denial of service scenario due to improper handling of group management action frame in Snapdragon Auto, Snapdragon Compu

Buffer overflow can occur due to improper validation of NDP application information length in Snapdragon Auto, Snapdragon Compute,

Double free in video due to lack of input buffer length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Sna

Improper handling of address deregistration on failure can lead to new GPU address allocation failure. in Snapdragon Auto, Snapdra

Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapd

Possible integer overflow due to improper length check while flashing an image in Snapdragon Consumer IOT, Snapdragon Industrial I

A possible use-after-free occurrence in audio driver can happen when pointers are not properly handled in Snapdragon Auto, Snapdra

Out of bound read can happen in Widevine TA while copying data to buffer from user data due to lack of check of buffer length rece

Out of bound write can occur in TZ command handler due to lack of validation of command ID in Snapdragon Auto, Snapdragon Compute,

Out of bound write can occur in playready while processing command due to lack of input validation in Snapdragon Auto, Snapdragon

Locked memory can be unlocked and modified by non secure boot loader through improper system call sequence making the memory regio

Trustzone initialization code will disable xPU`s when memory dumps are enabled and lead to information disclosure in Snapdragon Au

Unintended reads and writes by NS EL2 in access control driver due to lack of check of input validation in Snapdragon Auto, Snapdr

When sending a socket event message to a user application, invalid information will be passed if socket is freed by other thread r

Possible memory corruption in RPM region due to improper XPU configuration in Snapdragon Connectivity, Snapdragon Industrial IOT,

Use after free in GPU driver while mapping the user memory to GPU memory due to improper check of referenced memory in Snapdragon

Buffer overflow occurs when trying to convert ASCII string to Unicode string if the actual size is more than required in Snapdrago

Buffer overflow can occur in video while playing the non-standard clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connecti

Use after free condition in msm ioctl events due to race between the ioctl register and deregister events in Snapdragon Auto, Snap

Part of RPM region was not protected from xblSec itself due to improper policy and leads to unprivileged access in Snapdragon Auto

While processing storage SCM commands there is a time of check or time of use window where a pointer used could be invalid at a sp

Out of bound read access in hypervisor due to an invalid read access attempt by passing invalid addresses in Snapdragon Auto, Snap

Denial of service in WLAN module due to improper check of subtypes in logic where excessive frames are dropped in Snapdragon Auto,

Arithmetic overflow can happen while processing NOA IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snap

Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers can lead to information disclos

Denial of service while processing fine timing measurement request (FTMR) frame with reserved bits set in the FTM parameter IE due

Possible denial of service while handling host WMI command due to improper validation in Snapdragon Auto, Snapdragon Compute, Snap

Possible buffer over read while processing P2P IE and NOA attribute of beacon and probe response frames due to improper validation

Possible buffer over-read while parsing quiet IE in Rx beacon frame due to improper check of IE length in received beacon in Snapd

Before enqueuing a frame to the PE queue for further processing, an entry in a hash table can be deleted and using a stale version

Possible out of bounds while accessing global control elements due to race condition in Snapdragon Auto, Snapdragon Compute, Snapd

Possible denial of service due to RTT responder consistently rejects all FTMR by transmitting FTM1 with failure status in the FTM

Possible memory corruption while processing EAPOL frames due to lack of validation of key length before using it in Snapdragon Aut

Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for par

Key material used for TZ diag buffer encryption and other data related to log buffer is not wiped securely due to improper usage o

Out of bound write and read in TA while processing command from NS side due to improper length check on command and response buffe

Possible out of bound access in TA while processing a command from NS side due to improper length check of response buffer in Snap

Out of bound memory access while playing music playbacks with crafted vorbis content due to improper checks in header extraction i

Buffer over-read can happen when the buffer length received from response handlers is more than the size of the payload in Snapdra

u'Integer overflow to buffer overflow occurs while playback of ASF clip having unexpected number of codec entries' in Snapdragon A

u'Buffer over read can happen while parsing mkv clip due to improper typecasting of data returned from atomsize' in Snapdragon Aut

u'Null-pointer dereference can occur while accessing data buffer beyond its size that leads to access the buffer beyond its range'

u'Buffer over read in boot due to size check ignored before copying GUID attribute from request to response' in Snapdragon Auto, S

u'Possible buffer overflow in WMA message processing due to integer overflow occurs when processing command received from user spa

u'Integer overflow can cause a buffer overflow due to lack of table length check in the extensible boot Loader during the validati

u'information disclosure in gatekeeper trustzone implementation as the throttling mechanism to prevent brute force attempts at get

u'While processing invalid connection request PDU which is nonstandard (interval or timeout is 0) from central device may lead per

u'Buffer over-read issue in Bluetooth peripheral firmware due to lack of check for invalid opcode and length of opcode received fr

u'QSEE reads the access permission policy for the SMEM TOC partition from the SMEM TOC contents populated by XBL Loader and applie

u'Remote code execution can happen by sending a carefully crafted POST query when Device configuration is accessed from a tethered

u'Array index underflow issue in adsp driver due to improper check of channel id before used as array index.' in Snapdragon Auto,

u'Two threads running simultaneously from user space can lead to race condition in fastRPC driver' in Snapdragon Auto, Snapdragon

u'Possible buffer overflow in MHI driver due to lack of input parameter validation of EOT events received from MHI device side' in

u'Out of bound access can happen in MHI command process due to lack of check of channel id value received from MHI devices' in Sna

Information can leak into userspace due to improper transfer of data from kernel to userspace in Snapdragon Auto, Snapdragon Compu

Out of bound access can happen in MHI command process due to lack of check of command channel id value received from MHI devices i

u'Possible use-after-free while accessing diag client map table since list can be reallocated due to exceeding max client limit.'

u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryp

u'Potential integer underflow while parsing Service Info and IPv6 link-local TLVs that comes as part of NDPE attribute' in Snapdra

u'Buffer Overflow issue in WLAN tcp ip verification due to usage of out of range pointer offset' in Snapdragon Auto, Snapdragon Co

u'Buffer overflow while parsing PMF enabled MCBC frames due to frame length being lesser than what is expected while parsing' in S

u'Buffer Overflow in mic calculation for WPA due to copying data into buffer without validating the length of buffer' in Snapdrago

u'Out of bounds memory access during memory copy while processing Host command' in Snapdragon Auto, Snapdragon Compute, Snapdragon

u'Potential buffer overflow when accessing npu debugfs node "off"/"log" with large buffer size' in Snapdragon Compute, Snapdragon

u'Buffer overflow seen as the destination buffer size is lesser than the source buffer size in video application' in Snapdragon Co

u'Information disclosure issue occurs as in current logic Secure Touch session is released without terminating display session' in

u'Information disclosure issue can occur due to partial secure display-touch session tear-down' in Snapdragon Auto, Snapdragon Com

u'Channel name string which has been read from shared memory is potentially subjected to string manipulations but not validated fo

u'Lack of check to ensure that the TX read index & RX write index that are read from shared memory are less than the FIFO size res

u'Lack of check of integer overflow while doing a round up operation for data read from shared memory for G-link SMEM transport ca

u'Possible out of bound access while copying the mask file content into the buffer without checking the buffer size' in Snapdragon

u'Calling thread may free the data buffer pointer that was passed to the callback and later when event loop executes the callback,

u'Information exposure issues while processing IE header due to improper check of beacon IE frame' in Snapdragon Auto, Snapdragon

u'Possible out of bound write while processing association response received from host due to lack of check of IE length' in Snapd

u'Buffer over read occurs while processing information element from beacon due to lack of check of data received from beacon' in S

u'While processing SMCInvoke asynchronous message header, message count is modified leading to a TOCTOU race condition and lead to

u'Whenever the page list is updated via privileged user, the previous list elements are freed but are not deleted from the list wh

u'Information disclosure issue occurs as in current logic as secure touch is released without clearing the display session which c

u'Heap overflow in diag command handler due to lack of check of packet length received from user' in Snapdragon Auto, Snapdragon C

u'Pointer double free in HavenSvc due to not setting the pointer to NULL after freeing it' in Snapdragon Auto, Snapdragon Compute,

u'Possible integer overflow in API due to lack of check on large oid range count in cert extension field' in Snapdragon Auto, Snap

u'Lack of check for integer overflow for round up and addition operations result into memory corruption and potential information

u'Lack of check that the TX FIFO write and read indices that are read from shared RAM are less than the FIFO size results into mem

u'Lack of integer overflow check for addition of fragment size and remaining size that are read from shared memory can lead to mem

u'Lack of check that the current received data fragment size of a particular packet that are read from shared memory are less than

u'Out of bound memory access if stack push and pop operation are performed without doing a bound check on stack top' in Snapdragon

u'User Process can potentially corrupt kernel virtual page by passing a crafted page in API' in Snapdragon Auto, Snapdragon Comput

u'Memory can be potentially corrupted if random index is allowed to manipulate TLB entries in Kernel from user library' in Snapdra

u'Possibility of integer overflow in keymaster 4 while allocating memory due to multiplication of large numcerts value and size of

u'SMEM partition can be manipulated in case of any compromise on HLOS, thus resulting in access to memory outside of SMEM address

Possible out of bound access while processing assoc response from host due to improper length check before copying into buffer in

Out of bound write while QoS DSCP mapping due to improper input validation for data received from association response frame in Sn

Possible buffer overflow while parsing mp4 clip with corrupted sample atoms due to improper validation of index in Snapdragon Auto

Use-after-free issue could occur due to dangling pointer when generating a frame buffer in OpenGL ES in Snapdragon Compute, Snapdr

Out of bounds read can happen in diag event set mask command handler when user provided length in the command request is less than

Register write via debugfs is disabled by default to prevent register writing via debugfs. in Snapdragon Auto, Snapdragon Compute,

Device misbehavior may be observed when incorrect offset, length or number of buffers is passed by user space in Snapdragon Auto,

Array out of bound access can occur in display module due to lack of bound check on input parcel received in Snapdragon Auto, Snap

When kernel thread unregistered listener, Use after free issue happened as the listener client`s private data has been already fre

Buffer over-write may occur during fetching track decoder specific information if cb size exceeds buffer size in Snapdragon Auto,

Buffer overflow can occur while parsing eac3 header while playing the clip which is nonstandard in Snapdragon Auto, Snapdragon Com

Buffer overflow will happen while parsing mp4 clip with corrupted sample atoms values which exceeds MAX_UINT32 range due to lack o

Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms in Snapdragon Auto, Snapdrago

Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms in Snapdragon Auto, Snapdrago

Possible buffer overflow while copying the frame to local buffer due to lack of check of length before copying in Snapdragon Auto,

Integer overflow in diag command handler when user inputs a large value for number of tasks field in the request packet in Snapdra

Double free issue in NPU due to lack of resource locking mechanism to avoid race condition in Snapdragon Auto, Snapdragon Compute,

Buffer overflow occurs while processing an subsample data length out of range due to lack of user input validation in Snapdragon A

Payload size is not validated before reading memory that may cause issue of accessing invalid pointer or some garbage data in Snap

Firmware will hit assert in WLAN firmware If encrypted data length in FILS IE of reassoc response is more than 528 bytes in Snapdr

Integer overflow may occur if atom size is less than atom offset as there is improper validation of atom size in Snapdragon Auto,

Array out of bound may occur while playing mp3 file as no check is there on offset if it is greater than the buffer allocated or n

Possibility of out of bound access while processing the responses from video firmware in Snapdragon Auto, Snapdragon Compute, Snap

Possibility of double free of the drawobj that is added to the drawqueue array of the context during IOCTL commands as there is no

Out of bound memory access while processing ese transmit command due to passing Response buffer received from user in Snapdragon A

Using non-time-constant functions like memcmp to compare sensitive data can lead to information leakage through timing side channe

Integer overflow in calculating estimated output buffer size when getting a list of installed Feature IDs, Serial Numbers or check

Out of bound read in Fingerprint application due to requested data is being used without length check in Snapdragon Auto, Snapdrag

Out of bound read in fingerprint application due to requested data assigned to a local buffer without length check in Snapdrago

Possible integer overflow to buffer overflow in WLAN while parsing nonstandard NAN IE messages. in Snapdragon Auto, Snapdragon Com

Buffer overflow in WLAN firmware while parsing GTK IE containing GTK key having length more than the buffer size in Snapdragon Aut

Buffer overflow can occur in WLAN firmware while unwraping data using CCMP cipher suite during parsing of EAPOL handshake frame

Possible buffer overflow while handling NAN reception of NMF in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snap

Buffer overflow can occur in function wlan firmware while copying association frame content if frame length is more than the maxim

Due to the use of non-time-constant comparison functions there is issue in timing side channels which can be used as a potential s

Use after free issue when MAP and UNMAP calls at same time as data structure used my MAP may be freed by UNMAP function in Snapdra

Missing length check before copying the data from kernel space to userspace through the copy function can lead to buffer overflow

Possible buffer overflow in data offload handler due to lack of check of keydata length when copying data in Snapdragon Auto, Snap

Possible buffer overflow in WLAN Parser due to lack of length check when copying data in Snapdragon Auto, Snapdragon Compute, Snap

Buffer overflow occurs while processing LMP packet in which name length parameter exceeds value specified in BT-specification in S

While parsing Service Descriptor Extended Attribute received as part of SDF frame, there is a possibility that incorrect length is

Unhandled paging request is observed due to dereferencing an already freed object because of race condition between sparse free an

Compromised reset handler may bypass access control due to AC config is being reset if debug path is enabled to collect secure or

Out of bound access in msm routing due to lack of check of size before accessing in Snapdragon Auto, Snapdragon Compute, Snapdrago

Null-pointer dereference can occur while accessing the segment element info when it is not allocated and assigned in Snapdragon Au

Out-of-bound writes occurs due to lack of check of buffer size will cause buffer overflow only in 32bit architecture. in Snapdrago

Memory use after free issue in audio due to lack of resource control in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer I

Buffer overflow can occur while parsing RSN IE containing list of PMK ID`s which are more than the buffer size in Snapdragon Auto,

Use-after-free in graphics module due to destroying already queued syncobj in error case in Snapdragon Auto, Snapdragon Compute, S

Buffer overwrite during memcpy due to lack of check on SSID length validation in Snapdragon Auto, Snapdragon Compute, Snapdragon C

Possible buffer overflow in WLAN WMI handler due to lack of ssid length check when copying data in Snapdragon Auto, Snapdragon Com

A stack-based buffer overflow exists in the initialization of the identification stage due to lack of check on the number of templ

Lack of check that the RX FIFO write index that is read from shared RAM is less than the FIFO size results into memory corruption

Null pointer dereference can happen when parsing udta atom which is non-standard and having invalid depth in Snapdragon Auto, Snap

Out of bound write in WLAN driver due to NULL character not properly placed after SSID name in Snapdragon Auto, Snapdragon Compute

Out of bound access due to Invalid inputs to dapm mux settings which results into kernel failure in Snapdragon Auto, Snapdragon Co

Uninitialized stack data gets used If memory is not allocated for blob or if the allocated blob is less than the struct size requi

Buffer Over read of codec private data while parsing an mkv file due to lack of check of buffer size before read in Snapdragon Aut

During listener modified response processing, a buffer overrun occurs due to lack of buffer size verification when updating messag

Out of bound access while parsing dts atom, which is non-standard as it does not have valid number of tracks in Snapdragon Auto, S

There is a way to deceive the GPU kernel driver into thinking there is room in the GPU ringbuffer and overwriting existing command

While parsing invalid super index table, elements within super index table may exceed total chunk size and invalid data is read in

Integer overflow to buffer overflow due to lack of validation of event arguments received from firmware. in Snapdragon Auto, Snapd

Out of boundary access is possible as there is no validation of data accessed against the received size of the packet in case of m

Out of bound access can occur while processing firmware event due to lack of validation of WMI message received from firmware in S

Use of local variable as argument to netlink CB callback goes out of it scope when callback triggered lead to invalid stack memory

Possibility of out of bound access in debug queue, if packet size field is corrupted in Snapdragon Auto, Snapdragon Compute, Snapd

Improper check in video driver while processing data from video firmware can lead to integer overflow and then buffer overflow in

Possible OOB issue in EEPROM due to lack of check while accessing memory map array at the time of reading operation in Snapdragon

Improper length check on source buffer to handle userspace data received can lead to out-of-bound access in diag handlers in Snapd

Improper validation of event buffer extracted from FW response can lead to integer overflow, which will allow to pass the length c

Potential double free scenario if driver receives another DIAG_EVENT_LOG_SUPPORTED event from firmware as the pointer is not set t

Use after free of a pointer in iWLAN scenario during netmgr state transition to CONNECT in Snapdragon Auto, Snapdragon Compute, Sn

Memory is being freed up twice when two concurrent threads are executing in parallel in Snapdragon Auto, Snapdragon Compute, Snapd

Due to the use of non-time-constant comparison functions there is issue in timing side channels which can be used as a potential s

Possible integer overflow while multiplying two integers of 32 bit in QDCM API of get display modes as there is no check on the ma

Snapshot of IB can lead to invalid address access due to missing check for size in the related function in Snapdragon Auto, Snapdr

Accessing data buffer beyond the available data while parsing ogg clip can lead to null-pointer dereference and then memory corrup

Buffer overflow can occur due to usage of wrong datatype and missing length check before copying into buffer in Snapdragon Auto, S

Lack of check of data truncation on user supplied data in kernel leads to buffer overflow in Snapdragon Auto, Snapdragon Consumer

An unprivileged application can allocate GPU memory by calling memory allocation ioctl function and can exhaust all the memory whi

Race condition between the camera functions due to lack of resource lock which will lead to memory corruption and UAF issue in Sna

Use after free issue occurs when command destructors access dynamically allocated response buffer which is already deallocated dur

Buffer overflow can occur while processing non-standard NAN message from user space. in Snapdragon Auto, Snapdragon Consumer Elect

Information disclosure due to lack of address range check done on the SysDBG buffers in SDI code. in Snapdragon Auto, Snapdragon C

Possible OOB read issue in P2P action frames while handling WLAN management frame in Snapdragon Auto, Snapdragon Consumer Electron

Possible double free issue in kernel while handling the camera sensor and its sub modules power sequence in Snapdragon Auto, Snapd

If a bitmap file is loaded from any un-authenticated source, there is a possibility that the bitmap can potentially cause stack bu

Buffer overflow can occur in wlan module if supported rates or extended rates element length is greater than max rate set length i

Buffer over-read can occur in fast message handler due to improper input validation while processing a message from firmware in Sn

Improper validation for loop variable received from firmware can lead to out of bound access in WLAN function while iterating thro

Race condition due to the lack of resource lock which will be concurrently modified in the memcpy statement leads to out of bound

Out-of-bounds memory access in Qurt kernel function when using the identifier to access Qurt kernel buffer to retrieve thread data

Memory corruption while accessing the memory as payload size is not validated before access in Snapdragon Auto, Snapdragon Compute

Possible Integer overflow because of subtracting two integers without checking if the result would overflow or not in Snapdragon A

Out of boundary access due to token received from ADSP and is used without validation as an index into the array in Snapdragon Aut

Lack of check to ensure crypto engine data passed by user is initialized can result in bus error in Snapdragon Auto, Snapdragon Co

While processing vendor command which contains corrupted channel count, an integer overflow occurs and finally will lead to heap o

Double free issue can happen when sensor power settings is freed by some thread while another thread try to access. in Snapdragon

Dereference on uninitialized buffer can happen when parsing FLV clip with corrupted codec specific data in Snapdragon Auto, Snapdr

Null-pointer dereference can occur while accessing the super index entry when it is not been allocated in Snapdragon Auto, Snapdra

Out of bound access due to improper validation of array index cause the index table entry to get corrupt in Snapdragon Auto, Snapd

Possible use after free issue due to race condition while attempting to mark the entry pages as dirty using function set_page_dirt

Use after free issue in kernel while accessing freed mdlog session info and its attributes after closing the session in Snapdragon

Lack of check for a negative value returned for get_clk is wrongly interpreted as valid pointer and lead to use after free in clk

While playing the clip which is nonstandard buffer overflow can occur while parsing in Snapdragon Auto, Snapdragon Compute, Snapdr

DCI client which might be preemptively freed up might be accessed for transferring packets leading to kernel error in Snapdragon A

Payload size is not checked before using it as array index in audio in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IO

Out of bound access while processing a non-standard IE measurement request with length crossing past the size of frame in Snapdrag

Possible stack overflow when an index equal to io buffer size is accessed in camera module in Snapdragon Compute, Snapdragon Consu

ADSP can be compromised since it`s a general-purpose CPU processing untrusted data in Snapdragon Auto, Snapdragon Compute, Snapdra

Null pointer dereference can occur while parsing invalid chunks while playing the nonstandard clip in Snapdragon Auto, Snapdragon

Buffer overflow when the audio buffer size provided by user is larger than the maximum allowable audio buffer size. in Snapdragon

Possible use-after-free issue due to a race condition while calling camera ioctl concurrently in Snapdragon Compute, Snapdragon Co

Buffer overflow in WLAN NAN function due to lack of check of count value received in NAN availability attribute in Snapdragon Auto

Possible buffer overflow issue due to lack of length check when parsing the extended cap IE header length in Snapdragon Auto, Snap

Lack of check of address range received from firmware response allows modem to respond arbitrary pages into its address range whic

BT process died and BT toggled due to null pointer dereference when invalid vendor pass through command sent from remote in Snapdr

Device record of the pairing device used after free during ACL disconnection in Snapdragon Auto, Snapdragon Compute, Snapdragon Co

Possible use after free issue due to improper input validation in volume listener library in Snapdragon Auto, Snapdragon Compute,

Improper validation of read and write index of tx and rx fifo`s before using for data copy from fifo can lead to out-of-bound acce

Buffer overflow scenario if the client sends more than 5 io_vec requests to the server in Snapdragon Auto, Snapdragon Compute, Sna

Possible null-pointer dereference can occur while parsing avi clip during copy in Snapdragon Auto, Snapdragon Compute, Snapdragon

Firmware is getting into loop of overwriting memory when scan command is given from host because of improper validation. in Snapdr

Null pointer dereferencing can happen when playing the clip with wrong block group id in Snapdragon Auto, Snapdragon Compute, Snap

improper input validation in allocation request for secure allocations can lead to page fault. in Snapdragon Auto, Snapdragon Comp

Possible buffer overflow when number of channels passed is more than size of channel mapping array in Snapdragon Auto, Snapdragon

Possible buffer overflow can occur when playing clip with incorrect element size in Snapdragon Auto, Snapdragon Compute, Snapdrago

Data token is received from ADSP and is used without validation as an index into the array leads to out of bound access in Snapdra

Buffer overflow can occur when playing specific clip which is non-standard in Snapdragon Auto, Snapdragon Compute, Snapdragon Conn

When computing the digest a local variable is used after going out of scope in Snapdragon Auto, Snapdragon Consumer IOT, Snapdrago

Possible race condition that will cause a use-after-free when writing to two sysfs entries at nearly the same time in Snapdragon C

When handling the vendor command there exists a potential buffer overflow due to lack of input validation of data buffer received

User application could potentially make RPC call to the fastrpc driver and the driver will allow the message to go through to the

Possible integer underflow due to lack of validation before calculation of data length in 802.11 Rx management configuration in Sn

Improper casting of structure while handling the buffer leads to out of bound read in display in Snapdragon Auto, Snapdragon Conne

Out of bound access when reason code is extracted from frame data without validating the frame length in Snapdragon Auto, Snapdrag

Protection is missing while accessing md sessions info via macro which can lead to use-after-free in Snapdragon Auto, Snapdragon C

Pointer dereference while freeing IFE resources due to lack of length check of in port resource. in Snapdragon Consumer IOT, Snapd

An unauthenticated bitmap image can be loaded in to memory and subsequently cause execution of unverified code. in Snapdragon Comp

Possible out of bound read occurs while processing beaconing request due to lack of check on action frames received from user cont

Buffer over-read can occur while parsing an ogg file with a corrupted comment block. in Snapdragon Auto, Snapdragon Connectivity,

Out of bound access can occur due to buffer copy without checking size of input received from WLAN firmware in Snapdragon Auto, Sn

Improper validation for inputs received from firmware can lead to an out of bound write issue in video driver. in Snapdragon Auto,

Shared memory gets updated with invalid data and may lead to access beyond the allocated memory. in Snapdragon Auto, Snapdragon Co

Out of bound read can happen due to lack of NULL termination on user controlled data in WLAN in Snapdragon Auto, Snapdragon Comput

Possible buffer overflow while processing the high level lim process action frame due to improper buffer length validation in Snap

Null pointer dereference occurs for channel context while opening glink channel in Snapdragon Auto, Snapdragon Consumer IOT, Snapd

A race condition occurs while processing perf-event which can lead to a use after free condition in Snapdragon Auto, Snapdragon Co

Lack of check to prevent the buffer length taking negative values can lead to stack overflow. in Snapdragon Auto, Snapdragon Compu

Wrong permissions in configuration file can lead to unauthorized permission in Snapdragon Auto, Snapdragon Connectivity, Snapdrago

A non-time constant function memcmp is used which creates a side channel that could leak information in Snapdragon Auto, Snapdrago

Out of bounds read occurs due to improper validation of array while processing VDEV stop response from WLAN firmware in Snapdragon

Buffer overflow in WLAN driver event handlers due to improper validation of array index in Snapdragon Auto, Snapdragon Consumer IO

Use-after-free vulnerability will occur if reset of the routing table encounters an invalid rule id while processing command to re

Truncated access authentication token leads to weakened access control for stored secure application data in Snapdragon Auto, Snap

While deserializing any key blob during key operations, buffer overflow could occur, exposing partial key information if any key o

The HMAC authenticating the message from QSEE is vulnerable to timing side channel analysis leading to potentially forged applicat

Out-of-Bounds write due to incorrect array index check in PMIC in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electro

Lack of check on length of reason-code fetched from payload may lead driver access the memory not allocated to the frame and resul

The txrx stats req might be double freed in the pdev detach when the host driver is unloading in Snapdragon Auto, Snapdragon Consu

Failure to initialize the reserved memory which is sent to the firmware might lead to exposure of 1 byte of uninitialized kernel S

Lack of input validation in WLAN function can lead to potential heap overflow in Snapdragon Auto, Snapdragon Consumer IOT, Snapdra

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin