qrb5165 firmware · threatengine.sh

Home/Product/qualcomm qrb5165 firmware

Product

qualcomm qrb5165 firmware

186 known vulnerabilities across versions

Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.

Sort Min CVSS Published since

Possible out of bound access in audio module due to lack of validation of user provided input.

Memory corruption in Core while processing RX intent request.

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.

Memory corruption in Audio while running invalid audio recording from ADSP.

Memory corruption in DSP Services during a remote call from HLOS to DSP.

Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids.

Memory corruption in HLOS while invoking IOCTL calls from user-space.

Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.

Memory corruption in Audio while processing the VOC packet data from ADSP.

Memory Corruption in Audio while invoking callback function in driver from ADSP.

Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer.

Memory corruption while invoking callback function of AFE from ADSP.

Memory Corruption in Core Platform while printing the response buffer in log.

Memory corruption in Core Platform while printing the response buffer in log.

Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of range.

Memory corruption while allocating memory in COmxApeDec module in Audio.

Memory Corruption in Audio while playing amrwbplus clips with modified content.

Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.

Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.

Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode.

Information Disclosure in WLAN HOST while sending DPP action frame to peer with an invalid source address.

Transient DOS in WLAN Firmware while processing frames with missing header fields.

Memoru corruption in Audio when ADSP sends input during record use case.

Transient DOS due to untrusted Pointer Dereference in core while sending USB QMI request.

Memory corruption due to improper access control in kernel while processing a mapping request from root process.

Information disclosure in Kernel due to indirect branch misprediction.

Transient DOS due to improper authorization in Modem

information disclosure due to cryptographic issue in Core during RPMB read request.

Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.

Memory corruption in Graphics while importing a file.

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.

Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection

Memory corruption due to double free in core while initializing the encryption key.

Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response.

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.

Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.

Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone.

Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.

Information Disclosure in Graphics during GPU context switch.

Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc respo

Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.

Memory corruption due to access of uninitialized pointer in Bluetooth HOST while processing the AVRCP packet.

Memory corruption due to stack based buffer overflow in WLAN having invalid WNM frame length.

Memory corruption in modem due to buffer copy without checking size of input while receiving WMI command.

Information disclosure due to buffer over-read in WLAN while parsing NMF frame.

Memory corruption due to improper access control in Qualcomm IPC.

Memory corruption due to buffer copy without checking size of input while running memory sharing tests with large scattered memory

Memory corruption due to stack-based buffer overflow in Core

Information disclosure due to buffer overread in Core

Information disclosure due to buffer overread in Core

Memory corruption in core due to stack-based buffer overflow

Memory corruption in Core due to stack-based buffer overflow.

Memory corruption in Automotive Android OS due to improper input validation.

Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames.

Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames.

Information disclosure due to buffer over-read in WLAN while parsing BTM action frame.

Information disclosure due to buffer over-read in WLAN while WLAN frame parsing due to missing frame length check.

Memory corruption due to buffer copy without checking size of input in modem while receiving WMI_REQUEST_STATS_CMDID command.

Memory corruption in Audio due to integer overflow to buffer overflow while music playback of clips like amr,evrc,qcelp with modif

Information disclosure due to buffer over-read in Bluetooth HOST while processing GetFolderItems and GetItemAttribute Cmds from pe

Transient DOS due to buffer over-read in WLAN while parsing corrupted NAN frames.

Information disclosure due to buffer over-read in WLAN while handling IBSS beacons frame.

Memory corruption in kernel due to missing checks when updating the access rights of a memextent mapping.

Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote

Information disclosure due to buffer over-read in Bluetooth HOST while pairing and connecting A2DP. in Snapdragon Auto, Snapdragon

Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Sna

Information disclosure due to buffer over-read in WLAN firmware while parsing security context info attributes. in Snapdragon Auto

Possible memory corruption in kernel while performing memory access due to hypervisor not correctly invalidated the processor tran

Transient DOS due to loop with unreachable exit condition in WLAN firmware while parsing IPV6 extension header. in Snapdragon Auto

Transient DOS due to buffer over-read in WLAN firmware while processing PPE threshold. in Snapdragon Auto, Snapdragon Compute, Sna

Denial of service in WLAN due to potential null pointer dereference while accessing the memory location in Snapdragon Auto, Snapdr

Memory corruption in graphics due to buffer overflow while validating the user address in Snapdragon Auto, Snapdragon Compute, Sna

Transient Denial-of-Service in WLAN due to buffer over-read while parsing MDNS frames. in Snapdragon Auto, Snapdragon Compute, Sna

Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Comp

Denial of service in WLAN due to out-of-bound read happens while processing VHT action frame in Snapdragon Auto, Snapdragon Comput

Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute, Snapdrag

Memory corruption due to untrusted pointer dereference in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT,

Information disclosure in WLAN due to improper validation of array index while parsing crafted ANQP action frames in Snapdragon Au

Denial of service in WLAN HOST due to buffer over read while unpacking frames in Snapdragon Auto, Snapdragon Compute, Snapdragon C

Memory corruption in synx driver due to use-after-free condition in the synx driver due to accessing object handles without acquir

memory corruption in Kernel due to race condition while getting mapping reference in Snapdragon Compute, Snapdragon Connectivity,

Memory corruption or temporary denial of service due to improper handling of concurrent hypervisor operations to attach or detach

Memory corruption in kernel due to use after free issue in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT,

Memory Corruption during wma file playback due to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity

Memory corruption occurs while processing command received from HLOS due to improper length check in Snapdragon Auto, Snapdragon C

Improper validation of backend id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Sna

Memory corruption in audio due to lack of check of invalid routing address into APR Routing table in Snapdragon Auto, Snapdragon C

An out-of-bounds read can occur while parsing a server certificate due to improper length check in Snapdragon Auto, Snapdragon Com

A null pointer dereference may potentially occur during RSA key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connecti

Out of bound write in DSP service due to improper bound check for response buffer size in Snapdragon Auto, Snapdragon Compute, Sna

Non-secure region can try modifying RG permissions of IO space xPUs due to improper input validation in Snapdragon Auto, Snapdrago

Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in S

Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Sn

kernel event may contain unexpected content which is not generated by NPU software in asynchronous execution mode in Snapdragon Au

Out of bound read in WLAN HOST due to improper length check can lead to DOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Con

Possible buffer over read due to lack of size validation while unpacking frame in Snapdragon Auto, Snapdragon Compute, Snapdragon

Use after free in graphics fence due to a race condition while closing fence file descriptor and destroy graphics timeline simulta

An array index is improperly used to lock and unlock a mutex which can lead to a Use After Free condition In the Synx driver in Sn

Improper handling between export and release functions on the same handle from client can lead to use after free in Snapdragon Com

An out-of-bounds write can occur due to an incorrect input check in the camera driver in Snapdragon Auto, Snapdragon Compute, Snap

A user with user level permission can access graphics protected region due to improper access control in register configuration in

Possible buffer overflow due to improper parsing of headers while playing the FLAC audio clip in Snapdragon Auto, Snapdragon Compu

Improper validation of session id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Sna

Processing DCB/AVB algorithm with an invalid queue index from IOCTL request could lead to arbitrary address modification in Snapdr

Possible hypervisor memory corruption due to TOC TOU race condition when updating address mappings in Snapdragon Auto, Snapdragon

Possible out of bound read due to lack of length check of data length for a DIAG event in Snapdragon Auto, Snapdragon Compute, Sna

Possible buffer overflow due to improper validation of SSID length received from beacon or probe response during an IBSS session i

Possible buffer over read due to lack of size validation while copying data from DBR buffer to RX buffer and can lead to Denial of

Improper access control sequence for AC database after memory allocation can lead to possible memory corruption in Snapdragon Auto

Possible use after free due to lack of null check of DRM file status after file structure is freed in Snapdragon Auto, Snapdragon

Possible unauthorized access to secure space due to improper check of data allowed while flashing the no access control device con

An Out of Bounds read may potentially occur while processing an IBSS beacon, in Snapdragon Auto, Snapdragon Compute, Snapdragon Co

Possible out of bound read due to improper length calculation of WMI message. in Snapdragon Auto, Snapdragon Compute, Snapdragon C

Possible out of bounds access due to improper input validation during graphics profiling in Snapdragon Auto, Snapdragon Compute, S

Possible out of bound write due to improper validation of number of timer values received from firmware while syncing timers in Sn

Possible out of bound read due to improper validation of IE length during SSID IE parse when channel is DFS in Snapdragon Auto, Sn

Improper handling of permissions of a shared memory region can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, S

Possible use after free scenario in compute offloads to DSP while multiple calls spawn a dynamic process in Snapdragon Auto, Snapd

Improper validation of data length received from DMA buffer can lead to memory corruption. in Snapdragon Auto, Snapdragon Compute,

Lack of null check while freeing the device information buffer in the Bluetooth HFP protocol can lead to a NULL pointer dereferenc

Possible out of bound access of DCI resources due to lack of validation process and resource allocation in Snapdragon Auto, Snapdr

Possible out of bound write due to lack of boundary check for the maximum size of buffer when sending a DCI packet to remote proce

Improper validation of input when provisioning the HDCP key can lead to memory corruption in Snapdragon Auto, Snapdragon Compute,

Improper validation of function pointer type with actual function signature can lead to assertion in Snapdragon Auto, Snapdragon C

Possible integer overflow due to improper validation of command length parameters while processing WMI command in Snapdragon Auto,

Use after free condition can occur in wired connectivity due to a race condition while creating and deleting folders in Snapdragon

Improper validation of memory region in Hypervisor can lead to incorrect region mapping in Snapdragon Auto, Snapdragon Compute, Sn

An out of bound memory access can occur due to improper validation of number of frames being passed during music playback in Snapd

Improper validation of LLM utility timers availability can lead to denial of service in Snapdragon Auto, Snapdragon Compute, Snapd

Possible use after free when process shell memory is freed using IOCTL call and process initialization is in progress in Snapdrago

Possible assertion in QOS request due to improper validation when multiple add or update request are received simultaneously in Sn

Possible buffer overflow due to lack of buffer length check when segmented WMI command is received in Snapdragon Auto, Snapdragon

Possible out of bound access due to improper validation of item size and DIAG memory pools data while switching between USB and PC

Possible assertion due to lack of input validation in PUSCH configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Conne

Possible denial of service due to improper handling of debug register trap from user applications in Snapdragon Consumer IOT, Snap

Possible out of bound write in RAM partition table due to improper validation on number of partitions provided in Snapdragon Auto,

Possible access control violation while setting current permission for VMIDs due to improper permission masking in Snapdragon Comp

Improper input validation in TrustZone memory transfer interface can lead to information disclosure in Snapdragon Auto, Snapdragon

Improper access control while doing XPU re-configuration dynamically can lead to unauthorized access to a secure resource in Snapd

Possible integer overflow in page alignment interface due to lack of address and size validation before alignment in Snapdragon Au

Possible integer overflow in access control initialization interface due to lack and size and address validation in Snapdragon Aut

Possible null pointer dereference in thread cache operation handler due to lack of validation of user provided input in Snapdragon

Possible null pointer dereference in thread profile trap handler due to lack of thread ID validation before dereferencing it in Sn

Possible null pointer dereference due to lack of TLB validation for user provided address in Snapdragon Auto, Snapdragon Compute,

Improper validation of a socket state when socket events are being sent to clients can lead to invalid access of memory in Snapdra

Improper handling of resource allocation in virtual machines can lead to information exposure in Snapdragon Consumer IOT, Snapdrag

Improper access control in TrustZone due to improper error handling while handling the signing key in Snapdragon Auto, Snapdragon

An integer overflow due to improper check performed after the address and size passed are aligned in Snapdragon Compute, Snapdrago

Possible use after free due to improper memory validation when initializing new interface via Interface add command in Snapdragon

Possible memory corruption due to improper validation of memory address while processing user-space IOCTL for clearing Filter and

Possible use after free due improper validation of reference from call back to internal store table in Snapdragon Auto, Snapdragon

Possible out of bound access due to improper validation of function table entries in Snapdragon Auto, Snapdragon Compute, Snapdrag

Information disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon

Possible memory corruption due to Improper handling of hypervisor unmap operations for concurrent memory operations in Snapdragon

Improper authentication of sub-frames of a multicast AMSDU frame can lead to information disclosure in Snapdragon Auto, Snapdragon

Possible buffer over read due to improper buffer allocation for file length passed from user space in Snapdragon Auto, Snapdragon

Improper authentication of EAP WAPI EAPOL frames from unauthenticated user can lead to information disclosure in Snapdragon Comput

Possible stack overflow due to improper length check of TLV while copying the TLV to a local stack variable in Snapdragon Auto, Sn

Possible buffer over read due to lack of length check while parsing beacon IE response in Snapdragon Auto, Snapdragon Compute, Sna

Possible buffer over read due to improper validation of frame length while processing AEAD decryption during ASSOC response in Sna

Possible stack buffer overflow due to lack of check on the maximum number of post NAN discovery attributes while processing a NAN

Possible integer overflow due to improper check of batch count value while sanitizer is enabled in Snapdragon Auto, Snapdragon Com

Possible Integer overflow to buffer overflow issue can occur due to improper validation of input parameters when extscan hostlist

A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snapdragon Com

Use-after-free vulnerability in kernel graphics driver because of storing an invalid pointer in Snapdragon Compute, Snapdragon Con

Possible heap overflow due to improper validation of local variable while storing current task information locally in Snapdragon A

Possible buffer over read due to lack of alignment between map or unmap length of IPA SMMU and WLAN SMMU in Snapdragon Auto, Snapd

Possible use-after-free due to lack of validation for the rule count in filter table in IPA driver in Snapdragon Auto, Snapdragon

Possible buffer overflow due to lack of offset length check while updating the buffer value in Snapdragon Auto, Snapdragon Compute

Improper handling of ASB-C broadcast packets with crafted opcode in LMP can lead to uncontrolled resource consumption in Snapdrago

Improper Access Control when ACL link encryption is failed and ACL link is not disconnected during reconnection with paired device

Possible buffer over read occurs due to lack of length check of request buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon

Possible out of bound read due to lack of length check of data while parsing the beacon or probe response in Snapdragon Auto, Snap

Possible buffer over read issue due to improper length check on WPA IE string sent by peer in Snapdragon Auto, Snapdragon Compute,

Possible null pointer dereference due to lack of validation check for passed pointer during key import in Snapdragon Auto, Snapdra

Buffer overflow occurs in trusted applications due to lack of length check of parameters in Snapdragon Auto, Snapdragon Compute, S

Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Compute, Snap

Possible out of bounds read due to incorrect validation of incoming buffer length in Snapdragon Auto, Snapdragon Compute, Snapdrag

Child process can leak information from parent process due to numeric pids are getting compared and these pid can be reused in Sna

Improper authentication of un-encrypted plaintext Wi-Fi frames in an encrypted network can lead to information disclosure in Snapd

Improper authentication of Non-EAPOL/WAPI plaintext frames during four-way handshake can lead to arbitrary network packet injectio

u'While processing invalid connection request PDU which is nonstandard (interval or timeout is 0) from central device may lead per

u'Remote code execution can happen by sending a carefully crafted POST query when Device configuration is accessed from a tethered

u'Possible buffer overflow in MHI driver due to lack of input parameter validation of EOT events received from MHI device side' in

u'Out of bound access can happen in MHI command process due to lack of check of channel id value received from MHI devices' in Sna

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin