qsm8250 firmware · threatengine.sh

Home/Product/qualcomm qsm8250 firmware

Product

qualcomm qsm8250 firmware

216 known vulnerabilities across versions

Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.

Sort Min CVSS Published since

Memory corruption while processing a malformed license file during reboot.

Memory corruption during PlayReady APP usecase while processing TA commands.

information disclosure while invoking calibration data from user space to update firmware size.

Memory corruption while performing private key encryption in trusted application.

Memory corruption while processing specific files in Powerline Communication Firmware.

Transient DOS while processing an ANQP message.

Information disclosure while processing the hash segment in an MBN file.

Information disclosure while reading data from an image using specified offset and size parameters.

Memory corruption while submitting blob data to kernel space though IOCTL.

Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmwar

Memory corruption while processing video packets received from video firmware.

Memory corruption while processing I2C settings in Camera driver.

Memory corruption may occur while processing voice call registration with user.

Memory corruption while triggering commands in the PlayReady Trusted application.

Memory corruption may occur during IO configuration processing when the IO port count is invalid.

Memory corruption during concurrent access to server info object due to unprotected critical field.

Transient DOS may occur while parsing SSID in action frames.

Information disclosure while creating MQ channels.

Memory corruption while accessing MSM channel map and mixer functions.

Memory corruption while invoking IOCTL map buffer request from userspace.

Memory corruption occurs during the copying of read data from the EEPROM because the IO configuration is exposed as shared memory.

There may be information disclosure during memory re-allocation in TZ Secure OS.

Memory corruption while calling the NPU driver APIs concurrently.

Memory corruption may occur while validating ports and channels in Audio driver.

Memory corruption while processing command in Glink linux.

Information disclosure while deriving keys for a session for any Widevine use case.

Memory corruption while parsing the memory map info in IOCTL calls.

Information disclosure during audio playback.

Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound

Memory corruption while processing API calls to NPU with invalid input.

Memory corruption when allocating and accessing an entry in an SMEM partition continuously.

Memory corruption when multiple threads try to unregister the CVP buffer at the same time.

Memory corruption while Configuring the SMR/S2CR register in Bypass mode.

Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesn`t validate the IPC message r

Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and

Memory corruption while processing GPU page table switch.

Memory corruption while processing voice packet with arbitrary data received from ADSP.

Memory corruption while handling session errors from firmware.

Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.

Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it.

Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.

memory corruption when an invalid firehose patch command is invoked.

Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of

Memory corruption when an invoke call and a TEE call are bound for the same trusted application.

Transient DOS while loading the TA ELF file.

Memory corruption while performing finish HMAC operation when context is freed by keymaster.

Memory corruption when the channel ID passed by user is not validated and further used.

Memory corruption when the payload received from firmware is not as per the expected protocol size.

Memory corruption when there is failed unmap operation in GPU.

Memory corruption while processing finish_sign command to pass a rsp buffer.

Memory corruption in SPS Application while requesting for public key in sorter TA.

Memory corruption in Audio while processing RT proxy port register driver.

Memory corruption in Core Services while executing the command for removing a single event listener.

Transient DOS while parse fils IE with length equal to 1.

Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame.

Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL.

Memory corruption in Core while processing control functions.

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains IPPROTO_NONE as the n

Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.

Transient DOS in WLAN Firmware while parsing a BTM request.

Memory corruption in Audio during playback with speaker protection.

Memory corruption in HLOS while running playready use-case.

Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.

Transient DOS while parsing WPA IES, when it is passed with length more than expected size.

Transient DOS when processing a NULL buffer while parsing WLAN vdev.

Memory corruption when processing cmd parameters while parsing vdev.

Memory corruption in DSP Services during a remote call from HLOS to DSP.

Memory corruption in HLOS while invoking IOCTL calls from user-space.

Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.

Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.

Memory corruption while loading an ELF segment in TEE Kernel.

Memory Corruption in SPS Application while exporting public key in sorter TA.

Memory Corruption in camera while installing a fd for a particular DMA buffer.

Memory corruption in Audio while processing the VOC packet data from ADSP.

Cryptographic issue in HLOS during key management.

Information Disclosure in Qualcomm IPC while reading values from shared memory in VM.

Memory corruption in TZ Secure OS while loading an app ELF.

Memory Corruption in Core due to secure memory access by user while loading modem image.

Transient DOS in WLAN Firmware while parsing rsn ies.

Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon frame.

Memory corruption in WLAN HAL while parsing WMI command parameters.

Memory corruption in WLAN HAL while handling command through WMI interfaces.

Memory corruption in WLAN handler while processing PhyID in Tx status handler.

Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload.

Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV payload.

Memory corruption in WLAN HAL while processing Tx/Rx commands from QDART.

Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region.

Memory corruption in Audio during playback session with audio effects enabled.

Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of range.

Memory corruption while allocating memory in COmxApeDec module in Audio.

Memory Corruption in Audio while playing amrwbplus clips with modified content.

Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.

Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.

Memory Corruption in Audio while allocating the ion buffer during the music playback.

Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption.

Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory.

Transient DOS in WLAN Firmware while processing frames with missing header fields.

Transient DOS due to untrusted Pointer Dereference in core while sending USB QMI request.

Memory corruption due to improper access control in kernel while processing a mapping request from root process.

Information disclosure in Kernel due to indirect branch misprediction.

Memory corruption due to double free in Core while mapping HLOS address to the list.

Memory corruption in Linux while sending DRM request.

information disclosure due to cryptographic issue in Core during RPMB read request.

Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.

Memory corruption in Graphics while importing a file.

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection

Memory corruption due to double free in core while initializing the encryption key.

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.

Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.

Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone.

Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.

Information Disclosure in Graphics during GPU context switch.

Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc respo

Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.

Memory corruption in modem due to buffer copy without checking size of input while receiving WMI command.

Information disclosure due to buffer over-read in WLAN while parsing NMF frame.

Memory corruption due to improper access control in Qualcomm IPC.

Memory corruption due to buffer copy without checking size of input while running memory sharing tests with large scattered memory

Memory corruption due to stack-based buffer overflow in Core

Information disclosure due to buffer overread in Core

Information disclosure due to buffer overread in Core

Memory corruption in core due to stack-based buffer overflow

Memory corruption in Core due to stack-based buffer overflow.

Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames.

Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames.

Transient DOS due to buffer over-read in WLAN while parsing corrupted NAN frames.

Information disclosure due to buffer over-read in WLAN while handling IBSS beacons frame.

Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Sna

Information disclosure due to buffer over-read in WLAN firmware while parsing security context info attributes. in Snapdragon Auto

Memory corruption in diag due to use after free while processing dci packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Con

Transient DOS due to loop with unreachable exit condition in WLAN firmware while parsing IPV6 extension header. in Snapdragon Auto

Transient DOS due to buffer over-read in WLAN firmware while processing PPE threshold. in Snapdragon Auto, Snapdragon Compute, Sna

Memory corruption in video due to configuration weakness. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdra

Memory corruption in graphics due to use-after-free while importing graphics buffer in Snapdragon Auto, Snapdragon Compute, Snapdr

Memory corruption in graphics due to buffer overflow while validating the user address in Snapdragon Auto, Snapdragon Compute, Sna

Transient Denial-of-Service in WLAN due to buffer over-read while parsing MDNS frames. in Snapdragon Auto, Snapdragon Compute, Sna

Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Comp

Denial of service in WLAN due to out-of-bound read happens while processing VHT action frame in Snapdragon Auto, Snapdragon Comput

Memory corruption due to use after free in service while trying to access maps by different threads in Snapdragon Auto, Snapdragon

Information disclosure due to exposure of information while GPU reads the data in Snapdragon Auto, Snapdragon Compute, Snapdragon

Possible buffer overflow due to improper parsing of headers while playing the FLAC audio clip in Snapdragon Auto, Snapdragon Compu

Improper access control sequence for AC database after memory allocation can lead to possible memory corruption in Snapdragon Auto

Possible use after free due to lack of null check of DRM file status after file structure is freed in Snapdragon Auto, Snapdragon

Possible unauthorized access to secure space due to improper check of data allowed while flashing the no access control device con

Possible out of bounds access due to improper input validation during graphics profiling in Snapdragon Auto, Snapdragon Compute, S

Improper cleaning of secure memory between authenticated users can lead to face authentication bypass in Snapdragon Auto, Snapdrag

Improper handling of permissions of a shared memory region can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, S

Improper validation of function pointer type with actual function signature can lead to assertion in Snapdragon Auto, Snapdragon C

Use after free condition can occur in wired connectivity due to a race condition while creating and deleting folders in Snapdragon

Improper validation of memory region in Hypervisor can lead to incorrect region mapping in Snapdragon Auto, Snapdragon Compute, Sn

An out of bound memory access can occur due to improper validation of number of frames being passed during music playback in Snapd

Possible use after free when process shell memory is freed using IOCTL call and process initialization is in progress in Snapdrago

Possible assertion in QOS request due to improper validation when multiple add or update request are received simultaneously in Sn

Possible assertion due to lack of input validation in PUSCH configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Conne

Possible out of bound write in RAM partition table due to improper validation on number of partitions provided in Snapdragon Auto,

Possible access control violation while setting current permission for VMIDs due to improper permission masking in Snapdragon Comp

Improper input validation in TrustZone memory transfer interface can lead to information disclosure in Snapdragon Auto, Snapdragon

Improper access control while doing XPU re-configuration dynamically can lead to unauthorized access to a secure resource in Snapd

Possible integer overflow in page alignment interface due to lack of address and size validation before alignment in Snapdragon Au

Possible integer overflow in access control initialization interface due to lack and size and address validation in Snapdragon Aut

Possible null pointer dereference in thread profile trap handler due to lack of thread ID validation before dereferencing it in Sn

Possible null pointer dereference due to lack of TLB validation for user provided address in Snapdragon Auto, Snapdragon Compute,

Improper validation of a socket state when socket events are being sent to clients can lead to invalid access of memory in Snapdra

Improper access control in TrustZone due to improper error handling while handling the signing key in Snapdragon Auto, Snapdragon

An integer overflow due to improper check performed after the address and size passed are aligned in Snapdragon Compute, Snapdrago

Possible out of bound access due to improper validation of function table entries in Snapdragon Auto, Snapdragon Compute, Snapdrag

Information disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon

Improper authentication of sub-frames of a multicast AMSDU frame can lead to information disclosure in Snapdragon Auto, Snapdragon

Possible integer overflow due to improper check of batch count value while sanitizer is enabled in Snapdragon Auto, Snapdragon Com

Null pointer dereference occurs due to improper validation when the preemption feature enablement is toggled in Snapdragon Auto, S

Possible buffer over read due to lack of alignment between map or unmap length of IPA SMMU and WLAN SMMU in Snapdragon Auto, Snapd

Possible use-after-free due to lack of validation for the rule count in filter table in IPA driver in Snapdragon Auto, Snapdragon

Possible buffer overflow due to lack of offset length check while updating the buffer value in Snapdragon Auto, Snapdragon Compute

Possible buffer over read occurs due to lack of length check of request buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon

Possible null pointer dereference due to lack of validation check for passed pointer during key import in Snapdragon Auto, Snapdra

Buffer overflow occurs in trusted applications due to lack of length check of parameters in Snapdragon Auto, Snapdragon Compute, S

Possible out of bounds read due to incorrect validation of incoming buffer length in Snapdragon Auto, Snapdragon Compute, Snapdrag

Child process can leak information from parent process due to numeric pids are getting compared and these pid can be reused in Sna

Improper authentication of un-encrypted plaintext Wi-Fi frames in an encrypted network can lead to information disclosure in Snapd

Improper length check of public exponent in RSA import key function could cause memory corruption. in Snapdragon Auto, Snapdragon

Possible buffer overflow due to lack of length check in Trusted Application in Snapdragon Auto, Snapdragon Compute, Snapdragon Con

Memory corruption in key parsing and import function due to double freeing the same heap allocation in Snapdragon Auto, Snapdragon

Incorrect handling of pointers in trusted application key import mechanism could cause memory corruption in Snapdragon Auto, Snapd

Possible integer overflow in RPMB counter due to lack of length check on user provided data in Snapdragon Auto, Snapdragon Compute

Possible out of bound read in DRM due to improper buffer length check. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connecti

While waiting for a response to a callback or listener request, non-secure clients can change permissions to shared memory buffers

A race between command submission and destroying the context can cause an invalid context being added to the list leads to use aft

Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdra

Use after free due to race condition when reopening the device driver repeatedly in Snapdragon Auto, Snapdragon Compute, Snapdrago

Memory corruption due to ioctl command size was incorrectly set to the size of a pointer and not enough storage is allocated for t

Use after free issue when importing a DMA buffer by using the CPU address of the buffer due to attachment is not cleaned up proper

Possible heap overflow while parsing NAL header due to lack of check of length of data received from user in Snapdragon Auto, Snap

Trusted APPS to overwrite the CPZ memory of another use-case as TZ only checks the physical address not overlapping with its memor

Memory corruption due to buffer overflow while copying the message provided by HLOS into buffer without validating the length of b

Out-of-bounds memory access can occur while calculating alignment requirements for a negative width from external components in Sn

Possible use after free due to lack of null check while memory is being freed in FastRPC driver in Snapdragon Auto, Snapdragon Com

Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapd

Out of bound write can occur in TZ command handler due to lack of validation of command ID in Snapdragon Auto, Snapdragon Compute,

Out of bound write can occur in playready while processing command due to lack of input validation in Snapdragon Auto, Snapdragon

Trustzone initialization code will disable xPU`s when memory dumps are enabled and lead to information disclosure in Snapdragon Au

Unintended reads and writes by NS EL2 in access control driver due to lack of check of input validation in Snapdragon Auto, Snapdr

Use after free condition in msm ioctl events due to race between the ioctl register and deregister events in Snapdragon Auto, Snap

Out of bound read access in hypervisor due to an invalid read access attempt by passing invalid addresses in Snapdragon Auto, Snap

Arbitrary memory write issue in video driver while setting the internal buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon

Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for par

Key material used for TZ diag buffer encryption and other data related to log buffer is not wiped securely due to improper usage o

Out of bound write and read in TA while processing command from NS side due to improper length check on command and response buffe

Possible out of bound access in TA while processing a command from NS side due to improper length check of response buffer in Snap

Out of bound memory access while playing music playbacks with crafted vorbis content due to improper checks in header extraction i

Out of bound access issue while handling cvp process control command due to improper validation of buffer pointer received from HL

Buffer overflow in LibFastCV library due to improper size checks with respect to buffer length' in Snapdragon Auto, Snapdragon Com

Possible buffer overflow in Fastrpc while handling received parameters due to lack of validation on input parameters' in Snapdrago

u'Buffer over read in boot due to size check ignored before copying GUID attribute from request to response' in Snapdragon Auto, S

u'Integer overflow can cause a buffer overflow due to lack of table length check in the extensible boot Loader during the validati

u'information disclosure in gatekeeper trustzone implementation as the throttling mechanism to prevent brute force attempts at get

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin