rennell firmware · threatengine.sh

Home/Product/qualcomm rennell firmware

Product

qualcomm rennell firmware

169 known vulnerabilities across versions

Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.

Sort Min CVSS Published since

u'While processing invalid connection request PDU which is nonstandard (interval or timeout is 0) from central device may lead per

u'Buffer over-read issue in Bluetooth peripheral firmware due to lack of check for invalid opcode and length of opcode received fr

u'Possible buffer overflow while updating output buffer for IMEI and Gateway Address due to lack of check of input validation for

u'Due to an incorrect SMMU configuration, the modem crypto engine can potentially compromise the hypervisor' in Snapdragon Auto, S

u'QSEE reads the access permission policy for the SMEM TOC partition from the SMEM TOC contents populated by XBL Loader and applie

u'Buffer overflow can happen as part of SIP message packet processing while storing values in array due to lack of check to valida

u'Potential out of bounds read while processing downlink NAS transport message due to improper length check of Information Element

u'Buffer overflow occurs while processing SIP message packet due to lack of check of index validation before copying into it' in S

u'An Unaligned address or size can propagate to the database due to improper page permissions and can lead to improper access cont

u'Two threads running simultaneously from user space can lead to race condition in fastRPC driver' in Snapdragon Auto, Snapdragon

u'Third-party app may also call the broadcasts in Perfdump and cause privilege escalation issue due to improper access control' in

u'Possible buffer overflow in MHI driver due to lack of input parameter validation of EOT events received from MHI device side' in

u'Out of bound access can happen in MHI command process due to lack of check of channel id value received from MHI devices' in Sna

u'During execution after Address Space Layout Randomization is turned on for QTEE, part of code is still mapped at known address i

Out of bound access can happen in MHI command process due to lack of check of command channel id value received from MHI devices i

u'Multiple Read overflows issue due to improper length check while decoding Generic NAS transport/EMM info' in Snapdragon Auto, Sn

u'Buffer over-read Issue in Q6 testbus framework due to diag packet length is not completely validated before accessing the field

u'Reachable assertion when wrong data size is returned by parser for ape clips' in Snapdragon Auto, Snapdragon Consumer IOT, Snapd

u'Possible use-after-free while accessing diag client map table since list can be reallocated due to exceeding max client limit.'

u'Potential integer underflow while parsing Service Info and IPv6 link-local TLVs that comes as part of NDPE attribute' in Snapdra

u'Buffer Overflow issue in WLAN tcp ip verification due to usage of out of range pointer offset' in Snapdragon Auto, Snapdragon Co

u'Buffer overflow while parsing PMF enabled MCBC frames due to frame length being lesser than what is expected while parsing' in S

u'Buffer Overflow in mic calculation for WPA due to copying data into buffer without validating the length of buffer' in Snapdrago

u'Information disclosure issue occurs as in current logic Secure Touch session is released without terminating display session' in

u'Information disclosure issue can occur due to partial secure display-touch session tear-down' in Snapdragon Auto, Snapdragon Com

u'Resizing the usage table header before passing all the checks leads to the function exiting with a usage table in invalid state

u'Out of bound writes happen when accessing usage_table header entry beyond the memory allocated for the header' in Snapdragon Aut

u'Stack out of bound issue occurs when making query to DSP capabilities due to wrong assumption was made on determining the buffer

u'A potential buffer overflow exists due to integer overflow when parsing handler options due to wrong data type usage in operatio

u'Channel name string which has been read from shared memory is potentially subjected to string manipulations but not validated fo

u'Lack of check to ensure that the TX read index & RX write index that are read from shared memory are less than the FIFO size res

u'Lack of check of integer overflow while doing a round up operation for data read from shared memory for G-link SMEM transport ca

u'Non-secure memory is touched multiple times during TrustZone\u2019s execution and can lead to privilege escalation or memory cor

u'Possible out of bound access while copying the mask file content into the buffer without checking the buffer size' in Snapdragon

u'Calling thread may free the data buffer pointer that was passed to the callback and later when event loop executes the callback,

u'Information exposure issues while processing IE header due to improper check of beacon IE frame' in Snapdragon Auto, Snapdragon

u'Buffer over read occurs while processing information element from beacon due to lack of check of data received from beacon' in S

u'While processing SMCInvoke asynchronous message header, message count is modified leading to a TOCTOU race condition and lead to

u'Information disclosure issue occurs as in current logic as secure touch is released without clearing the display session which c

u'Keymaster attestation key and device IDs provisioning which is a one time process is incorrectly allowed to be re-provisioned af

u'Heap overflow in diag command handler due to lack of check of packet length received from user' in Snapdragon Auto, Snapdragon C

u'Pointer double free in HavenSvc due to not setting the pointer to NULL after freeing it' in Snapdragon Auto, Snapdragon Compute,

u'Possible integer overflow in API due to lack of check on large oid range count in cert extension field' in Snapdragon Auto, Snap

u'When a new session is created, Object is returned that contains TZ addresses and it get passed to HLOS as an handle to refer to

u'Lack of check for integer overflow for round up and addition operations result into memory corruption and potential information

u'Lack of check that the TX FIFO write and read indices that are read from shared RAM are less than the FIFO size results into mem

u'Lack of integer overflow check for addition of fragment size and remaining size that are read from shared memory can lead to mem

u'Lack of check that the current received data fragment size of a particular packet that are read from shared memory are less than

u'Out of bound memory access if stack push and pop operation are performed without doing a bound check on stack top' in Snapdragon

u'User Process can potentially corrupt kernel virtual page by passing a crafted page in API' in Snapdragon Auto, Snapdragon Comput

u'Memory can be potentially corrupted if random index is allowed to manipulate TLB entries in Kernel from user library' in Snapdra

u'Possibility of integer overflow in keymaster 4 while allocating memory due to multiplication of large numcerts value and size of

u'Improper access control can lead signed process to guess pid of other processes and access their address space' in Snapdragon Au

u'Improper authentication and signature verification of debug polices in secure boot loader will allow unverified debug policies t

u'SMEM partition can be manipulated in case of any compromise on HLOS, thus resulting in access to memory outside of SMEM address

Possible buffer overflow while parsing mp4 clip with corrupted sample atoms due to improper validation of index in Snapdragon Auto

Memory corruption can occurs in trusted application if offset size from HLOS is more than actual mapped buffer size in Snapdragon

Memory failure in content protection module due to not having pointer within the scope in Snapdragon Auto, Snapdragon Compute, Sna

Possible buffer overflow and over read possible due to missing bounds checks for fixed limits if we consider widevine HLOS client

Out of bounds read can happen in diag event set mask command handler when user provided length in the command request is less than

Possible memory corruption in perfservice due to improper validation array length taken from user application. in Snapdragon Auto,

Buffer over-write may occur during fetching track decoder specific information if cb size exceeds buffer size in Snapdragon Auto,

Buffer overflow can occur while parsing eac3 header while playing the clip which is nonstandard in Snapdragon Auto, Snapdragon Com

Buffer overflow will happen while parsing mp4 clip with corrupted sample atoms values which exceeds MAX_UINT32 range due to lack o

Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms in Snapdragon Auto, Snapdrago

Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms in Snapdragon Auto, Snapdrago

Use after free issue in camera applications when used randomly over multiple operations due to pointer not set to NULL after free/

Stack based overflow If the maximum number of arguments allowed per request in perflock exceeds in Snapdragon Auto, Snapdragon Com

Improper access due to socket opened by the logging application without specifying localhost address in Snapdragon Consumer IOT, S

Any application can bind to it and exercise the APIs due to no protection for AIDL uimlpaservice in Snapdragon Auto, Snapdragon Co

Possible buffer overflow while copying the frame to local buffer due to lack of check of length before copying in Snapdragon Auto,

Integer overflow in diag command handler when user inputs a large value for number of tasks field in the request packet in Snapdra

System Services exports services without permission protect and can lead to information exposure in Snapdragon Industrial IOT, Sna

Double free issue in NPU due to lack of resource locking mechanism to avoid race condition in Snapdragon Auto, Snapdragon Compute,

Out of bound write can happen due to lack of check of array index value while parsing SDP attribute for SAR in Snapdragon Auto, Sn

Buffer overflow occurs while processing an subsample data length out of range due to lack of user input validation in Snapdragon A

Copying RTCP messages into the output buffer without checking the destination buffer size which could lead to a remote stack overf

Buffer overflows while decoding setup message from Network due to lack of check of IE message length received from network in Snap

Payload size is not validated before reading memory that may cause issue of accessing invalid pointer or some garbage data in Snap

kernel writes to user passed address without any checks can lead to arbitrary memory write in Snapdragon Auto, Snapdragon Compute,

Firmware will hit assert in WLAN firmware If encrypted data length in FILS IE of reassoc response is more than 528 bytes in Snapdr

Integer overflow may occur if atom size is less than atom offset as there is improper validation of atom size in Snapdragon Auto,

Array out of bound may occur while playing mp3 file as no check is there on offset if it is greater than the buffer allocated or n

Possibility of out of bound access while processing the responses from video firmware in Snapdragon Auto, Snapdragon Compute, Snap

Possibility of double free of the drawobj that is added to the drawqueue array of the context during IOCTL commands as there is no

Out of bound memory access while processing ese transmit command due to passing Response buffer received from user in Snapdragon A

Using non-time-constant functions like memcmp to compare sensitive data can lead to information leakage through timing side channe

Integer overflow in calculating estimated output buffer size when getting a list of installed Feature IDs, Serial Numbers or check

Out of bound read in Fingerprint application due to requested data is being used without length check in Snapdragon Auto, Snapdrag

Out of bound read in fingerprint application due to requested data assigned to a local buffer without length check in Snapdrago

Out of bound write can occur in radio measurement request if STA receives multiple invalid rrm measurement request from AP in Snap

Possible buffer overflow while playing mkv clip due to lack of validation of atom size buffer in Snapdragon Auto, Snapdragon Compu

Buffer overflow in WLAN firmware while parsing GTK IE containing GTK key having length more than the buffer size in Snapdragon Aut

Buffer overflow can occur in WLAN firmware while unwraping data using CCMP cipher suite during parsing of EAPOL handshake frame

Potential buffer overflow while processing CBF frames due to lack of check of buffer length before copy in Snapdragon Auto, Snapdr

Possible buffer overflow while handling NAN reception of NMF in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snap

Buffer overflow can occur in function wlan firmware while copying association frame content if frame length is more than the maxim

Null pointer dereference issue in radio interface layer due to lack of null check in sapmodule destructor in Snapdragon Auto, Snap

Possible use after free issue in pcm volume controls due to race condition exist in private data used in mixer controls in Snapdra

Multiple Read overflows issue due to improper length check while decoding tau reject/tau accept/detach request/attach reject/attac

Error occurs While extracting the ipv6_header having an invalid length due to lack of length check in Snapdragon Auto, Snapdragon

Possible buffer overrun when processing EFS filename and payload sent over diag interface due to lack of check for filename length

Multiple Read overflows issue due to improper length check while decoding dedicated_eps_bearer_req/ act_def_context_req/ cs_serv_n

Multiple Read overflows issue due to improper length check while decoding RAU accept/PDN disconnect Rej/Modify EPS ctxt req/bearer

Possible out of bound array access as there is no check on carrier index passed in Snapdragon Auto, Snapdragon Compute, Snapdragon

Possibility of null pointer deference as the array of video codecs from media info is referenced without null checking while proce

Multiple Read overflows issue due to improper length check while decoding 3G attach accept/ SMS/ pdn connection reject/ esm data t

Due to the use of non-time-constant comparison functions there is issue in timing side channels which can be used as a potential s

Out of bound access in diag services when DCI command buffer reallocation is not done properly with required capacity in Snapdrago

While handling the vendor command there is an integer truncation issue that could yield a buffer overflow due to int data type cop

Possible integer overflow can happen in host driver while processing user controlled string due to improper validation on data rec

Use after free issue when MAP and UNMAP calls at same time as data structure used my MAP may be freed by UNMAP function in Snapdra

Possible buffer over read when trying to process SDP message Video media line with frame-size attribute in video Media line in Sna

Out of bound write can happen due to lack of check of array index value while calculating it. in Snapdragon Auto, Snapdragon Compu

Copying RTCP messages into the output buffer without checking the destination buffer size which could lead to a remote stack overf

Lack of boundary checks for data offsets received from HLOS can lead to out-of-bound read in Snapdragon Auto, Snapdragon Compute,

Missing length check before copying the data from kernel space to userspace through the copy function can lead to buffer overflow

String error while processing non standard SIP messages received can lead to buffer overread and then denial of service in Snapdra

When issuing IOCTL calls to ION, Memory leak can occur due to failure in unassign pages under certain conditions in Snapdragon Aut

Target specific data is being sent to remote server and leads to information exposure in Snapdragon Auto, Snapdragon Compute, Snap

Possible buffer overflow in data offload handler due to lack of check of keydata length when copying data in Snapdragon Auto, Snap

Possible buffer overflow in WLAN Parser due to lack of length check when copying data in Snapdragon Auto, Snapdragon Compute, Snap

Buffer overflow occurs while processing LMP packet in which name length parameter exceeds value specified in BT-specification in S

While parsing Service Descriptor Extended Attribute received as part of SDF frame, there is a possibility that incorrect length is

Unhandled paging request is observed due to dereferencing an already freed object because of race condition between sparse free an

Compromised reset handler may bypass access control due to AC config is being reset if debug path is enabled to collect secure or

Out of bound access in msm routing due to lack of check of size before accessing in Snapdragon Auto, Snapdragon Compute, Snapdrago

Null-pointer dereference can occur while accessing the segment element info when it is not allocated and assigned in Snapdragon Au

Out-of-bound writes occurs due to lack of check of buffer size will cause buffer overflow only in 32bit architecture. in Snapdrago

Memory use after free issue in audio due to lack of resource control in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer I

The size of a buffer is determined by addition and multiplications operations that have the potential to overflow due to lack of b

Use-after-free in graphics module due to destroying already queued syncobj in error case in Snapdragon Auto, Snapdragon Compute, S

Buffer overwrite during memcpy due to lack of check on SSID length validation in Snapdragon Auto, Snapdragon Compute, Snapdragon C

Buffer overflow due to lack of upper bound check on channel length which is used for a loop. in Snapdragon Compute, Snapdragon Con

Possible buffer overflow in WLAN WMI handler due to lack of ssid length check when copying data in Snapdragon Auto, Snapdragon Com

A stack-based buffer overflow exists in the initialization of the identification stage due to lack of check on the number of templ

Lack of check that the RX FIFO write index that is read from shared RAM is less than the FIFO size results into memory corruption

Possibility of heap-buffer-overflow during last iteration of loop while populating image version information in diag command respo

Stack overflow can occur when SDP is received with multiple payload types in the FMTP attribute of a video M line in Snapdragon Au

Buffer overflow can occur when processing non standard SDP video Image attribute parameter in a VILTE\VOLTE call in Snapdragon Aut

Null pointer dereference can happen when parsing udta atom which is non-standard and having invalid depth in Snapdragon Auto, Snap

Possible Stack overflow can occur when processing a large SDP body or non standard SDP body without right delimiters in Snapdragon

Filling media attribute tag names without validating the destination buffer size which can result in the buffer overflow in Snapdr

Improper input validation while processing SIP URI received from the network will lead to buffer over-read and then to denial of s

Multiple Read overflows issue due to improper length check while decoding Identity Request in CSdomain/Authentication Reject in CS

Multiple Read overflows due to improper length checks while decoding authentication in Cs domain/RAU Reject and TC cmd in Snapdrag

Multiple Buffer Over-read issue can happen due to improper length checks while decoding Service Reject/RAU Reject/PTMSI Realloc cm

Buffer Over-read when UE is trying to process the message received form the network without zero termination in Snapdragon Auto, S

Null pointer dereference issue can happen due to improper validation of CSEQ header response received from network in Snapdragon A

Buffer overflow can occur in WLAN firmware while parsing beacon/probe_response frames during roaming in Snapdragon Auto, Snapdrago

Out of bound access due to Invalid inputs to dapm mux settings which results into kernel failure in Snapdragon Auto, Snapdragon Co

Uninitialized stack data gets used If memory is not allocated for blob or if the allocated blob is less than the struct size requi

Buffer Over read of codec private data while parsing an mkv file due to lack of check of buffer size before read in Snapdragon Aut

During listener modified response processing, a buffer overrun occurs due to lack of buffer size verification when updating messag

Out of bound access while parsing dts atom, which is non-standard as it does not have valid number of tracks in Snapdragon Auto, S

There is a way to deceive the GPU kernel driver into thinking there is room in the GPU ringbuffer and overwriting existing command

Use after free while processing eeprom query as there is a chance to not unlock mutex after error occurs in Snapdragon Auto, Snapd

Possible stack-use-after-scope issue in NFC usecase for card emulation in Snapdragon Auto, Snapdragon Industrial IOT, Snapdragon M

String format issue will occur while processing HLOS data as there is no user input validation to ensure inputs are properly NULL

Heap buffer overflow can occur while parsing invalid MKV clip which is not standard and have invalid vorbis codec data in Snapdrag

While parsing invalid super index table, elements within super index table may exceed total chunk size and invalid data is read in

The device may enter into error state when some tool or application gets failure at 1st buffer map all and performs 2nd buffer map

Buffer overflow occur while playing the clip which is nonstandard due to lack of offset length check in Snapdragon Auto, Snapdrago

Buffer overflow occur while playing the clip which is nonstandard due to lack of check of size duration in Snapdragon Auto, Snapdr

Buffer overflow occurs while processing invalid MKV clip, which has invalid EBML size in Snapdragon Auto, Snapdragon Compute, Snap

Null pointer exception can happen while parsing invalid MKV clip where cue information is parsed before segment information in Sna

NULL is assigned to local instance of audio device pointer after free instead of global static pointer and can lead to use after f

Buffer over-read can occur while playing the video clip which is not standard in Snapdragon Auto, Snapdragon Compute, Snapdragon C

Null pointer dereference can occur while parsing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin