sa515m firmware · threatengine.sh

Home/Product/qualcomm sa515m firmware

Product

qualcomm sa515m firmware

287 known vulnerabilities across versions

Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.

Sort Min CVSS Published since

Transient DOS in Modem while processing invalid System Information Block 1.

Memory corruption in RIL due to Integer Overflow while triggering qcril_uim_request_apdu request.

Memory Corruption due to improper validation of array index in Linux while updating adn record.

Memory Corruption in Audio while playing amrwbplus clips with modified content.

Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.

Memory corruption in RIL while trying to send apdu packet.

Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key.

Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.

Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.

Memory corruption due to improper validation of array index in Multi-mode call processor.

Transient DOS due to reachable assertion in Modem while processing SIB1 Message.

Transient DOS due to reachable assertion in modem when network repeatedly sent invalid message container for NR to LTE handover.

Memory corruption in WLAN due to use after free

Transient DOS due to reachable assertion in modem during MIB reception and SIB timeout

Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.

Memory corruption in modem due to buffer overflow while processing a PPP packet

Memory corruption in modem due to use of out of range pointer offset while processing qmi msg

Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response

Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM

Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload.

Information Disclosure in Graphics during GPU context switch.

Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc respo

Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.

Memory corruption in modem due to buffer copy without checking size of input while receiving WMI command.

Information disclosure due to buffer over-read in WLAN while parsing NMF frame.

Memory corruption in User Identity Module due to integer overflow to buffer overflow when a segement is received via qmi http.

Memory corruption due to improper access control in Qualcomm IPC.

Memory corruption due to configuration weakness in modem wile sending command to write protected files.

Memory corruption due to stack-based buffer overflow in Core

Information disclosure due to buffer overread in Core

Information disclosure due to buffer overread in Core

Memory corruption in core due to stack-based buffer overflow

Memory corruption in Core due to stack-based buffer overflow.

Transient DOS due to null pointer dereference in Bluetooth HOST while receiving an attribute protocol PDU with zero length data.

Transient DOS in Bluetooth HOST due to null pointer dereference when a mismatched argument is passed.

Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames.

Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames.

Memory corruption in Audio due to integer overflow to buffer overflow while music playback of clips like amr,evrc,qcelp with modif

Transient DOS due to buffer over-read in WLAN while parsing corrupted NAN frames.

Information disclosure due to buffer over-read in WLAN while handling IBSS beacons frame.

Denial of service in MODEM due to improper pointer handling

Memory corruption in display due to double free while allocating frame buffer memory

Memory corruption in display driver due to incorrect type casting while accessing the fence structure fields

Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Sna

Information disclosure due to buffer over-read in WLAN firmware while parsing security context info attributes. in Snapdragon Auto

Denial of service in modem due to reachable assertion while processing reconfiguration message in Snapdragon Auto, Snapdragon Comp

Memory corruption in MODEM due to Improper Validation of Array Index while processing GSTK Proactive commands in Snapdragon Auto,

Denial of service in Modem due to reachable assertion while processing the common config procedure in Snapdragon Auto, Snapdragon

Denial of service in Modem module due to improper authorization while error handling in Snapdragon Auto, Snapdragon Compute, Snapd

Memory corruption in MODEM UIM due to usage of out of range pointer offset while decoding command from card in Snapdragon Auto, Sn

Memory corruption in diag due to use after free while processing dci packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Con

Transient DOS due to loop with unreachable exit condition in WLAN firmware while parsing IPV6 extension header. in Snapdragon Auto

Transient DOS due to buffer over-read in WLAN firmware while processing PPE threshold. in Snapdragon Auto, Snapdragon Compute, Sna

Memory corruption in graphics due to use-after-free while importing graphics buffer in Snapdragon Auto, Snapdragon Compute, Snapdr

Denial of service in WLAN due to potential null pointer dereference while accessing the memory location in Snapdragon Auto, Snapdr

Memory corruption in graphics due to buffer overflow while validating the user address in Snapdragon Auto, Snapdragon Compute, Sna

Denial of service due to null pointer dereference when GATT is disconnected in Snapdragon Auto, Snapdragon Consumer IOT, Snapdrago

Transient Denial-of-Service in WLAN due to buffer over-read while parsing MDNS frames. in Snapdragon Auto, Snapdragon Compute, Sna

Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Comp

Denial of service in WLAN due to out-of-bound read happens while processing VHT action frame in Snapdragon Auto, Snapdragon Comput

Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute, Snapdrag

Cryptographic issue in WLAN due to improper check on return value while authentication handshake in Snapdragon Auto, Snapdragon Co

Memory corruption due to use after free in service while trying to access maps by different threads in Snapdragon Auto, Snapdragon

Denial of service in BOOT when partition size for a particular partition is requested due to integer overflow when blocks are calc

Information disclosure in WLAN due to improper validation of array index while parsing crafted ANQP action frames in Snapdragon Au

Memory corruption in bluetooth due to integer overflow while processing HFP-UNIT profile in Snapdragon Auto, Snapdragon Consumer I

Improper authorization of a replayed LTE security mode command can lead to a denial of service in Snapdragon Auto, Snapdragon Comp

Memory corruption occurs while processing command received from HLOS due to improper length check in Snapdragon Auto, Snapdragon C

Improper validation of backend id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Sna

Memory corruption in audio due to lack of check of invalid routing address into APR Routing table in Snapdragon Auto, Snapdragon C

Potential memory leak in modem during the processing of NSA RRC Reconfiguration with invalid Radio Bearer Config in Snapdragon Aut

An out-of-bounds read can occur while parsing a server certificate due to improper length check in Snapdragon Auto, Snapdragon Com

A null pointer dereference may potentially occur during RSA key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connecti

Out of bound write in DSP service due to improper bound check for response buffer size in Snapdragon Auto, Snapdragon Compute, Sna

Non-secure region can try modifying RG permissions of IO space xPUs due to improper input validation in Snapdragon Auto, Snapdrago

Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in S

Memory corruption in bluetooth host due to integer overflow while processing BT HFP-UNIT profile in Snapdragon Auto, Snapdragon Co

Buffer overflow can occur due to improper validation of NDP application information length in Snapdragon Auto, Snapdragon Compute,

kernel event may contain unexpected content which is not generated by NPU software in asynchronous execution mode in Snapdragon Au

Out of bound read in WLAN HOST due to improper length check can lead to DOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Con

Possible buffer over read due to lack of size validation while unpacking frame in Snapdragon Auto, Snapdragon Compute, Snapdragon

Improper handling between export and release functions on the same handle from client can lead to use after free in Snapdragon Com

Potential out of Bounds read in FIPS event processing due to improper validation of the length from the firmware in Snapdragon Aut

An out-of-bounds write can occur due to an incorrect input check in the camera driver in Snapdragon Auto, Snapdragon Compute, Snap

A user with user level permission can access graphics protected region due to improper access control in register configuration in

Possible buffer overflow due to improper parsing of headers while playing the FLAC audio clip in Snapdragon Auto, Snapdragon Compu

Possible buffer overflow due to lack of validation for the length of NAI string read from EFS in Snapdragon Auto, Snapdragon Compu

Improper validation of session id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Sna

Improper memory allocation during counter check DLM handling can lead to denial of service in Snapdragon Auto, Snapdragon Compute,

Possible buffer over read due to improper validation of SIB type when processing a NR system Information message in Snapdragon Aut

Possible buffer overflow due to lack of buffer length check during management frame Rx handling in Snapdragon Auto, Snapdragon Com

Possible out of bound read due to lack of length check of data length for a DIAG event in Snapdragon Auto, Snapdragon Compute, Sna

Possible out of bound read due to improper validation of certificate chain in SSL or Internet key exchange in Snapdragon Auto, Sna

Possible memory leak due to improper validation of certificate chain length while parsing server certificate chain in Snapdragon A

Possible null pointer dereference due to improper validation of RRC connection reconfiguration message in Snapdragon Auto, Snapdra

Possible assertion due to improper validation of rank restriction field in Snapdragon Auto, Snapdragon Compute, Snapdragon Connect

Possible buffer over read due to lack of size validation while copying data from DBR buffer to RX buffer and can lead to Denial of

Lack of MBN header size verification against input buffer can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Sn

Improper access control sequence for AC database after memory allocation can lead to possible memory corruption in Snapdragon Auto

Improper integrity check can lead to race condition between tasks PDCP and RRC? right after a valid RRC Command packet has been re

Improper authorization of a replayed LTE security mode command can lead to a denial of service in Snapdragon Auto, Snapdragon Comp

Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received

Improper buffer size validation of DSM packet received can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapd

Reachable assertion due to improper validation of coreset in PDCCH configuration in SA mode in Snapdragon Auto, Snapdragon Compute

Possible use after free due to lack of null check of DRM file status after file structure is freed in Snapdragon Auto, Snapdragon

Buffer overflow in sahara protocol while processing commands leads to overwrite of secure configuration data in Snapdragon Mobile,

Possible unauthorized access to secure space due to improper check of data allowed while flashing the no access control device con

Possible out of bound read due to improper length calculation of WMI message. in Snapdragon Auto, Snapdragon Compute, Snapdragon C

Possible out of bounds access due to improper input validation during graphics profiling in Snapdragon Auto, Snapdragon Compute, S

Possible out of bound write due to improper validation of number of timer values received from firmware while syncing timers in Sn

Possible out of bound read due to improper validation of IE length during SSID IE parse when channel is DFS in Snapdragon Auto, Sn

Improper validation of buffer size input to the EFS file can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Sna

Possible assertion due to improper validation of OTA configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity

Possible assertion due to improper validation of TCI configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity

Possible assertion due to improper validation of invalid NR CSI-IM resource configuration in Snapdragon Auto, Snapdragon Compute,

Improper handling of permissions of a shared memory region can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, S

Improper validation of data length received from DMA buffer can lead to memory corruption. in Snapdragon Auto, Snapdragon Compute,

Possible assertion due to improper size validation while processing the DownlinkPreemption IE in an RRC Reconfiguration/RRC Setup

Possible out of bounds write due to improper validation of number of GPIOs configured in an internal parameters array in Snapdrago

Improper validation of input when provisioning the HDCP key can lead to memory corruption in Snapdragon Auto, Snapdragon Compute,

Improper validation of program headers containing ELF metadata can lead to image verification bypass in Snapdragon Auto, Snapdrago

Improper validation of function pointer type with actual function signature can lead to assertion in Snapdragon Auto, Snapdragon C

Possible integer overflow due to improper validation of command length parameters while processing WMI command in Snapdragon Auto,

Possible heap overflow due to lack of index validation before allocating and writing to heap buffer in Snapdragon Auto, Snapdragon

Possible buffer overflow while printing the HARQ memory partition detail due to improper validation of buffer size in Snapdragon A

Possible denial of service due to improper validation of DNS response when DNS client requests with PTR, NAPTR or SRV query type i

Possible denial of service due to out of memory while processing RRC and NAS OTA message in Snapdragon Auto, Snapdragon Industrial

Possible denial of service due to incorrectly decoding hex data for the SIB2 OTA message and assigning a garbage value to choice w

Possible assertion due to improper validation of symbols configured for PDCCH monitoring in Snapdragon Auto, Snapdragon Compute, S

Improper validation of memory region in Hypervisor can lead to incorrect region mapping in Snapdragon Auto, Snapdragon Compute, Sn

An out of bound memory access can occur due to improper validation of number of frames being passed during music playback in Snapd

Improper validation of LLM utility timers availability can lead to denial of service in Snapdragon Auto, Snapdragon Compute, Snapd

Possible use after free when process shell memory is freed using IOCTL call and process initialization is in progress in Snapdrago

Possible assertion in QOS request due to improper validation when multiple add or update request are received simultaneously in Sn

Possible buffer overflow due to lack of buffer length check when segmented WMI command is received in Snapdragon Auto, Snapdragon

Possible out of bound write in RAM partition table due to improper validation on number of partitions provided in Snapdragon Auto,

Improper input validation in TrustZone memory transfer interface can lead to information disclosure in Snapdragon Auto, Snapdragon

Possible integer overflow in page alignment interface due to lack of address and size validation before alignment in Snapdragon Au

Possible integer overflow in access control initialization interface due to lack and size and address validation in Snapdragon Aut

Possible null pointer dereference in thread cache operation handler due to lack of validation of user provided input in Snapdragon

Possible null pointer dereference in trap handler due to lack of thread ID validation before dereferencing it in Snapdragon Auto,

Possible null pointer dereference due to lack of TLB validation for user provided address in Snapdragon Auto, Snapdragon Compute,

Possible heap Memory Corruption Issue due to lack of input validation when sending HWTC IQ Capture command in Snapdragon Auto, Sna

Possible integer overflow to buffer overflow due to improper input validation in FTM ARA commands in Snapdragon Auto, Snapdragon C

Improper access control in TrustZone due to improper error handling while handling the signing key in Snapdragon Auto, Snapdragon

Possible out of bound access due to improper validation of function table entries in Snapdragon Auto, Snapdragon Compute, Snapdrag

Possible buffer overflow due to improper input validation in PDM DIAG command in FTM in Snapdragon Auto, Snapdragon Compute, Snapd

Possible denial of service scenario due to improper input validation of received NAS OTA message in Snapdragon Auto, Snapdragon Co

Possible buffer over read due to improper IE size check of Bearer capability IE in MT setup request from network in Snapdragon Aut

Possible buffer overflow due to improper validation of FTM command payload in Snapdragon Auto, Snapdragon Compute, Snapdragon Conn

A FTM Diag command can allow an arbitrary write into modem OS space in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivit

Information disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon

Possible integer overflow can occur due to improper length check while calculating count and grace period in Snapdragon Auto, Snap

Possible denial of service scenario can occur due to lack of length check on Channel Switch Announcement IE in beacon or probe res

Possible out of bound memory access due to improper boundary check while creating HSYNC fence in Snapdragon Auto, Snapdragon Conne

Improper authentication of sub-frames of a multicast AMSDU frame can lead to information disclosure in Snapdragon Auto, Snapdragon

Possible buffer overflow due to Improper validation of received CF-ACK and CF-Poll data frames in Snapdragon Auto, Snapdragon Conn

Possible buffer over read due to lack of length check while parsing beacon IE response in Snapdragon Auto, Snapdragon Compute, Sna

Possible buffer over read due to improper validation of frame length while processing AEAD decryption during ASSOC response in Sna

Possible memory corruption due to lack of bound check of input index in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivi

Possible integer overflow due to improper length check while updating grace period and count record in Snapdragon Auto, Snapdragon

Accepting AMSDU frames with mismatched destination and source address can lead to information disclosure in Snapdragon Auto, Snapd

Possible integer and heap overflow due to lack of input command size validation while handling beacon template update command from

Possible Integer overflow to buffer overflow issue can occur due to improper validation of input parameters when extscan hostlist

A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snapdragon Com

Possible heap overflow due to improper validation of local variable while storing current task information locally in Snapdragon A

Possible buffer over read due to lack of alignment between map or unmap length of IPA SMMU and WLAN SMMU in Snapdragon Auto, Snapd

Possible assertion due to lack of physical layer state validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,

Improper handling of ASB-C broadcast packets with crafted opcode in LMP can lead to uncontrolled resource consumption in Snapdrago

Improper handling of ASB-U packet with L2CAP channel ID by slave host can lead to interference with piconet in Snapdragon Auto, Sn

Possible buffer over read occurs due to lack of length check of request buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon

Possible out of bound read due to lack of length check of data while parsing the beacon or probe response in Snapdragon Auto, Snap

Possible buffer over read issue due to improper length check on WPA IE string sent by peer in Snapdragon Auto, Snapdragon Compute,

Possible null pointer dereference due to lack of validation check for passed pointer during key import in Snapdragon Auto, Snapdra

Buffer overflow occurs in trusted applications due to lack of length check of parameters in Snapdragon Auto, Snapdragon Compute, S

Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Compute, Snap

Integer underflow can occur due to improper handling of incoming RTCP packets in Snapdragon Auto, Snapdragon Compute, Snapdragon C

Integer underflow can occur when the RTCP length is lesser than the actual blocks present in Snapdragon Auto, Snapdragon Comp

Possible buffer underflow due to lack of check for negative indices values when processing user provided input in Snapdragon Auto,

Loop with unreachable exit condition may occur due to improper handling of unsupported input in Snapdragon Auto, Snapdragon Comput

Improper authentication of un-encrypted plaintext Wi-Fi frames in an encrypted network can lead to information disclosure in Snapd

Possible out of bound read due to lack of length check of FT sub-elements in Snapdragon Auto, Snapdragon Compute, Snapdragon Conne

Possible buffer over read due to improper validation of IE size while parsing beacon from peer device in Snapdragon Auto, Snapdrag

Denial of service in SAP case due to improper handling of connections when association is rejected in Snapdragon Auto, Snapdragon

Improper handling of received malformed FTMR request frame can lead to reachable assertion while responding with FTM1 frame in Sna

Possible out of bound read due to lack of length check of Bandwidth-NSS IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Conn

Possible buffer out of bound read can occur due to improper validation of TBTT count and length while parsing the beacon response

Use after free can occur due to improper handling of response from firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Con

Possible assertion due to improper verification while creating and deleting the peer in Snapdragon Auto, Snapdragon Compute, Snapd

Possible buffer overflow due to lack of length check in BA request in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity

Improper length check of public exponent in RSA import key function could cause memory corruption. in Snapdragon Auto, Snapdragon

Possible buffer overflow due to lack of length check in Trusted Application in Snapdragon Auto, Snapdragon Compute, Snapdragon Con

Memory corruption in key parsing and import function due to double freeing the same heap allocation in Snapdragon Auto, Snapdragon

Incorrect handling of pointers in trusted application key import mechanism could cause memory corruption in Snapdragon Auto, Snapd

Reachable assertion is possible while processing peer association WLAN message from host and nonstandard incoming packet in Snapdr

Possible out of bound read in DRM due to improper buffer length check. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connecti

While waiting for a response to a callback or listener request, non-secure clients can change permissions to shared memory buffers

Possible buffer overflow in voice service due to lack of input validation of parameters in QMI Voice API in Snapdragon Auto, Snapd

Possible buffer overflow while updating ikev2 parameters for delete payloads received during informational exchange due to lack of

Stack out-of-bounds write occurs while setting up a cipher device if the provided IV length exceeds the max limit value in Snapdra

While processing server certificate from IPSec server, certificate validation for subject alternative name API can cause heap over

A race between command submission and destroying the context can cause an invalid context being added to the list leads to use aft

Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdra

Use after free due to race condition when reopening the device driver repeatedly in Snapdragon Auto, Snapdragon Compute, Snapdrago

Out of bound read will happen if EAPOL Key length is less than expected while processing NAN shared key descriptor attribute in Sn

Memory corruption due to ioctl command size was incorrectly set to the size of a pointer and not enough storage is allocated for t

Use after free issue when importing a DMA buffer by using the CPU address of the buffer due to attachment is not cleaned up proper

Possible Buffer over-read in ARP/NS parsing due to lack of check of packet length received in Snapdragon Auto, Snapdragon Compute,

Buffer overflow might occur while parsing unified command due to lack of check of input data received in Snapdragon Auto, Snapdrag

Buffer over-read can happen while processing WPA,RSN IE of beacon and response frames if IE length is less than length of frame po

Possible stack out of bound write might happen due to time bitmap length and bit duration fields of the attributes like NAN rangin

Possible use after free due to lack of null check while memory is being freed in FastRPC driver in Snapdragon Auto, Snapdragon Com

Possible denial of service scenario due to improper handling of group management action frame in Snapdragon Auto, Snapdragon Compu

Buffer overflow can occur due to improper validation of NDP application information length in Snapdragon Auto, Snapdragon Compute,

Improper handling of address deregistration on failure can lead to new GPU address allocation failure. in Snapdragon Auto, Snapdra

Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapd

Possible integer overflow due to improper length check while flashing an image in Snapdragon Consumer IOT, Snapdragon Industrial I

A possible use-after-free occurrence in audio driver can happen when pointers are not properly handled in Snapdragon Auto, Snapdra

Out of bound write in logger due to prefix size is not validated while prepended to logging string in Snapdragon Auto, Snapdragon

Out of bound read can happen in Widevine TA while copying data to buffer from user data due to lack of check of buffer length rece

Out of bound write can occur in TZ command handler due to lack of validation of command ID in Snapdragon Auto, Snapdragon Compute,

Out of bound write can occur in playready while processing command due to lack of input validation in Snapdragon Auto, Snapdragon

Buffer over-read while unpacking the RTCP packet we may read extra byte if wrong length is provided in RTCP packets in Snapdragon

Memory corruption while processing crafted SDES packets due to improper length check in sdes packets recieved in Snapdragon Auto,

Denial of service in MODEM due to assert to the invalid configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectiv

Denial of service while processing RTCP packets containing multiple SDES reports due to memory for last SDES packet is freed and r

Trustzone initialization code will disable xPU`s when memory dumps are enabled and lead to information disclosure in Snapdragon Au

Out-of-bounds read vulnerability while accessing DTMF payload due to lack of check of buffer length before copying in Snapdragon A

RRC sends a connection establishment success to NAS even though connection setup validation returns failure and leads to denial of

When sending a socket event message to a user application, invalid information will be passed if socket is freed by other thread r

Out of bound read occurs while processing crafted SDP due to lack of check of null string in Snapdragon Auto, Snapdragon Compute,

Use after free in GPU driver while mapping the user memory to GPU memory due to improper check of referenced memory in Snapdragon

Buffer overflow occurs when trying to convert ASCII string to Unicode string if the actual size is more than required in Snapdrago

Use after free condition in msm ioctl events due to race between the ioctl register and deregister events in Snapdragon Auto, Snap

Out of bound write while parsing RTT/TTY packet parsing due to lack of check of buffer size before copying into buffer in Snapdrag

Out of bound memory read in Data modem while unpacking data due to lack of offset length check in Snapdragon Auto, Snapdragon Comp

Buffer over read while processing MT SMS with maximum length due to improper length check in Snapdragon Auto, Snapdragon Compute,

Usage of syscall by non-secure entity can allow extraction of secure QTEE diagnostic information in clear text form due to insuffi

Denial of service in baseband when NW configures LTE betaOffset-RI-Index due to lack of data validation in Snapdragon Auto, Snapdr

HLOS to access EL3 stack canary by just mapping imem region due to Improper access control and can lead to information exposure in

Out of bound write while parsing SDP string due to missing check on null termination in Snapdragon Auto, Snapdragon Compute, Snapd

Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Sna

Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Sna

Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Sna

Modem will enter into busy mode in an infinite loop while parsing histogram dimension due to improper validation of input received

Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Sna

Potential out of bound read exception when UE receives unusually large number of padding octets in the beginning of ROHC header in

Arithmetic overflow can happen while processing NOA IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snap

Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers can lead to information disclos

Denial of service while processing fine timing measurement request (FTMR) frame with reserved bits set in the FTM parameter IE due

Possible denial of service while handling host WMI command due to improper validation in Snapdragon Auto, Snapdragon Compute, Snap

Possible buffer over read while processing P2P IE and NOA attribute of beacon and probe response frames due to improper validation

Possible buffer over-read while parsing quiet IE in Rx beacon frame due to improper check of IE length in received beacon in Snapd

Possible out of bounds while accessing global control elements due to race condition in Snapdragon Auto, Snapdragon Compute, Snapd

Possible denial of service due to RTT responder consistently rejects all FTMR by transmitting FTM1 with failure status in the FTM

Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for par

User can overwrite Security Code NV item without knowing current SPC due to improper validation of SPC code setting and device loc

Possible buffer overflow while updating ikev2 parameters due to lack of check of input validation for certain parameters received

Buffer over-read can happen when the buffer length received from response handlers is more than the size of the payload in Snapdra

u'Buffer over read in boot due to size check ignored before copying GUID attribute from request to response' in Snapdragon Auto, S

u'Integer overflow can cause a buffer overflow due to lack of table length check in the extensible boot Loader during the validati

u'information disclosure in gatekeeper trustzone implementation as the throttling mechanism to prevent brute force attempts at get

u'While processing invalid connection request PDU which is nonstandard (interval or timeout is 0) from central device may lead per

u'Due to an incorrect SMMU configuration, the modem crypto engine can potentially compromise the hypervisor' in Snapdragon Auto, S

u'QSEE reads the access permission policy for the SMEM TOC partition from the SMEM TOC contents populated by XBL Loader and applie

u'An Unaligned address or size can propagate to the database due to improper page permissions and can lead to improper access cont

u'Array index underflow issue in adsp driver due to improper check of channel id before used as array index.' in Snapdragon Auto,

u'Two threads running simultaneously from user space can lead to race condition in fastRPC driver' in Snapdragon Auto, Snapdragon

u'Buffer over-read while processing received L2CAP packet due to lack of integer overflow check' in Snapdragon Auto, Snapdragon Co

u'Possible buffer overflow in MHI driver due to lack of input parameter validation of EOT events received from MHI device side' in

u'Buffer over-read issue in Bluetooth estack due to lack of check for invalid length of L2cap packet received from peer device.' i

u'Buffer overflow while processing PDU packet in bluetooth due to lack of check of buffer length before copying into it.' in Snapd

u'Buffer overflow while processing a crafted PDU data packet in bluetooth due to lack of check of buffer size before copying' in S

u'Buffer over-read issue in Bluetooth estack due to lack of check for invalid length of L2cap configuration request received from

u'Out of bound access can happen in MHI command process due to lack of check of channel id value received from MHI devices' in Sna

u'Information disclosure issue occurs as in current logic Secure Touch session is released without terminating display session' in

u'Information disclosure issue can occur due to partial secure display-touch session tear-down' in Snapdragon Auto, Snapdragon Com

u'A potential buffer overflow exists due to integer overflow when parsing handler options due to wrong data type usage in operatio

u'Possible out of bound access while copying the mask file content into the buffer without checking the buffer size' in Snapdragon

u'While processing SMCInvoke asynchronous message header, message count is modified leading to a TOCTOU race condition and lead to

u'Information disclosure issue occurs as in current logic as secure touch is released without clearing the display session which c

u'Keymaster attestation key and device IDs provisioning which is a one time process is incorrectly allowed to be re-provisioned af

u'Pointer double free in HavenSvc due to not setting the pointer to NULL after freeing it' in Snapdragon Auto, Snapdragon Compute,

u'Lack of check for integer overflow for round up and addition operations result into memory corruption and potential information

u'Possibility of integer overflow in keymaster 4 while allocating memory due to multiplication of large numcerts value and size of

u'SMEM partition can be manipulated in case of any compromise on HLOS, thus resulting in access to memory outside of SMEM address

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin