CVE-2020-3704

all versions

u'While processing invalid connection request PDU which is nonstandard (interval or timeout is 0) from central device may lead per

7.5HIGH

CVE-2020-3694

all versions

u'Use out of range pointer issue can occur due to incorrect buffer range check during the execution of qseecom' in Snapdragon Auto

7.8HIGH

CVE-2020-3693

all versions

u'Use out of range pointer issue can occur due to incorrect buffer range check during the execution of qseecom.' in Snapdragon Aut

7.8HIGH

CVE-2020-3692

all versions

u'Possible buffer overflow while updating output buffer for IMEI and Gateway Address due to lack of check of input validation for

9.8CRITICAL

CVE-2020-3690

all versions

u'Due to an incorrect SMMU configuration, the modem crypto engine can potentially compromise the hypervisor' in Snapdragon Auto, S

7.8HIGH

CVE-2020-3684

all versions

u'QSEE reads the access permission policy for the SMEM TOC partition from the SMEM TOC contents populated by XBL Loader and applie

7.8HIGH

CVE-2020-3673

all versions

u'Buffer overflow can happen as part of SIP message packet processing while storing values in array due to lack of check to valida

9.8CRITICAL

CVE-2020-3670

all versions

u'Potential out of bounds read while processing downlink NAS transport message due to improper length check of Information Element

9.1CRITICAL

CVE-2020-3654

all versions

u'Buffer overflow occurs while processing SIP message packet due to lack of check of index validation before copying into it' in S

9.8CRITICAL

CVE-2020-11174

all versions

u'Array index underflow issue in adsp driver due to improper check of channel id before used as array index.' in Snapdragon Auto,

7.8HIGH

CVE-2020-11173

all versions

u'Two threads running simultaneously from user space can lead to race condition in fastRPC driver' in Snapdragon Auto, Snapdragon

7.0HIGH

CVE-2020-11164

all versions

u'Third-party app may also call the broadcasts in Perfdump and cause privilege escalation issue due to improper access control' in

7.8HIGH

CVE-2020-11162

all versions

u'Possible buffer overflow in MHI driver due to lack of input parameter validation of EOT events received from MHI device side' in

7.8HIGH

CVE-2020-11125

all versions

u'Out of bound access can happen in MHI command process due to lack of check of channel id value received from MHI devices' in Sna

7.8HIGH

CVE-2020-3679

all versions

u'During execution after Address Space Layout Randomization is turned on for QTEE, part of code is still mapped at known address i

5.5MEDIUM

CVE-2020-3674

all versions

Information can leak into userspace due to improper transfer of data from kernel to userspace in Snapdragon Auto, Snapdragon Compu

5.5MEDIUM

CVE-2020-3656

all versions

Out of bound access can happen in MHI command process due to lack of check of command channel id value received from MHI devices i

7.8HIGH

CVE-2020-3634

all versions

u'Multiple Read overflows issue due to improper length check while decoding Generic NAS transport/EMM info' in Snapdragon Auto, Sn

9.1CRITICAL

CVE-2020-11135

all versions

u'Reachable assertion when wrong data size is returned by parser for ape clips' in Snapdragon Auto, Snapdragon Consumer IOT, Snapd

7.5HIGH

CVE-2020-11129

all versions

u'During the error occurrence in capture request, the buffer is freed and later accessed causing the camera APP to fail due to mem

7.8HIGH

CVE-2020-11124

all versions

u'Possible use-after-free while accessing diag client map table since list can be reallocated due to exceeding max client limit.'

7.8HIGH

CVE-2020-3675

all versions

u'Potential integer underflow while parsing Service Info and IPv6 link-local TLVs that comes as part of NDPE attribute' in Snapdra

9.8CRITICAL

CVE-2020-3667

all versions

u'Buffer Overflow in mic calculation for WPA due to copying data into buffer without validating the length of buffer' in Snapdrago

9.8CRITICAL

CVE-2020-3646

all versions

u'Buffer overflow seen as the destination buffer size is lesser than the source buffer size in video application' in Snapdragon Co

7.8HIGH

CVE-2020-3640

all versions

u'Resizing the usage table header before passing all the checks leads to the function exiting with a usage table in invalid state

7.8HIGH

CVE-2020-3624

all versions

u'A potential buffer overflow exists due to integer overflow when parsing handler options due to wrong data type usage in operatio

7.8HIGH

CVE-2020-3622

all versions

u'Channel name string which has been read from shared memory is potentially subjected to string manipulations but not validated fo

7.8HIGH

CVE-2020-3621

all versions

u'Lack of check to ensure that the TX read index & RX write index that are read from shared memory are less than the FIFO size res

5.5MEDIUM

CVE-2020-3620

all versions

u'Lack of check of integer overflow while doing a round up operation for data read from shared memory for G-link SMEM transport ca

5.5MEDIUM

CVE-2020-11128

all versions

u'Possible out of bound access while copying the mask file content into the buffer without checking the buffer size' in Snapdragon

7.8HIGH

CVE-2020-11122

all versions

u'Null Pointer exception while playing crafted mkv file as data stream get deleted on secondary invalid configuration' in Snapdrag

5.5MEDIUM

CVE-2020-11120

all versions

u'Calling thread may free the data buffer pointer that was passed to the callback and later when event loop executes the callback,

7.8HIGH

CVE-2020-11118

all versions

u'Information exposure issues while processing IE header due to improper check of beacon IE frame' in Snapdragon Auto, Snapdragon

7.5HIGH

CVE-2020-11116

all versions

u'Possible out of bound write while processing association response received from host due to lack of check of IE length' in Snapd

9.8CRITICAL

CVE-2020-11115

all versions

u'Buffer over read occurs while processing information element from beacon due to lack of check of data received from beacon' in S

7.5HIGH

CVE-2019-14117

all versions

u'Whenever the page list is updated via privileged user, the previous list elements are freed but are not deleted from the list wh

7.8HIGH

CVE-2019-14074

all versions

u'Heap overflow in diag command handler due to lack of check of packet length received from user' in Snapdragon Auto, Snapdragon C

7.8HIGH

CVE-2019-13998

all versions

u'Lack of check that the TX FIFO write and read indices that are read from shared RAM are less than the FIFO size results into mem

7.8HIGH

CVE-2019-13995

all versions

u'Lack of integer overflow check for addition of fragment size and remaining size that are read from shared memory can lead to mem

7.8HIGH

CVE-2019-13994

all versions

u'Lack of check that the current received data fragment size of a particular packet that are read from shared memory are less than

7.8HIGH

CVE-2019-13992

all versions

u'Out of bound memory access if stack push and pop operation are performed without doing a bound check on stack top' in Snapdragon

7.8HIGH

CVE-2019-10629

all versions

u'User Process can potentially corrupt kernel virtual page by passing a crafted page in API' in Snapdragon Auto, Snapdragon Comput

7.8HIGH

CVE-2019-10628

all versions

u'Memory can be potentially corrupted if random index is allowed to manipulate TLB entries in Kernel from user library' in Snapdra

7.8HIGH

CVE-2019-10596

all versions

u'Improper access control can lead signed process to guess pid of other processes and access their address space' in Snapdragon Au

7.8HIGH

CVE-2019-10527

all versions

u'SMEM partition can be manipulated in case of any compromise on HLOS, thus resulting in access to memory outside of SMEM address

7.8HIGH

CVE-2020-3701

all versions

Use after free issue while processing error notification from camx driver due to not properly releasing the sequence data in Snapd

7.8HIGH

CVE-2020-3699

all versions

Possible out of bound access while processing assoc response from host due to improper length check before copying into buffer in

9.8CRITICAL

CVE-2020-3698

all versions

Out of bound write while QoS DSCP mapping due to improper input validation for data received from association response frame in Sn

9.8CRITICAL

CVE-2020-3688

all versions

Possible buffer overflow while parsing mp4 clip with corrupted sample atoms due to improper validation of index in Snapdragon Auto

9.8CRITICAL

CVE-2020-3671

all versions

Use-after-free issue could occur due to dangling pointer when generating a frame buffer in OpenGL ES in Snapdragon Compute, Snapdr

9.8CRITICAL

CVE-2019-14101

all versions

Out of bounds read can happen in diag event set mask command handler when user provided length in the command request is less than

7.1HIGH

CVE-2019-14099

all versions

Device misbehavior may be observed when incorrect offset, length or number of buffers is passed by user space in Snapdragon Auto,

7.8HIGH

CVE-2019-10580

all versions

When kernel thread unregistered listener, Use after free issue happened as the listener client`s private data has been already fre

7.8HIGH

CVE-2020-3676

all versions

Possible memory corruption in perfservice due to improper validation array length taken from user application. in Snapdragon Auto,

7.8HIGH

CVE-2020-3663

all versions

Buffer over-write may occur during fetching track decoder specific information if cb size exceeds buffer size in Snapdragon Auto,

9.8CRITICAL

CVE-2020-3662

all versions

Buffer overflow can occur while parsing eac3 header while playing the clip which is nonstandard in Snapdragon Auto, Snapdragon Com

9.8CRITICAL

CVE-2020-3661

all versions

Buffer overflow will happen while parsing mp4 clip with corrupted sample atoms values which exceeds MAX_UINT32 range due to lack o

9.8CRITICAL

CVE-2020-3660

all versions

Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms in Snapdragon Auto, Snapdrago

9.8CRITICAL

CVE-2020-3658

all versions

Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms in Snapdragon Auto, Snapdrago

9.1CRITICAL

CVE-2020-3642

all versions

Use after free issue in camera applications when used randomly over multiple operations due to pointer not set to NULL after free/

7.8HIGH

CVE-2020-3635

all versions

Stack based overflow If the maximum number of arguments allowed per request in perflock exceeds in Snapdragon Auto, Snapdragon Com

7.8HIGH

CVE-2020-3626

all versions

Any application can bind to it and exercise the APIs due to no protection for AIDL uimlpaservice in Snapdragon Auto, Snapdragon Co

7.8HIGH

CVE-2019-14094

all versions

Integer overflow in diag command handler when user inputs a large value for number of tasks field in the request packet in Snapdra

7.8HIGH

CVE-2019-14092

all versions

System Services exports services without permission protect and can lead to information exposure in Snapdragon Industrial IOT, Sna

5.5MEDIUM

CVE-2019-14091

all versions

Double free issue in NPU due to lack of resource locking mechanism to avoid race condition in Snapdragon Auto, Snapdragon Compute,

7.8HIGH

CVE-2019-10626

all versions

Payload size is not validated before reading memory that may cause issue of accessing invalid pointer or some garbage data in Snap

5.5MEDIUM

CVE-2019-10597

all versions

kernel writes to user passed address without any checks can lead to arbitrary memory write in Snapdragon Auto, Snapdragon Compute,

7.8HIGH

CVE-2020-3641

all versions

Integer overflow may occur if atom size is less than atom offset as there is improper validation of atom size in Snapdragon Auto,

9.8CRITICAL

CVE-2020-3633

all versions

Array out of bound may occur while playing mp3 file as no check is there on offset if it is greater than the buffer allocated or n

9.8CRITICAL

CVE-2020-3630

all versions

Possibility of out of bound access while processing the responses from video firmware in Snapdragon Auto, Snapdragon Compute, Snap

7.8HIGH

CVE-2020-3610

all versions

Possibility of double free of the drawobj that is added to the drawqueue array of the context during IOCTL commands as there is no

7.8HIGH

CVE-2019-14135

all versions

Possible integer overflow to buffer overflow in WLAN while parsing nonstandard NAN IE messages. in Snapdragon Auto, Snapdragon Com

7.8HIGH

CVE-2019-14131

all versions

Out of bound write can occur in radio measurement request if STA receives multiple invalid rrm measurement request from AP in Snap

9.8CRITICAL

CVE-2019-14127

all versions

Possible buffer overflow while playing mkv clip due to lack of validation of atom size buffer in Snapdragon Auto, Snapdragon Compu

9.8CRITICAL

CVE-2019-14122

all versions

Memory failure in SKB if it fails to add the requested padding to the skb in low memory targets or targets with major memory fr

7.8HIGH

CVE-2019-14075

all versions

Null pointer dereference issue in radio interface layer due to lack of null check in sapmodule destructor in Snapdragon Auto, Snap

5.5MEDIUM

CVE-2019-14070

all versions

Possible use after free issue in pcm volume controls due to race condition exist in private data used in mixer controls in Snapdra

7.0HIGH

CVE-2019-10621

all versions

Use after free issue when MAP and UNMAP calls at same time as data structure used my MAP may be freed by UNMAP function in Snapdra

7.8HIGH

CVE-2019-10556

all versions

Missing length check before copying the data from kernel space to userspace through the copy function can lead to buffer overflow

7.8HIGH

CVE-2019-10547

all versions

When issuing IOCTL calls to ION, Memory leak can occur due to failure in unassign pages under certain conditions in Snapdragon Aut

7.8HIGH

CVE-2019-14095

all versions

Buffer overflow occurs while processing LMP packet in which name length parameter exceeds value specified in BT-specification in S

9.8CRITICAL

CVE-2019-14072

all versions

Unhandled paging request is observed due to dereferencing an already freed object because of race condition between sparse free an

7.0HIGH

CVE-2019-14068

all versions

Out of bound access in msm routing due to lack of check of size before accessing in Snapdragon Auto, Snapdragon Compute, Snapdrago

7.8HIGH

CVE-2019-14061

all versions

Null-pointer dereference can occur while accessing the segment element info when it is not allocated and assigned in Snapdragon Au

7.5HIGH

CVE-2019-14032

all versions

Memory use after free issue in audio due to lack of resource control in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer I

7.8HIGH

CVE-2019-14029

all versions

Use-after-free in graphics module due to destroying already queued syncobj in error case in Snapdragon Auto, Snapdragon Compute, S

7.8HIGH

CVE-2019-10604

all versions

Possibility of heap-buffer-overflow during last iteration of loop while populating image version information in diag command respo

7.8HIGH

CVE-2019-10591

all versions

Null pointer dereference can happen when parsing udta atom which is non-standard and having invalid depth in Snapdragon Auto, Snap

7.5HIGH

CVE-2019-10577

all versions

Improper input validation while processing SIP URI received from the network will lead to buffer over-read and then to denial of s

9.1CRITICAL

CVE-2019-14063

all versions

Out of bound access due to Invalid inputs to dapm mux settings which results into kernel failure in Snapdragon Auto, Snapdragon Co

9.1CRITICAL

CVE-2019-14060

all versions

Uninitialized stack data gets used If memory is not allocated for blob or if the allocated blob is less than the struct size requi

7.8HIGH

CVE-2019-14057

all versions

Buffer Over read of codec private data while parsing an mkv file due to lack of check of buffer size before read in Snapdragon Aut

9.1CRITICAL

CVE-2019-14041

all versions

During listener modified response processing, a buffer overrun occurs due to lack of buffer size verification when updating messag

7.8HIGH

CVE-2019-10590

all versions

Out of bound access while parsing dts atom, which is non-standard as it does not have valid number of tracks in Snapdragon Auto, S

9.8CRITICAL

CVE-2019-10567

all versions

There is a way to deceive the GPU kernel driver into thinking there is room in the GPU ringbuffer and overwriting existing command

7.8HIGH