sm8750 firmware · threatengine.sh

Home/Product/qualcomm sm8750 firmware

Product

qualcomm sm8750 firmware

120 known vulnerabilities across versions

Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.

Sort Min CVSS Published since

Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input.

Memory corruption occurs when a secure application is launched on a device with insufficient memory.

Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations.

Memory corruption while passing pages to DSP with an unaligned starting address.

Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID.

Memory corruption while processing identity credential operations in the trusted application.

Memory corruption while processing a secure logging command in the trusted application.

Cryptographic issue may occur while encrypting license data.

Memory corruption while handling sensor utility operations.

Memory corruption while deinitializing a HDCP session.

Memory corruption while accessing a synchronization object during concurrent operations.

Memory corruption while performing sensor register read operations.

Memory corruption while parsing clock configuration data for a specific hardware type.

Memory corruption while processing shared command buffer packet between camera userspace and kernel.

Memory corruption while handling buffer mapping operations in the cryptographic driver.

Memory corruption while processing a config call from userspace.

Information disclosure while processing a firmware event.

Transient DOS while parsing video packets received from the video firmware.

Memory corruption while loading an invalid firmware in boot loader.

Memory corruption while routing GPR packets between user and root when handling large data packet.

Memory corruption while copying packets received from unix clients.

Information disclosure while exposing internal TA-to-TA communication APIs to HLOS

Transient DOS when a remote device sends an invalid connection request during BT connectable LE scan.

Memory corruption while performing encryption and decryption commands.

Memory corruption while allocating buffers in DSP service.

Memory corruption while processing user buffers.

Memory corruption while processing a malformed license file during reboot.

Memory corruption during PlayReady APP usecase while processing TA commands.

Transient DOS while processing power control requests with invalid antenna or stream values.

Transient DOS while handling command data during power control processing.

Transient DOS while parsing the EPTM test control message to get the test pattern.

Memory corruption due to global buffer overflow when a test command uses an invalid payload type.

Memory corruption while selecting the PLMN from SOR failed list.

Information disclosure while running video usecase having rogue firmware.

memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency.

Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set.

Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than th

Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP pa

Memory corruption when the UE receives an RTP packet from the network, during the reassembly of NALUs.

Cryptographic issue while performing RSA PKCS padding decoding.

Memory corruption while performing private key encryption in trusted application.

Memory corruption when passing parameters to the Trusted Virtual Machine during the handshake.

Transient DOS while creating NDP instance.

Transient DOS while processing an ANQP message.

Transient DOS while processing a frame with malformed shared-key descriptor.

Information disclosure while processing the hash segment in an MBN file.

Information disclosure while reading data from an image using specified offset and size parameters.

Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmwar

Transient DOS while handling beacon frames with invalid IE header length.

Memory corruption during sub-system restart while processing clean-up to free up resources.

Memory corruption while processing data packets in diag received from Unix clients.

Memory corruption while processing manipulated payload in video firmware.

Memory corruption while processing video packets received from video firmware.

Transient DOS while processing received beacon frame.

Cryptographic issue occurs due to use of insecure connection method while downloading.

Transient DOS may occur while processing malformed length field in SSID IEs.

Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests.

Transient DOS when importing a PKCS#8-encoded RSA private key with a zero-sized modulus.

Memory corruption while retrieving the CBOR data from TA.

Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses.

Memory corruption while operating the mailbox in Automotive.

Transient DOS while processing the tone measurement response buffer when the response buffer is out of range.

Memory corruption during dynamic process creation call when client is only passing address and length of shell binary.

Memory corruption while processing INIT and multimode invoke IOCTL calls on FastRPC.

Transient DOS while processing the EHT operation IE in the received beacon frame.

Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.

Information disclosure may occur while processing goodbye RTCP packet from network.

Information disclosure may occur while decoding the RTP packet with invalid header extension from network.

Information disclosure may occur while decoding the RTP packet with improper header length for number of contributing sources.

Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null

Transient DOS while parsing per STA profile in ML IE.

Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures oc

Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE.

Memory corruption while decoding of OTA messages from T3448 IE.

Memory corruption during the FRS UDS generation process.

Memory corruption while triggering commands in the PlayReady Trusted application.

Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions.

Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling.

Memory corruption while reading secure file.

Transient DOS may occur while parsing SSID in action frames.

Memory corruption may occur while initiating two IOCTL calls simultaneously to create processes from two different threads.

Transient DOS may occur while parsing extended IE in beacon.

Transient DOS may occur while parsing EHT operation IE or EHT capability IE.

Memory corruption while processing multiple IOCTL calls from HLOS to DSP.

Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification fai

Information disclosure while creating MQ channels.

Cryptographic issues while generating an asymmetric key pair for RKP use cases.

There may be information disclosure during memory re-allocation in TZ Secure OS.

Memory corruption while assigning memory from the source DDR memory(HLOS) to ADSP.

Transient DOS can occur while processing UCI command.

Memory corruption in display driver while detaching a device.

Memory corruption may occur while validating ports and channels in Audio driver.

Information disclosure may occur due to improper permission and access controls to Video Analytics engine.

Memory corruption may occur during the synchronization of the camera`s frame processing pipeline.

Memory corruption while handling multuple IOCTL calls from userspace for remote invocation.

Memory corruption while processing IOCTL from user space to handle GPU AHB bus error.

Memory corruption during management frame processing due to mismatch in T2LM info element.

Information disclosure while parsing the OCI IE with invalid length.

Memory corruption while power-up or power-down sequence of the camera sensor.

Memory corruption can occur in the camera when an invalid CID is used.

Memory corruption in Camera due to unusually high number of nodes passed to AXI port.

Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace.

Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface.

Memory corruption while parsing the ML IE due to invalid frame content.

Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the

Memory corruption while processing API calls to NPU with invalid input.

Memory corruption when invalid input is passed to invoke GPU Headroom API call.

Transient DOS while parsing the ML IE when a beacon with common info length of the ML IE greater than the ML IE inside which this

Memory corruption when allocating and accessing an entry in an SMEM partition continuously.

Memory corruption during GNSS HAL process initialization.

Memory corruption while processing GPU commands.

Memory corruption while handling session errors from firmware.

Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.

Transient DOS while processing the CU information from RNR IE.

Transient DOS while parsing BTM ML IE when per STA profile is not included.

Transient DOS while parsing fragments of MBSSID IE from beacon frame.

Information disclosure while sending implicit broadcast containing APP launch information.

Memory corruption when user provides data for FM HCI command control operations.

Transient DOS while handling PS event when Program Service name length offset value is set to 255.

Memory corruption when Alternative Frequency offset value is set to 255.

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin