snapdragon xr2 5g firmware · threatengine.sh

Home/Product/qualcomm snapdragon xr2 5g firmware

Product

qualcomm snapdragon xr2 5g firmware

97 known vulnerabilities across versions

Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.

Sort Min CVSS Published since

Memory corruption when another driver calls an IOCTL with invalid input/output buffer.

Memory corruption while creating a process on the digital signal processor due to allocation failure at the kernel level.

Memory corruption when processing camera sensor input/output control codes with invalid output buffers.

Memory corruption when dynamically changing the size of a previously allocated buffer while its contents are being modified.

Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmwar

Memory corruption while processing manipulated payload in video firmware.

Memory corruption while processing video packets received from video firmware.

Transient DOS while processing received beacon frame.

Transient DOS may occur while processing malformed length field in SSID IEs.

Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests.

Transient DOS when importing a PKCS#8-encoded RSA private key with a zero-sized modulus.

Memory corruption while retrieving the CBOR data from TA.

Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network.

Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses.

Memory corruption while operating the mailbox in Automotive.

Memory corruption while reading the FW response from the shared queue.

Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures oc

Memory corruption during the FRS UDS generation process.

Memory corruption while triggering commands in the PlayReady Trusted application.

Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions.

Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling.

Memory corruption while reading secure file.

Memory corruption may occur during IO configuration processing when the IO port count is invalid.

Memory corruption during concurrent buffer access due to modification of the reference count.

Memory corruption during concurrent access to server info object due to incorrect reference count update.

Memory corruption during concurrent access to server info object due to unprotected critical field.

Memory corruption while calling the NPU driver APIs concurrently.

Transient DOS may occur while processing the country IE.

Memory corruption may occur while validating ports and channels in Audio driver.

Memory corruption while processing command in Glink linux.

Transient DOS during hypervisor virtual I/O operation in a virtual machine.

Information disclosure while deriving keys for a session for any Widevine use case.

Information disclosure while parsing the OCI IE with invalid length.

Memory corruption while configuring a Hypervisor based input virtual device.

Memory corruption while parsing the memory map info in IOCTL calls.

Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound

Memory corruption while maintaining memory maps of HLOS memory.

Memory corruption when two threads try to map and unmap a single node simultaneously.

Memory corruption when user provides data for FM HCI command control operations.

Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.

Memory corruption when Alternative Frequency offset value is set to 255.

Information disclosure in Video while parsing mp2 clip with invalid section length.

Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immedia

Memory corruption while copying a keyblobs material when the key materials size is not accurately checked.

Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization.

Memory corruption while playing audio file having large-sized input buffer.

Memory corruption when the channel ID passed by user is not validated and further used.

Memory corruption when the payload received from firmware is not as per the expected protocol size.

Memory corruption when IOMMU unmap of a GPU buffer fails in Linux.

Memory corruption while verifying the serialized header when the key pairs are generated.

Memory corruption in HLOS while checking for the storage type.

Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received.

Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than

Information disclosure while parsing dts header atom in Video.

Memory corruption when multiple listeners are being registered with the same file descriptor.

Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache.

Memory corruption when there is failed unmap operation in GPU.

Memory corruption while processing Codec2 during v13k decoder pitch synthesis.

Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.

Information disclosure when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibra

Transient DOS while processing DL NAS TRANSPORT message with payload length 0.

Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR.

Memory corruption while processing finish_sign command to pass a rsp buffer.

Memory corruption in SPS Application while requesting for public key in sorter TA.

Memory corruption while processing TPC target power table in FTM TPC.

Memory corruption while parsing qcp clip with invalid chunk data size.

Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol frame.

Transient DOS while processing PDU Release command with a parameter PDU ID out of range.

Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16.

Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in

Transient DOS while processing channel information for speaker protection v2 module in ADSP.

Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different identifiers.

Memory corruption in Audio while processing RT proxy port register driver.

Memory corruption in Core Services while executing the command for removing a single event listener.

Memory corruption in Graphics while processing user packets for command submission.

Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon frame.

Memory corruption in WLAN Firmware while parsing receieved GTK Keys in GTK KDE.

Memory corruption in WLAN HAL while parsing WMI command parameters.

Memory corruption in WLAN HAL while handling command through WMI interfaces.

In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called c

The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it.

The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invali

Memory Corruption in WLAN HOST while fetching TX status information.

Memory Corruption in Data Modem while processing DMA buffer release event about CFR data.

Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware response message.

Memory Corruption in WLAN HOST while parsing QMI response message from firmware.

Memory Corruption in Audio while allocating the ion buffer during the music playback.

Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption.

Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory.

Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording sessions.

Memory corruption in Video while calling APIs with different instance ID than the one received in initialization.

Memory corruption in Linux while calling system configuration APIs.

Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony.

Memory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage request.

Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from netw

Memory Corruption in Modem due to double free while parsing the PKCS15 sim files.

Information disclosure in DSP Services while loading dynamic module.

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin