wcn3680 firmware · threatengine.sh

Home/Product/qualcomm wcn3680 firmware

Product

qualcomm wcn3680 firmware

221 known vulnerabilities across versions

Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.

Sort Min CVSS Published since

Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than th

Memory corruption when the UE receives an RTP packet from the network, during the reassembly of NALUs.

Cryptographic issue while performing RSA PKCS padding decoding.

Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmwar

Memory corruption while processing video packets received from video firmware.

Transient DOS when importing a PKCS#8-encoded RSA private key with a zero-sized modulus.

Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.

Information disclosure may occur while processing goodbye RTCP packet from network.

Information disclosure may occur while decoding the RTP packet with invalid header extension from network.

Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures oc

Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request from the AP to establish a TSpec session

Memory corruption while calling the NPU driver APIs concurrently.

Memory corruption may occur while validating ports and channels in Audio driver.

While processing the authentication message in UE, improper authentication may lead to information disclosure.

Memory corruption while processing API calls to NPU with invalid input.

Memory corruption while processing GPU page table switch.

Memory corruption while processing voice packet with arbitrary data received from ADSP.

Memory corruption while handling session errors from firmware.

Memory corruption when two threads try to map and unmap a single node simultaneously.

Memory corruption when user provides data for FM HCI command control operations.

Transient DOS while handling PS event when Program Service name length offset value is set to 255.

Memory corruption when Alternative Frequency offset value is set to 255.

Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus.

Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.

Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.

Memory corruption when allocating and accessing an entry in an SMEM partition.

Memory corruption while performing finish HMAC operation when context is freed by keymaster.

Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immedia

Memory corruption when there is failed unmap operation in GPU.

Memory corruption while processing finish_sign command to pass a rsp buffer.

Memory corruption in SPS Application while requesting for public key in sorter TA.

Memory corruption in Audio while processing RT proxy port register driver.

Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitr

Memory corruption in Audio when memory map command is executed consecutively in ADSP.

The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP an

Memory corruption in Audio during playback with speaker protection.

Memory corruption in HLOS while running playready use-case.

Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.

Transient DOS in Automotive OS due to improper authentication to the secure IO calls.

Memory corruption in DSP Services during a remote call from HLOS to DSP.

Memory corruption while using the UIM diag command to get the operators name.

Transient DOS in Bluetooth Host while rfc slot allocation.

Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.

Memory corruption in MPP performance while accessing DSM watermark using external memory address.

Memory Corruption in SPS Application while exporting public key in sorter TA.

Memory corruption in Audio while processing the VOC packet data from ADSP.

Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer.

Memory Corruption in Multi-mode Call Processor while processing bit mask API.

Information Disclosure in data Modem while parsing an FMTP line in an SDP message.

Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value.

Memory Corruption in Data Modem while making a MO call or MT VOLTE call.

Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE.

Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE

Memory corruption while allocating memory in COmxApeDec module in Audio.

Memory Corruption in Audio while playing amrwbplus clips with modified content.

Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key.

Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.

Memory Corruption in Audio while allocating the ion buffer during the music playback.

Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption.

Memory Corruption in Modem due to double free while parsing the PKCS15 sim files.

Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode.

Transient DOS due to improper authorization in Modem

Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.

information disclosure due to cryptographic issue in Core during RPMB read request.

Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network.

Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.

Memory corruption in Graphics while importing a file.

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.

Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command le

Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card.

Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response.

Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms.

Memory corruption in modem due to buffer overflow while processing a PPP packet

Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response

Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM

Information Disclosure in Graphics during GPU context switch.

Memory corruption in User Identity Module due to integer overflow to buffer overflow when a segement is received via qmi http.

Memory corruption due to improper access control in Qualcomm IPC.

Memory corruption due to configuration weakness in modem wile sending command to write protected files.

Memory corruption in Audio due to integer overflow to buffer overflow while music playback of clips like amr,evrc,qcelp with modif

Information disclosure due to buffer over-read in Bluetooth HOST while processing GetFolderItems and GetItemAttribute Cmds from pe

Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote

Denial of service while processing fastboot flash command on mmc due to buffer over read

Information disclosure due to buffer over-read in Bluetooth HOST while pairing and connecting A2DP. in Snapdragon Auto, Snapdragon

Memory corruption in MODEM due to Improper Validation of Array Index while processing GSTK Proactive commands in Snapdragon Auto,

Memory corruption in MODEM UIM due to usage of out of range pointer offset while decoding command from card in Snapdragon Auto, Sn

Memory corruption in graphics due to use-after-free while importing graphics buffer in Snapdragon Auto, Snapdragon Compute, Snapdr

Memory corruption in graphics due to buffer overflow while validating the user address in Snapdragon Auto, Snapdragon Compute, Sna

Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute, Snapdrag

Information disclosure in WLAN due to improper length check while processing authentication handshake in Snapdragon Auto, Snapdrag

Cryptographic issue in WLAN due to improper check on return value while authentication handshake in Snapdragon Auto, Snapdragon Co

memory corruption in video due to buffer overflow while parsing asf clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Conne

Information disclosure due to exposure of information while GPU reads the data in Snapdragon Auto, Snapdragon Compute, Snapdragon

Memory corruption due to use after free issue in kernel while processing ION handles in Snapdragon Auto, Snapdragon Compute, Snapd

Information disclosure in Bluetooth driver due to buffer over-read while reading l2cap length in Snapdragon Auto, Snapdragon Compu

Memory corruption in video due to buffer overflow while parsing ps video clips in Snapdragon Auto, Snapdragon Compute, Snapdragon

Memory corruption in video module due to buffer overflow while processing WAV file in Snapdragon Auto, Snapdragon Compute, Snapdra

Denial of service in WLAN HOST due to buffer over read while unpacking frames in Snapdragon Auto, Snapdragon Compute, Snapdragon C

Denial of service in video due to buffer over read while parsing MP4 clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Conne

Memory corruption in kernel due to improper input validation while processing ION commands in Snapdragon Auto, Snapdragon Connecti

Information disclosure in video due to buffer over-read while processing avi file in Snapdragon Compute, Snapdragon Connectivity,

Memory Corruption during wma file playback due to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity

Memory corruption in video driver due to double free while parsing ASF clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Con

Memory corruption due to buffer overflow while parsing MKV clips with invalid bitmap size in Snapdragon Auto, Snapdragon Compute,

Memory corruption due to incorrect pointer arithmetic when attempting to change the endianness in video parser function in Snapdra

Memory corruption due to buffer overflow occurs while processing invalid MKV clip which has invalid seek header in Snapdragon Auto

An out-of-bounds read can occur while parsing a server certificate due to improper length check in Snapdragon Auto, Snapdragon Com

Memory corruption due to out of bound read while parsing a video file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectiv

A null pointer dereference may potentially occur during RSA key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connecti

memory corruption in video due to buffer overflow while parsing mkv clip with no codechecker in Snapdragon Auto, Snapdragon Comput

Memory corruption in video due to double free while parsing 3gp clip with invalid meta data atoms in Snapdragon Auto, Snapdragon C

Memory corruption in video due to buffer overflow while reading the dts file in Snapdragon Auto, Snapdragon Compute, Snapdragon Co

Memory corruption when extracting qcp audio file due to lack of check on data length in Snapdragon Auto, Snapdragon Compute, Snapd

Denial of service due to memory corruption while extracting ape header from clips in Snapdragon Auto, Snapdragon Compute, Snapdrag

Memory corruption due to possible buffer overflow while parsing DSF header with corrupted channel count in Snapdragon Auto, Snapdr

Out of bound read in WLAN HOST due to improper length check can lead to DOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Con

Possible buffer over read due to lack of size validation while unpacking frame in Snapdragon Auto, Snapdragon Compute, Snapdragon

Improper handling between export and release functions on the same handle from client can lead to use after free in Snapdragon Com

An out-of-bounds write can occur due to an incorrect input check in the camera driver in Snapdragon Auto, Snapdragon Compute, Snap

Improper validation of session id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Sna

Processing DCB/AVB algorithm with an invalid queue index from IOCTL request could lead to arbitrary address modification in Snapdr

Possible out of bound read due to improper validation of certificate chain in SSL or Internet key exchange in Snapdragon Auto, Sna

Improper validation of permissions for third party application accessing Telephony service API can lead to information disclosure

Possible buffer overflow due to improper validation of array index while processing external DIAG command in Snapdragon Auto, Snap

Possible use after free due to improper memory validation when initializing new interface via Interface add command in Snapdragon

Possible memory corruption due to improper validation of memory address while processing user-space IOCTL for clearing Filter and

Possible buffer overflow due to improper input validation in PDM DIAG command in FTM in Snapdragon Auto, Snapdragon Compute, Snapd

Possible buffer overflow due to improper input validation in factory calibration and test DIAG command in Snapdragon Auto, Snapdra

Possible heap overflow due to improper length check of domain while parsing the DNS response in Snapdragon Auto, Snapdragon Comput

A FTM Diag command can allow an arbitrary write into modem OS space in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivit

Information disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon

Possible out of bound read due to improper validation of packet length while handling data transfer in VR service in Snapdragon Au

Possible memory corruption due to lack of validation of client data used for memory allocation in Snapdragon Auto, Snapdragon Comp

Possible memory corruption due to lack of validation of client data used for memory allocation in Snapdragon Auto, Snapdragon Comp

Possible buffer overflow due to improper size calculation of payload received in VR service in Snapdragon Auto, Snapdragon Compute

Possible out of bound read or write in VR service due to lack of validation of DSP selection values in Snapdragon Compute, Snapdra

Possible stack overflow due to improper validation of camera name length before copying the name in VR Service in Snapdragon Compu

Possible buffer over read due to lack of data length check in QVR Service configuration in Snapdragon Auto, Snapdragon Compute, Sn

Possible buffer overflow due to improper validation of index value while processing the plugin block in Snapdragon Auto, Snapdrago

Possible buffer overflow due to improper handling of negative data length while processing write request in VR service in Snapdrag

Possible stack buffer overflow due to lack of check on the maximum number of post NAN discovery attributes while processing a NAN

Possible memory corruption due to lack of bound check of input index in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivi

Possible integer overflow due to improper check of batch count value while sanitizer is enabled in Snapdragon Auto, Snapdragon Com

Null pointer dereference can occur due to lack of null check for user provided input in Snapdragon Auto, Snapdragon Compute, Snapd

Possible integer and heap overflow due to lack of input command size validation while handling beacon template update command from

A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snapdragon Com

Null pointer dereference occurs due to improper validation when the preemption feature enablement is toggled in Snapdragon Auto, S

Possible heap overflow due to improper validation of local variable while storing current task information locally in Snapdragon A

Buffer Overflow while processing IOCTL for getting peripheral endpoint information there is no proper validation for input maximum

Possible buffer overflow due to lack of offset length check while updating the buffer value in Snapdragon Auto, Snapdragon Compute

Improper Access Control when ACL link encryption is failed and ACL link is not disconnected during reconnection with paired device

Null Pointer Dereference may occur due to improper validation while processing crafted SDP body in Snapdragon Auto, Snapdragon Com

Possible null pointer dereference due to lack of validation check for passed pointer during key import in Snapdragon Auto, Snapdra

Possible memory corruption due to improper check when application loader object is explicitly destructed while application is unlo

UE assertion is possible due to improper validation of invite message with SDP body in Snapdragon Auto, Snapdragon Compute, Snapdr

Buffer overflow occurs in trusted applications due to lack of length check of parameters in Snapdragon Auto, Snapdragon Compute, S

Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Compute, Snap

Lack of strict validation of bootmode can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connec

Integer underflow can occur due to improper handling of incoming RTCP packets in Snapdragon Auto, Snapdragon Compute, Snapdragon C

Integer underflow can occur when the RTCP length is lesser than the actual blocks present in Snapdragon Auto, Snapdragon Comp

Possible buffer underflow due to lack of check for negative indices values when processing user provided input in Snapdragon Auto,

Loop with unreachable exit condition may occur due to improper handling of unsupported input in Snapdragon Auto, Snapdragon Comput

Child process can leak information from parent process due to numeric pids are getting compared and these pid can be reused in Sna

Denial of service in SAP case due to improper handling of connections when association is rejected in Snapdragon Auto, Snapdragon

Possible buffer over-read due to lack of length check while flashing meta images in Snapdragon Consumer IOT, Snapdragon Industrial

Possible buffer over read due to lack of length check while flashing meta images in Snapdragon Consumer IOT, Snapdragon Industrial

Possible buffer over-read due to incorrect overflow check when loading splash image in Snapdragon Consumer IOT, Snapdragon Industr

Possible Buffer Over-read due to lack of validation of boundary checks when loading splash image in Snapdragon Consumer IOT, Snapd

Improper length check of public exponent in RSA import key function could cause memory corruption. in Snapdragon Auto, Snapdragon

Possible buffer overflow due to lack of length check in Trusted Application in Snapdragon Auto, Snapdragon Compute, Snapdragon Con

Memory corruption in key parsing and import function due to double freeing the same heap allocation in Snapdragon Auto, Snapdragon

Incorrect handling of pointers in trusted application key import mechanism could cause memory corruption in Snapdragon Auto, Snapd

Buffer overflow in modem due to improper array index check before copying into it in Snapdragon Auto, Snapdragon Compute, Snapdrag

Possible use after free in Display due to race condition while creating an external display in Snapdragon Auto, Snapdragon Compute

Possible buffer overflow in voice service due to lack of input validation of parameters in QMI Voice API in Snapdragon Auto, Snapd

Stack out-of-bounds write occurs while setting up a cipher device if the provided IV length exceeds the max limit value in Snapdra

A race between command submission and destroying the context can cause an invalid context being added to the list leads to use aft

Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdra

Memory corruption due to ioctl command size was incorrectly set to the size of a pointer and not enough storage is allocated for t

Use after free issue when importing a DMA buffer by using the CPU address of the buffer due to attachment is not cleaned up proper

Time-of-check time-of-use race condition While processing partition entries due to newly created buffer was read again from mmc wi

Out-of-bounds memory access can occur while calculating alignment requirements for a negative width from external components in Sn

Resource leakage issue during dci client registration due to reference count is not decremented if dci client registration fails i

Possible use after free due to lack of null check while memory is being freed in FastRPC driver in Snapdragon Auto, Snapdragon Com

Double free in video due to lack of input buffer length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Sna

Improper handling of address deregistration on failure can lead to new GPU address allocation failure. in Snapdragon Auto, Snapdra

Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapd

Possible integer overflow due to improper length check while flashing an image in Snapdragon Consumer IOT, Snapdragon Industrial I

A possible use-after-free occurrence in audio driver can happen when pointers are not properly handled in Snapdragon Auto, Snapdra

Out of bound write in logger due to prefix size is not validated while prepended to logging string in Snapdragon Auto, Snapdragon

Out of bound write can occur in TZ command handler due to lack of validation of command ID in Snapdragon Auto, Snapdragon Compute,

Buffer over-read while unpacking the RTCP packet we may read extra byte if wrong length is provided in RTCP packets in Snapdragon

Memory corruption while processing crafted SDES packets due to improper length check in sdes packets recieved in Snapdragon Auto,

Denial of service while processing RTCP packets containing multiple SDES reports due to memory for last SDES packet is freed and r

Out-of-bounds read vulnerability while accessing DTMF payload due to lack of check of buffer length before copying in Snapdragon A

Out of bound memory read while unpacking data due to lack of offset length check in Snapdragon Auto, Snapdragon Compute, Snapdrago

A double free condition can occur when the device moves to suspend mode during secure playback in Snapdragon Auto, Snapdragon Comp

When sending a socket event message to a user application, invalid information will be passed if socket is freed by other thread r

Two threads call one or both functions concurrently leading to corruption of pointers and reference counters which in turn can lea

Out of bound read occurs while processing crafted SDP due to lack of check of null string in Snapdragon Auto, Snapdragon Compute,

Use after free in GPU driver while mapping the user memory to GPU memory due to improper check of referenced memory in Snapdragon

Buffer overflow can occur in video while playing the non-standard clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connecti

Use after free condition in msm ioctl events due to race between the ioctl register and deregister events in Snapdragon Auto, Snap

Out of bound write while parsing RTT/TTY packet parsing due to lack of check of buffer size before copying into buffer in Snapdrag

Out of bound memory read in Data modem while unpacking data due to lack of offset length check in Snapdragon Auto, Snapdragon Comp

Usage of syscall by non-secure entity can allow extraction of secure QTEE diagnostic information in clear text form due to insuffi

HLOS to access EL3 stack canary by just mapping imem region due to Improper access control and can lead to information exposure in

Out of bound write while parsing SDP string due to missing check on null termination in Snapdragon Auto, Snapdragon Compute, Snapd

Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Sna

Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Sna

Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Sna

Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Sna

Potential out of bound read exception when UE receives unusually large number of padding octets in the beginning of ROHC header in

Before enqueuing a frame to the PE queue for further processing, an entry in a hash table can be deleted and using a stale version

Possible out of bounds while accessing global control elements due to race condition in Snapdragon Auto, Snapdragon Compute, Snapd

Possible memory corruption while processing EAPOL frames due to lack of validation of key length before using it in Snapdragon Aut

Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for par

Stack overflow may occur if GSM/WCDMA broadcast config size received from user is larger than variable length array in Snapdragon

Out of bound memory access while playing music playbacks with crafted vorbis content due to improper checks in header extraction i

Possible buffer overflow while updating ikev2 parameters due to lack of check of input validation for certain parameters received

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin