Qualcomm Inc Snapdragon Mobile vulnerabilities

114 known vulnerabilities affecting qualcomm_inc/snapdragon_mobile.

Total CVEs

114

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL58HIGH52MEDIUM4

Vulnerabilities

Page 3 of 6

CVE-2017-18171HIGHCVSS 8.8vQCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850, SDM630, SDM636, SDM660, SDM710, Snapdragon_High_Med_20162018-10-23

CVE-2017-18171 [HIGH] CWE-119 CVE-2017-18171: Improper input validation for GATT data packet received in Bluetooth Controller function can lead to Improper input validation for GATT data packet received in Bluetooth Controller function can lead to possible memory corruption in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850, SDM630, SDM636, SDM660, SDM710, Snapdragon

nvd

CVE-2017-18283MEDIUMCVSS 6.5vQCA9379, SD 210/SD 212/SD 205, SD 625, SD 835, SD 845, SD 850, SDA6602018-10-23

CVE-2017-18283 [MEDIUM] CWE-119 CVE-2017-18283: Possible memory corruption when Read Val Blob Req is received with invalid parameters in Snapdragon Possible memory corruption when Read Val Blob Req is received with invalid parameters in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 625, SD 835, SD 845, SD 850, SDA660.

nvd

CVE-2018-11257HIGHCVSS 7.8vSD 210/SD 212/SD 205, SD 845, SD 8502018-07-06

CVE-2018-11257 [HIGH] CVE-2018-11257: Permissions, Privileges, and Access Controls in TA in Snapdragon Mobile has an options that allows R Permissions, Privileges, and Access Controls in TA in Snapdragon Mobile has an options that allows RPMB erase for secure devices in versions SD 210/SD 212/SD 205, SD 845, SD 850.

nvd

CVE-2016-10458CRITICALCVSS 9.8vSD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, SDX20, Snapdragon_High_Med_20162018-04-18

CVE-2016-10458 [CRITICAL] CWE-119 CVE-2016-10458: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, SDX20, and Snapdragon_High_Med_2016, the 'proper' solution for this will be

nvd

CVE-2016-10461CRITICALCVSS 9.8vMDM9650, SD 650/52, SD 808, SD 810, SD 820, SDX202018-04-18

CVE-2016-10461 [CRITICAL] CWE-119 CVE-2016-10461: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9650, In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9650, SD 650/52, SD 808, SD 810, SD 820, and SDX20, lack of proper bounds checking may lead to a buffer overread.

nvd

CVE-2015-9195CRITICALCVSS 9.8vMDM9625, MDM9635M, MDM9650, MDM9655, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 808, SD 810, SDX202018-04-18

CVE-2015-9195 [CRITICAL] CWE-119 CVE-2015-9195: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, MDM9635M, MDM9650, MDM9655, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 808, SD 810, and SDX20, in a QTEE syscall handler, HLOS can cause a buffer overflow to occur.

nvd

CVE-2015-9219CRITICALCVSS 9.8vSD 400, SD 8002018-04-18

CVE-2015-9219 [CRITICAL] CWE-190 CVE-2015-9219: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 an In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, an integer overflow to buffer overflow can occur in a DRM API.

nvd

CVE-2016-10419CRITICALCVSS 9.8vMDM9640, MDM9645, MDM9650, MDM9655, SD 450, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850, SDX202018-04-18

CVE-2016-10419 [CRITICAL] CWE-119 CVE-2016-10419: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9640, In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9640, MDM9645, MDM9650, MDM9655, SD 450, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850, and SDX20, when initializing scheduler object service request, an out of bounds access could occur due to uninitialized object number.

nvd

CVE-2016-10479CRITICALCVSS 9.8vMDM9607, MDM9615, MDM9635M, MDM9640, SD 210/SD 212/SD 205, SD 400, SD 600, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 810, SD 8202018-04-18

CVE-2016-10479 [CRITICAL] CWE-787 CVE-2016-10479: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9607, In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9607, MDM9615, MDM9635M, MDM9640, SD 210/SD 212/SD 205, SD 400, SD 600, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 810, and SD 820, an arbitrary length value from an incoming message to QMI Proxy can lead to an out-of-bounds write in the stack variabl

nvd

CVE-2015-9118CRITICALCVSS 9.8vMDM9615, MDM9625, MDM9635M, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 808, SD 8102018-04-18

CVE-2015-9118 [CRITICAL] CWE-119 CVE-2015-9118: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 808, and SD 810, in ADSP's QDI Root-PD driver, untrusted arguments from User PD may cause integer overflow resulting in buffer overflow.

nvd

CVE-2016-10454CRITICALCVSS 9.8vSD 425, SD 430, SD 450, SD 6252018-04-18

CVE-2016-10454 [CRITICAL] CWE-129 CVE-2016-10454: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 425, S In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 425, SD 430, SD 450, and SD 625, in a QTEE API function, an array out-of-bounds index can occur.

nvd

CVE-2015-9150CRITICALCVSS 9.8vMDM9625, MDM9635M, SD 400, SD 8002018-04-18

CVE-2015-9150 [CRITICAL] CWE-119 CVE-2015-9150: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, MDM9635M, SD 400, and SD 800, while computing the length of memory allocated for a Diag event, if the buffer length is very small or greater than the maximum, an integer overflow may occur, which later results in a buffer overflow.

nvd

CVE-2015-9221CRITICALCVSS 9.8vSD 400, SD 800, SD 8102018-04-18

CVE-2015-9221 [CRITICAL] CWE-476 CVE-2015-9221: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400, S In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400, SD 800, and SD 810, lack of validation of pointers passed by secure apps could lead to an untrusted pointer dereference.

nvd

CVE-2015-9179CRITICALCVSS 9.8vMSM89742018-04-18

CVE-2015-9179 [CRITICAL] CWE-119 CVE-2015-9179: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MSM8974, In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MSM8974, lack of length checking in OEMCrypto_DeriveKeysFromSessionKey() could lead to a buffer overflow vulnerability.

nvd

CVE-2014-10059CRITICALCVSS 9.8vMDM9615,MDM9625,SD 210/SD 212/SD 205,SD 400,SD 8002018-04-18

CVE-2014-10059 [CRITICAL] CWE-284 CVE-2014-10059: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, SD 210/SD 212/SD 205, SD 400, and SD 800, improper access control on ATCMD service allows third party services to access without user knowledge.

nvd

CVE-2015-9223CRITICALCVSS 9.8vMDM9615, MDM9625, MDM9635M, SD 400, SD 600, SD 8002018-04-18

CVE-2015-9223 [CRITICAL] CWE-119 CVE-2015-9223: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, SD 400, SD 600, and SD 800, a buffer overflow can occur when processing an audio buffer.

nvd

CVE-2015-9147CRITICALCVSS 9.8vMDM9625, MDM9635M, SD 400, SD 8002018-04-18

CVE-2015-9147 [CRITICAL] CWE-20 CVE-2015-9147: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, MDM9635M, SD 400, and SD 800, userspace-provided pointer arguments are not validated.

nvd

CVE-2015-9162CRITICALCVSS 9.8vSD 410/12, SD 617, SD 650/52, SD 800, SD 808, SD 8102018-04-18

CVE-2015-9162 [CRITICAL] CWE-476 CVE-2015-9162: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 410/12 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 410/12, SD 617, SD 650/52, SD 800, SD 808, and SD 810, in the function "Certificate_CreateWithBuffer" in the QSEE app TQS, in case of memory allocation failure, we free the memory and return the pointer without setting it to NULL.

nvd

CVE-2015-9146CRITICALCVSS 9.8vMDM9625, MDM9635M, MDM9645, MDM9650, MDM9655, SD 400, SD 800, SD 835, SD 845, SD 850, SDX202018-04-18

CVE-2015-9146 [CRITICAL] CWE-20 CVE-2015-9146: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, MDM9635M, MDM9645, MDM9650, MDM9655, SD 400, SD 800, SD 835, SD 845, SD 850, and SDX20, when QDI read, write, or ioctl are called, the passed-in pointer is not properly validated before accessing it for the delayed response.

nvd

CVE-2016-10498CRITICALCVSS 9.8vMDM9635M, MDM9645, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SDM630, SDM636, SDM660, Snapdragon_High_Med_20162018-04-18

CVE-2016-10498 [CRITICAL] CWE-74 CVE-2016-10498: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, MDM9645, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, stopping of the DTR prematurely ca

nvd

← Previous3 / 6Next →