Qualcomm Inc Snapdragon Mobile vulnerabilities

CVE-2014-9995 [CRITICAL] CWE-119 CVE-2014-9995: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 an In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, in drmprov_cmd_verify_key(), the variable feature_name_length is not validated. There is a check for feature_name_len + filePathLen but there might be an integer wrap when checking feature_name_len + filePathLen. This leads to a buffer overf

CVE-2016-10496 [CRITICAL] CWE-476 CVE-2016-10496: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, SD 210/SD 212/SD 205, SD 410/12, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, and SD 810, A NULL pointer dereference can occur during an SSL handshake.

CVE-2015-9215 [CRITICAL] CWE-476 CVE-2015-9215: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, and SD 810, improper input validation can cause a null pointer dereference in USB bootloader find_ep() function.

CVE-2015-9183 [CRITICAL] CWE-119 CVE-2015-9183: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 410/12 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 410/12, SD 617, SD 650/52, SD 800, SD 808, and SD 810, in TQS QSEE application, while parsing "Set Certificates" command an integer overflow may result in buffer overflow.

CVE-2015-9173 [CRITICAL] CWE-119 CVE-2015-9173: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 410/12 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 410/12, SD 617, SD 650/52, SD 800, SD 808, and SD 810, missing of return value check in memscpy can cause memory corruption in TQS App.

CVE-2014-9996 [CRITICAL] CWE-119 CVE-2014-9996: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 an In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, while verifying provisioning, a buffer overflow can occur.

CVE-2016-10460 [CRITICAL] CWE-119 CVE-2016-10460: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 835, S In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 835, SD 845, and SD 850, vendor specific opcodes may not have any packet length validation leading to buffer over-reads.

CVE-2014-10044 [HIGH] CWE-129 CVE-2014-10044: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, SD 210/SD 212/SD 205, SD 400, SD 617, SD 800, and SD 820, in the time daemon, unauthorized users can potentially modify system time and cause an array index to be out-of-bound.

CVE-2016-10483 [HIGH] CWE-20 CVE-2016-10483: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 410/12 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 410/12, SD 615/16/SD 415, SD 808, and SD 810, improper input validation while processing SCM Command can lead to unauthorized memory access.

CVE-2015-9131 [HIGH] CWE-20 CVE-2015-9131: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400, S In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 808, and SD 810, lack of input validation in qsee can lead to unauthorized memory access.

CVE-2014-10063 [HIGH] CWE-254 CVE-2014-10063: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625 a In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625 and SD 800, a fuse is not correctly blown on a secure device.

CVE-2014-10047 [HIGH] CWE-200 CVE-2014-10047: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 an In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, when writing the Full Disk Encryption key to crypto engine, information leak could occur.

CVE-2015-9194 [HIGH] CWE-200 CVE-2015-9194: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 845, and Snapdragon_High_Med_2016, during module load at TZ Startup, memory statically allocated by modules was not being properly set to zero first. Allowi

CVE-2014-10058 [HIGH] CWE-264 CVE-2014-10058: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 845, and Snapdragon_High_Med_2016, unauthorized users can potentially modify system time.

CVE-2014-10055 [HIGH] CWE-200 CVE-2014-10055: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 an In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, there could be leakage of protected contents if HLOS doesn't request for security restoration for OCMEM xPU's.

CVE-2015-9134 [HIGH] CWE-476 CVE-2015-9134: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 410/12 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 410/12, SD 615/16/SD 415, and SD 810, while processing QSEE Syscall 'qsee_macc_gen_ecc_privkey', untrusted pointer dereference occurs, which could result in arbitrary write.

CVE-2016-10406 [HIGH] CWE-200 CVE-2016-10406: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9650, In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, and SD 835, while printing debug message of a pointer in wlan_qmi_err_cb, the real kernel address will be printed regardless of the kptr

CVE-2016-10411 [HIGH] CWE-399 CVE-2016-10411: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, and SD 835, RTP daemon crashes and terminates VT call when UE receives RTCP unknown APP packet report which caused the parser to

CVE-2017-18142 [CRITICAL] CWE-119 CVE-2017-18142: In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9650, MDM9655, SD In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9650, MDM9655, SD 835, SD 845, SD 850, while processing the IMS SIP username, a buffer overflow can occur.

CVE-2018-3589 [CRITICAL] CWE-119 CVE-2018-3589: In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9650, MDM9655, SD In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9650, MDM9655, SD 835, SD 845, SD 850, the vswr capture size is larger than the maximum size of a diag logPacket, which can lead to a buffer overflow when the sample buffer is copied to the logPacket buffer.