Search

Find a vulnerability

Search criteria

    846 vulnerabilities found for sd_212_firmware by qualcomm

    CVE-2018-5852 (GCVE-0-2018-5852)

    Vulnerability from nvd – Published: 2024-11-26 13:56 – Updated: 2024-11-26 15:00
    VLAI
    Title
    Buffer Over-read in IPA
    Summary
    An unsigned integer underflow vulnerability in IPA driver result into a buffer over-read while reading NAT entry using debugfs command 'cat /sys/kernel/debug/ipa/ip4_nat'
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Qualcomm, Inc. Snapdragon Affected: MDM9206
    Affected: MDM9607
    Affected: MDM9640
    Affected: MDM9650
    Affected: MSM8909W
    Affected: SD 210/SD 212/SD 205
    Affected: SD 425
    Affected: SD 430
    Affected: SD 450
    Affected: SD 615/16/SD 415
    Affected: SD 617
    Affected: SD 625
    Affected: SD 650/52
    Affected: SD 810
    Affected: SD 820
    Affected: SD 820A
    Affected: SD 835
    Affected: SD 845
    Create a notification for this product.
    qualcomm mdm9206_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm mdm9607_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm mdm9640_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm mdm9650_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm msm8909w_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_425_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_430_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_450_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_617_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_625_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_810_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_820_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_820a_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_835_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_845_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mdm9206_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mdm9607_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mdm9640_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mdm9650_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "msm8909w_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_425_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_430_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_450_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_617_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_625_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_810_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_820_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_820a_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_835_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_845_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-5852",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T14:52:25.968053Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T15:00:48.248Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Snapdragon Automobile",
                "Snapdragon Mobile",
                "Snapdragon Wear"
              ],
              "product": "Snapdragon",
              "vendor": "Qualcomm, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MDM9206"
                },
                {
                  "status": "affected",
                  "version": "MDM9607"
                },
                {
                  "status": "affected",
                  "version": "MDM9640"
                },
                {
                  "status": "affected",
                  "version": "MDM9650"
                },
                {
                  "status": "affected",
                  "version": "MSM8909W"
                },
                {
                  "status": "affected",
                  "version": "SD 210/SD 212/SD 205"
                },
                {
                  "status": "affected",
                  "version": "SD 425"
                },
                {
                  "status": "affected",
                  "version": "SD 430"
                },
                {
                  "status": "affected",
                  "version": "SD 450"
                },
                {
                  "status": "affected",
                  "version": "SD 615/16/SD 415"
                },
                {
                  "status": "affected",
                  "version": "SD 617"
                },
                {
                  "status": "affected",
                  "version": "SD 625"
                },
                {
                  "status": "affected",
                  "version": "SD 650/52"
                },
                {
                  "status": "affected",
                  "version": "SD 810"
                },
                {
                  "status": "affected",
                  "version": "SD 820"
                },
                {
                  "status": "affected",
                  "version": "SD 820A"
                },
                {
                  "status": "affected",
                  "version": "SD 835"
                },
                {
                  "status": "affected",
                  "version": "SD 845"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An unsigned integer underflow vulnerability in IPA driver result into a buffer over-read while reading NAT entry using debugfs command \u0027cat /sys/kernel/debug/ipa/ip4_nat\u0027"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-126",
                  "description": "CWE-126 Buffer Over-read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T13:56:25.527Z",
            "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
            "shortName": "qualcomm"
          },
          "references": [
            {
              "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html"
            }
          ],
          "title": "Buffer Over-read in IPA"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "assignerShortName": "qualcomm",
        "cveId": "CVE-2018-5852",
        "datePublished": "2024-11-26T13:56:25.527Z",
        "dateReserved": "2018-01-19T00:00:00.000Z",
        "dateUpdated": "2024-11-26T15:00:48.248Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-11952 (GCVE-0-2018-11952)

    Vulnerability from nvd – Published: 2024-11-26 08:55 – Updated: 2024-11-26 14:09
    VLAI
    Title
    Improper Authentication in TrustZone
    Summary
    An image with a version lower than the fuse version may potentially be booted lead to improper authentication.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    Impacted products
    Vendor Product Version
    Qualcomm, Inc. Snapdragon Affected: MDM9206
    Affected: MDM9607
    Affected: MDM9640
    Affected: MDM9650
    Affected: MSM8909W
    Affected: SD 210/SD 212/SD 205
    Affected: SD 425
    Affected: SD 430
    Affected: SD 450
    Affected: SD 615/16/SD 415
    Affected: SD 617
    Affected: SD 625
    Affected: SD 650/52
    Affected: SD 810
    Affected: SD 820
    Affected: SD 820A
    Affected: SD 835
    Affected: SD 845
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-11952",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T14:02:10.500974Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T14:09:22.979Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Snapdragon Wired Infrastructure and Networking"
              ],
              "product": "Snapdragon",
              "vendor": "Qualcomm, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MDM9206"
                },
                {
                  "status": "affected",
                  "version": "MDM9607"
                },
                {
                  "status": "affected",
                  "version": "MDM9640"
                },
                {
                  "status": "affected",
                  "version": "MDM9650"
                },
                {
                  "status": "affected",
                  "version": "MSM8909W"
                },
                {
                  "status": "affected",
                  "version": "SD 210/SD 212/SD 205"
                },
                {
                  "status": "affected",
                  "version": "SD 425"
                },
                {
                  "status": "affected",
                  "version": "SD 430"
                },
                {
                  "status": "affected",
                  "version": "SD 450"
                },
                {
                  "status": "affected",
                  "version": "SD 615/16/SD 415"
                },
                {
                  "status": "affected",
                  "version": "SD 617"
                },
                {
                  "status": "affected",
                  "version": "SD 625"
                },
                {
                  "status": "affected",
                  "version": "SD 650/52"
                },
                {
                  "status": "affected",
                  "version": "SD 810"
                },
                {
                  "status": "affected",
                  "version": "SD 820"
                },
                {
                  "status": "affected",
                  "version": "SD 820A"
                },
                {
                  "status": "affected",
                  "version": "SD 835"
                },
                {
                  "status": "affected",
                  "version": "SD 845"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An image with a version lower than the fuse version may potentially be booted lead to improper authentication."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T08:55:24.910Z",
            "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
            "shortName": "qualcomm"
          },
          "references": [
            {
              "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html"
            }
          ],
          "title": "Improper Authentication in TrustZone"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "assignerShortName": "qualcomm",
        "cveId": "CVE-2018-11952",
        "datePublished": "2024-11-26T08:55:24.910Z",
        "dateReserved": "2018-06-07T00:00:00.000Z",
        "dateUpdated": "2024-11-26T14:09:22.979Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-11922 (GCVE-0-2018-11922)

    Vulnerability from nvd – Published: 2024-11-26 08:55 – Updated: 2024-11-26 14:09
    VLAI
    Title
    Configurations in Android Build
    Summary
    Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Qualcomm, Inc. Snapdragon Affected: MDM9206
    Affected: MDM9607
    Affected: MDM9640
    Affected: MDM9650
    Affected: Qualcomm 215
    Affected: SD 210/SD 212/SD 205
    Affected: SD 425
    Affected: SD 427
    Affected: SD 430
    Affected: SD 435
    Affected: SD 439 / SD 429
    Affected: SD 450
    Affected: SD 625
    Affected: SD 632
    Affected: SD 845 / SD 850
    Affected: SDA660
    Affected: SDM439
    Affected: SDX20
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-11922",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T14:02:16.711521Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T14:09:23.135Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Snapdragon Auto",
                "Snapdragon Consumer IOT",
                "Snapdragon Industrial IOT",
                "Snapdragon Mobile",
                "Snapdragon Wearables"
              ],
              "product": "Snapdragon",
              "vendor": "Qualcomm, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MDM9206"
                },
                {
                  "status": "affected",
                  "version": "MDM9607"
                },
                {
                  "status": "affected",
                  "version": "MDM9640"
                },
                {
                  "status": "affected",
                  "version": "MDM9650"
                },
                {
                  "status": "affected",
                  "version": "Qualcomm 215"
                },
                {
                  "status": "affected",
                  "version": "SD 210/SD 212/SD 205"
                },
                {
                  "status": "affected",
                  "version": "SD 425"
                },
                {
                  "status": "affected",
                  "version": "SD 427"
                },
                {
                  "status": "affected",
                  "version": "SD 430"
                },
                {
                  "status": "affected",
                  "version": "SD 435"
                },
                {
                  "status": "affected",
                  "version": "SD 439 / SD 429"
                },
                {
                  "status": "affected",
                  "version": "SD 450"
                },
                {
                  "status": "affected",
                  "version": "SD 625"
                },
                {
                  "status": "affected",
                  "version": "SD 632"
                },
                {
                  "status": "affected",
                  "version": "SD 845 / SD 850"
                },
                {
                  "status": "affected",
                  "version": "SDA660"
                },
                {
                  "status": "affected",
                  "version": "SDM439"
                },
                {
                  "status": "affected",
                  "version": "SDX20"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-16",
                  "description": "CWE-16 Configuration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T08:55:23.774Z",
            "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
            "shortName": "qualcomm"
          },
          "references": [
            {
              "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html"
            }
          ],
          "title": "Configurations in Android Build"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "assignerShortName": "qualcomm",
        "cveId": "CVE-2018-11922",
        "datePublished": "2024-11-26T08:55:23.774Z",
        "dateReserved": "2018-06-07T00:00:00.000Z",
        "dateUpdated": "2024-11-26T14:09:23.135Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-11076 (GCVE-0-2017-11076)

    Vulnerability from nvd – Published: 2024-11-26 08:55 – Updated: 2024-11-26 14:09
    VLAI
    Title
    Use of Out-of-range Pointer Offset in Video
    Summary
    On some hardware revisions where VP9 decoding is hardware-accelerated, the frame size is not programmed correctly into the decoder hardware which can lead to an invalid memory access by the decoder.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-823 - Use of Out-of-range Pointer Offset
    Assigner
    Impacted products
    Vendor Product Version
    Qualcomm, Inc. Snapdragon Affected: MSM8909W
    Affected: MSM8996AU
    Affected: SD 210/SD 212/SD 205
    Affected: SD 425
    Affected: SD 427
    Affected: SD 430
    Affected: SD 435
    Affected: SD 450
    Affected: SD 615/16/SD 415
    Affected: SD 625
    Affected: SD 810
    Affected: SD 820
    Affected: SD 820A
    Affected: SD 835
    Affected: SD 845
    Affected: SDM429
    Affected: SDM439
    Affected: SDM630
    Affected: SDM632
    Affected: SDM636
    Affected: SDM660
    Affected: SDM710
    Affected: Snapdragon_High_Med_2016
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-11076",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T14:02:40.745497Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T14:09:23.728Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Snapdragon Automobile",
                "Snapdragon Mobile",
                "Snapdragon Wear"
              ],
              "product": "Snapdragon",
              "vendor": "Qualcomm, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MSM8909W"
                },
                {
                  "status": "affected",
                  "version": "MSM8996AU"
                },
                {
                  "status": "affected",
                  "version": "SD 210/SD 212/SD 205"
                },
                {
                  "status": "affected",
                  "version": "SD 425"
                },
                {
                  "status": "affected",
                  "version": "SD 427"
                },
                {
                  "status": "affected",
                  "version": "SD 430"
                },
                {
                  "status": "affected",
                  "version": "SD 435"
                },
                {
                  "status": "affected",
                  "version": "SD 450"
                },
                {
                  "status": "affected",
                  "version": "SD 615/16/SD 415"
                },
                {
                  "status": "affected",
                  "version": "SD 625"
                },
                {
                  "status": "affected",
                  "version": "SD 810"
                },
                {
                  "status": "affected",
                  "version": "SD 820"
                },
                {
                  "status": "affected",
                  "version": "SD 820A"
                },
                {
                  "status": "affected",
                  "version": "SD 835"
                },
                {
                  "status": "affected",
                  "version": "SD 845"
                },
                {
                  "status": "affected",
                  "version": "SDM429"
                },
                {
                  "status": "affected",
                  "version": "SDM439"
                },
                {
                  "status": "affected",
                  "version": "SDM630"
                },
                {
                  "status": "affected",
                  "version": "SDM632"
                },
                {
                  "status": "affected",
                  "version": "SDM636"
                },
                {
                  "status": "affected",
                  "version": "SDM660"
                },
                {
                  "status": "affected",
                  "version": "SDM710"
                },
                {
                  "status": "affected",
                  "version": "Snapdragon_High_Med_2016"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "On some hardware revisions where VP9 decoding is hardware-accelerated, the frame size is not programmed correctly into the decoder hardware which can lead to an invalid memory access by the decoder."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-823",
                  "description": "CWE-823 Use of Out-of-range Pointer Offset",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T08:55:15.692Z",
            "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
            "shortName": "qualcomm"
          },
          "references": [
            {
              "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html"
            }
          ],
          "title": "Use of Out-of-range Pointer Offset in Video"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "assignerShortName": "qualcomm",
        "cveId": "CVE-2017-11076",
        "datePublished": "2024-11-26T08:55:15.692Z",
        "dateReserved": "2017-07-07T00:00:00.000Z",
        "dateUpdated": "2024-11-26T14:09:23.728Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-9711 (GCVE-0-2017-9711)

    Vulnerability from nvd – Published: 2024-11-22 09:09 – Updated: 2024-11-22 11:40
    VLAI
    Title
    Permissions, Privileges, and Access Controls in Data
    Summary
    Certain unprivileged processes are able to perform IOCTL calls.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-264 - Permissions, Privileges, and Access Controls
    Assigner
    Impacted products
    Vendor Product Version
    Qualcomm, Inc. Snapdragon Affected: MDM9206
    Affected: MDM9607
    Affected: MDM9640
    Affected: MDM9650
    Affected: MSM8909W
    Affected: SD 210/SD 212/SD 205
    Affected: SD 425
    Affected: SD 430
    Affected: SD 450
    Affected: SD 615/16/SD 415
    Affected: SD 617
    Affected: SD 625
    Affected: SD 650/52
    Affected: SD 810
    Affected: SD 820
    Affected: SD 820A
    Affected: SD 835
    Affected: SD 845
    Create a notification for this product.
    qualcomm mdm9206_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm mdm9607_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm mdm9640_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm mdm9650_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm msm8909w_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_425_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_430_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_450_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_617_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_625_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_810_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_820_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_820a_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_835_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_845_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mdm9206_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mdm9607_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mdm9640_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mdm9650_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "msm8909w_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_425_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_430_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_450_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_617_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_625_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_810_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_820_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_820a_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_835_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_845_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-9711",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-22T11:39:56.991803Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-22T11:40:06.357Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Snapdragon Automobile",
                "Snapdragon Mobile",
                "Snapdragon Wear"
              ],
              "product": "Snapdragon",
              "vendor": "Qualcomm, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MDM9206"
                },
                {
                  "status": "affected",
                  "version": "MDM9607"
                },
                {
                  "status": "affected",
                  "version": "MDM9640"
                },
                {
                  "status": "affected",
                  "version": "MDM9650"
                },
                {
                  "status": "affected",
                  "version": "MSM8909W"
                },
                {
                  "status": "affected",
                  "version": "SD 210/SD 212/SD 205"
                },
                {
                  "status": "affected",
                  "version": "SD 425"
                },
                {
                  "status": "affected",
                  "version": "SD 430"
                },
                {
                  "status": "affected",
                  "version": "SD 450"
                },
                {
                  "status": "affected",
                  "version": "SD 615/16/SD 415"
                },
                {
                  "status": "affected",
                  "version": "SD 617"
                },
                {
                  "status": "affected",
                  "version": "SD 625"
                },
                {
                  "status": "affected",
                  "version": "SD 650/52"
                },
                {
                  "status": "affected",
                  "version": "SD 810"
                },
                {
                  "status": "affected",
                  "version": "SD 820"
                },
                {
                  "status": "affected",
                  "version": "SD 820A"
                },
                {
                  "status": "affected",
                  "version": "SD 835"
                },
                {
                  "status": "affected",
                  "version": "SD 845"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Certain unprivileged processes are able to perform IOCTL calls."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-264",
                  "description": "CWE-264 Permissions, Privileges, and Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-22T09:09:10.630Z",
            "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
            "shortName": "qualcomm"
          },
          "references": [
            {
              "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html"
            }
          ],
          "title": "Permissions, Privileges, and Access Controls in Data"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "assignerShortName": "qualcomm",
        "cveId": "CVE-2017-9711",
        "datePublished": "2024-11-22T09:09:10.630Z",
        "dateReserved": "2017-06-15T00:00:00.000Z",
        "dateUpdated": "2024-11-22T11:40:06.357Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-10530 (GCVE-0-2019-10530)

    Vulnerability from nvd – Published: 2019-12-12 08:30 – Updated: 2024-08-04 22:24
    VLAI
    Summary
    Lack of check of data truncation on user supplied data in kernel leads to buffer overflow in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24
    Severity
    No CVSS data available.
    CWE
    • Integer Overflow to Buffer Overflow Issue in Kernel
    Assigner
    References
    Impacted products
    Vendor Product Version
    Qualcomm, Inc. Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Affected: MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:24:18.572Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://source.android.com/security/bulletin/pixel/2019-11-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
              "vendor": "Qualcomm, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Lack of check of data truncation on user supplied data in kernel leads to buffer overflow in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Integer Overflow to Buffer Overflow Issue in Kernel",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-12T08:30:39.000Z",
            "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
            "shortName": "qualcomm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://source.android.com/security/bulletin/pixel/2019-11-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@qualcomm.com",
              "ID": "CVE-2019-10530",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Qualcomm, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Lack of check of data truncation on user supplied data in kernel leads to buffer overflow in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Integer Overflow to Buffer Overflow Issue in Kernel"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://source.android.com/security/bulletin/pixel/2019-11-01",
                  "refsource": "CONFIRM",
                  "url": "https://source.android.com/security/bulletin/pixel/2019-11-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "assignerShortName": "qualcomm",
        "cveId": "CVE-2019-10530",
        "datePublished": "2019-12-12T08:30:39.000Z",
        "dateReserved": "2019-03-29T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:24:18.572Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-10520 (GCVE-0-2019-10520)

    Vulnerability from nvd – Published: 2019-12-12 08:30 – Updated: 2024-08-04 22:24
    VLAI
    Summary
    An unprivileged application can allocate GPU memory by calling memory allocation ioctl function and can exhaust all the memory which results in out of memory in Snapdragon Mobile, Snapdragon Voice & Music in QCS405, SD 210/SD 212/SD 205, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855
    Severity
    No CVSS data available.
    CWE
    • Uncontrolled Resource Consumption in Kernel Memory
    Assigner
    References
    Impacted products
    Vendor Product Version
    Qualcomm, Inc. Snapdragon Mobile, Snapdragon Voice & Music Affected: QCS405, SD 210/SD 212/SD 205, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:24:18.605Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://source.android.com/security/bulletin/pixel/2019-11-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Snapdragon Mobile, Snapdragon Voice \u0026 Music",
              "vendor": "Qualcomm, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "QCS405, SD 210/SD 212/SD 205, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An unprivileged application can allocate GPU memory by calling memory allocation ioctl function and can exhaust all the memory which results in out of memory in Snapdragon Mobile, Snapdragon Voice \u0026 Music in QCS405, SD 210/SD 212/SD 205, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Uncontrolled Resource Consumption in Kernel Memory",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-12T08:30:38.000Z",
            "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
            "shortName": "qualcomm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://source.android.com/security/bulletin/pixel/2019-11-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@qualcomm.com",
              "ID": "CVE-2019-10520",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Snapdragon Mobile, Snapdragon Voice \u0026 Music",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "QCS405, SD 210/SD 212/SD 205, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Qualcomm, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unprivileged application can allocate GPU memory by calling memory allocation ioctl function and can exhaust all the memory which results in out of memory in Snapdragon Mobile, Snapdragon Voice \u0026 Music in QCS405, SD 210/SD 212/SD 205, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Uncontrolled Resource Consumption in Kernel Memory"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://source.android.com/security/bulletin/pixel/2019-11-01",
                  "refsource": "CONFIRM",
                  "url": "https://source.android.com/security/bulletin/pixel/2019-11-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "assignerShortName": "qualcomm",
        "cveId": "CVE-2019-10520",
        "datePublished": "2019-12-12T08:30:39.000Z",
        "dateReserved": "2019-03-29T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:24:18.605Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-2332 (GCVE-0-2019-2332)

    Vulnerability from nvd – Published: 2019-11-06 17:11 – Updated: 2024-08-04 18:49
    VLAI
    Summary
    Memory corruption while accessing the memory as payload size is not validated before access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24
    Severity
    No CVSS data available.
    CWE
    • Improper Validation of Array Index in Audio
    Assigner
    References
    URL Tags
    https://source.android.com/security/bulletin/ x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Qualcomm, Inc. Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Affected: MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:49:47.937Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://source.android.com/security/bulletin/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
              "vendor": "Qualcomm, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Memory corruption while accessing the memory as payload size is not validated before access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Validation of Array Index in Audio",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-06T17:11:28.000Z",
            "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
            "shortName": "qualcomm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://source.android.com/security/bulletin/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@qualcomm.com",
              "ID": "CVE-2019-2332",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Qualcomm, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Memory corruption while accessing the memory as payload size is not validated before access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Validation of Array Index in Audio"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://source.android.com/security/bulletin/",
                  "refsource": "CONFIRM",
                  "url": "https://source.android.com/security/bulletin/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "assignerShortName": "qualcomm",
        "cveId": "CVE-2019-2332",
        "datePublished": "2019-11-06T17:11:29.000Z",
        "dateReserved": "2018-12-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T18:49:47.937Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-2331 (GCVE-0-2019-2331)

    Vulnerability from nvd – Published: 2019-11-06 17:11 – Updated: 2024-08-04 18:49
    VLAI
    Summary
    Possible Integer overflow because of subtracting two integers without checking if the result would overflow or not in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24
    Severity
    No CVSS data available.
    CWE
    • Integer Overflow or Wraparound Issue in Audio
    Assigner
    References
    URL Tags
    https://source.android.com/security/bulletin/ x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Qualcomm, Inc. Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Affected: MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:49:47.819Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://source.android.com/security/bulletin/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
              "vendor": "Qualcomm, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Possible Integer overflow because of subtracting two integers without checking if the result would overflow or not in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Integer Overflow or Wraparound Issue in Audio",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-06T17:11:28.000Z",
            "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
            "shortName": "qualcomm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://source.android.com/security/bulletin/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@qualcomm.com",
              "ID": "CVE-2019-2331",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Qualcomm, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Possible Integer overflow because of subtracting two integers without checking if the result would overflow or not in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Integer Overflow or Wraparound Issue in Audio"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://source.android.com/security/bulletin/",
                  "refsource": "CONFIRM",
                  "url": "https://source.android.com/security/bulletin/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "assignerShortName": "qualcomm",
        "cveId": "CVE-2019-2331",
        "datePublished": "2019-11-06T17:11:28.000Z",
        "dateReserved": "2018-12-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T18:49:47.819Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-2325 (GCVE-0-2019-2325)

    Vulnerability from nvd – Published: 2019-11-06 17:11 – Updated: 2024-08-04 18:49
    VLAI
    Summary
    Out of boundary access due to token received from ADSP and is used without validation as an index into the array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24
    Severity
    No CVSS data available.
    CWE
    • Improper Validation of Array Index in Audio Driver
    Assigner
    References
    URL Tags
    https://source.android.com/security/bulletin/ x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Qualcomm, Inc. Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Affected: MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:49:47.974Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://source.android.com/security/bulletin/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
              "vendor": "Qualcomm, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out of boundary access due to token received from ADSP and is used without validation as an index into the array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Validation of Array Index in Audio Driver",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-06T17:11:27.000Z",
            "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
            "shortName": "qualcomm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://source.android.com/security/bulletin/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@qualcomm.com",
              "ID": "CVE-2019-2325",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Qualcomm, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Out of boundary access due to token received from ADSP and is used without validation as an index into the array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Validation of Array Index in Audio Driver"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://source.android.com/security/bulletin/",
                  "refsource": "CONFIRM",
                  "url": "https://source.android.com/security/bulletin/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "assignerShortName": "qualcomm",
        "cveId": "CVE-2019-2325",
        "datePublished": "2019-11-06T17:11:28.000Z",
        "dateReserved": "2018-12-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T18:49:47.974Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-2324 (GCVE-0-2019-2324)

    Vulnerability from nvd – Published: 2019-11-06 17:11 – Updated: 2024-08-04 18:49
    VLAI
    Summary
    When ADSP is compromised, the audio port index that`s returned from ADSP might be out of the valid range and leads to out of boundary access in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 845 / SD 850, SD 855, SDX20, SDX24
    Severity
    No CVSS data available.
    CWE
    • Improper Validation of Array Index in Audio
    Assigner
    References
    URL Tags
    https://source.android.com/security/bulletin/ x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Qualcomm, Inc. Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Affected: MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 845 / SD 850, SD 855, SDX20, SDX24
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:49:47.564Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://source.android.com/security/bulletin/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
              "vendor": "Qualcomm, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 845 / SD 850, SD 855, SDX20, SDX24"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When ADSP is compromised, the audio port index that`s returned from ADSP might be out of the valid range and leads to out of boundary access in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 845 / SD 850, SD 855, SDX20, SDX24"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Validation of Array Index in Audio",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-06T17:11:27.000Z",
            "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
            "shortName": "qualcomm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://source.android.com/security/bulletin/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@qualcomm.com",
              "ID": "CVE-2019-2324",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 845 / SD 850, SD 855, SDX20, SDX24"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Qualcomm, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "When ADSP is compromised, the audio port index that`s returned from ADSP might be out of the valid range and leads to out of boundary access in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 845 / SD 850, SD 855, SDX20, SDX24"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Validation of Array Index in Audio"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://source.android.com/security/bulletin/",
                  "refsource": "CONFIRM",
                  "url": "https://source.android.com/security/bulletin/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "assignerShortName": "qualcomm",
        "cveId": "CVE-2019-2324",
        "datePublished": "2019-11-06T17:11:27.000Z",
        "dateReserved": "2018-12-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T18:49:47.564Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-2323 (GCVE-0-2019-2323)

    Vulnerability from nvd – Published: 2019-11-06 17:11 – Updated: 2024-08-04 18:49
    VLAI
    Summary
    Lack of check to ensure crypto engine data passed by user is initialized can result in bus error in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24
    Severity
    No CVSS data available.
    CWE
    • Improper Input Validation Issue in HLOS
    Assigner
    References
    URL Tags
    https://source.android.com/security/bulletin/ x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Qualcomm, Inc. Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Affected: MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:49:47.817Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://source.android.com/security/bulletin/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
              "vendor": "Qualcomm, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Lack of check to ensure crypto engine data passed by user is initialized can result in bus error in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Input Validation Issue in HLOS",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-06T17:11:27.000Z",
            "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
            "shortName": "qualcomm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://source.android.com/security/bulletin/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@qualcomm.com",
              "ID": "CVE-2019-2323",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Qualcomm, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Lack of check to ensure crypto engine data passed by user is initialized can result in bus error in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Input Validation Issue in HLOS"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://source.android.com/security/bulletin/",
                  "refsource": "CONFIRM",
                  "url": "https://source.android.com/security/bulletin/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "assignerShortName": "qualcomm",
        "cveId": "CVE-2019-2323",
        "datePublished": "2019-11-06T17:11:27.000Z",
        "dateReserved": "2018-12-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T18:49:47.817Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-2285 (GCVE-0-2019-2285)

    Vulnerability from nvd – Published: 2019-11-06 17:11 – Updated: 2024-08-04 18:42
    VLAI
    Summary
    Out of bound write issue is observed while giving information about properties that have been set so far for playing video in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130
    Severity
    No CVSS data available.
    CWE
    • Improper Restriction of Operation Within the Bounds of a memory Buffer in Video
    Assigner
    References
    URL Tags
    https://source.android.com/security/bulletin/ x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Qualcomm, Inc. Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Affected: MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:42:51.188Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://source.android.com/security/bulletin/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
              "vendor": "Qualcomm, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out of bound write issue is observed while giving information about properties that have been set so far for playing video in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Restriction of Operation Within the Bounds of a memory Buffer in Video",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-06T17:11:26.000Z",
            "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
            "shortName": "qualcomm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://source.android.com/security/bulletin/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@qualcomm.com",
              "ID": "CVE-2019-2285",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Qualcomm, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Out of bound write issue is observed while giving information about properties that have been set so far for playing video in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Restriction of Operation Within the Bounds of a memory Buffer in Video"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://source.android.com/security/bulletin/",
                  "refsource": "CONFIRM",
                  "url": "https://source.android.com/security/bulletin/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "assignerShortName": "qualcomm",
        "cveId": "CVE-2019-2285",
        "datePublished": "2019-11-06T17:11:26.000Z",
        "dateReserved": "2018-12-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T18:42:51.188Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-2283 (GCVE-0-2019-2283)

    Vulnerability from nvd – Published: 2019-11-06 17:11 – Updated: 2024-08-04 18:42
    VLAI
    Summary
    Improper validation of read and write index of tx and rx fifo`s before calculating pointer can lead to out-of-bound access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24
    Severity
    No CVSS data available.
    CWE
    • Improper Input Validation in KERNEL
    Assigner
    References
    URL Tags
    https://source.android.com/security/bulletin/ x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Qualcomm, Inc. Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Affected: MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:42:51.045Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://source.android.com/security/bulletin/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
              "vendor": "Qualcomm, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper validation of read and write index of tx and rx fifo`s before calculating pointer can lead to out-of-bound access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Input Validation in KERNEL",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-06T17:11:25.000Z",
            "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
            "shortName": "qualcomm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://source.android.com/security/bulletin/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@qualcomm.com",
              "ID": "CVE-2019-2283",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Qualcomm, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper validation of read and write index of tx and rx fifo`s before calculating pointer can lead to out-of-bound access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Input Validation in KERNEL"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://source.android.com/security/bulletin/",
                  "refsource": "CONFIRM",
                  "url": "https://source.android.com/security/bulletin/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "assignerShortName": "qualcomm",
        "cveId": "CVE-2019-2283",
        "datePublished": "2019-11-06T17:11:25.000Z",
        "dateReserved": "2018-12-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T18:42:51.045Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-2275 (GCVE-0-2019-2275)

    Vulnerability from nvd – Published: 2019-11-06 17:11 – Updated: 2024-08-04 18:42
    VLAI
    Summary
    While deserializing any key blob during key operations, buffer overflow could occur exposing partial key information if any key operations are invoked(Depends on CVE-2018-13907) in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS404, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130
    Severity
    No CVSS data available.
    CWE
    • Possible Buffer Overflow in Keymaster Key Deserialization
    Assigner
    References
    Impacted products
    Vendor Product Version
    Qualcomm, Inc. Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking Affected: MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS404, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:42:51.125Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.qualcomm.com/company/product-security/bulletins"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",
              "vendor": "Qualcomm, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS404, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "While deserializing any key blob during key operations, buffer overflow could occur exposing partial key information if any key operations are invoked(Depends on CVE-2018-13907) in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS404, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Possible Buffer Overflow in Keymaster Key Deserialization",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-06T17:11:25.000Z",
            "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
            "shortName": "qualcomm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.qualcomm.com/company/product-security/bulletins"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@qualcomm.com",
              "ID": "CVE-2019-2275",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS404, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Qualcomm, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "While deserializing any key blob during key operations, buffer overflow could occur exposing partial key information if any key operations are invoked(Depends on CVE-2018-13907) in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS404, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Possible Buffer Overflow in Keymaster Key Deserialization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qualcomm.com/company/product-security/bulletins",
                  "refsource": "CONFIRM",
                  "url": "https://www.qualcomm.com/company/product-security/bulletins"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "assignerShortName": "qualcomm",
        "cveId": "CVE-2019-2275",
        "datePublished": "2019-11-06T17:11:25.000Z",
        "dateReserved": "2018-12-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T18:42:51.125Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-2258 (GCVE-0-2019-2258)

    Vulnerability from nvd – Published: 2019-11-06 17:11 – Updated: 2024-08-04 18:42
    VLAI
    Summary
    Improper validation of array index causes OOB write and then leads to memory corruption in MMCP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130
    Severity
    No CVSS data available.
    CWE
    • Improper Validation of Array Index in MMCP
    Assigner
    References
    URL Tags
    https://source.android.com/security/bulletin/ x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Qualcomm, Inc. Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Affected: MDM9150, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:42:50.971Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://source.android.com/security/bulletin/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
              "vendor": "Qualcomm, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MDM9150, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper validation of array index causes OOB write and then leads to memory corruption in MMCP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Validation of Array Index in MMCP",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-06T17:11:24.000Z",
            "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
            "shortName": "qualcomm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://source.android.com/security/bulletin/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@qualcomm.com",
              "ID": "CVE-2019-2258",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "MDM9150, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Qualcomm, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper validation of array index causes OOB write and then leads to memory corruption in MMCP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Validation of Array Index in MMCP"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://source.android.com/security/bulletin/",
                  "refsource": "CONFIRM",
                  "url": "https://source.android.com/security/bulletin/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "assignerShortName": "qualcomm",
        "cveId": "CVE-2019-2258",
        "datePublished": "2019-11-06T17:11:24.000Z",
        "dateReserved": "2018-12-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T18:42:50.971Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-10542 (GCVE-0-2019-10542)

    Vulnerability from nvd – Published: 2019-11-06 17:11 – Updated: 2024-08-04 22:24
    VLAI
    Summary
    Buffer over-read may occur when downloading a corrupted firmware file that has chunk length in header which doesn`t match the contents in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 845 / SD 850, SDX20
    Severity
    No CVSS data available.
    CWE
    • Buffer Copy Without Checking Size of Input in WLAN HOST
    Assigner
    References
    URL Tags
    https://source.android.com/security/bulletin/ x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Qualcomm, Inc. Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music Affected: MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 845 / SD 850, SDX20
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:24:18.835Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://source.android.com/security/bulletin/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music",
              "vendor": "Qualcomm, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 845 / SD 850, SDX20"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer over-read may occur when downloading a corrupted firmware file that has chunk length in header which doesn`t match the contents in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music in MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 845 / SD 850, SDX20"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Buffer Copy Without Checking Size of Input in WLAN HOST",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-06T17:11:22.000Z",
            "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
            "shortName": "qualcomm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://source.android.com/security/bulletin/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@qualcomm.com",
              "ID": "CVE-2019-10542",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 845 / SD 850, SDX20"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Qualcomm, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer over-read may occur when downloading a corrupted firmware file that has chunk length in header which doesn`t match the contents in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music in MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 845 / SD 850, SDX20"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Buffer Copy Without Checking Size of Input in WLAN HOST"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://source.android.com/security/bulletin/",
                  "refsource": "CONFIRM",
                  "url": "https://source.android.com/security/bulletin/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "assignerShortName": "qualcomm",
        "cveId": "CVE-2019-10542",
        "datePublished": "2019-11-06T17:11:23.000Z",
        "dateReserved": "2019-03-29T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:24:18.835Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-10541 (GCVE-0-2019-10541)

    Vulnerability from nvd – Published: 2019-11-06 17:11 – Updated: 2024-08-04 22:24
    VLAI
    Summary
    Dereference on uninitialized buffer can happen when parsing FLV clip with corrupted codec specific data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20
    Severity
    No CVSS data available.
    CWE
    • Use of Uninitialized Variable in Video
    Assigner
    References
    URL Tags
    https://source.android.com/security/bulletin/ x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Qualcomm, Inc. Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Affected: MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:24:18.863Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://source.android.com/security/bulletin/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
              "vendor": "Qualcomm, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Dereference on uninitialized buffer can happen when parsing FLV clip with corrupted codec specific data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use of Uninitialized Variable in Video",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-06T17:11:22.000Z",
            "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
            "shortName": "qualcomm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://source.android.com/security/bulletin/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@qualcomm.com",
              "ID": "CVE-2019-10541",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Qualcomm, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dereference on uninitialized buffer can happen when parsing FLV clip with corrupted codec specific data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use of Uninitialized Variable in Video"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://source.android.com/security/bulletin/",
                  "refsource": "CONFIRM",
                  "url": "https://source.android.com/security/bulletin/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "assignerShortName": "qualcomm",
        "cveId": "CVE-2019-10541",
        "datePublished": "2019-11-06T17:11:22.000Z",
        "dateReserved": "2019-03-29T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:24:18.863Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-10534 (GCVE-0-2019-10534)

    Vulnerability from nvd – Published: 2019-11-06 17:11 – Updated: 2024-08-04 22:24
    VLAI
    Summary
    Null-pointer dereference can occur while accessing the super index entry when it is not been allocated in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20
    Severity
    No CVSS data available.
    CWE
    • Null Pointer Dereference Issue in Video
    Assigner
    References
    URL Tags
    https://source.android.com/security/bulletin/ x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Qualcomm, Inc. Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Affected: MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:24:18.786Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://source.android.com/security/bulletin/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
              "vendor": "Qualcomm, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Null-pointer dereference can occur while accessing the super index entry when it is not been allocated in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Null Pointer Dereference Issue in Video",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-06T17:11:21.000Z",
            "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
            "shortName": "qualcomm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://source.android.com/security/bulletin/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@qualcomm.com",
              "ID": "CVE-2019-10534",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Qualcomm, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Null-pointer dereference can occur while accessing the super index entry when it is not been allocated in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Null Pointer Dereference Issue in Video"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://source.android.com/security/bulletin/",
                  "refsource": "CONFIRM",
                  "url": "https://source.android.com/security/bulletin/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "assignerShortName": "qualcomm",
        "cveId": "CVE-2019-10534",
        "datePublished": "2019-11-06T17:11:22.000Z",
        "dateReserved": "2019-03-29T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:24:18.786Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-10533 (GCVE-0-2019-10533)

    Vulnerability from nvd – Published: 2019-11-06 17:11 – Updated: 2024-08-04 22:24
    VLAI
    Summary
    Out of bound access due to improper validation of array index cause the index table entry to get corrupt in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20
    Severity
    No CVSS data available.
    CWE
    • Improper Validation of Array Index in Video
    Assigner
    References
    URL Tags
    https://source.android.com/security/bulletin/ x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Qualcomm, Inc. Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Affected: MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:24:18.706Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://source.android.com/security/bulletin/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
              "vendor": "Qualcomm, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out of bound access due to improper validation of array index cause the index table entry to get corrupt in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Validation of Array Index in Video",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-06T17:11:21.000Z",
            "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
            "shortName": "qualcomm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://source.android.com/security/bulletin/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@qualcomm.com",
              "ID": "CVE-2019-10533",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Qualcomm, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Out of bound access due to improper validation of array index cause the index table entry to get corrupt in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Validation of Array Index in Video"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://source.android.com/security/bulletin/",
                  "refsource": "CONFIRM",
                  "url": "https://source.android.com/security/bulletin/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "assignerShortName": "qualcomm",
        "cveId": "CVE-2019-10533",
        "datePublished": "2019-11-06T17:11:21.000Z",
        "dateReserved": "2019-03-29T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:24:18.706Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-10531 (GCVE-0-2019-10531)

    Vulnerability from nvd – Published: 2019-11-06 17:11 – Updated: 2024-08-04 22:24
    VLAI
    Summary
    Incorrect reading of system image resulting in buffer overflow when size of system image is increased in Snapdragon Auto, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SDM439
    Severity
    No CVSS data available.
    CWE
    • Improper Input Validation in HLOS
    Assigner
    References
    URL Tags
    https://source.android.com/security/bulletin/ x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Qualcomm, Inc. Snapdragon Auto, Snapdragon Mobile, Snapdragon Wearables Affected: MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SDM439
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:24:18.575Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://source.android.com/security/bulletin/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Snapdragon Auto, Snapdragon Mobile, Snapdragon Wearables",
              "vendor": "Qualcomm, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SDM439"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Incorrect reading of system image resulting in buffer overflow when size of system image is increased in Snapdragon Auto, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SDM439"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Input Validation in HLOS",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-06T17:11:20.000Z",
            "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
            "shortName": "qualcomm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://source.android.com/security/bulletin/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@qualcomm.com",
              "ID": "CVE-2019-10531",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Snapdragon Auto, Snapdragon Mobile, Snapdragon Wearables",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SDM439"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Qualcomm, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Incorrect reading of system image resulting in buffer overflow when size of system image is increased in Snapdragon Auto, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SDM439"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Input Validation in HLOS"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://source.android.com/security/bulletin/",
                  "refsource": "CONFIRM",
                  "url": "https://source.android.com/security/bulletin/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "assignerShortName": "qualcomm",
        "cveId": "CVE-2019-10531",
        "datePublished": "2019-11-06T17:11:21.000Z",
        "dateReserved": "2019-03-29T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:24:18.575Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-10529 (GCVE-0-2019-10529)

    Vulnerability from nvd – Published: 2019-11-06 17:11 – Updated: 2024-08-04 22:24
    VLAI
    Summary
    Possible use after free issue due to race condition while attempting to mark the entry pages as dirty using function set_page_dirty() in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24
    Severity
    No CVSS data available.
    CWE
    • Use After Free Issue in Graphics
    Assigner
    References
    URL Tags
    https://source.android.com/security/bulletin/ x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Qualcomm, Inc. Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Affected: MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:24:18.704Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://source.android.com/security/bulletin/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
              "vendor": "Qualcomm, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Possible use after free issue due to race condition while attempting to mark the entry pages as dirty using function set_page_dirty() in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use After Free Issue in Graphics",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-06T17:11:20.000Z",
            "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
            "shortName": "qualcomm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://source.android.com/security/bulletin/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@qualcomm.com",
              "ID": "CVE-2019-10529",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Qualcomm, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Possible use after free issue due to race condition while attempting to mark the entry pages as dirty using function set_page_dirty() in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use After Free Issue in Graphics"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://source.android.com/security/bulletin/",
                  "refsource": "CONFIRM",
                  "url": "https://source.android.com/security/bulletin/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "assignerShortName": "qualcomm",
        "cveId": "CVE-2019-10529",
        "datePublished": "2019-11-06T17:11:20.000Z",
        "dateReserved": "2019-03-29T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:24:18.704Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-10528 (GCVE-0-2019-10528)

    Vulnerability from nvd – Published: 2019-11-06 17:11 – Updated: 2024-08-04 22:24
    VLAI
    Summary
    Use after free issue in kernel while accessing freed mdlog session info and its attributes after closing the session in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 730, SD 820, SD 820A, SD 835, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24
    Severity
    No CVSS data available.
    CWE
    • Use After Free Issue in Diag Services
    Assigner
    References
    URL Tags
    https://source.android.com/security/bulletin/ x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Qualcomm, Inc. Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Affected: MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 730, SD 820, SD 820A, SD 835, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:24:18.639Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://source.android.com/security/bulletin/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
              "vendor": "Qualcomm, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 730, SD 820, SD 820A, SD 835, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use after free issue in kernel while accessing freed mdlog session info and its attributes after closing the session in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 730, SD 820, SD 820A, SD 835, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use After Free Issue in Diag Services",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-06T17:11:20.000Z",
            "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
            "shortName": "qualcomm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://source.android.com/security/bulletin/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@qualcomm.com",
              "ID": "CVE-2019-10528",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 730, SD 820, SD 820A, SD 835, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Qualcomm, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Use after free issue in kernel while accessing freed mdlog session info and its attributes after closing the session in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 730, SD 820, SD 820A, SD 835, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use After Free Issue in Diag Services"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://source.android.com/security/bulletin/",
                  "refsource": "CONFIRM",
                  "url": "https://source.android.com/security/bulletin/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "assignerShortName": "qualcomm",
        "cveId": "CVE-2019-10528",
        "datePublished": "2019-11-06T17:11:20.000Z",
        "dateReserved": "2019-03-29T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:24:18.639Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5852 (GCVE-0-2018-5852)

    Vulnerability from cvelistv5 – Published: 2024-11-26 13:56 – Updated: 2024-11-26 15:00
    VLAI
    Title
    Buffer Over-read in IPA
    Summary
    An unsigned integer underflow vulnerability in IPA driver result into a buffer over-read while reading NAT entry using debugfs command 'cat /sys/kernel/debug/ipa/ip4_nat'
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Qualcomm, Inc. Snapdragon Affected: MDM9206
    Affected: MDM9607
    Affected: MDM9640
    Affected: MDM9650
    Affected: MSM8909W
    Affected: SD 210/SD 212/SD 205
    Affected: SD 425
    Affected: SD 430
    Affected: SD 450
    Affected: SD 615/16/SD 415
    Affected: SD 617
    Affected: SD 625
    Affected: SD 650/52
    Affected: SD 810
    Affected: SD 820
    Affected: SD 820A
    Affected: SD 835
    Affected: SD 845
    Create a notification for this product.
    qualcomm mdm9206_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm mdm9607_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm mdm9640_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm mdm9650_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm msm8909w_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_425_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_430_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_450_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_617_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_625_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_810_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_820_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_820a_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_835_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_845_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mdm9206_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mdm9607_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mdm9640_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mdm9650_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "msm8909w_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_425_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_430_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_450_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_617_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_625_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_810_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_820_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_820a_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_835_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_845_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-5852",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T14:52:25.968053Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T15:00:48.248Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Snapdragon Automobile",
                "Snapdragon Mobile",
                "Snapdragon Wear"
              ],
              "product": "Snapdragon",
              "vendor": "Qualcomm, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MDM9206"
                },
                {
                  "status": "affected",
                  "version": "MDM9607"
                },
                {
                  "status": "affected",
                  "version": "MDM9640"
                },
                {
                  "status": "affected",
                  "version": "MDM9650"
                },
                {
                  "status": "affected",
                  "version": "MSM8909W"
                },
                {
                  "status": "affected",
                  "version": "SD 210/SD 212/SD 205"
                },
                {
                  "status": "affected",
                  "version": "SD 425"
                },
                {
                  "status": "affected",
                  "version": "SD 430"
                },
                {
                  "status": "affected",
                  "version": "SD 450"
                },
                {
                  "status": "affected",
                  "version": "SD 615/16/SD 415"
                },
                {
                  "status": "affected",
                  "version": "SD 617"
                },
                {
                  "status": "affected",
                  "version": "SD 625"
                },
                {
                  "status": "affected",
                  "version": "SD 650/52"
                },
                {
                  "status": "affected",
                  "version": "SD 810"
                },
                {
                  "status": "affected",
                  "version": "SD 820"
                },
                {
                  "status": "affected",
                  "version": "SD 820A"
                },
                {
                  "status": "affected",
                  "version": "SD 835"
                },
                {
                  "status": "affected",
                  "version": "SD 845"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An unsigned integer underflow vulnerability in IPA driver result into a buffer over-read while reading NAT entry using debugfs command \u0027cat /sys/kernel/debug/ipa/ip4_nat\u0027"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-126",
                  "description": "CWE-126 Buffer Over-read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T13:56:25.527Z",
            "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
            "shortName": "qualcomm"
          },
          "references": [
            {
              "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html"
            }
          ],
          "title": "Buffer Over-read in IPA"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "assignerShortName": "qualcomm",
        "cveId": "CVE-2018-5852",
        "datePublished": "2024-11-26T13:56:25.527Z",
        "dateReserved": "2018-01-19T00:00:00.000Z",
        "dateUpdated": "2024-11-26T15:00:48.248Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-11952 (GCVE-0-2018-11952)

    Vulnerability from cvelistv5 – Published: 2024-11-26 08:55 – Updated: 2024-11-26 14:09
    VLAI
    Title
    Improper Authentication in TrustZone
    Summary
    An image with a version lower than the fuse version may potentially be booted lead to improper authentication.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    Impacted products
    Vendor Product Version
    Qualcomm, Inc. Snapdragon Affected: MDM9206
    Affected: MDM9607
    Affected: MDM9640
    Affected: MDM9650
    Affected: MSM8909W
    Affected: SD 210/SD 212/SD 205
    Affected: SD 425
    Affected: SD 430
    Affected: SD 450
    Affected: SD 615/16/SD 415
    Affected: SD 617
    Affected: SD 625
    Affected: SD 650/52
    Affected: SD 810
    Affected: SD 820
    Affected: SD 820A
    Affected: SD 835
    Affected: SD 845
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-11952",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T14:02:10.500974Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T14:09:22.979Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Snapdragon Wired Infrastructure and Networking"
              ],
              "product": "Snapdragon",
              "vendor": "Qualcomm, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MDM9206"
                },
                {
                  "status": "affected",
                  "version": "MDM9607"
                },
                {
                  "status": "affected",
                  "version": "MDM9640"
                },
                {
                  "status": "affected",
                  "version": "MDM9650"
                },
                {
                  "status": "affected",
                  "version": "MSM8909W"
                },
                {
                  "status": "affected",
                  "version": "SD 210/SD 212/SD 205"
                },
                {
                  "status": "affected",
                  "version": "SD 425"
                },
                {
                  "status": "affected",
                  "version": "SD 430"
                },
                {
                  "status": "affected",
                  "version": "SD 450"
                },
                {
                  "status": "affected",
                  "version": "SD 615/16/SD 415"
                },
                {
                  "status": "affected",
                  "version": "SD 617"
                },
                {
                  "status": "affected",
                  "version": "SD 625"
                },
                {
                  "status": "affected",
                  "version": "SD 650/52"
                },
                {
                  "status": "affected",
                  "version": "SD 810"
                },
                {
                  "status": "affected",
                  "version": "SD 820"
                },
                {
                  "status": "affected",
                  "version": "SD 820A"
                },
                {
                  "status": "affected",
                  "version": "SD 835"
                },
                {
                  "status": "affected",
                  "version": "SD 845"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An image with a version lower than the fuse version may potentially be booted lead to improper authentication."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T08:55:24.910Z",
            "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
            "shortName": "qualcomm"
          },
          "references": [
            {
              "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html"
            }
          ],
          "title": "Improper Authentication in TrustZone"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "assignerShortName": "qualcomm",
        "cveId": "CVE-2018-11952",
        "datePublished": "2024-11-26T08:55:24.910Z",
        "dateReserved": "2018-06-07T00:00:00.000Z",
        "dateUpdated": "2024-11-26T14:09:22.979Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-11922 (GCVE-0-2018-11922)

    Vulnerability from cvelistv5 – Published: 2024-11-26 08:55 – Updated: 2024-11-26 14:09
    VLAI
    Title
    Configurations in Android Build
    Summary
    Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Qualcomm, Inc. Snapdragon Affected: MDM9206
    Affected: MDM9607
    Affected: MDM9640
    Affected: MDM9650
    Affected: Qualcomm 215
    Affected: SD 210/SD 212/SD 205
    Affected: SD 425
    Affected: SD 427
    Affected: SD 430
    Affected: SD 435
    Affected: SD 439 / SD 429
    Affected: SD 450
    Affected: SD 625
    Affected: SD 632
    Affected: SD 845 / SD 850
    Affected: SDA660
    Affected: SDM439
    Affected: SDX20
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-11922",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T14:02:16.711521Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T14:09:23.135Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Snapdragon Auto",
                "Snapdragon Consumer IOT",
                "Snapdragon Industrial IOT",
                "Snapdragon Mobile",
                "Snapdragon Wearables"
              ],
              "product": "Snapdragon",
              "vendor": "Qualcomm, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MDM9206"
                },
                {
                  "status": "affected",
                  "version": "MDM9607"
                },
                {
                  "status": "affected",
                  "version": "MDM9640"
                },
                {
                  "status": "affected",
                  "version": "MDM9650"
                },
                {
                  "status": "affected",
                  "version": "Qualcomm 215"
                },
                {
                  "status": "affected",
                  "version": "SD 210/SD 212/SD 205"
                },
                {
                  "status": "affected",
                  "version": "SD 425"
                },
                {
                  "status": "affected",
                  "version": "SD 427"
                },
                {
                  "status": "affected",
                  "version": "SD 430"
                },
                {
                  "status": "affected",
                  "version": "SD 435"
                },
                {
                  "status": "affected",
                  "version": "SD 439 / SD 429"
                },
                {
                  "status": "affected",
                  "version": "SD 450"
                },
                {
                  "status": "affected",
                  "version": "SD 625"
                },
                {
                  "status": "affected",
                  "version": "SD 632"
                },
                {
                  "status": "affected",
                  "version": "SD 845 / SD 850"
                },
                {
                  "status": "affected",
                  "version": "SDA660"
                },
                {
                  "status": "affected",
                  "version": "SDM439"
                },
                {
                  "status": "affected",
                  "version": "SDX20"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-16",
                  "description": "CWE-16 Configuration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T08:55:23.774Z",
            "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
            "shortName": "qualcomm"
          },
          "references": [
            {
              "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html"
            }
          ],
          "title": "Configurations in Android Build"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "assignerShortName": "qualcomm",
        "cveId": "CVE-2018-11922",
        "datePublished": "2024-11-26T08:55:23.774Z",
        "dateReserved": "2018-06-07T00:00:00.000Z",
        "dateUpdated": "2024-11-26T14:09:23.135Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-11076 (GCVE-0-2017-11076)

    Vulnerability from cvelistv5 – Published: 2024-11-26 08:55 – Updated: 2024-11-26 14:09
    VLAI
    Title
    Use of Out-of-range Pointer Offset in Video
    Summary
    On some hardware revisions where VP9 decoding is hardware-accelerated, the frame size is not programmed correctly into the decoder hardware which can lead to an invalid memory access by the decoder.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-823 - Use of Out-of-range Pointer Offset
    Assigner
    Impacted products
    Vendor Product Version
    Qualcomm, Inc. Snapdragon Affected: MSM8909W
    Affected: MSM8996AU
    Affected: SD 210/SD 212/SD 205
    Affected: SD 425
    Affected: SD 427
    Affected: SD 430
    Affected: SD 435
    Affected: SD 450
    Affected: SD 615/16/SD 415
    Affected: SD 625
    Affected: SD 810
    Affected: SD 820
    Affected: SD 820A
    Affected: SD 835
    Affected: SD 845
    Affected: SDM429
    Affected: SDM439
    Affected: SDM630
    Affected: SDM632
    Affected: SDM636
    Affected: SDM660
    Affected: SDM710
    Affected: Snapdragon_High_Med_2016
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-11076",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T14:02:40.745497Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T14:09:23.728Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Snapdragon Automobile",
                "Snapdragon Mobile",
                "Snapdragon Wear"
              ],
              "product": "Snapdragon",
              "vendor": "Qualcomm, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MSM8909W"
                },
                {
                  "status": "affected",
                  "version": "MSM8996AU"
                },
                {
                  "status": "affected",
                  "version": "SD 210/SD 212/SD 205"
                },
                {
                  "status": "affected",
                  "version": "SD 425"
                },
                {
                  "status": "affected",
                  "version": "SD 427"
                },
                {
                  "status": "affected",
                  "version": "SD 430"
                },
                {
                  "status": "affected",
                  "version": "SD 435"
                },
                {
                  "status": "affected",
                  "version": "SD 450"
                },
                {
                  "status": "affected",
                  "version": "SD 615/16/SD 415"
                },
                {
                  "status": "affected",
                  "version": "SD 625"
                },
                {
                  "status": "affected",
                  "version": "SD 810"
                },
                {
                  "status": "affected",
                  "version": "SD 820"
                },
                {
                  "status": "affected",
                  "version": "SD 820A"
                },
                {
                  "status": "affected",
                  "version": "SD 835"
                },
                {
                  "status": "affected",
                  "version": "SD 845"
                },
                {
                  "status": "affected",
                  "version": "SDM429"
                },
                {
                  "status": "affected",
                  "version": "SDM439"
                },
                {
                  "status": "affected",
                  "version": "SDM630"
                },
                {
                  "status": "affected",
                  "version": "SDM632"
                },
                {
                  "status": "affected",
                  "version": "SDM636"
                },
                {
                  "status": "affected",
                  "version": "SDM660"
                },
                {
                  "status": "affected",
                  "version": "SDM710"
                },
                {
                  "status": "affected",
                  "version": "Snapdragon_High_Med_2016"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "On some hardware revisions where VP9 decoding is hardware-accelerated, the frame size is not programmed correctly into the decoder hardware which can lead to an invalid memory access by the decoder."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-823",
                  "description": "CWE-823 Use of Out-of-range Pointer Offset",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T08:55:15.692Z",
            "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
            "shortName": "qualcomm"
          },
          "references": [
            {
              "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html"
            }
          ],
          "title": "Use of Out-of-range Pointer Offset in Video"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "assignerShortName": "qualcomm",
        "cveId": "CVE-2017-11076",
        "datePublished": "2024-11-26T08:55:15.692Z",
        "dateReserved": "2017-07-07T00:00:00.000Z",
        "dateUpdated": "2024-11-26T14:09:23.728Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-9711 (GCVE-0-2017-9711)

    Vulnerability from cvelistv5 – Published: 2024-11-22 09:09 – Updated: 2024-11-22 11:40
    VLAI
    Title
    Permissions, Privileges, and Access Controls in Data
    Summary
    Certain unprivileged processes are able to perform IOCTL calls.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-264 - Permissions, Privileges, and Access Controls
    Assigner
    Impacted products
    Vendor Product Version
    Qualcomm, Inc. Snapdragon Affected: MDM9206
    Affected: MDM9607
    Affected: MDM9640
    Affected: MDM9650
    Affected: MSM8909W
    Affected: SD 210/SD 212/SD 205
    Affected: SD 425
    Affected: SD 430
    Affected: SD 450
    Affected: SD 615/16/SD 415
    Affected: SD 617
    Affected: SD 625
    Affected: SD 650/52
    Affected: SD 810
    Affected: SD 820
    Affected: SD 820A
    Affected: SD 835
    Affected: SD 845
    Create a notification for this product.
    qualcomm mdm9206_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm mdm9607_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm mdm9640_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm mdm9650_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm msm8909w_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_425_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_430_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_450_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_617_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_625_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_810_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_820_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_820a_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_835_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    qualcomm sd_845_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mdm9206_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mdm9607_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mdm9640_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mdm9650_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "msm8909w_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_425_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_430_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_450_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_617_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_625_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_810_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_820_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_820a_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_835_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sd_845_firmware",
                "vendor": "qualcomm",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-9711",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-22T11:39:56.991803Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-22T11:40:06.357Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Snapdragon Automobile",
                "Snapdragon Mobile",
                "Snapdragon Wear"
              ],
              "product": "Snapdragon",
              "vendor": "Qualcomm, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MDM9206"
                },
                {
                  "status": "affected",
                  "version": "MDM9607"
                },
                {
                  "status": "affected",
                  "version": "MDM9640"
                },
                {
                  "status": "affected",
                  "version": "MDM9650"
                },
                {
                  "status": "affected",
                  "version": "MSM8909W"
                },
                {
                  "status": "affected",
                  "version": "SD 210/SD 212/SD 205"
                },
                {
                  "status": "affected",
                  "version": "SD 425"
                },
                {
                  "status": "affected",
                  "version": "SD 430"
                },
                {
                  "status": "affected",
                  "version": "SD 450"
                },
                {
                  "status": "affected",
                  "version": "SD 615/16/SD 415"
                },
                {
                  "status": "affected",
                  "version": "SD 617"
                },
                {
                  "status": "affected",
                  "version": "SD 625"
                },
                {
                  "status": "affected",
                  "version": "SD 650/52"
                },
                {
                  "status": "affected",
                  "version": "SD 810"
                },
                {
                  "status": "affected",
                  "version": "SD 820"
                },
                {
                  "status": "affected",
                  "version": "SD 820A"
                },
                {
                  "status": "affected",
                  "version": "SD 835"
                },
                {
                  "status": "affected",
                  "version": "SD 845"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Certain unprivileged processes are able to perform IOCTL calls."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-264",
                  "description": "CWE-264 Permissions, Privileges, and Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-22T09:09:10.630Z",
            "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
            "shortName": "qualcomm"
          },
          "references": [
            {
              "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html"
            }
          ],
          "title": "Permissions, Privileges, and Access Controls in Data"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "assignerShortName": "qualcomm",
        "cveId": "CVE-2017-9711",
        "datePublished": "2024-11-22T09:09:10.630Z",
        "dateReserved": "2017-06-15T00:00:00.000Z",
        "dateUpdated": "2024-11-22T11:40:06.357Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-10530 (GCVE-0-2019-10530)

    Vulnerability from cvelistv5 – Published: 2019-12-12 08:30 – Updated: 2024-08-04 22:24
    VLAI
    Summary
    Lack of check of data truncation on user supplied data in kernel leads to buffer overflow in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24
    Severity
    No CVSS data available.
    CWE
    • Integer Overflow to Buffer Overflow Issue in Kernel
    Assigner
    References
    Impacted products
    Vendor Product Version
    Qualcomm, Inc. Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Affected: MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:24:18.572Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://source.android.com/security/bulletin/pixel/2019-11-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
              "vendor": "Qualcomm, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Lack of check of data truncation on user supplied data in kernel leads to buffer overflow in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Integer Overflow to Buffer Overflow Issue in Kernel",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-12T08:30:39.000Z",
            "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
            "shortName": "qualcomm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://source.android.com/security/bulletin/pixel/2019-11-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@qualcomm.com",
              "ID": "CVE-2019-10530",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Qualcomm, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Lack of check of data truncation on user supplied data in kernel leads to buffer overflow in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Integer Overflow to Buffer Overflow Issue in Kernel"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://source.android.com/security/bulletin/pixel/2019-11-01",
                  "refsource": "CONFIRM",
                  "url": "https://source.android.com/security/bulletin/pixel/2019-11-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "assignerShortName": "qualcomm",
        "cveId": "CVE-2019-10530",
        "datePublished": "2019-12-12T08:30:39.000Z",
        "dateReserved": "2019-03-29T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:24:18.572Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-10520 (GCVE-0-2019-10520)

    Vulnerability from cvelistv5 – Published: 2019-12-12 08:30 – Updated: 2024-08-04 22:24
    VLAI
    Summary
    An unprivileged application can allocate GPU memory by calling memory allocation ioctl function and can exhaust all the memory which results in out of memory in Snapdragon Mobile, Snapdragon Voice & Music in QCS405, SD 210/SD 212/SD 205, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855
    Severity
    No CVSS data available.
    CWE
    • Uncontrolled Resource Consumption in Kernel Memory
    Assigner
    References
    Impacted products
    Vendor Product Version
    Qualcomm, Inc. Snapdragon Mobile, Snapdragon Voice & Music Affected: QCS405, SD 210/SD 212/SD 205, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:24:18.605Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://source.android.com/security/bulletin/pixel/2019-11-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Snapdragon Mobile, Snapdragon Voice \u0026 Music",
              "vendor": "Qualcomm, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "QCS405, SD 210/SD 212/SD 205, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An unprivileged application can allocate GPU memory by calling memory allocation ioctl function and can exhaust all the memory which results in out of memory in Snapdragon Mobile, Snapdragon Voice \u0026 Music in QCS405, SD 210/SD 212/SD 205, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Uncontrolled Resource Consumption in Kernel Memory",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-12T08:30:38.000Z",
            "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
            "shortName": "qualcomm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://source.android.com/security/bulletin/pixel/2019-11-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@qualcomm.com",
              "ID": "CVE-2019-10520",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Snapdragon Mobile, Snapdragon Voice \u0026 Music",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "QCS405, SD 210/SD 212/SD 205, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Qualcomm, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unprivileged application can allocate GPU memory by calling memory allocation ioctl function and can exhaust all the memory which results in out of memory in Snapdragon Mobile, Snapdragon Voice \u0026 Music in QCS405, SD 210/SD 212/SD 205, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Uncontrolled Resource Consumption in Kernel Memory"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://source.android.com/security/bulletin/pixel/2019-11-01",
                  "refsource": "CONFIRM",
                  "url": "https://source.android.com/security/bulletin/pixel/2019-11-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "assignerShortName": "qualcomm",
        "cveId": "CVE-2019-10520",
        "datePublished": "2019-12-12T08:30:39.000Z",
        "dateReserved": "2019-03-29T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:24:18.605Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }