CPE Details
Qualcomm SM8635 Firmware
-
2024-12-19
14h04 +00:00
14h04 +00:00
2024-12-19
14h04 +00:00
14h04 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:o:qualcomm:sm8635_firmware:-:*:*:*:*:*:*:*
Informations
Vendor
qualcommProduct
sm8635_firmwareVersion
-Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer. | 7.8 |
High |
||
| Transient DOS while parsing per STA profile in ML IE. | 7.5 |
High |
||
| Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur. | 7.8 |
High |
||
| Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE. | 7.5 |
High |
||
| Memory corruption during the FRS UDS generation process. | 7.8 |
High |
||
| Memory corruption while triggering commands in the PlayReady Trusted application. | 7.8 |
High |
||
| Memory corruption while reading secure file. | 7.8 |
High |
||
| Transient DOS may occur while processing the country IE. | 7.5 |
High |
||
| Memory corruption in display driver while detaching a device. | 7.8 |
High |
||
| Memory corruption may occur while validating ports and channels in Audio driver. | 7.8 |
High |
||
| Information disclosure while deriving keys for a session for any Widevine use case. | 5.5 |
Medium |
||
| While processing the authentication message in UE, improper authentication may lead to information disclosure. | 5.4 |
Medium |
||
| Memory corruption while processing IOCTL from user space to handle GPU AHB bus error. | 7.8 |
High |
||
| Memory corruption during management frame processing due to mismatch in T2LM info element. | 9.8 |
Critical |
||
| Information disclosure while parsing the OCI IE with invalid length. | 8.2 |
High |
||
| Memory corruption while power-up or power-down sequence of the camera sensor. | 7.8 |
High |
||
| Memory corruption can occur in the camera when an invalid CID is used. | 7.8 |
High |
||
| Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace. | 7.8 |
High |
||
| Memory corruption while validating number of devices in Camera kernel . | 7.8 |
High |
||
| Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface. | 7.8 |
High |
||
| Memory corruption while parsing the ML IE due to invalid frame content. | 9.8 |
Critical |
||
| Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in modem. | 7.5 |
High |
||
| Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length. | 7.5 |
High |
||
| Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise. | 7.8 |
High |
||
| Memory corruption while processing API calls to NPU with invalid input. | 7.8 |
High |
||
| Memory corruption when invalid input is passed to invoke GPU Headroom API call. | 7.8 |
High |
||
| Transient DOS while parsing the ML IE when a beacon with common info length of the ML IE greater than the ML IE inside which this element is present. | 7.5 |
High |
||
| Memory corruption when allocating and accessing an entry in an SMEM partition continuously. | 8.4 |
High |
||
| Memory corruption during GNSS HAL process initialization. | 7.8 |
High |
||
| Memory corruption while processing voice packet with arbitrary data received from ADSP. | 7.8 |
High |
||
| Memory corruption while processing GPU commands. | 7.8 |
High |
||
| Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node. | 7.8 |
High |
||
| Memory corruption while handling session errors from firmware. | 7.8 |
High |
||
| Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions. | 9.1 |
Critical |
||
| Transient DOS while processing the CU information from RNR IE. | 7.5 |
High |
||
| Transient DOS while parsing BTM ML IE when per STA profile is not included. | 7.5 |
High |
||
| Transient DOS while parsing fragments of MBSSID IE from beacon frame. | 7.5 |
High |
||
| Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE. | 7.5 |
High |
||
| Information disclosure while sending implicit broadcast containing APP launch information. | 6.1 |
Medium |
||
| Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers. | 7.8 |
High |
||
| Memory corruption while processing IOCTL call for getting group info. | 7.8 |
High |
||
| Memory corruption when two threads try to map and unmap a single node simultaneously. | 8.4 |
High |
||
| Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location. | 7.5 |
High |
||
| Memory corruption during the handshake between the Primary Virtual Machine and Trusted Virtual Machine. | 7.8 |
High |
||
| Memory corruption when user provides data for FM HCI command control operations. | 7.8 |
High |
||
| Transient DOS while processing TIM IE from beacon frame as there is no check for IE length. | 7.5 |
High |
||
| Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper. | 7.5 |
High |
||
| Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame. | 7.5 |
High |
||
| Memory corruption when BTFM client sends new messages over Slimbus to ADSP. | 8.4 |
High |
||
| Transient DOS while handling PS event when Program Service name length offset value is set to 255. | 5.5 |
Medium |
||
| Memory corruption when Alternative Frequency offset value is set to 255. | 7.8 |
High |
||
| Memory corruption while passing untrusted/corrupted pointers from DSP to EVA. | 7.8 |
High |
