CPE Details
Qualcomm Snapdragon W5+ Gen 1 Wearable Firmware
-
2024-10-09
13h04 +00:00
13h04 +00:00
2024-10-09
13h04 +00:00
13h04 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:o:qualcomm:snapdragon_w5\+_gen_1_wearable_firmware:-:*:*:*:*:*:*:*
Informations
Vendor
qualcommProduct
snapdragon_w5\+_gen_1_wearable_firmwareVersion
-Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer. | 7.8 |
High |
||
| Memory corruption while reading the FW response from the shared queue. | 7.8 |
High |
||
| Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur. | 7.8 |
High |
||
| Memory corruption while decoding of OTA messages from T3448 IE. | 9.1 |
Critical |
||
| Memory corruption while prociesing command buffer buffer in OPE module. | 7.8 |
High |
||
| Memory corruption may occur during IO configuration processing when the IO port count is invalid. | 7.8 |
High |
||
| Memory corruption during concurrent access to server info object due to incorrect reference count update. | 7.8 |
High |
||
| Memory corruption during concurrent access to server info object due to unprotected critical field. | 7.8 |
High |
||
| Transient DOS may occur while processing the country IE. | 7.5 |
High |
||
| Memory corruption in display driver while detaching a device. | 7.8 |
High |
||
| Memory corruption may occur while accessing a variable during extended back to back tests. | 7.8 |
High |
||
| Memory corruption may occur while validating ports and channels in Audio driver. | 7.8 |
High |
||
| Memory corruption while processing IOCTL from user space to handle GPU AHB bus error. | 7.8 |
High |
||
| Information disclosure while parsing the OCI IE with invalid length. | 8.2 |
High |
||
| Memory corruption while power-up or power-down sequence of the camera sensor. | 7.8 |
High |
||
| Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace. | 7.8 |
High |
||
| Memory corruption while parsing the memory map info in IOCTL calls. | 7.8 |
High |
||
| Information disclosure while processing information on firmware image during core initialization. | 6.1 |
Medium |
||
| Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise. | 7.8 |
High |
||
| Memory corruption while processing IOCTL call for getting group info. | 7.8 |
High |
||
| Memory corruption while processing concurrent IOCTL calls. | 7.8 |
High |
||
| Memory corruption when two threads try to map and unmap a single node simultaneously. | 8.4 |
High |
||
| Transient DOS while processing TIM IE from beacon frame as there is no check for IE length. | 7.5 |
High |
||
| Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper. | 7.5 |
High |
||
| Information disclosure in Video while parsing mp2 clip with invalid section length. | 8.2 |
High |
||
| Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command. | 9.1 |
Critical |
||
| Memory corruption when IPC callback handle is used after it has been released during register callback by another thread. | 7.8 |
High |
||
| Memory corruption in Audio during a playback or a recording due to race condition between allocation and deallocation of graph object. | 7 |
High |
||
| Memory corruption when the IOCTL call is interrupted by a signal. | 8.4 |
High |
||
| Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions. | 8.4 |
High |
||
| Memory corruption while playing audio file having large-sized input buffer. | 9.8 |
Critical |
||
| Memory corruption when the payload received from firmware is not as per the expected protocol size. | 7.8 |
High |
||
| Memory corruption when IOMMU unmap of a GPU buffer fails in Linux. | 8.4 |
High |
||
| Memory corruption while verifying the serialized header when the key pairs are generated. | 8.4 |
High |
||
| Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received. | 7.5 |
High |
||
| Information disclosure while parsing dts header atom in Video. | 6.8 |
Medium |
||
| Memory corruption when multiple listeners are being registered with the same file descriptor. | 7.8 |
High |
||
| Memory corruption when there is failed unmap operation in GPU. | 8.4 |
High |
||
| Memory corruption while processing Codec2 during v13k decoder pitch synthesis. | 9.8 |
Critical |
||
| Memory corruption while processing finish_sign command to pass a rsp buffer. | 8.4 |
High |
||
| Memory corruption in SPS Application while requesting for public key in sorter TA. | 8.4 |
High |
||
| Memory corruption while processing a QMI request for allocating memory from a DHMS supported subsystem. | 7.8 |
High |
||
| Memory corruption while parsing qcp clip with invalid chunk data size. | 9.8 |
Critical |
||
| Memory corruption while invoking IOCTLs calls in Automotive Multimedia. | 8.4 |
High |
||
| Memory corruption while invoking HGSL IOCTL context create. | 8.4 |
High |
||
| Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different identifiers. | 7.5 |
High |
||
| Memory corruption in Core Services while executing the command for removing a single event listener. | 9.3 |
Critical |
