CPE Details
Qualcomm Snapdragon 8 Gen 1 Mobile Firmware
-
2024-10-09
13h04 +00:00
13h04 +00:00
2024-10-09
13h04 +00:00
13h04 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:o:qualcomm:snapdragon_8_gen_1_mobile_firmware:-:*:*:*:*:*:*:*
Informations
Vendor
qualcommProduct
snapdragon_8_gen_1_mobile_firmwareVersion
-Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer. | 7.8 |
High |
||
| Memory corruption while reading the FW response from the shared queue. | 7.8 |
High |
||
| Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur. | 7.8 |
High |
||
| Memory corruption during the FRS UDS generation process. | 7.8 |
High |
||
| Memory corruption while triggering commands in the PlayReady Trusted application. | 7.8 |
High |
||
| Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions. | 7.8 |
High |
||
| Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling. | 7.8 |
High |
||
| Memory corruption while reading secure file. | 7.8 |
High |
||
| Memory corruption can occur during context user dumps due to inadequate checks on buffer length. | 7.8 |
High |
||
| Memory corruption may occur when invoking IOCTL calls from userspace to the camera kernel driver to dump request information, due to a missing memory requirement check. | 7.8 |
High |
||
| Memory corruption while acquire and update IOCTLs during IFE output resource ID validation. | 7.8 |
High |
||
| Memory corruption while invoking IOCTL calls from userspace to camera kernel driver to dump request information. | 7.8 |
High |
||
| Memory corruption while prociesing command buffer buffer in OPE module. | 7.8 |
High |
||
| Memory corruption Camera kernel when large number of devices are attached through userspace. | 7.8 |
High |
||
| Memory corruption may occur during IO configuration processing when the IO port count is invalid. | 7.8 |
High |
||
| Memory corruption while encoding JPEG format. | 7.8 |
High |
||
| Memory corruption during concurrent buffer access due to modification of the reference count. | 7.8 |
High |
||
| Memory corruption during concurrent access to server info object due to incorrect reference count update. | 7.8 |
High |
||
| Memory corruption while handling schedule request in Camera Request Manager(CRM) due to invalid link count in the corresponding session. | 7.8 |
High |
||
| Memory corruption during concurrent access to server info object due to unprotected critical field. | 7.8 |
High |
||
| Memory corruption during concurrent SSR execution due to race condition on the global maps list. | 7.8 |
High |
||
| Information disclosure while parsing the OCI IE with invalid length. | 8.2 |
High |
||
| Memory corruption while power-up or power-down sequence of the camera sensor. | 7.8 |
High |
||
| Memory corruption can occur in the camera when an invalid CID is used. | 7.8 |
High |
||
| Memory corruption in Camera due to unusually high number of nodes passed to AXI port. | 7.8 |
High |
||
| Memory corruption while validating number of devices in Camera kernel . | 7.8 |
High |
||
| Memory corruption while configuring a Hypervisor based input virtual device. | 8.8 |
High |
||
| Memory corruption while parsing the memory map info in IOCTL calls. | 7.8 |
High |
||
| Information disclosure while processing IO control commands. | 6.1 |
Medium |
||
| Information disclosure while processing information on firmware image during core initialization. | 6.1 |
Medium |
||
| Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise. | 7.8 |
High |
||
| Memory corruption while maintaining memory maps of HLOS memory. | 7.8 |
High |
||
| Memory corruption while processing IOCTL call for getting group info. | 7.8 |
High |
||
| Memory corruption when two threads try to map and unmap a single node simultaneously. | 8.4 |
High |
||
| Memory corruption when user provides data for FM HCI command control operations. | 7.8 |
High |
||
| Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame. | 7.5 |
High |
||
| Memory corruption in Hypervisor when platform information mentioned is not aligned. | 9.3 |
Critical |
||
| Information disclosure in Video while parsing mp2 clip with invalid section length. | 8.2 |
High |
||
| Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command. | 9.1 |
Critical |
||
| Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked. | 7.8 |
High |
||
| Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization. | 9.3 |
Critical |
||
| Memory corruption when the IOCTL call is interrupted by a signal. | 8.4 |
High |
||
| Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions. | 8.4 |
High |
||
| Memory corruption while playing audio file having large-sized input buffer. | 9.8 |
Critical |
||
| Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame. | 7.5 |
High |
||
| Memory corruption when the payload received from firmware is not as per the expected protocol size. | 7.8 |
High |
||
| Memory corruption when IOMMU unmap of a GPU buffer fails in Linux. | 8.4 |
High |
||
| Memory corruption while verifying the serialized header when the key pairs are generated. | 8.4 |
High |
||
| Memory corruption in HLOS while checking for the storage type. | 7.8 |
High |
||
| Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received. | 7.5 |
High |
||
| Information disclosure while parsing dts header atom in Video. | 6.8 |
Medium |
||
| Memory corruption when multiple listeners are being registered with the same file descriptor. | 7.8 |
High |
||
| Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache. | 8.4 |
High |
||
| Memory corruption in Kernel while handling GPU operations. | 8.4 |
High |
||
| Memory corruption when there is failed unmap operation in GPU. | 8.4 |
High |
||
| Memory corruption while processing Codec2 during v13k decoder pitch synthesis. | 9.8 |
Critical |
||
| Memory corruption in HLOS while running kernel address sanitizers (syzkaller) on tmecom with DEBUG_FS enabled. | 7.8 |
High |
||
| Memory corruption while processing buffer initialization, when trusted report for certain report types are generated. | 7.8 |
High |
||
| Transient DOS while processing DL NAS TRANSPORT message with payload length 0. | 7.5 |
High |
||
| Transient DOS while processing DL NAS Transport message when message ID is not defined in the 3GPP specification. | 7.5 |
High |
||
| Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR. | 7.5 |
High |
||
| Memory corruption while processing finish_sign command to pass a rsp buffer. | 8.4 |
High |
||
| Memory corruption in SPS Application while requesting for public key in sorter TA. | 8.4 |
High |
||
| Memory corruption while processing a QMI request for allocating memory from a DHMS supported subsystem. | 7.8 |
High |
||
| Memory corruption while processing TPC target power table in FTM TPC. | 8.4 |
High |
||
| Memory corruption while parsing qcp clip with invalid chunk data size. | 9.8 |
Critical |
||
| Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol frame. | 7.5 |
High |
||
| Transient DOS while processing PDU Release command with a parameter PDU ID out of range. | 7.5 |
High |
||
| Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16. | 7.5 |
High |
||
| Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in NR. | 7.5 |
High |
||
| Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different identifiers. | 7.5 |
High |
||
| Memory corruption in Audio while processing RT proxy port register driver. | 8.4 |
High |
||
| Memory corruption in Core Services while executing the command for removing a single event listener. | 9.3 |
Critical |
