U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:qualcomm:pm640l_firmware:-:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 72 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2021-1895

Possible integer overflow due to improper length check while flashing an image in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music

Published: May 07, 2021; 5:15:08 AM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2021-1891

A possible use-after-free occurrence in audio driver can happen when pointers are not properly handled in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Published: May 07, 2021; 5:15:08 AM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2020-11294

Out of bound write in logger due to prefix size is not validated while prepended to logging string in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Published: May 07, 2021; 5:15:08 AM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2020-11293

Out of bound read can happen in Widevine TA while copying data to buffer from user data due to lack of check of buffer length received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Published: May 07, 2021; 5:15:08 AM -0400
V3.1: 6.0 MEDIUM
V2.0: 3.6 LOW
CVE-2020-11289

Out of bound write can occur in TZ command handler due to lack of validation of command ID in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Published: May 07, 2021; 5:15:08 AM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2020-11288

Out of bound write can occur in playready while processing command due to lack of input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

Published: May 07, 2021; 5:15:07 AM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2020-11285

Buffer over-read while unpacking the RTCP packet we may read extra byte if wrong length is provided in RTCP packets in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Published: May 07, 2021; 5:15:07 AM -0400
V3.1: 9.1 CRITICAL
V2.0: 9.4 HIGH
CVE-2020-11284

Locked memory can be unlocked and modified by non secure boot loader through improper system call sequence making the memory region untrusted source of input for secure boot loader in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

Published: May 07, 2021; 5:15:07 AM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2020-11279

Memory corruption while processing crafted SDES packets due to improper length check in sdes packets recieved in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Published: May 07, 2021; 5:15:07 AM -0400
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2020-11274

Denial of service in MODEM due to assert to the invalid configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

Published: May 07, 2021; 5:15:07 AM -0400
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2020-11255

Denial of service while processing RTCP packets containing multiple SDES reports due to memory for last SDES packet is freed and rest of the memory is leaked in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables

Published: April 07, 2021; 4:15:14 AM -0400
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2020-11252

Trustzone initialization code will disable xPU`s when memory dumps are enabled and lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Published: April 07, 2021; 4:15:14 AM -0400
V3.1: 5.5 MEDIUM
V2.0: 4.7 MEDIUM
CVE-2020-11251

Out-of-bounds read vulnerability while accessing DTMF payload due to lack of check of buffer length before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Published: April 07, 2021; 4:15:14 AM -0400
V3.1: 9.1 CRITICAL
V2.0: 9.4 HIGH
CVE-2020-11245

Unintended reads and writes by NS EL2 in access control driver due to lack of check of input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

Published: April 07, 2021; 4:15:14 AM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2020-11234

When sending a socket event message to a user application, invalid information will be passed if socket is freed by other thread resulting in a Use After Free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Published: April 07, 2021; 4:15:13 AM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2020-11191

Out of bound read occurs while processing crafted SDP due to lack of check of null string in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Published: April 07, 2021; 4:15:12 AM -0400
V3.1: 9.1 CRITICAL
V2.0: 9.4 HIGH
CVE-2020-11309

Use after free in GPU driver while mapping the user memory to GPU memory due to improper check of referenced memory in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Published: March 17, 2021; 2:15:14 AM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2020-11308

Buffer overflow occurs when trying to convert ASCII string to Unicode string if the actual size is more than required in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

Published: March 17, 2021; 2:15:14 AM -0400
V3.1: 6.8 MEDIUM
V2.0: 7.2 HIGH
CVE-2020-11299

Buffer overflow can occur in video while playing the non-standard clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Published: March 17, 2021; 2:15:14 AM -0400
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2020-11290

Use after free condition in msm ioctl events due to race between the ioctl register and deregister events in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Published: March 17, 2021; 2:15:14 AM -0400
V3.1: 7.0 HIGH
V2.0: 6.9 MEDIUM