CVSS: 7.8EPSS: 0%CPEs: 798EXPL: 0CVE-2020-11261 – Qualcomm Multiple Chipsets Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2020-11261
Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Una corrupción de la memoria debido a una comprobación inapropiada para devolver el error cuando la aplicación del usuario pida una asignación de memoria de un tamaño enorme en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables • https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 812EXPL: 0CVE-2020-11239 – Qualcomm kgsl Driver Use-After-Free
https://notcve.org/view.php?id=CVE-2020-11239
Use after free issue when importing a DMA buffer by using the CPU address of the buffer due to attachment is not cleaned up properly in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Un uso de la memoria previamente liberada al importar un búfer DMA usando la dirección de CPU del búfer debido a que el archivo adjunto no se limpia correctamente en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables • https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 994EXPL: 0CVE-2020-11289
https://notcve.org/view.php?id=CVE-2020-11289
Out of bound write can occur in TZ command handler due to lack of validation of command ID in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking Una escritura fuera de límite puede ocurrir en el controlador de comandos TZ debido a una falta de comprobación de la ID del comando en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Infraestructura y redes cableadas de Snapdragon • https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.0EPSS: 0%CPEs: 680EXPL: 0CVE-2020-11293
https://notcve.org/view.php?id=CVE-2020-11293
Out of bound read can happen in Widevine TA while copying data to buffer from user data due to lack of check of buffer length received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking Una lectura fuera del límite puede ocurrir en Widevine TA mientras son copiados datos al búfer de los datos del usuario debido a una falta de comprobación de la longitud del búfer recibida en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Infraestructura cableada Snapdragon y redes • https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin • CWE-125: Out-of-bounds Read •
CVSS: 9.4EPSS: 0%CPEs: 802EXPL: 0CVE-2020-11285
https://notcve.org/view.php?id=CVE-2020-11285
Buffer over-read while unpacking the RTCP packet we may read extra byte if wrong length is provided in RTCP packets in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Una lectura excesiva del búfer mientras desempaquetamos el paquete RTCP, podemos leer un byte adicional si es proporcionada una longitud inapropiada en los paquetes RTCP en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables • https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin • CWE-125: Out-of-bounds Read •