CVSS: 10.0EPSS: 0%CPEs: 82EXPL: 0CVE-2020-3654
https://notcve.org/view.php?id=CVE-2020-3654
u'Buffer overflow occurs while processing SIP message packet due to lack of check of index validation before copying into it' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in Agatti, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MSM8905, MSM8909W, MSM8917, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6390, QCA6574AU, QCM2150, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 Se produce un desbordamiento de búfer mientras se procesa el paquete de mensajes SIP debido a una falta de comprobación de la validación del índice antes de copiarlo en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables en versiones Agatti, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MSM8905, MSM8909W, MSM8917, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6390, QCA6574AU, QCM2150, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 • https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin • CWE-129: Improper Validation of Array Index •
CVSS: 7.0EPSS: 0%CPEs: 66EXPL: 0CVE-2020-11173
https://notcve.org/view.php?id=CVE-2020-11173
u'Two threads running simultaneously from user space can lead to race condition in fastRPC driver' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8053, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9607, MSM8953, Nicobar, QCA6390, QCS404, QCS405, QCS610, Rennell, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM632, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 Dos hilos ejecutados simultáneamente desde el espacio del usuario pueden conllevar a una condición de carrera en el controlador fastRPC en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking en versiones Agatti, APQ8053, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9607, MSM8953, Nicobar, QCA6390, QCS404, QCS405, QCS610, Rennell, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM632, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 • https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 102EXPL: 0CVE-2020-11174
https://notcve.org/view.php?id=CVE-2020-11174
u'Array index underflow issue in adsp driver due to improper check of channel id before used as array index.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8953, MSM8996AU, QCA6390, QCA9531, QCM2150, QCS404, QCS405, QCS605, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM8150, SM8250, SXR1130, SXR2130 Un problema de subdesbordamiento del índice de matriz en el controlador adsp debido a una comprobación inapropiada del id de canal antes de usarse como índice de matriz en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking en versiones Agatti, APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8953, MSM8996AU, QCA6390, QCA9531, QCM2150, QCS404, QCS405, QCS605, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM8150, SM8250, SXR1130, SXR2130 • https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin • CWE-129: Improper Validation of Array Index •
CVSS: 7.8EPSS: 0%CPEs: 60EXPL: 0CVE-2020-11164
https://notcve.org/view.php?id=CVE-2020-11164
u'Third-party app may also call the broadcasts in Perfdump and cause privilege escalation issue due to improper access control' in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in Agatti, APQ8096AU, APQ8098, Bitra, Kamorta, MSM8909W, MSM8917, MSM8940, Nicobar, QCA6390, QCM2150, QCS605, Rennell, SA6155P, SA8155P, Saipan, SDA660, SDM429W, SDM450, SDM630, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 Una aplicación de terceros también puede llamar las emisiones en Perfdump y causar un problema de escalada de privilegios debido a un control de acceso inapropiado en los productos Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables en versiones Agatti, APQ8096AU, APQ8098, Bitra, Kamorta, MSM8909W, MSM8917, MSM8940, Nicobar, QCA6390, QCM2150, QCS605, Rennell, SA6155P, SA8155P, Saipan, SDA660, SDM429W, SDM450, SDM630, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 • https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin •
CVSS: 9.1EPSS: 0%CPEs: 22EXPL: 0CVE-2020-11169
https://notcve.org/view.php?id=CVE-2020-11169
u'Buffer over-read while processing received L2CAP packet due to lack of integer overflow check' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, QCN7606, SA415M, SA515M, SA6155P, SA8155P, SC8180X, SDX55 Una lectura excesiva del búfer mientras se procesa el paquete L2CAP recibido debido a una falta de comprobación de desbordamiento de enteros en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking en versiones APQ8009, APQ8053, QCA6390, QCN7605, QCN7606, SA415M, SA515M, SA6155P, SA8155P, SC8180X, SDX55 • https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •