CVSS: 6.8EPSS: 0%CPEs: 30EXPL: 0CVE-2021-35109
https://notcve.org/view.php?id=CVE-2021-35109
Possible address manipulation from APP-NS while APP-S is configuring an RG where it tries to merge the address ranges in Snapdragon Connectivity, Snapdragon Mobile Una posible manipulación de direcciones desde APP-NS mientras APP-S está configurando un RG en el que intenta fusionar los rangos de direcciones en Snapdragon Connectivity, Snapdragon Mobile • https://www.qualcomm.com/company/product-security/bulletins/august-2022-bulletin • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 30EXPL: 0CVE-2021-35108
https://notcve.org/view.php?id=CVE-2021-35108
Improper checking of AP-S lock bit while verifying the secure resource group permissions can lead to non secure read and write access in Snapdragon Connectivity, Snapdragon Mobile Una comprobación inapropiada del bit de bloqueo del AP-S mientras son verificados los permisos del grupo de recursos seguros puede conllevar a un acceso de lectura y escritura no seguro en Snapdragon Connectivity, Snapdragon Mobile • https://www.qualcomm.com/company/product-security/bulletins/august-2022-bulletin • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.3EPSS: 0%CPEs: 258EXPL: 0CVE-2021-35097
https://notcve.org/view.php?id=CVE-2021-35097
Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Una posible omisión de la autenticación debido a un orden incorrecto de la verificación de la firma y el hash en la llamada de verificación de la firma en Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables • https://www.qualcomm.com/company/product-security/bulletins/august-2022-bulletin • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 8.4EPSS: 0%CPEs: 180EXPL: 0CVE-2022-22071 – Qualcomm Multiple Chipsets Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2022-22071
Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music Un posible uso de memoria previamente liberada cuando la memoria shell del proceso es liberada mediante la llamada IOCTL munmap y la inicialización del proceso está en curso en Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music Multiple Qualcomm chipsets contain a use-after-free vulnerability when process shell memory is freed using IOCTL munmap call and process initialization is in progress. • https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin • CWE-416: Use After Free •
CVSS: 8.4EPSS: 0%CPEs: 232EXPL: 0CVE-2022-22068
https://notcve.org/view.php?id=CVE-2022-22068
kernel event may contain unexpected content which is not generated by NPU software in asynchronous execution mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Un evento del kernel puede contener contenido inesperado que no es generado por el software de la NPU en el modo de ejecución asíncrono en Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables • https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin • CWE-416: Use After Free •