CVSS: 10.0EPSS: 0%CPEs: 449EXPL: 0CVE-2020-11140
https://notcve.org/view.php?id=CVE-2020-11140
21 Jan 2021 — Out of bound memory access during music playback with ALAC modified content due to improper validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking Un acceso a memoria fuera del límite durante la reproducción de música con contenido modificado de ALAC debido a una comprobación inapropiada en los productos Sna... • https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 412EXPL: 0CVE-2020-11139
https://notcve.org/view.php?id=CVE-2020-11139
21 Jan 2021 — Out of bound memory access while processing frames due to lack of check of invalid frames received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking Un acceso a la memoria fuera del límite mientras se procesan las tramas debido a una falta de comprobación de tramas no válidas recibidas en los productos Snapdragon ... • https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 491EXPL: 0CVE-2020-11137
https://notcve.org/view.php?id=CVE-2020-11137
21 Jan 2021 — Integer multiplication overflow resulting in lower buffer size allocation than expected causes memory access out of bounds resulting in possible device instability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking Un desbordamiento de la multiplicación de enteros resultando en una asignación de tamaño del búfer má... • https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 491EXPL: 0CVE-2020-11138
https://notcve.org/view.php?id=CVE-2020-11138
21 Jan 2021 — Uninitialized pointers accessed during music play back with incorrect bit stream due to an uninitialized heap memory result in instability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking Los punteros no inicializados accedidos durante la reproducción de música con un flujo de bits incorrecto debido a una memoria... • https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin • CWE-824: Access of Uninitialized Pointer •
CVSS: 10.0EPSS: 0%CPEs: 506EXPL: 0CVE-2020-11136
https://notcve.org/view.php?id=CVE-2020-11136
21 Jan 2021 — Buffer Over-read in audio driver while using malloc management function due to not returning NULL for zero sized memory requirement in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking Una lectura excesiva del búfer en el controlador de audio al usar la función de administración malloc debido a que no devuelve NULL p... • https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 942EXPL: 0CVE-2020-11119
https://notcve.org/view.php?id=CVE-2020-11119
21 Jan 2021 — Buffer over-read can happen when the buffer length received from response handlers is more than the size of the payload in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking Una lectura excesiva del búfer puede ocurrir cuando la longitud del búfer recibida desde los manejadores de respuesta es ... • https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 28EXPL: 1CVE-2020-11209
https://notcve.org/view.php?id=CVE-2020-11209
12 Nov 2020 — Improper authorization in DSP process could allow unauthorized users to downgrade the library versions in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439 Una autorización inapropiada en el proceso DSP podría permitir a los usuarios no autorizados degradar las versiones de la biblioteca en versiones SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439 • https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 1CVE-2020-11208
https://notcve.org/view.php?id=CVE-2020-11208
12 Nov 2020 — Out of Bound issue in DSP services while processing received arguments due to improper validation of length received as an argument' in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439 Un Problema fuera de límites en los servicios DSP mientras se procesan los argumentos recibidos debido a una comprobación inapropiada de la longitud recibida como argumento en versiones SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA61... • https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.0EPSS: 0%CPEs: 404EXPL: 2CVE-2020-11179 – Qualcomm Adreno GPU Ringbuffer Corruption / Protected Mode Bypass
https://notcve.org/view.php?id=CVE-2020-11179
08 Sep 2020 — Arbitrary read and write to kernel addresses by temporarily overwriting ring buffer pointer and creating a race condition. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Una lectura y escritura arbitraria en las direcciones del kernel al sobrescribir temporalmente el puntero del búfer de anillo y creando una condición de carrera en Snapdragon Auto, Snapdragon Compute, ... • https://packetstorm.news/files/id/159110 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •