CVSS: 7.8EPSS: 0%CPEs: 812EXPL: 1CVE-2020-11239 – Qualcomm kgsl Driver Use-After-Free
https://notcve.org/view.php?id=CVE-2020-11239
09 Jun 2021 — Use after free issue when importing a DMA buffer by using the CPU address of the buffer due to attachment is not cleaned up properly in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Un uso de la memoria previamente liberada al importar un búfer DMA usando la dirección de CPU del búfer debido a que el archivo adjunto no se limpia correctamente en los productos Snapdragon Auto,... • https://packetstorm.news/files/id/172839 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 804EXPL: 0CVE-2020-11238
https://notcve.org/view.php?id=CVE-2020-11238
09 Jun 2021 — Possible Buffer over-read in ARP/NS parsing due to lack of check of packet length received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking Una posible sobrelectura del búfer en el análisis ARP/NS debido a una falta de comprobación de la longitud del paquete recibido en los productos Snapdragon Auto, Snap... • https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1076EXPL: 0CVE-2020-11235
https://notcve.org/view.php?id=CVE-2020-11235
09 Jun 2021 — Buffer overflow might occur while parsing unified command due to lack of check of input data received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking Un desbordamiento del búfer puede ocurrir cuando se analiza un comando unificado debido a una falta de comprobación de los datos de entrada... • https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 536EXPL: 0CVE-2020-11182
https://notcve.org/view.php?id=CVE-2020-11182
09 Jun 2021 — Possible heap overflow while parsing NAL header due to lack of check of length of data received from user in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile Un posible desbordamiento de la pila cuando se analiza el encabezado NAL debido a una falta de comprobación de la longitud de los datos recibidos del usuario en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdrago... • https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 510EXPL: 0CVE-2020-11165
https://notcve.org/view.php?id=CVE-2020-11165
09 Jun 2021 — Memory corruption due to buffer overflow while copying the message provided by HLOS into buffer without validating the length of buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking Una corrupción de la memoria debido al desbordamiento del búfer cuando se copia el mensaje proporcionado por HLOS en el búfer sin comprobar la longitud del búfer en los productos Snapdragon Aut... • https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 574EXPL: 0CVE-2020-11178
https://notcve.org/view.php?id=CVE-2020-11178
09 Jun 2021 — Trusted APPS to overwrite the CPZ memory of another use-case as TZ only checks the physical address not overlapping with its memory and its RoT memory in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking APPS confiable para sobrescribir la memoria CPZ de otro caso de uso, ya que TZ solo comprueba que la dirección física no se superponga con su memoria y ... • https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin • CWE-20: Improper Input Validation •
CVSS: 9.4EPSS: 0%CPEs: 1006EXPL: 0CVE-2020-11159
https://notcve.org/view.php?id=CVE-2020-11159
09 Jun 2021 — Buffer over-read can happen while processing WPA,RSN IE of beacon and response frames if IE length is less than length of frame pointer being accessed in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking Una sobrelectura del búfer puede ocurrir mientras se procesa WPA, RSN IE de la baliza y la... • https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 650EXPL: 0CVE-2020-11134
https://notcve.org/view.php?id=CVE-2020-11134
09 Jun 2021 — Possible stack out of bound write might happen due to time bitmap length and bit duration fields of the attributes like NAN ranging setup attribute inside a NAN management frame are not Properly validated in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking Una posible escritura fuera de límites de la pila en... • https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin • CWE-129: Improper Validation of Array Index CWE-787: Out-of-bounds Write •
CVSS: 9.4EPSS: 0%CPEs: 782EXPL: 0CVE-2020-11126
https://notcve.org/view.php?id=CVE-2020-11126
09 Jun 2021 — Possible out of bound read while WLAN frame parsing due to lack of check for body and header length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking Una posible lectura fuera de límites mientras se analiza la trama WLAN debido a una falta de comprobación de la longitud del cuerpo y del encabezado en los p... • https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin • CWE-125: Out-of-bounds Read •
CVSS: 8.4EPSS: 0%CPEs: 916EXPL: 0CVE-2021-1927
https://notcve.org/view.php?id=CVE-2021-1927
07 May 2021 — Possible use after free due to lack of null check while memory is being freed in FastRPC driver in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking Un posible uso de la memoria previamente liberada debido a una falta de comprobación null mientras se libera memoria en el controlador FastRPC en los productos Snapdragon Auto, Snapdrag... • https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin • CWE-416: Use After Free •