CVSS: 7.0EPSS: 0%CPEs: 404EXPL: 0CVE-2020-11179 – Qualcomm Adreno GPU Ringbuffer Corruption / Protected Mode Bypass
https://notcve.org/view.php?id=CVE-2020-11179
Arbitrary read and write to kernel addresses by temporarily overwriting ring buffer pointer and creating a race condition. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Una lectura y escritura arbitraria en las direcciones del kernel al sobrescribir temporalmente el puntero del búfer de anillo y creando una condición de carrera en Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables The Qualcomm Adreno GPU shares a global mapping called a "scratch" buffer with the Adreno KGSL kernel driver. The contents of the scratch buffer can be overwritten by untrusted GPU commands. This results in a logic error in the Adreno driver's ringbuffer allocation code, which can be used to corrupt ringbuffer data. A race condition exists between the ringbuffer corruption and a GPU context switch, and this results in a bypass of the GPU protected mode setting. This ultimately means that an attacker can read and write arbitrary physical addresses from userland by running GPU commands while protected mode disabled, which results in arbitrary kernel code execution. • https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 0CVE-2017-18282
https://notcve.org/view.php?id=CVE-2017-18282
Non-secure SW can cause SDCC to generate secure bus accesses, which may expose RPM access in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660. Un software inseguro puede provocar que SDCC genere accesos seguros al bus, lo que podría exponer el acceso RPM en Snapdragon Mobile y Snapdragon Wear en versiones MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835 y SDA660. • http://www.securitytracker.com/id/1041432 https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components https://www.qualcomm.com/company/product-security/bulletins •
CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0CVE-2017-18283
https://notcve.org/view.php?id=CVE-2017-18283
Possible memory corruption when Read Val Blob Req is received with invalid parameters in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 625, SD 835, SD 845, SD 850, SDA660. Posible corrupción de memoria cuando se recibe Read Val Blob Req con parámetros inválidos en Snapdragon Mobile en versiones QCA9379, SD 210/SD 212/SD 205, SD 625, SD 835, SD 845, SD 850 y SDA660. • http://www.securitytracker.com/id/1041432 https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components https://www.qualcomm.com/company/product-security/bulletins • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 70EXPL: 0CVE-2018-11269
https://notcve.org/view.php?id=CVE-2018-11269
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016, a potential buffer overflow exists when parsing TFTP options. En Snapdragon (Automobile, Mobile y Wear) en versiones MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20 y Snapdragon_High_Med_2016, existe un potencial desbordamiento de búfer al analizar opciones TFTP. • http://www.securityfocus.com/bid/105838 https://www.qualcomm.com/company/product-security/bulletins • CWE-129: Improper Validation of Array Index •
CVSS: 7.8EPSS: 0%CPEs: 40EXPL: 0CVE-2018-11277
https://notcve.org/view.php?id=CVE-2018-11277
In Snapdragon (Automobile, Mobile, Wear) in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, the com.qualcomm.embms is a vendor package deployed in the system image which has an inadequate permission level and allows any application installed from Play Store to request this permission at install-time. The system application interfaces with the Radio Interface Layer leading to potential access control issue. En Snapdragon (Automobile, Mobile y Wear) en versiones MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845 y SDA660, com.qualcomm.embms es un paquete del fabricante desplegado en la imagen del sistema que tiene un nivel de permisos inadecuado y permite que cualquier aplicación instalada de la Play Store solicite este permiso en tiempo de instalación. La aplicación del sistema interfiere con Radio Interface Layer, lo que conduce a un potencial problema de control de acceso. • https://www.qualcomm.com/company/product-security/bulletins • CWE-732: Incorrect Permission Assignment for Critical Resource •