CVE-2020-11198
https://notcve.org/view.php?id=CVE-2020-11198
Key material used for TZ diag buffer encryption and other data related to log buffer is not wiped securely due to improper usage of memset in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking El material clave usado para el cifrado del búfer de diagnóstico TZ y otros datos relacionados con el búfer de registro no es borrado de forma segura debido al uso inapropiado de memset en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking • https://www.qualcomm.com/company/product-security/bulletins/february-2021-bulletin • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVE-2020-11195
https://notcve.org/view.php?id=CVE-2020-11195
Out of bound write and read in TA while processing command from NS side due to improper length check on command and response buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music Una escritura y lectura fuera de límite en TA mientras se procesa un comando desde el lado NS debido a una comprobación de longitud inapropiada en los búferes de comando y respuesta en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music • https://www.qualcomm.com/company/product-security/bulletins/february-2021-bulletin • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVE-2020-11170
https://notcve.org/view.php?id=CVE-2020-11170
Out of bound memory access while playing music playbacks with crafted vorbis content due to improper checks in header extraction in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking Un acceso fuera de límite a la memoria mientras se reproducen reproducciones de música con contenido vorbis diseñado debido a comprobaciones inapropiadas en la extracción de encabezados en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking • https://www.qualcomm.com/company/product-security/bulletins/february-2021-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2020-3691
https://notcve.org/view.php?id=CVE-2020-3691
Possible out of bound memory access in audio due to integer underflow while processing modified contents in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking Un posible acceso a la memoria fuera del límite en el audio debido a un flujo insuficiente de enteros mientras se procesan contenidos modificados en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking • https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVE-2020-3686
https://notcve.org/view.php?id=CVE-2020-3686
Possible memory out of bound issue during music playback when an incorrect bit stream content is copied into array without checking the length of array in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking Un posible problema de memoria fuera del límite durante la reproducción de música cuando un contenido de flujo de bits incorrecto es copiado en la matriz sin comprobar la longitud de la matriz en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking • https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •