CVE-2021-30314
https://notcve.org/view.php?id=CVE-2021-30314
Lack of validation for third party application accessing the service can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables Una falta de comprobación de las aplicaciones de terceros que acceden al servicio puede conllevar a una divulgación de información en Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables • https://www.qualcomm.com/company/product-security/bulletins/january-2022-bulletin • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2021-30313
https://notcve.org/view.php?id=CVE-2021-30313
Use after free condition can occur in wired connectivity due to a race condition while creating and deleting folders in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking Puede producirse una condición de uso de memoria previamente liberada en la conectividad por cable debido a una condición de carrera mientras se crean y eliminan carpetas en Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking • https://www.qualcomm.com/company/product-security/bulletins/january-2022-bulletin • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVE-2021-30307
https://notcve.org/view.php?id=CVE-2021-30307
Possible denial of service due to improper validation of DNS response when DNS client requests with PTR, NAPTR or SRV query type in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT Una posible denegación de servicio debido a una comprobación inapropiada de la respuesta DNS cuando el cliente DNS realiza peticiones con el tipo de consulta PTR, NAPTR o SRV en Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT • https://www.qualcomm.com/company/product-security/bulletins/january-2022-bulletin • CWE-617: Reachable Assertion •
CVE-2021-30300
https://notcve.org/view.php?id=CVE-2021-30300
Possible denial of service due to incorrectly decoding hex data for the SIB2 OTA message and assigning a garbage value to choice when processing the SRS configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables Una posible denegación de servicio debido a una decodificación incorrecta de los datos hexadecimales del mensaje OTA SIB2 y a la asignación de un valor basura a la elección cuando es procesada la configuración SRS en Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables • https://www.qualcomm.com/company/product-security/bulletins/january-2022-bulletin • CWE-704: Incorrect Type Conversion or Cast •
CVE-2021-30285
https://notcve.org/view.php?id=CVE-2021-30285
Improper validation of memory region in Hypervisor can lead to incorrect region mapping in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking Una comprobación inapropiada de la región de memoria en el Hypervisor puede conllevar a un mapeo incorrecto de la región en Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking • https://www.qualcomm.com/company/product-security/bulletins/january-2022-bulletin • CWE-20: Improper Input Validation •