Summary
| Detail | |||
|---|---|---|---|
| Vendor | Qualcomm | First view | 2018-04-11 |
| Product | mdm9655 Firmware | Last view | 2023-03-10 |
| Version | Type | Os | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
| CPE Name | Affected CVE |
|---|---|
| cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:* | 241 |
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 8.8 | 2023-03-10 | CVE-2022-33213 | Memory corruption in modem due to buffer overflow while processing a PPP packet |
| 7.8 | 2023-03-10 | CVE-2022-25705 | Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response |
| 7.8 | 2022-12-13 | CVE-2022-25682 | Memory corruption in MODEM UIM due to usage of out of range pointer offset while decoding command from card in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
| 7.5 | 2022-06-14 | CVE-2021-30344 | Improper authorization of a replayed LTE security mode command can lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
| 5.9 | 2022-06-14 | CVE-2021-30342 | Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables |
| 7.8 | 2022-02-11 | CVE-2021-30323 | Improper validation of maximum size of data write to EFS file can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
| 7.8 | 2022-02-11 | CVE-2021-30322 | Possible out of bounds write due to improper validation of number of GPIOs configured in an internal parameters array in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile |
| 7.8 | 2022-01-03 | CVE-2021-30271 | Possible null pointer dereference in trap handler due to lack of thread ID validation before dereferencing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking |
| 7.8 | 2021-11-12 | CVE-2021-30259 | Possible out of bound access due to improper validation of function table entries in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking |
| 5.5 | 2021-11-12 | CVE-2021-1924 | Information disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking |
| 7.5 | 2021-10-20 | CVE-2021-30310 | Possible buffer overflow due to Improper validation of received CF-ACK and CF-Poll data frames in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music |
| 8.6 | 2021-10-20 | CVE-2020-11303 | Accepting AMSDU frames with mismatched destination and source address can lead to information disclosure in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking |
| 7.8 | 2021-09-17 | CVE-2021-30261 | Possible integer and heap overflow due to lack of input command size validation while handling beacon template update command from HLOS in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
| 5.5 | 2021-09-09 | CVE-2021-1935 | Possible null pointer dereference due to lack of validation check for passed pointer during key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables |
| 7.8 | 2021-09-09 | CVE-2021-1909 | Buffer overflow occurs in trusted applications due to lack of length check of parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking |
| 9.8 | 2021-09-08 | CVE-2021-1920 | Integer underflow can occur due to improper handling of incoming RTCP packets in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables |
| 9.8 | 2021-09-08 | CVE-2021-1919 | Integer underflow can occur when the RTCP length is lesser than than the actual blocks present in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables |
| 9.8 | 2021-09-08 | CVE-2021-1916 | Possible buffer underflow due to lack of check for negative indices values when processing user provided input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables |
| 7.5 | 2021-09-08 | CVE-2020-11301 | Improper authentication of un-encrypted plaintext Wi-Fi frames in an encrypted network can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking |
| 7.8 | 2021-07-13 | CVE-2021-1890 | Improper length check of public exponent in RSA import key function could cause memory corruption. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables |
| 7.8 | 2021-07-13 | CVE-2021-1889 | Possible buffer overflow due to lack of length check in Trusted Application in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables |
| 7.8 | 2021-07-13 | CVE-2021-1888 | Memory corruption in key parsing and import function due to double freeing the same heap allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables |
| 7.8 | 2021-07-13 | CVE-2021-1886 | Incorrect handling of pointers in trusted application key import mechanism could cause memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables |
| 7.8 | 2021-06-09 | CVE-2020-11292 | Possible buffer overflow in voice service due to lack of input validation of parameters in QMI Voice API in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
| 7.5 | 2021-06-09 | CVE-2020-11241 | Out of bound read will happen if EAPOL Key length is less than expected while processing NAN shared key descriptor attribute in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 15% (37) | CWE-125 | Out-of-bounds Read |
| 15% (37) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 11% (27) | CWE-787 | Out-of-bounds Write |
| 9% (24) | CWE-20 | Improper Input Validation |
| 7% (19) | CWE-190 | Integer Overflow or Wraparound |
| 6% (15) | CWE-129 | Improper Validation of Array Index |
| 5% (14) | CWE-200 | Information Exposure |
| 4% (12) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
| 2% (7) | CWE-476 | NULL Pointer Dereference |
| 2% (5) | CWE-284 | Access Control (Authorization) Issues |
| 1% (4) | CWE-416 | Use After Free |
| 1% (4) | CWE-191 | Integer Underflow (Wrap or Wraparound) |
| 1% (3) | CWE-388 | Error Handling |
| 1% (3) | CWE-320 | Key Management Errors |
| 1% (3) | CWE-310 | Cryptographic Issues |
| 1% (3) | CWE-287 | Improper Authentication |
| 1% (3) | CWE-19 | Data Handling |
| 0% (2) | CWE-415 | Double Free |
| 0% (2) | CWE-367 | Time-of-check Time-of-use (TOCTOU) Race Condition |
| 0% (2) | CWE-362 | Race Condition |
| 0% (2) | CWE-285 | Improper Access Control (Authorization) |
| 0% (2) | CWE-203 | Information Exposure Through Discrepancy |
| 0% (1) | CWE-755 | Improper Handling of Exceptional Conditions |
| 0% (1) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
| 0% (1) | CWE-668 | Exposure of Resource to Wrong Sphere |
