Summary
| Detail | |||
|---|---|---|---|
| Vendor | Qualcomm | First view | 2021-03-17 |
| Product | sd678 Firmware | Last view | 2023-09-05 |
| Version | Type | Os | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
| CPE Name | Affected CVE |
|---|---|
| cpe:2.3:o:qualcomm:sd678_firmware:-:*:*:*:*:*:*:* | 287 |
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.8 | 2023-09-05 | CVE-2023-28538 | Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region. |
| 7.8 | 2023-09-05 | CVE-2023-21664 | Memory Corruption in Core Platform while printing the response buffer in log. |
| 7.8 | 2023-09-05 | CVE-2023-21662 | Memory corruption in Core Platform while printing the response buffer in log. |
| 7.8 | 2023-08-08 | CVE-2023-28537 | Memory corruption while allocating memory in COmxApeDec module in Audio. |
| 7.8 | 2023-08-08 | CVE-2023-22666 | Memory Corruption in Audio while playing amrwbplus clips with modified content. |
| 7.1 | 2023-08-08 | CVE-2023-21652 | Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use. |
| 7.8 | 2023-08-08 | CVE-2023-21651 | Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE. |
| 7.1 | 2023-08-08 | CVE-2023-21626 | Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key. |
| 9.8 | 2023-08-08 | CVE-2022-40510 | Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder. |
| 9.8 | 2023-03-10 | CVE-2022-40537 | Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response. |
| 7.8 | 2023-03-10 | CVE-2022-40531 | Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message. |
| 7.8 | 2023-03-10 | CVE-2022-40530 | Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase. |
| 9.8 | 2023-03-10 | CVE-2022-40515 | Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms. |
| 7.8 | 2023-03-10 | CVE-2022-33278 | Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer capacity. |
| 7 | 2023-03-10 | CVE-2022-33257 | Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone. |
| 7.8 | 2023-03-10 | CVE-2022-33242 | Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD. |
| 8.8 | 2023-03-10 | CVE-2022-33213 | Memory corruption in modem due to buffer overflow while processing a PPP packet |
| 7.8 | 2023-03-10 | CVE-2022-25709 | Memory corruption in modem due to use of out of range pointer offset while processing qmi msg |
| 7.8 | 2023-03-10 | CVE-2022-25705 | Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response |
| 7.8 | 2023-03-10 | CVE-2022-25694 | Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM |
| 7.8 | 2023-03-10 | CVE-2022-25655 | Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload. |
| 5.5 | 2023-03-10 | CVE-2022-22075 | Information Disclosure in Graphics during GPU context switch. |
| 9.8 | 2023-02-12 | CVE-2022-40514 | Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame. |
| 7.5 | 2023-02-12 | CVE-2022-40512 | Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon. |
| 7.8 | 2023-02-12 | CVE-2022-33277 | Memory corruption in modem due to buffer copy without checking size of input while receiving WMI command. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 22% (63) | CWE-125 | Out-of-bounds Read |
| 14% (39) | CWE-787 | Out-of-bounds Write |
| 13% (37) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
| 5% (16) | CWE-416 | Use After Free |
| 5% (16) | CWE-190 | Integer Overflow or Wraparound |
| 5% (14) | CWE-617 | Reachable Assertion |
| 4% (13) | CWE-476 | NULL Pointer Dereference |
| 4% (13) | CWE-129 | Improper Validation of Array Index |
| 4% (13) | CWE-20 | Improper Input Validation |
| 3% (10) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 2% (8) | CWE-415 | Double Free |
| 2% (7) | CWE-367 | Time-of-check Time-of-use (TOCTOU) Race Condition |
| 2% (7) | CWE-287 | Improper Authentication |
| 1% (5) | CWE-704 | Incorrect Type Conversion or Cast |
| 1% (3) | CWE-200 | Information Exposure |
| 0% (2) | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory L... |
| 0% (2) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
| 0% (2) | CWE-347 | Improper Verification of Cryptographic Signature |
| 0% (2) | CWE-191 | Integer Underflow (Wrap or Wraparound) |
| 0% (1) | CWE-798 | Use of Hard-coded Credentials |
| 0% (1) | CWE-755 | Improper Handling of Exceptional Conditions |
| 0% (1) | CWE-697 | Insufficient Comparison |
| 0% (1) | CWE-312 | Cleartext Storage of Sensitive Information |
| 0% (1) | CWE-203 | Information Exposure Through Discrepancy |
