Summary
| Detail | |||
|---|---|---|---|
| Vendor | Qualcomm | First view | 2019-05-24 |
| Product | qca4020 Firmware | Last view | 2023-12-05 |
| Version | - | Type | Os |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:qualcomm:qca4020_firmware | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.5 | 2023-12-05 | CVE-2023-33080 | Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame. |
| 7.8 | 2023-12-05 | CVE-2023-33017 | Memory corruption in Boot while running a ListVars test in UEFI Menu during boot. |
| 7.8 | 2023-11-07 | CVE-2023-33059 | Memory corruption in Audio while processing the VOC packet data from ADSP. |
| 7.8 | 2023-09-05 | CVE-2023-28560 | Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload. |
| 7.8 | 2023-08-08 | CVE-2023-28537 | Memory corruption while allocating memory in COmxApeDec module in Audio. |
| 7.8 | 2023-08-08 | CVE-2023-22666 | Memory Corruption in Audio while playing amrwbplus clips with modified content. |
| 7.1 | 2023-08-08 | CVE-2023-21626 | Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key. |
| 7.5 | 2023-08-08 | CVE-2023-21625 | Information disclosure in Network Services due to buffer over-read while the device receives DNS response. |
| 9.8 | 2023-08-08 | CVE-2022-40510 | Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder. |
| 7.8 | 2023-03-10 | CVE-2022-40531 | Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message. |
| 7.8 | 2023-03-10 | CVE-2022-25655 | Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload. |
| 7.5 | 2023-02-12 | CVE-2022-40512 | Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon. |
| 7.5 | 2023-02-12 | CVE-2022-33229 | Information disclosure due to buffer over-read in Modem while using static array to process IPv4 packets. |
| 7.5 | 2023-02-12 | CVE-2022-25738 | Information disclosure in modem due to buffer over-red while performing checksum of packet received |
| 7.5 | 2023-02-12 | CVE-2022-25735 | Denial of service in modem due to missing null check while processing TCP or UDP packets from server |
| 7.5 | 2023-02-12 | CVE-2022-25734 | Denial of service in modem due to missing null check while processing IP packets with padding |
| 7.5 | 2023-02-12 | CVE-2022-25733 | Denial of service in modem due to null pointer dereference while processing DNS packets |
| 7.5 | 2023-02-12 | CVE-2022-25732 | Information disclosure in modem due to buffer over read in dns client due to missing length check |
| 9.8 | 2023-02-12 | CVE-2022-25729 | Memory corruption in modem due to improper length check while copying into memory |
| 7.5 | 2023-02-12 | CVE-2022-25728 | Information disclosure in modem due to buffer over-read while processing response from DNS server |
| 6.5 | 2023-01-09 | CVE-2022-33286 | Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames. |
| 6.5 | 2023-01-09 | CVE-2022-33285 | Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames. |
| 4.6 | 2023-01-09 | CVE-2022-22079 | Denial of service while processing fastboot flash command on mmc due to buffer over read |
| 7.5 | 2022-12-13 | CVE-2022-33238 | Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking |
| 7.5 | 2022-12-13 | CVE-2022-33235 | Information disclosure due to buffer over-read in WLAN firmware while parsing security context info attributes. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 31% (38) | CWE-125 | Out-of-bounds Read |
| 12% (15) | CWE-787 | Out-of-bounds Write |
| 10% (13) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
| 9% (11) | CWE-416 | Use After Free |
| 9% (11) | CWE-190 | Integer Overflow or Wraparound |
| 4% (6) | CWE-20 | Improper Input Validation |
| 4% (5) | CWE-476 | NULL Pointer Dereference |
| 3% (4) | CWE-129 | Improper Validation of Array Index |
| 2% (3) | CWE-415 | Double Free |
| 1% (2) | CWE-617 | Reachable Assertion |
| 1% (2) | CWE-362 | Race Condition |
| 1% (2) | CWE-200 | Information Exposure |
| 1% (2) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 0% (1) | CWE-704 | Incorrect Type Conversion or Cast |
| 0% (1) | CWE-697 | Insufficient Comparison |
| 0% (1) | CWE-668 | Exposure of Resource to Wrong Sphere |
| 0% (1) | CWE-367 | Time-of-check Time-of-use (TOCTOU) Race Condition |
| 0% (1) | CWE-287 | Improper Authentication |
| 0% (1) | CWE-252 | Unchecked Return Value |
| 0% (1) | CWE-203 | Information Exposure Through Discrepancy |
| 0% (1) | CWE-131 | Incorrect Calculation of Buffer Size |
