Qualcomm Qca4531_firmware
39 CVEs affecting Qualcomm Qca4531_firmware. Latest disclosed: 2024-01-02. Critical: 13, High: 26.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-25748 | Critical | 9.8 | 2022-10-19 | Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity… |
CVE-2020-11117 | Critical | 9.8 | 2020-09-08 | u'In the lbd service, an external user can issue a specially crafted debug command to overwrite arbitrary files with arbitrary content resulting in remote code… |
CVE-2019-14114 | Critical | 9.8 | 2020-04-16 | Buffer overflow in WLAN firmware while parsing GTK IE containing GTK key having length more than the buffer size in Snapdragon Auto, Snapdragon Compute, Snapdr… |
CVE-2019-14113 | Critical | 9.8 | 2020-04-16 | Buffer overflow can occur in In WLAN firmware while unwraping data using CCMP cipher suite during parsing of EAPOL handshake frame in Snapdragon Auto, Snapdrag… |
CVE-2019-14110 | Critical | 9.8 | 2020-04-16 | Buffer overflow can occur in function wlan firmware while copying association frame content if frame length is more than the maximum buffer size in case of SAP… |
CVE-2019-14098 | Critical | 9.8 | 2020-03-05 | Possible buffer overflow in data offload handler due to lack of check of keydata length when copying data in Snapdragon Auto, Snapdragon Compute, Snapdragon Co… |
CVE-2019-14031 | Critical | 9.8 | 2020-03-05 | Buffer overflow can occur while parsing RSN IE containing list of PMK ID`s which are more than the buffer size in Snapdragon Auto, Snapdragon Compute, Snapdrag… |
CVE-2016-10481 | Critical | 9.8 | 2018-04-18 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, QC… |
CVE-2016-10436 | Critical | 9.8 | 2018-04-18 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Small Cell SoC, Snapdragon Mobile, and Snapdragon Wear FSM9055, IPQ4019, IPQ8064, MDM9… |
CVE-2015-9220 | Critical | 9.8 | 2018-04-18 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9640, MDM… |
CVE-2014-9998 | Critical | 9.8 | 2018-04-18 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, IPQ8064, MDM920… |
CVE-2020-11159 | Critical | 9.1 | 2021-06-09 | Buffer over-read can happen while processing WPA,RSN IE of beacon and response frames if IE length is less than length of frame pointer being accessed in Snapd… |
CVE-2020-11276 | Critical | 9.1 | 2021-02-22 | Possible buffer over read while processing P2P IE and NOA attribute of beacon and probe response frames due to improper validation of P2P IE and NOA attribute… |
CVE-2020-11269 | High | 8.8 | 2021-02-22 | Possible memory corruption while processing EAPOL frames due to lack of validation of key length before using it in Snapdragon Auto, Snapdragon Compute, Snapdr… |
CVE-2023-21628 | High | 8.4 | 2023-06-06 | Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command. |
CVE-2021-30260 | High | 8.4 | 2021-09-17 | Possible Integer overflow to buffer overflow issue can occur due to improper validation of input parameters when extscan hostlist configuration command is rece… |
CVE-2023-28565 | High | 7.8 | 2023-09-05 | Memory corruption in WLAN HAL while handling command streams through WMI interfaces. |
CVE-2021-30303 | High | 7.8 | 2022-01-03 | Possible buffer overflow due to lack of buffer length check when segmented WMI command is received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectiv… |
CVE-2020-11235 | High | 7.8 | 2021-06-09 | Buffer overflow might occur while parsing unified command due to lack of check of input data received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connec… |
CVE-2020-3696 | High | 7.8 | 2020-11-02 | u'Use after free while installing new security rule in ipcrtr as old one is deleted and this rule could still be in use for checking security permission for pa… |