Peterpark

**Name of the Vulnerable Software and Affected Versions** Bluetooth Host (affected versions not specified) **Description** The issue is related to information disclosure due to a buffer over-read in the Bluetooth Host while A2DP streaming. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux (affected versions not specified) **Description** The issue is related to information disclosure due to a buffer overread in Linux sensors. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Modem (affected versions not specified) **Description** The issue is related to memory corruption caused by an integer overflow leading to a buffer overflow in the Modem. This occurs when the Modem is parsing a Traffic Channel Neighbor List Update message. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** The issue is related to memory corruption in a modem caused by a buffer overflow when processing a PPP packet. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** User Identity Module (affected versions not specified) **Description** The issue is related to memory corruption in the User Identity Module due to an integer overflow that leads to a buffer overflow. This occurs when a segment is received via qmi http. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Modem (affected versions not specified) **Description** The issue is related to memory corruption caused by a configuration weakness in the modem when sending commands to write protected files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Qualcomm Snapdragon (affected versions not specified) **Description** The issue is related to improper validation of program headers containing ELF metadata, which can lead to image verification bypass in various Qualcomm Snapdragon products, including Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, and Snapdragon Wired Infrastructure and Networking. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Snapdragon Auto (affected versions not specified) Snapdragon Compute (affected versions not specified) Snapdragon Connectivity (affected versions not specified) Snapdragon Consumer IOT (affected versions not specified) Snapdragon Industrial IOT (affected versions not specified) Snapdragon Mobile (affected versions not specified) **Description** The issue is related to possible integer overflow to buffer overflow due to improper input validation in FTM ARA commands. This affects various Snapdragon products, including Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, and Mobile. **Recommendations** For Snapdragon Auto, update to a version that includes proper input validation for FTM ARA commands. For Snapdragon Compute, update to a version that includes proper input validation for FTM ARA commands. For Snapdragon Connectivity, update to a version that includes proper input validation for FTM ARA commands. For Snapdragon Consumer IOT, update to a version that includes proper input validation for FTM ARA commands. For Snapdragon Industrial IOT, update to a version that includes proper input validation for FTM ARA commands. For Snapdragon Mobile, update to a version that includes proper input validation for FTM ARA commands. As a temporary workaround, consider disabling the use of FTM ARA commands until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the vulnerable `FTM ARA` commands in the affected products until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Qualcomm Snapdragon (affected versions not specified) **Description** The issue is related to improper access control in TrustZone due to improper error handling while handling the signing key. This affects various Snapdragon products, including Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, and Snapdragon Wired Infrastructure and Networking. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon versions in APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 Description: The issue is related to a possible out of bound array access due to the lack of a check on the carrier index passed in various Snapdragon products, including Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, and Snapdragon Wearables. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon versions in APQ8009, APQ8098, MDM9150, MDM9607, MDM9650, MSM8905, MSM8909, MSM8998, SDA660, SDA845, SDM630, SDM636, SDM660, SDM845, SDM850, SXR2130 Description: The issue is related to out of bound memory access while processing TZ command handler due to improper input validation on response length received from user in various Snapdragon products, including Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, and Wired Infrastructure and Networking. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Qualcomm Snapdragon Auto versions prior to the fixed version Qualcomm Snapdragon Compute versions prior to the fixed version Qualcomm Snapdragon Consumer Electronics Connectivity versions prior to the fixed version Qualcomm Snapdragon Consumer IOT versions prior to the fixed version Qualcomm Snapdragon Industrial IOT versions prior to the fixed version Qualcomm Snapdragon Mobile versions prior to the fixed version Qualcomm Snapdragon Voice & Music versions prior to the fixed version Qualcomm Snapdragon Wired Infrastructure and Networking versions prior to the fixed version **Description** A potential double free scenario exists if the driver receives another DIAG EVENT LOG SUPPORTED event from firmware as the pointer is not set to NULL on the first call. This issue affects various Qualcomm Snapdragon products, including Auto, Compute, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, and Wired Infrastructure and Networking. **Recommendations** For Qualcomm Snapdragon Auto, update to a version that includes the fix for this issue. For Qualcomm Snapdragon Compute, update to a version that includes the fix for this issue. For Qualcomm Snapdragon Consumer Electronics Connectivity, update to a version that includes the fix for this issue. For Qualcomm Snapdragon Consumer IOT, update to a version that includes the fix for this issue. For Qualcomm Snapdragon Industrial IOT, update to a version that includes the fix for this issue. For Qualcomm Snapdragon Mobile, update to a version that includes the fix for this issue. For Qualcomm Snapdragon Voice & Music, update to a version that includes the fix for this issue. For Qualcomm Snapdragon Wired Infrastructure and Networking, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Qualcomm Snapdragon versions (affected versions not specified) **Description** The issue is related to an integer overflow that can lead to a buffer overflow due to the lack of validation of event arguments received from firmware. This affects various Qualcomm Snapdragon products, including Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, and Snapdragon Wired Infrastructure and Networking, in multiple chipsets such as IPQ4019, IPQ8064, IPQ8074, MDM9607, MSM8917, MSM8920, MSM8937, MSM8940, QCN7605, QCS405, QCS605, SDA845, SDM660, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, and SXR1130. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.