When a fake broadcast/multicast 11w rmf without mmie received, since no proper length check in wma_process_bip, buffer overflow will happen in both cds_is_mmie_valid and qdf_nbuf_trim_tail in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8937, MSM8996AU, MSM8998, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS605, SDM630, SDM636, SDM660, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
qualcomm apq8009_firmware - |
||
qualcomm apq8017_firmware - |
||
qualcomm apq8053_firmware - |
||
qualcomm apq8064_firmware - |
||
qualcomm apq8096au_firmware - |
||
qualcomm mdm9206_firmware - |
||
qualcomm mdm9207c_firmware - |
||
qualcomm mdm9607_firmware - |
||
qualcomm mdm9640_firmware - |
||
qualcomm mdm9650_firmware - |
||
qualcomm msm8937_firmware - |
||
qualcomm msm8996au_firmware - |
||
qualcomm msm8998_firmware - |
||
qualcomm qca6174a_firmware - |
||
qualcomm qca6574au_firmware - |
||
qualcomm qca9377_firmware - |
||
qualcomm qca9379_firmware - |
||
qualcomm qcn7605_firmware - |
||
qualcomm qcs605_firmware - |
||
qualcomm sdm630_firmware - |
||
qualcomm sdm636_firmware - |
||
qualcomm sdm660_firmware - |
||
qualcomm sdx20_firmware - |
||
qualcomm sdx24_firmware - |
||
qualcomm sdx55_firmware - |
||
qualcomm sm6150_firmware - |
||
qualcomm sm7150_firmware - |
||
qualcomm sm8150_firmware - |
||
qualcomm sxr1130_firmware - |
Vulmon