Filtered by vendor Qualcomm
Subscriptions
Filtered by product Qca6698aq
Subscriptions
Total
399 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49841 | 1 Qualcomm | 346 Aqt1000, Aqt1000 Firmware, Ar8035 and 343 more | 2025-08-11 | 7.8 High |
| Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling. | ||||
| CVE-2024-49842 | 1 Qualcomm | 358 Aqt1000, Aqt1000 Firmware, Ar8035 and 355 more | 2025-08-11 | 7.8 High |
| Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions. | ||||
| CVE-2023-21633 | 1 Qualcomm | 194 Apq8064au, Apq8064au Firmware, Aqt1000 and 191 more | 2025-08-11 | 6.7 Medium |
| Memory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage request. | ||||
| CVE-2023-33046 | 1 Qualcomm | 98 Ar8035, Ar8035 Firmware, Fastconnect 6900 and 95 more | 2025-08-11 | 7.8 High |
| Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation. | ||||
| CVE-2023-43514 | 1 Qualcomm | 167 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 164 more | 2025-08-11 | 8.4 High |
| Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem UNMAP. | ||||
| CVE-2023-33044 | 1 Qualcomm | 180 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 177 more | 2025-08-11 | 7.5 High |
| Transient DOS in Data modem while handling TLB control messages from the Network. | ||||
| CVE-2023-33096 | 1 Qualcomm | 204 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 201 more | 2025-08-11 | 7.5 High |
| Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16. | ||||
| CVE-2023-33095 | 1 Qualcomm | 204 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 201 more | 2025-08-11 | 7.5 High |
| Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in NR. | ||||
| CVE-2023-33065 | 1 Qualcomm | 208 Aqt1000, Aqt1000 Firmware, Ar8035 and 205 more | 2025-08-11 | 6.1 Medium |
| Information disclosure in Audio while accessing AVCS services from ADSP payload. | ||||
| CVE-2023-33101 | 1 Qualcomm | 208 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 205 more | 2025-08-11 | 7.5 High |
| Transient DOS while processing DL NAS TRANSPORT message with payload length 0. | ||||
| CVE-2023-33111 | 1 Qualcomm | 172 Ar8035, Ar8035 Firmware, C-v2x 9150 and 169 more | 2025-08-11 | 5.5 Medium |
| Information disclosure when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibration command. | ||||
| CVE-2024-23354 | 1 Qualcomm | 160 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 157 more | 2025-08-11 | 8.4 High |
| Memory corruption when the IOCTL call is interrupted by a signal. | ||||
| CVE-2025-38293 | 2 Linux, Qualcomm | 2 Linux Kernel, Qca6698aq | 2025-07-28 | 7.0 High |
| In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix node corruption in ar->arvifs list In current WLAN recovery code flow, ath11k_core_halt() only reinitializes the "arvifs" list head. This will cause the list node immediately following the list head to become an invalid list node. Because the prev of that node still points to the list head "arvifs", but the next of the list head "arvifs" no longer points to that list node. When a WLAN recovery occurs during the execution of a vif removal, and it happens before the spin_lock_bh(&ar->data_lock) in ath11k_mac_op_remove_interface(), list_del() will detect the previously mentioned situation, thereby triggering a kernel panic. The fix is to remove and reinitialize all vif list nodes from the list head "arvifs" during WLAN halt. The reinitialization is to make the list nodes valid, ensuring that the list_del() in ath11k_mac_op_remove_interface() can execute normally. Call trace: __list_del_entry_valid_or_report+0xb8/0xd0 ath11k_mac_op_remove_interface+0xb0/0x27c [ath11k] drv_remove_interface+0x48/0x194 [mac80211] ieee80211_do_stop+0x6e0/0x844 [mac80211] ieee80211_stop+0x44/0x17c [mac80211] __dev_close_many+0xac/0x150 __dev_change_flags+0x194/0x234 dev_change_flags+0x24/0x6c devinet_ioctl+0x3a0/0x670 inet_ioctl+0x200/0x248 sock_do_ioctl+0x60/0x118 sock_ioctl+0x274/0x35c __arm64_sys_ioctl+0xac/0xf0 invoke_syscall+0x48/0x114 ... Tested-on: QCA6698AQ hw2.1 PCI WLAN.HSP.1.1-04591-QCAHSPSWPL_V1_V2_SILICONZ_IOE-1 | ||||
| CVE-2025-21445 | 1 Qualcomm | 55 Qam8255p, Qam8255p Firmware, Qam8295p and 52 more | 2025-07-21 | 7.8 High |
| Memory corruption while copying the result to the transmission queue which is shared between the virtual machine and the host. | ||||
| CVE-2025-21444 | 1 Qualcomm | 54 Qam8255p, Qam8255p Firmware, Qam8295p and 51 more | 2025-07-21 | 7.8 High |
| Memory corruption while copying the result to the transmission queue in EMAC. | ||||
| CVE-2023-43523 | 1 Qualcomm | 284 Ar8035, Ar8035 Firmware, Csr8811 and 281 more | 2025-06-17 | 7.5 High |
| Transient DOS while processing 11AZ RTT management action frame received through OTA. | ||||
| CVE-2023-33076 | 1 Qualcomm | 302 Aqt1000, Aqt1000 Firmware, Ar8035 and 299 more | 2025-06-17 | 5.9 Medium |
| Memory corruption in Core when updating rollback version for TA and OTA feature is enabled. | ||||
| CVE-2023-33037 | 1 Qualcomm | 166 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 163 more | 2025-06-17 | 7.1 High |
| Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data. | ||||
| CVE-2023-33014 | 1 Qualcomm | 74 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 71 more | 2025-06-03 | 7.6 High |
| Information disclosure in Core services while processing a Diag command. | ||||
| CVE-2023-33030 | 1 Qualcomm | 596 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9205 Lte Modem and 593 more | 2025-06-03 | 9.3 Critical |
| Memory corruption in HLOS while running playready use-case. | ||||