ReportizFlow
Filtered by vendor Qualcomm
Subscriptions
Filtered by product Qca6698aq
Subscriptions
Total
420 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-28578 | 1 Qualcomm | 680 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 677 more | 2025-08-11 | 9.3 Critical |
| Memory corruption in Core Services while executing the command for removing a single event listener. | ||||
| CVE-2023-43548 | 1 Qualcomm | 284 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 281 more | 2025-08-11 | 7.3 High |
| Memory corruption while parsing qcp clip with invalid chunk data size. | ||||
| CVE-2024-21455 | 1 Qualcomm | 41 Qam8295p, Qam8295p Firmware, Qca6584au and 38 more | 2025-08-11 | 7.8 High |
| Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver. | ||||
| CVE-2024-33073 | 1 Qualcomm | 320 Ar8035, Ar8035 Firmware, Csr8811 and 317 more | 2025-08-11 | 8.2 High |
| Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE. | ||||
| CVE-2024-38397 | 1 Qualcomm | 234 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 231 more | 2025-08-11 | 7.5 High |
| Transient DOS while parsing probe response and assoc response frame. | ||||
| CVE-2023-28539 | 1 Qualcomm | 314 Ar8035, Ar8035 Firmware, Ar9380 and 311 more | 2025-08-11 | 6.6 Medium |
| Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command. | ||||
| CVE-2023-28541 | 1 Qualcomm | 426 Aqt1000, Aqt1000 Firmware, Ar8031 and 423 more | 2025-08-11 | 7.8 High |
| Memory Corruption in Data Modem while processing DMA buffer release event about CFR data. | ||||
| CVE-2023-28550 | 1 Qualcomm | 670 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9205 Lte Modem and 667 more | 2025-08-11 | 7.8 High |
| Memory corruption in MPP performance while accessing DSM watermark using external memory address. | ||||
| CVE-2023-28569 | 1 Qualcomm | 416 Aqt1000, Aqt1000 Firmware, Ar9380 and 413 more | 2025-08-11 | 6.1 Medium |
| Information disclosure in WLAN HAL while handling command through WMI interfaces. | ||||
| CVE-2024-33067 | 1 Qualcomm | 154 Ar8035, Ar8035 Firmware, C-v2x 9150 and 151 more | 2025-08-11 | 6.1 Medium |
| Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver. | ||||
| CVE-2024-23351 | 1 Qualcomm | 188 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 185 more | 2025-08-11 | 8.4 High |
| Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions. | ||||
| CVE-2024-23354 | 1 Qualcomm | 160 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 157 more | 2025-08-11 | 8.4 High |
| Memory corruption when the IOCTL call is interrupted by a signal. | ||||
| CVE-2024-38401 | 1 Qualcomm | 82 Ar8035, Ar8035 Firmware, C-v2x 9150 and 79 more | 2025-08-11 | 7.8 High |
| Memory corruption while processing concurrent IOCTL calls. | ||||
| CVE-2025-38293 | 2 Linux, Qualcomm | 2 Linux Kernel, Qca6698aq | 2025-07-28 | 7.0 High |
| In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix node corruption in ar->arvifs list In current WLAN recovery code flow, ath11k_core_halt() only reinitializes the "arvifs" list head. This will cause the list node immediately following the list head to become an invalid list node. Because the prev of that node still points to the list head "arvifs", but the next of the list head "arvifs" no longer points to that list node. When a WLAN recovery occurs during the execution of a vif removal, and it happens before the spin_lock_bh(&ar->data_lock) in ath11k_mac_op_remove_interface(), list_del() will detect the previously mentioned situation, thereby triggering a kernel panic. The fix is to remove and reinitialize all vif list nodes from the list head "arvifs" during WLAN halt. The reinitialization is to make the list nodes valid, ensuring that the list_del() in ath11k_mac_op_remove_interface() can execute normally. Call trace: __list_del_entry_valid_or_report+0xb8/0xd0 ath11k_mac_op_remove_interface+0xb0/0x27c [ath11k] drv_remove_interface+0x48/0x194 [mac80211] ieee80211_do_stop+0x6e0/0x844 [mac80211] ieee80211_stop+0x44/0x17c [mac80211] __dev_close_many+0xac/0x150 __dev_change_flags+0x194/0x234 dev_change_flags+0x24/0x6c devinet_ioctl+0x3a0/0x670 inet_ioctl+0x200/0x248 sock_do_ioctl+0x60/0x118 sock_ioctl+0x274/0x35c __arm64_sys_ioctl+0xac/0xf0 invoke_syscall+0x48/0x114 ... Tested-on: QCA6698AQ hw2.1 PCI WLAN.HSP.1.1-04591-QCAHSPSWPL_V1_V2_SILICONZ_IOE-1 | ||||
| CVE-2025-21445 | 1 Qualcomm | 55 Qam8255p, Qam8255p Firmware, Qam8295p and 52 more | 2025-07-21 | 7.8 High |
| Memory corruption while copying the result to the transmission queue which is shared between the virtual machine and the host. | ||||
| CVE-2025-21444 | 1 Qualcomm | 54 Qam8255p, Qam8255p Firmware, Qam8295p and 51 more | 2025-07-21 | 7.8 High |
| Memory corruption while copying the result to the transmission queue in EMAC. | ||||
| CVE-2023-43523 | 1 Qualcomm | 284 Ar8035, Ar8035 Firmware, Csr8811 and 281 more | 2025-06-18 | 7.5 High |
| Transient DOS while processing 11AZ RTT management action frame received through OTA. | ||||
| CVE-2023-33076 | 1 Qualcomm | 302 Aqt1000, Aqt1000 Firmware, Ar8035 and 299 more | 2025-06-18 | 5.9 Medium |
| Memory corruption in Core when updating rollback version for TA and OTA feature is enabled. | ||||
| CVE-2023-33037 | 1 Qualcomm | 166 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 163 more | 2025-06-17 | 7.1 High |
| Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data. | ||||
| CVE-2023-33014 | 1 Qualcomm | 74 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 71 more | 2025-06-03 | 7.6 High |
| Information disclosure in Core services while processing a Diag command. | ||||