Qualcomm Security Vulnerabilities

CVE-2023-28557

Memory corruption in WLAN HAL while processing command parameters from untrusted WMI...

CVE-2023-33064

Transient DOS in Audio when invoking callback function of ASM...

CVE-2022-33248

Memory corruption in User Identity Module due to integer overflow to buffer overflow when a segement is received via qmi...

CVE-2022-40514

Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response...

CVE-2023-24848

Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line...

CVE-2022-33260

Memory corruption due to stack based buffer overflow in core while sending command from USB of large...

CVE-2022-33224

Memory corruption in core due to buffer copy without check9ing the size of input while processing ioctl...

CVE-2023-21634

Memory Corruption in Radio Interface Layer while sending an SMS or writing an SMS to...

CVE-2023-21652

Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after...

CVE-2023-33033

Memory corruption in Audio during playback with speaker...

CVE-2022-33277

Memory corruption in modem due to buffer copy without checking size of input while receiving WMI...

CVE-2023-28576

The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to...

CVE-2023-21655

Memory corruption in Audio while validating and mapping...

CVE-2022-40522

Memory corruption in Linux Networking due to double free while handling a...

CVE-2023-28553

Information Disclosure in WLAN Host when processing WMI event...

CVE-2023-33068

Memory corruption in Audio while processing IIR config data from AFE calibration...

CVE-2022-33213

Memory corruption in modem due to buffer overflow while processing a PPP...

CVE-2023-33022

Memory corruption in HLOS while invoking IOCTL calls from...

CVE-2023-22385

Memory Corruption in Data Modem while making a MO call or MT VOLTE...

CVE-2023-33036

Permanent DOS in Hypervisor while untrusted VM without PSCI support makes a PSCI...

CVE-2023-33109

Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from...

CVE-2023-33017

Memory corruption in Boot while running a ListVars test in UEFI Menu during...

CVE-2023-24851

Memory Corruption in WLAN HOST while parsing QMI response message from...

CVE-2022-33267

Memory corruption in Linux while sending DRM...

CVE-2023-21659

Transient DOS in WLAN Firmware while processing frames with missing header...

CVE-2023-28566

Information disclosure in WLAN HAL while handling the WMI state info...

CVE-2022-33242

Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio...

CVE-2022-40504

Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the...

CVE-2023-33088

Memory corruption when processing cmd parameters while parsing...

CVE-2022-33282

Memory corruption in Automotive Multimedia due to integer overflow to buffer overflow during IOCTL calls in video...

CVE-2023-33070

Transient DOS in Automotive OS due to improper authentication to the secure IO...

CVE-2022-40510

Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS...

CVE-2023-21651

Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in...

CVE-2023-33029

Memory corruption in DSP Service during a remote call from HLOS to...

CVE-2023-28570

Memory corruption while processing audio...

CVE-2022-40508

Transient DOS due to reachable assertion in Modem while processing config related to cross carrier scheduling, which is not...

CVE-2023-33034

Memory corruption while parsing the ADSP response...

CVE-2023-33080

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management...

CVE-2022-33306

Transient DOS due to buffer over-read in WLAN while processing an incoming management frame with incorrectly filled...

CVE-2023-33061

Transient DOS in WLAN Firmware while parsing WLAN beacon or probe-response...

CVE-2022-33270

Transient DOS due to time-of-check time-of-use race condition in Modem while processing RRC Reconfiguration...

CVE-2023-21638

Memory corruption in Video while calling APIs with different instance ID than the one received in...

CVE-2022-33227

Memory corruption in Linux android due to double free while calling unregister provider after register...

CVE-2023-33110

The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory...

CVE-2023-21637

Memory corruption in Linux while calling system configuration...

CVE-2023-28580

Memory corruption in WLAN Host while setting the PMK length in PMK length in internal...

CVE-2023-21644

Memory corruption in RIL due to Integer Overflow while triggering qcril_uim_request_apdu...

CVE-2023-21636

Memory Corruption due to improper validation of array index in Linux while updating adn...

CVE-2023-33037

Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB...

CVE-2023-28565

Memory corruption in WLAN HAL while handling command streams through WMI...