Qualcomm Security Vulnerabilities

CVE-2023-28562

Memory corruption while handling payloads from remote...

CVE-2022-34144

Transient DOS due to reachable assertion in Modem during OSI decode...

CVE-2023-28575

The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to...

CVE-2023-21630

Memory Corruption in Multimedia Framework due to integer overflow when synx bind is called along with synx...

CVE-2023-21641

An app with non-privileged access can change global system brightness and cause undesired system...

CVE-2022-33273

Information disclosure due to buffer over-read in Trusted Execution Environment while QRKS report...

CVE-2023-21624

Information disclosure in DSP Services while loading dynamic...

CVE-2023-22668

Memory Corruption in Audio while invoking IOCTLs calls from the...

CVE-2022-25731

Information disclosure in modem due to buffer over-read while processing packets from DNS...

CVE-2023-21650

Memory Corruption in GPS HLOS Driver when injectFdclData receives data with invalid data...

CVE-2023-21667

Transient DOS in Bluetooth HOST while passing descriptor to validate the blacklisted BT...

CVE-2023-33043

Transient DOS in Modem when a Beam switch request is made with a non-configured...

CVE-2022-25738

Information disclosure in modem due to buffer over-red while performing checksum of packet...

CVE-2023-28577

In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel...

CVE-2023-33014

Information disclosure in Core services while processing a Diag...

CVE-2022-40539

Memory corruption in Automotive Android OS due to improper validation of array...

CVE-2023-21671

Memory Corruption in Core during syscall for Sectools Fuse comparison...

CVE-2023-28565

Memory corruption in WLAN HAL while handling command streams through WMI...

CVE-2023-28540

Cryptographic issue in Data Modem due to improper authentication during TLS...

CVE-2023-33025

Memory corruption in Data Modem when a non-standard SDP body, during a VOLTE...

CVE-2023-43518

Memory corruption in video while parsing invalid mp2...

CVE-2022-33301

Memory corruption due to incorrect type conversion or cast in audio while using audio playback/capture when crafted address is sent from AGM IPC to...

CVE-2023-43517

Memory corruption in Automotive Multimedia due to improper access control in...

CVE-2023-28537

Memory corruption while allocating memory in COmxApeDec module in...

CVE-2022-33292

Memory corruption in Qualcomm IPC due to use after free while receiving the incoming packet and reposting...

CVE-2022-33281

Memory corruption due to improper validation of array index in computer vision while testing EVA kernel without sending any...

CVE-2022-33305

Transient DOS due to NULL pointer dereference in Modem while sending invalid messages in...

CVE-2023-33076

Memory corruption in Core when updating rollback version for TA and OTA feature is...

CVE-2023-21670

Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged...

CVE-2023-28554

Information Disclosure in Qualcomm IPC while reading values from shared memory in...

CVE-2022-33221

Information disclosure in Trusted Execution Environment due to buffer over-read while processing metadata verification...

CVE-2023-28559

Memory corruption in WLAN FW while processing command parameters from untrusted WMI...

CVE-2023-24853

Memory Corruption in HLOS while registering for key provisioning...

CVE-2022-33222

Information disclosure due to buffer over-read while parsing DNS response packets in...

CVE-2023-33047

Transient DOS in WLAN Firmware while parsing no-inherit...

CVE-2022-33259

Memory corruption due to buffer copy without checking the size of input in modem while decoding raw SMS...

CVE-2022-25678

Memory correction in modem due to buffer overwrite during coap...

CVE-2023-28585

Memory corruption while loading an ELF segment in TEE...

CVE-2023-33069

Memory corruption in Audio while processing the calibration data returned from ACDB...

CVE-2023-33067

Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap...

CVE-2022-33275

Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of...

CVE-2023-43535

Memory corruption when negative display IDs are sent as input while processing DISPLAYESCAPE event...

CVE-2023-43532

Memory corruption while reading ACPI config through the user mode...

CVE-2023-33035

Memory corruption while invoking callback function of AFE from...

CVE-2022-40507

Memory corruption due to double free in Core while mapping HLOS address to the...

CVE-2023-21631

Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from...

CVE-2023-33028

Memory corruption in WLAN Firmware while doing a memory copy of pmk...

CVE-2022-33302

Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command...

CVE-2023-33089

Transient DOS when processing a NULL buffer while parsing WLAN...

CVE-2022-25694

Memory corruption in Modem due to usage of Out-of-range pointer offset in...