Snapdragon Security Vulnerabilities

CVE-2023-28584

Transient DOS in WLAN Host when a mobile station receives invalid channel in CSA IE while doing channel switch announcement...

CVE-2023-28562

Memory corruption while handling payloads from remote...

CVE-2023-28558

Memory corruption in WLAN handler while processing PhyID in Tx status...

CVE-2023-28543

A malformed DLC can trigger Memory Corruption in SNPE library due to out of bounds read, such as by loading an untrusted model (e.g. from a remote...

CVE-2023-28564

Memory corruption in WLAN HAL while passing command parameters through WMI...

CVE-2023-21667

Transient DOS in Bluetooth HOST while passing descriptor to validate the blacklisted BT...

CVE-2023-28557

Memory corruption in WLAN HAL while processing command parameters from untrusted WMI...

CVE-2023-28538

Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI...

CVE-2023-28549

Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV...

CVE-2023-28548

Memory corruption in WLAN HAL while processing Tx/Rx commands from...

CVE-2023-28560

Memory corruption in WLAN HAL while processing devIndex from untrusted WMI...

CVE-2023-28559

Memory corruption in WLAN FW while processing command parameters from untrusted WMI...

CVE-2023-28544

Memory corruption in WLAN while sending transmit command from HLOS to UTF...

CVE-2023-21662

Memory corruption in Core Platform while printing the response buffer in...

CVE-2023-21653

Transient DOS in Modem while processing RRC reconfiguration...

CVE-2023-21644

Memory corruption in RIL due to Integer Overflow while triggering qcril_uim_request_apdu...

CVE-2023-21636

Memory Corruption due to improper validation of array index in Linux while updating adn...

CVE-2023-21663

Memory Corruption while accessing metadata in...

CVE-2022-40534

Memory corruption due to improper validation of array index in...

CVE-2023-21654

Memory corruption in Audio during playback session with audio effects...

CVE-2022-40524

Memory corruption due to buffer over-read in Modem while processing SetNativeHandle RTP...

CVE-2023-21655

Memory corruption in Audio while validating and mapping...

CVE-2023-21646

Transient DOS in Modem while processing invalid System Information Block...

CVE-2023-21664

Memory Corruption in Core Platform while printing the response buffer in...

CVE-2022-33275

Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of...

CVE-2022-33220

Information disclosure in Automotive multimedia due to buffer...

CVE-2023-28577

In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel...

CVE-2023-28575

The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to...

CVE-2023-28561

Memory corruption in QESL while processing payload from external ESL device to...

CVE-2023-28555

Transient DOS in Audio while remapping channel buffer in media codec...

CVE-2023-28537

Memory corruption while allocating memory in COmxApeDec module in...

CVE-2023-28576

The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to...

CVE-2023-21650

Memory Corruption in GPS HLOS Driver when injectFdclData receives data with invalid data...

CVE-2023-21625

Information disclosure in Network Services due to buffer over-read while the device receives DNS...

CVE-2023-21626

Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one...

CVE-2023-21652

Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after...

CVE-2023-21643

Memory corruption due to untrusted pointer dereference in automotive during system...

CVE-2023-21651

Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in...

CVE-2023-22666

Memory Corruption in Audio while playing amrwbplus clips with modified...

CVE-2023-21649

Memory corruption in WLAN while running doDriverCmd for an unspecific...

CVE-2023-21647

Information disclosure in Bluetooth when an GATT packet is received due to improper input...

CVE-2023-21648

Memory corruption in RIL while trying to send apdu...

CVE-2023-21627

Memory corruption in Trusted Execution Environment while calling service API with invalid...

CVE-2022-40510

Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS...

CVE-2023-21640

Memory corruption in Linux when the file upload API is called with parameters having large...

CVE-2023-21629

Memory Corruption in Modem due to double free while parsing the PKCS15 sim...

CVE-2023-28541

Memory Corruption in Data Modem while processing DMA buffer release event about CFR...

CVE-2023-21641

An app with non-privileged access can change global system brightness and cause undesired system...

CVE-2023-21638

Memory corruption in Video while calling APIs with different instance ID than the one received in...

CVE-2023-21637

Memory corruption in Linux while calling system configuration...