Qca6564 Firmware Security Vulnerabilities

CVE-2022-33227

Memory corruption in Linux android due to double free while calling unregister provider after register call.

CVE-2022-33231

Memory corruption due to double free in core while initializing the encryption key.

CVE-2022-33234

Memory corruption in video due to configuration weakness. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

CVE-2022-33238

Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mo...

CVE-2022-33239

Transient DOS due to loop with unreachable exit condition in WLAN firmware while parsing IPV6 extension header. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapd...

CVE-2022-33242

Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.

CVE-2022-33245

Memory corruption in WLAN due to use after free

CVE-2022-33266

Memory corruption in Audio due to integer overflow to buffer overflow while music playback of clips like amr,evrc,qcelp with modified content.

CVE-2022-33267

Memory corruption in Linux while sending DRM request.

CVE-2022-33285

Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames.

CVE-2022-33286

Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames.

CVE-2022-33298

Memory corruption due to use after free in Modem while modem initialization.

CVE-2022-40503

Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.

CVE-2022-40507

Memory corruption due to double free in Core while mapping HLOS address to the list.

CVE-2022-40512

Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.

CVE-2022-40515

Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms.

CVE-2022-40516

Memory corruption in Core due to stack-based buffer overflow.

CVE-2022-40517

Memory corruption in core due to stack-based buffer overflow

CVE-2022-40518

Information disclosure due to buffer overread in Core

CVE-2022-40519

Information disclosure due to buffer overread in Core

CVE-2022-40520

Memory corruption due to stack-based buffer overflow in Core

CVE-2022-40529

Memory corruption due to improper access control in kernel while processing a mapping request from root process.

CVE-2022-40531

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.

CVE-2022-40532

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

CVE-2023-21626

Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key.

CVE-2023-21628

Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.

CVE-2023-21633

Memory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage request.

CVE-2023-21635

Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony.

CVE-2023-21650

Memory Corruption in GPS HLOS Driver when injectFdclData receives data with invalid data length.

CVE-2023-21662

Memory corruption in Core Platform while printing the response buffer in log.

CVE-2023-21664

Memory Corruption in Core Platform while printing the response buffer in log.

CVE-2023-21665

Memory corruption in Graphics while importing a file.

CVE-2023-21666

Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.

CVE-2023-22387

Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption.

CVE-2023-22666

Memory Corruption in Audio while playing amrwbplus clips with modified content.

CVE-2023-22667

Memory Corruption in Audio while allocating the ion buffer during the music playback.

CVE-2023-24852

Memory Corruption in Core due to secure memory access by user while loading modem image.

CVE-2023-24853

Memory Corruption in HLOS while registering for key provisioning notify.

CVE-2023-28537

Memory corruption while allocating memory in COmxApeDec module in Audio.

CVE-2023-28538

Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region.

CVE-2023-28542

Memory Corruption in WLAN HOST while fetching TX status information.

CVE-2023-28556

Cryptographic issue in HLOS during key management.

CVE-2023-28564

Memory corruption in WLAN HAL while passing command parameters through WMI interfaces.

CVE-2023-28565

Memory corruption in WLAN HAL while handling command streams through WMI interfaces.

CVE-2023-28585

Memory corruption while loading an ELF segment in TEE Kernel.

CVE-2023-28586

Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.

CVE-2023-28588

Transient DOS in Bluetooth Host while rfc slot allocation.

CVE-2023-33017

Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.

CVE-2023-33021

Memory corruption in Graphics while processing user packets for command submission.

CVE-2023-33030

Memory corruption in HLOS while running playready use-case.