Qm215 Firmware Security Vulnerabilities

CVE-2023-21626

Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key.

CVE-2023-21657

Memoru corruption in Audio when ADSP sends input during record use case.

CVE-2023-21666

Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.

CVE-2023-21670

Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode.

CVE-2023-22666

Memory Corruption in Audio while playing amrwbplus clips with modified content.

CVE-2023-28537

Memory corruption while allocating memory in COmxApeDec module in Audio.

CVE-2023-28540

Cryptographic issue in Data Modem due to improper authentication during TLS handshake.

CVE-2023-33018

Memory corruption while using the UIM diag command to get the operators name.

CVE-2023-33031

Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer.

CVE-2023-33035

Memory corruption while invoking callback function of AFE from ADSP.

CVE-2023-33054

Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance data.

CVE-2023-33059

Memory corruption in Audio while processing the VOC packet data from ADSP.

CVE-2023-33063

Memory corruption in DSP Services during a remote call from HLOS to DSP.

CVE-2023-33070

Transient DOS in Automotive OS due to improper authentication to the secure IO calls.

CVE-2023-33079

Memory corruption in Audio while running invalid audio recording from ADSP.