Sm7325p Firmware Security Vulnerabilities

CVE-2022-25736

Denial of service in WLAN due to out-of-bound read happens while processing VHT action frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music...

CVE-2022-25741

Denial of service in WLAN due to potential null pointer dereference while accessing the memory location in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

CVE-2022-25743

Memory corruption in graphics due to use-after-free while importing graphics buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CVE-2022-25746

Memory corruption in kernel due to missing checks when updating the access rights of a memextent mapping.

CVE-2022-25748

Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdr...

CVE-2022-25749

Transient Denial-of-Service in WLAN due to buffer over-read while parsing MDNS frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voi...

CVE-2022-33213

Memory corruption in modem due to buffer overflow while processing a PPP packet

CVE-2022-33214

Memory corruption in display due to time-of-check time-of-use of metadata reserved size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

CVE-2022-33231

Memory corruption due to double free in core while initializing the encryption key.

CVE-2022-33232

Memory corruption due to buffer copy without checking size of input while running memory sharing tests with large scattered memory.

CVE-2022-33233

Memory corruption due to configuration weakness in modem wile sending command to write protected files.

CVE-2022-33234

Memory corruption in video due to configuration weakness. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

CVE-2022-33235

Information disclosure due to buffer over-read in WLAN firmware while parsing security context info attributes. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapd...

CVE-2022-33237

Transient DOS due to buffer over-read in WLAN firmware while processing PPE threshold. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snap...

CVE-2022-33238

Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mo...

CVE-2022-33239

Transient DOS due to loop with unreachable exit condition in WLAN firmware while parsing IPV6 extension header. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapd...

CVE-2022-33242

Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.

CVE-2022-33244

Transient DOS due to reachable assertion in modem during MIB reception and SIB timeout

CVE-2022-33248

Memory corruption in User Identity Module due to integer overflow to buffer overflow when a segement is received via qmi http.

CVE-2022-33250

Transient DOS due to reachable assertion in modem when network repeatedly sent invalid message container for NR to LTE handover.

CVE-2022-33251

Transient DOS due to reachable assertion in Modem because of invalid network configuration.

CVE-2022-33252

Information disclosure due to buffer over-read in WLAN while handling IBSS beacons frame.

CVE-2022-33253

Transient DOS due to buffer over-read in WLAN while parsing corrupted NAN frames.

CVE-2022-33254

Transient DOS due to reachable assertion in Modem while processing SIB1 Message.

CVE-2022-33256

Memory corruption due to improper validation of array index in Multi-mode call processor.

CVE-2022-33257

Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone.

CVE-2022-33264

Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.

CVE-2022-33270

Transient DOS due to time-of-check time-of-use race condition in Modem while processing RRC Reconfiguration message.

CVE-2022-33271

Information disclosure due to buffer over-read in WLAN while parsing NMF frame.

CVE-2022-33272

Transient DOS in modem due to reachable assertion.

CVE-2022-33275

Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of range.

CVE-2022-33276

Memory corruption due to buffer copy without checking size of input in modem while receiving WMI_REQUEST_STATS_CMDID command.

CVE-2022-33277

Memory corruption in modem due to buffer copy without checking size of input while receiving WMI command.

CVE-2022-33278

Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer capacity.

CVE-2022-33283

Information disclosure due to buffer over-read in WLAN while WLAN frame parsing due to missing frame length check.

CVE-2022-33284

Information disclosure due to buffer over-read in WLAN while parsing BTM action frame.

CVE-2022-33285

Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames.

CVE-2022-33286

Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames.

CVE-2022-33288

Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection information.

CVE-2022-33289

Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card.

CVE-2022-33302

Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.

CVE-2022-33305

Transient DOS due to NULL pointer dereference in Modem while sending invalid messages in DCCH.

CVE-2022-34144

Transient DOS due to reachable assertion in Modem during OSI decode scheduling.

CVE-2022-40503

Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.

CVE-2022-40504

Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network.

CVE-2022-40507

Memory corruption due to double free in Core while mapping HLOS address to the list.

CVE-2022-40510

Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.

CVE-2022-40512

Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.

CVE-2022-40514

Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame.

CVE-2022-40515

Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms.