CELSYS, Inc. Security Vulnerabilities

CVE-2024-21472

Memory corruption in Kernel while handling GPU...

CVE-2024-21468

Memory corruption when there is failed unmap operation in...

CVE-2024-21452

Transient DOS while decoding an ASN.1 OER message containing a SEQUENCE of unknown...

CVE-2023-33115

Memory corruption while processing buffer initialization, when trusted report for certain report types are...

CVE-2023-28547

Memory corruption in SPS Application while requesting for public key in sorter...

CVE-2021-47531 drm/msm: Fix mmap to include VM_IO and VM_DONTDUMP

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix mmap to include VM_IO and VM_DONTDUMP In commit 510410bfc034 ("drm/msm: Implement mmap as GEM object function") we switched to a new/cleaner method of doing things. That's good, but we missed a little bit. Before that....

CVE-2023-6515

Authorization Bypass Through User-Controlled Key vulnerability in Mia Technology Inc. MİA-MED allows Authentication Abuse.This issue affects MİA-MED: before...

CVE-2023-6517

Exposure of Sensitive Information Due to Incompatible Policies vulnerability in Mia Technology Inc. MİA-MED allows Collect Data as Provided by Users.This issue affects MİA-MED: before...

CVE-2021-47266 RDMA/ipoib: Fix warning caused by destroying non-initial netns

In the Linux kernel, the following vulnerability has been resolved: RDMA/ipoib: Fix warning caused by destroying non-initial netns After the commit 5ce2dced8e95 ("RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces"), if the IPoIB device is moved to non-initial netns, destroying that netns lets the....

Exploit for Vulnerability in Artifex Ghostscript

ghostscript-CVE-2023-43115 A small write-up with examples to...

CVE-2023-6519

Exposure of Data Element to Wrong Session vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable.This issue affects MİA-MED: before...

CVE-2023-52644

In the Linux kernel, the following vulnerability has been resolved: wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled When QoS is disabled, the queue priority value will not map to the correct ieee80211 queue since there is only one queue. Stop/wake queue 0 when QoS is...

CVE-2009-3861

...

CVE-2006-4523

...

CVE-2023-33048

Transient DOS in WLAN Firmware while parsing t2lm...

CVE-2023-33056

Transient DOS in WLAN Firmware when firmware receives beacon including T2LM...

CVE-2023-33027

Transient DOS in WLAN Firmware while parsing rsn...

CVE-2023-33021

Memory corruption in Graphics while processing user packets for command...

CVE-2023-33015

Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon...

CVE-2023-28577

In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel...

CVE-2023-28575

The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to...

CVE-2023-28567

Memory corruption in WLAN HAL while handling command through WMI...

CVE-2023-28562

Memory corruption while handling payloads from remote...

CVE-2023-28564

Memory corruption in WLAN HAL while passing command parameters through WMI...

CVE-2023-28561

Memory corruption in QESL while processing payload from external ESL device to...

CVE-2023-28558

Memory corruption in WLAN handler while processing PhyID in Tx status...

CVE-2023-28555

Transient DOS in Audio while remapping channel buffer in media codec...

CVE-2023-28543

A malformed DLC can trigger Memory Corruption in SNPE library due to out of bounds read, such as by loading an untrusted model (e.g. from a remote...

CVE-2023-28541

Memory Corruption in Data Modem while processing DMA buffer release event about CFR...

CVE-2023-24852

Memory Corruption in Core due to secure memory access by user while loading modem...

CVE-2023-24849

Information Disclosure in data Modem while parsing an FMTP line in an SDP...

CVE-2023-21671

Memory Corruption in Core during syscall for Sectools Fuse comparison...

CVE-2023-21673

Improper Access to the VM resource manager can lead to Memory...

CVE-2023-21667

Transient DOS in Bluetooth HOST while passing descriptor to validate the blacklisted BT...

CVE-2023-21662

Memory corruption in Core Platform while printing the response buffer in...

CVE-2023-21657

Memoru corruption in Audio when ADSP sends input during record use...

CVE-2023-21653

Transient DOS in Modem while processing RRC reconfiguration...

CVE-2023-21650

Memory Corruption in GPS HLOS Driver when injectFdclData receives data with invalid data...

CVE-2023-21640

Memory corruption in Linux when the file upload API is called with parameters having large...

CVE-2023-21630

Memory Corruption in Multimedia Framework due to integer overflow when synx bind is called along with synx...

CVE-2023-21629

Memory Corruption in Modem due to double free while parsing the PKCS15 sim...

CVE-2023-21628

Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1...

CVE-2023-21625

Information disclosure in Network Services due to buffer over-read while the device receives DNS...

CVE-2023-21624

Information disclosure in DSP Services while loading dynamic...

CVE-2022-40539

Memory corruption in Automotive Android OS due to improper validation of array...

CVE-2022-40503

Information disclosure due to buffer over-read in Bluetooth Host while A2DP...

CVE-2022-34144

Transient DOS due to reachable assertion in Modem during OSI decode...

CVE-2022-33309

Transient DOS due to buffer over-read in WLAN Firmware while parsing secure FTMR frame with size lesser than 39...

CVE-2022-33301

Memory corruption due to incorrect type conversion or cast in audio while using audio playback/capture when crafted address is sent from AGM IPC to...

CVE-2022-33288

Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection...