Mdm9250 Firmware Security Vulnerabilities

CVE-2022-40537

Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response.

CVE-2023-21625

Information disclosure in Network Services due to buffer over-read while the device receives DNS response.

CVE-2023-21628

Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.

CVE-2023-21629

Memory Corruption in Modem due to double free while parsing the PKCS15 sim files.

CVE-2023-21665

Memory corruption in Graphics while importing a file.

CVE-2023-21666

Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.

CVE-2023-22385

Memory Corruption in Data Modem while making a MO call or MT VOLTE call.

CVE-2023-22388

Memory Corruption in Multi-mode Call Processor while processing bit mask API.

CVE-2023-24847

Transient DOS in Modem while allocating DSM items.

CVE-2023-24848

Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value.

CVE-2023-24849

Information Disclosure in data Modem while parsing an FMTP line in an SDP message.

CVE-2023-28541

Memory Corruption in Data Modem while processing DMA buffer release event about CFR data.

CVE-2023-28542

Memory Corruption in WLAN HOST while fetching TX status information.

CVE-2023-28550

Memory corruption in MPP performance while accessing DSM watermark using external memory address.

CVE-2023-28551

Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.

CVE-2023-28559

Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload.

CVE-2023-28564

Memory corruption in WLAN HAL while passing command parameters through WMI interfaces.

CVE-2023-28565

Memory corruption in WLAN HAL while handling command streams through WMI interfaces.

CVE-2023-28586

Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.

CVE-2023-33017

Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.

CVE-2023-33018

Memory corruption while using the UIM diag command to get the operators name.

CVE-2023-33019

Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE.

CVE-2023-33020

Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE.

CVE-2023-33030

Memory corruption in HLOS while running playready use-case.

CVE-2023-33033

Memory corruption in Audio during playback with speaker protection.

CVE-2023-33059

Memory corruption in Audio while processing the VOC packet data from ADSP.

CVE-2023-33080

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.

CVE-2023-33107

Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.

CVE-2023-33120

Memory corruption in Audio when memory map command is executed consecutively in ADSP.

CVE-2023-43511

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains IPPROTO_NONE as the next header.

CVE-2024-33051

Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.

CVE-2024-33060

Memory corruption when two threads try to map and unmap a single node simultaneously.