Mdm9628 Firmware Security Vulnerabilities

CVE-2022-40510

Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.

CVE-2022-40512

Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.

CVE-2022-40515

Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms.

CVE-2022-40521

Transient DOS due to improper authorization in Modem

CVE-2022-40531

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.

CVE-2022-40532

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

CVE-2022-40537

Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response.

CVE-2023-21626

Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key.

CVE-2023-21628

Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.

CVE-2023-21631

Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network.

CVE-2023-21649

Memory corruption in WLAN while running doDriverCmd for an unspecific command.

CVE-2023-21654

Memory corruption in Audio during playback session with audio effects enabled.

CVE-2023-21665

Memory corruption in Graphics while importing a file.

CVE-2023-21666

Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.

CVE-2023-22385

Memory Corruption in Data Modem while making a MO call or MT VOLTE call.

CVE-2023-22388

Memory Corruption in Multi-mode Call Processor while processing bit mask API.

CVE-2023-22666

Memory Corruption in Audio while playing amrwbplus clips with modified content.

CVE-2023-22667

Memory Corruption in Audio while allocating the ion buffer during the music playback.

CVE-2023-24848

Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value.

CVE-2023-24849

Information Disclosure in data Modem while parsing an FMTP line in an SDP message.

CVE-2023-28537

Memory corruption while allocating memory in COmxApeDec module in Audio.

CVE-2023-28541

Memory Corruption in Data Modem while processing DMA buffer release event about CFR data.

CVE-2023-28542

Memory Corruption in WLAN HOST while fetching TX status information.

CVE-2023-28550

Memory corruption in MPP performance while accessing DSM watermark using external memory address.

CVE-2023-28551

Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.

CVE-2023-28555

Transient DOS in Audio while remapping channel buffer in media codec decoding.

CVE-2023-28564

Memory corruption in WLAN HAL while passing command parameters through WMI interfaces.

CVE-2023-28565

Memory corruption in WLAN HAL while handling command streams through WMI interfaces.

CVE-2023-28570

Memory corruption while processing audio effects.

CVE-2023-28572

Memory corruption in WLAN HOST while processing the WLAN scan descriptor list.

CVE-2023-28586

Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.

CVE-2023-33017

Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.

CVE-2023-33018

Memory corruption while using the UIM diag command to get the operators name.

CVE-2023-33019

Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE.

CVE-2023-33020

Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE.

CVE-2023-33030

Memory corruption in HLOS while running playready use-case.

CVE-2023-33031

Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer.

CVE-2023-33033

Memory corruption in Audio during playback with speaker protection.

CVE-2023-33059

Memory corruption in Audio while processing the VOC packet data from ADSP.

CVE-2023-33064

Transient DOS in Audio when invoking callback function of ASM driver.

CVE-2023-33067

Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points.

CVE-2023-33068

Memory corruption in Audio while processing IIR config data from AFE calibration block.

CVE-2023-33069

Memory corruption in Audio while processing the calibration data returned from ACDB loader.

CVE-2023-33080

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.

CVE-2023-33120

Memory corruption in Audio when memory map command is executed consecutively in ADSP.

CVE-2023-43511

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains IPPROTO_NONE as the next header.

CVE-2023-43513

Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element.

CVE-2024-23368

Memory corruption when allocating and accessing an entry in an SMEM partition.

CVE-2024-23373

Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.

CVE-2024-33045

Memory corruption when BTFM client sends new messages over Slimbus to ADSP.