Qam8650P Firmware Security Vulnerabilities

CVE-2022-22076

information disclosure due to cryptographic issue in Core during RPMB read request.

CVE-2022-33307

Memory Corruption due to double free in automotive when a bad HLOS address for one of the lists to be mapped is passed.

CVE-2022-40507

Memory corruption due to double free in Core while mapping HLOS address to the list.

CVE-2022-40523

Information disclosure in Kernel due to indirect branch misprediction.

CVE-2022-40529

Memory corruption due to improper access control in kernel while processing a mapping request from root process.

CVE-2022-40533

Transient DOS due to untrusted Pointer Dereference in core while sending USB QMI request.

CVE-2023-21656

Memory corruption in WLAN HOST while receiving an WMI event from firmware.

CVE-2023-21657

Memoru corruption in Audio when ADSP sends input during record use case.

CVE-2023-21658

Transient DOS in WLAN Firmware while processing the received beacon or probe response frame.

CVE-2023-21659

Transient DOS in WLAN Firmware while processing frames with missing header fields.

CVE-2023-21670

Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode.

CVE-2023-21672

Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording sessions.

CVE-2023-21673

Improper Access to the VM resource manager can lead to Memory Corruption.

CVE-2023-22382

Weak configuration in Automotive while VM is processing a listener request from TEE.

CVE-2023-22386

Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory.

CVE-2023-22387

Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption.

CVE-2023-24850

Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application.

CVE-2023-24851

Memory Corruption in WLAN HOST while parsing QMI response message from firmware.

CVE-2023-24852

Memory Corruption in Core due to secure memory access by user while loading modem image.

CVE-2023-24853

Memory Corruption in HLOS while registering for key provisioning notify.

CVE-2023-24854

Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware response message.

CVE-2023-28545

Memory corruption in TZ Secure OS while loading an app ELF.

CVE-2023-28546

Memory Corruption in SPS Application while exporting public key in sorter TA.

CVE-2023-28550

Memory corruption in MPP performance while accessing DSM watermark using external memory address.

CVE-2023-28556

Cryptographic issue in HLOS during key management.

CVE-2023-28563

Information disclosure in IOE Firmware while handling WMI command.

CVE-2023-28569

Information disclosure in WLAN HAL while handling command through WMI interfaces.

CVE-2023-28574

Memory corruption in core services when Diag handler receives a command to configure event listeners.

CVE-2023-28585

Memory corruption while loading an ELF segment in TEE Kernel.

CVE-2023-28586

Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.

CVE-2023-28587

Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level.

CVE-2023-33014

Information disclosure in Core services while processing a Diag command.

CVE-2023-33017

Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.

CVE-2023-33022

Memory corruption in HLOS while invoking IOCTL calls from user-space.

CVE-2023-33026

Transient DOS in WLAN Firmware while parsing a NAN management frame.

CVE-2023-33027

Transient DOS in WLAN Firmware while parsing rsn ies.

CVE-2023-33028

Memory corruption in WLAN Firmware while doing a memory copy of pmk cache.

CVE-2023-33029

Memory corruption in DSP Service during a remote call from HLOS to DSP.

CVE-2023-33030

Memory corruption in HLOS while running playready use-case.

CVE-2023-33031

Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer.

CVE-2023-33035

Memory corruption while invoking callback function of AFE from ADSP.

CVE-2023-33036

Permanent DOS in Hypervisor while untrusted VM without PSCI support makes a PSCI call.

CVE-2023-33037

Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data.

CVE-2023-33039

Memory corruption in Automotive Display while destroying the image handle created using connected display driver.

CVE-2023-33041

Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids.

CVE-2023-33045

Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute.

CVE-2023-33047

Transient DOS in WLAN Firmware while parsing no-inherit IES.

CVE-2023-33048

Transient DOS in WLAN Firmware while parsing t2lm buffers.

CVE-2023-33053

Memory corruption in Kernel while parsing metadata.

CVE-2023-33055

Memory Corruption in Audio while invoking callback function in driver from ADSP.