Snapdragon 850 Mobile Compute Platform Firmware Security Vulnerabilities - 2023

CVE-2022-22076

information disclosure due to cryptographic issue in Core during RPMB read request.

CVE-2022-33264

Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.

CVE-2022-33307

Memory Corruption due to double free in automotive when a bad HLOS address for one of the lists to be mapped is passed.

CVE-2022-40507

Memory corruption due to double free in Core while mapping HLOS address to the list.

CVE-2022-40521

Transient DOS due to improper authorization in Modem

CVE-2022-40523

Information disclosure in Kernel due to indirect branch misprediction.

CVE-2022-40529

Memory corruption due to improper access control in kernel while processing a mapping request from root process.

CVE-2023-21628

Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.

CVE-2023-21673

Improper Access to the VM resource manager can lead to Memory Corruption.

CVE-2023-24847

Transient DOS in Modem while allocating DSM items.

CVE-2023-24848

Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value.

CVE-2023-24849

Information Disclosure in data Modem while parsing an FMTP line in an SDP message.

CVE-2023-24852

Memory Corruption in Core due to secure memory access by user while loading modem image.

CVE-2023-28538

Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region.

CVE-2023-28544

Memory corruption in WLAN while sending transmit command from HLOS to UTF handlers.

CVE-2023-28545

Memory corruption in TZ Secure OS while loading an app ELF.

CVE-2023-28550

Memory corruption in MPP performance while accessing DSM watermark using external memory address.

CVE-2023-28557

Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload.

CVE-2023-28558

Memory corruption in WLAN handler while processing PhyID in Tx status handler.

CVE-2023-28559

Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload.

CVE-2023-28560

Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.

CVE-2023-28566

Information disclosure in WLAN HAL while handling the WMI state info command.

CVE-2023-28568

Information disclosure in WLAN HAL when reception status handler is called.

CVE-2023-28569

Information disclosure in WLAN HAL while handling command through WMI interfaces.

CVE-2023-28585

Memory corruption while loading an ELF segment in TEE Kernel.

CVE-2023-28586

Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.

CVE-2023-33027

Transient DOS in WLAN Firmware while parsing rsn ies.

CVE-2023-33080

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.