Snapdragon X5 Lte Modem Firmware Security Vulnerabilities

CVE-2022-22076

information disclosure due to cryptographic issue in Core during RPMB read request.

CVE-2022-25678

Memory correction in modem due to buffer overwrite during coap connection

CVE-2022-25726

Information disclosure in modem data due to array out of bound access while handling the incoming DNS response packet

CVE-2022-25730

Information disclosure in modem due to improper check of IP type while processing DNS server query

CVE-2022-25731

Information disclosure in modem due to buffer over-read while processing packets from DNS server

CVE-2022-25737

Information disclosure in modem due to missing NULL check while reading packets received from local network

CVE-2022-25739

Denial of service in modem due to missing null check while processing the ipv6 packet received during ECM call

CVE-2022-25740

Memory corruption in modem due to buffer overwrite while building an IPv6 multicast address based on the MAC address of the iface

CVE-2022-25747

Information disclosure in modem due to improper input validation during parsing of upcoming CoAP message

CVE-2022-33211

memory corruption in modem due to improper check while calculating size of serialized CoAP message

CVE-2022-33222

Information disclosure due to buffer over-read while parsing DNS response packets in Modem.

CVE-2022-33223

Transient DOS in Modem due to null pointer dereference while processing the incoming packet with http chunked encoding.

CVE-2022-33228

Information disclosure sue to buffer over-read in modem while processing ipv6 packet with hop-by-hop or destination option in header.

CVE-2022-33258

Information disclosure due to buffer over-read in modem while reading configuration parameters.

CVE-2022-33259

Memory corruption due to buffer copy without checking the size of input in modem while decoding raw SMS received.

CVE-2022-33264

Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.

CVE-2022-33287

Information disclosure in Modem due to buffer over-read while getting length of Unfragmented headers in an IPv6 packet.

CVE-2022-33289

Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card.

CVE-2022-33291

Information disclosure in Modem due to buffer over-read while receiving a IP header with malformed length.

CVE-2022-33294

Transient DOS in Modem due to NULL pointer dereference while receiving response of lwm2m registration/update/bootstrap request message.

CVE-2022-33295

Information disclosure in Modem due to buffer over-read while parsing the wms message received given the buffer and its length.

CVE-2022-33296

Memory corruption due to integer overflow to buffer overflow in Modem while parsing Traffic Channel Neighbor List Update message.

CVE-2022-33302

Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.

CVE-2022-33304

Transient DOS due to NULL pointer dereference in Modem while performing pullup for received TCP/UDP packet.

CVE-2022-40503

Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.

CVE-2022-40505

Information disclosure due to buffer over-read in Modem while parsing DNS hostname.

CVE-2022-40507

Memory corruption due to double free in Core while mapping HLOS address to the list.

CVE-2022-40521

Transient DOS due to improper authorization in Modem

CVE-2022-40532

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

CVE-2023-21628

Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.

CVE-2023-21665

Memory corruption in Graphics while importing a file.

CVE-2023-21666

Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.

CVE-2023-22385

Memory Corruption in Data Modem while making a MO call or MT VOLTE call.

CVE-2023-22388

Memory Corruption in Multi-mode Call Processor while processing bit mask API.

CVE-2023-24848

Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value.

CVE-2023-24849

Information Disclosure in data Modem while parsing an FMTP line in an SDP message.

CVE-2023-28550

Memory corruption in MPP performance while accessing DSM watermark using external memory address.

CVE-2023-28551

Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.

CVE-2023-33017

Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.

CVE-2023-33018

Memory corruption while using the UIM diag command to get the operators name.

CVE-2023-33030

Memory corruption in HLOS while running playready use-case.

CVE-2023-33031

Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer.

CVE-2023-33033

Memory corruption in Audio during playback with speaker protection.

CVE-2023-33059

Memory corruption in Audio while processing the VOC packet data from ADSP.

CVE-2023-33067

Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points.

CVE-2023-33068

Memory corruption in Audio while processing IIR config data from AFE calibration block.

CVE-2023-33069

Memory corruption in Audio while processing the calibration data returned from ACDB loader.

CVE-2023-33080

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.

CVE-2023-33110

The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.

CVE-2023-33120

Memory corruption in Audio when memory map command is executed consecutively in ADSP.