Snapdragon Wear 1300 Platform Firmware Security Vulnerabilities

CVE-2022-22076

information disclosure due to cryptographic issue in Core during RPMB read request.

CVE-2022-33287

Information disclosure in Modem due to buffer over-read while getting length of Unfragmented headers in an IPv6 packet.

CVE-2022-33289

Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card.

CVE-2022-33291

Information disclosure in Modem due to buffer over-read while receiving a IP header with malformed length.

CVE-2022-33302

Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.

CVE-2022-33304

Transient DOS due to NULL pointer dereference in Modem while performing pullup for received TCP/UDP packet.

CVE-2022-40505

Information disclosure due to buffer over-read in Modem while parsing DNS hostname.

CVE-2022-40507

Memory corruption due to double free in Core while mapping HLOS address to the list.

CVE-2022-40521

Transient DOS due to improper authorization in Modem

CVE-2022-40523

Information disclosure in Kernel due to indirect branch misprediction.

CVE-2022-40532

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

CVE-2023-22385

Memory Corruption in Data Modem while making a MO call or MT VOLTE call.

CVE-2023-22388

Memory Corruption in Multi-mode Call Processor while processing bit mask API.

CVE-2023-24852

Memory Corruption in Core due to secure memory access by user while loading modem image.

CVE-2023-28545

Memory corruption in TZ Secure OS while loading an app ELF.

CVE-2023-28546

Memory Corruption in SPS Application while exporting public key in sorter TA.

CVE-2023-28550

Memory corruption in MPP performance while accessing DSM watermark using external memory address.

CVE-2023-28551

Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.

CVE-2023-28556

Cryptographic issue in HLOS during key management.

CVE-2023-28585

Memory corruption while loading an ELF segment in TEE Kernel.

CVE-2023-28586

Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.

CVE-2023-33017

Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.

CVE-2023-33018

Memory corruption while using the UIM diag command to get the operators name.

CVE-2023-33030

Memory corruption in HLOS while running playready use-case.

CVE-2023-33032

Memory corruption in TZ Secure OS while requesting a memory allocation from TA region.

CVE-2023-33033

Memory corruption in Audio during playback with speaker protection.

CVE-2023-33072

Memory corruption in Core while processing control functions.

CVE-2023-33110

The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.

CVE-2024-21461

Memory corruption while performing finish HMAC operation when context is freed by keymaster.

CVE-2024-21462

Transient DOS while loading the TA ELF file.

CVE-2024-21465

Memory corruption while processing key blob passed by the user.

CVE-2024-21469

Memory corruption when an invoke call and a TEE call are bound for the same trusted application.