Wcn3660 Firmware Security Vulnerabilities - 2023

CVE-2022-22076

information disclosure due to cryptographic issue in Core during RPMB read request.

CVE-2022-25694

Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM

CVE-2022-25705

Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response

CVE-2022-33213

Memory corruption in modem due to buffer overflow while processing a PPP packet

CVE-2022-33233

Memory corruption due to configuration weakness in modem wile sending command to write protected files.

CVE-2022-33264

Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.

CVE-2022-33289

Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card.

CVE-2022-33302

Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.

CVE-2022-40504

Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network.

CVE-2022-40510

Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.

CVE-2022-40521

Transient DOS due to improper authorization in Modem

CVE-2022-40532

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

CVE-2022-40537

Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response.

CVE-2023-21626

Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key.

CVE-2023-21629

Memory Corruption in Modem due to double free while parsing the PKCS15 sim files.

CVE-2023-21665

Memory corruption in Graphics while importing a file.

CVE-2023-21666

Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.

CVE-2023-22666

Memory Corruption in Audio while playing amrwbplus clips with modified content.

CVE-2023-22667

Memory Corruption in Audio while allocating the ion buffer during the music playback.

CVE-2023-24850

Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application.

CVE-2023-28537

Memory corruption while allocating memory in COmxApeDec module in Audio.

CVE-2023-28546

Memory Corruption in SPS Application while exporting public key in sorter TA.

CVE-2023-33019

Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE.

CVE-2023-33020

Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE.

CVE-2023-33021

Memory corruption in Graphics while processing user packets for command submission.