Wcn3988 Firmware Security Vulnerabilities

CVE-2022-40536

Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from network.

CVE-2022-40537

Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response.

CVE-2022-40539

Memory corruption in Automotive Android OS due to improper validation of array index.

CVE-2022-40540

Memory corruption due to buffer copy without checking the size of input while loading firmware in Linux Kernel.

CVE-2023-21626

Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key.

CVE-2023-21627

Memory corruption in Trusted Execution Environment while calling service API with invalid address.

CVE-2023-21628

Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.

CVE-2023-21629

Memory Corruption in Modem due to double free while parsing the PKCS15 sim files.

CVE-2023-21630

Memory Corruption in Multimedia Framework due to integer overflow when synx bind is called along with synx signal.

CVE-2023-21631

Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network.

CVE-2023-21633

Memory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage request.

CVE-2023-21634

Memory Corruption in Radio Interface Layer while sending an SMS or writing an SMS to SIM.

CVE-2023-21635

Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony.

CVE-2023-21636

Memory Corruption due to improper validation of array index in Linux while updating adn record.

CVE-2023-21637

Memory corruption in Linux while calling system configuration APIs.

CVE-2023-21639

Memory corruption in Audio while processing sva_model_serializer using memory size passed by HIDL client.

CVE-2023-21644

Memory corruption in RIL due to Integer Overflow while triggering qcril_uim_request_apdu request.

CVE-2023-21646

Transient DOS in Modem while processing invalid System Information Block 1.

CVE-2023-21647

Information disclosure in Bluetooth when an GATT packet is received due to improper input validation.

CVE-2023-21648

Memory corruption in RIL while trying to send apdu packet.

CVE-2023-21649

Memory corruption in WLAN while running doDriverCmd for an unspecific command.

CVE-2023-21650

Memory Corruption in GPS HLOS Driver when injectFdclData receives data with invalid data length.

CVE-2023-21651

Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.

CVE-2023-21652

Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use.

CVE-2023-21654

Memory corruption in Audio during playback session with audio effects enabled.

CVE-2023-21655

Memory corruption in Audio while validating and mapping metadata.

CVE-2023-21656

Memory corruption in WLAN HOST while receiving an WMI event from firmware.

CVE-2023-21657

Memoru corruption in Audio when ADSP sends input during record use case.

CVE-2023-21659

Transient DOS in WLAN Firmware while processing frames with missing header fields.

CVE-2023-21663

Memory Corruption while accessing metadata in Display.

CVE-2023-21665

Memory corruption in Graphics while importing a file.

CVE-2023-21666

Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.

CVE-2023-21667

Transient DOS in Bluetooth HOST while passing descriptor to validate the blacklisted BT keyboard.

CVE-2023-21669

Information Disclosure in WLAN HOST while sending DPP action frame to peer with an invalid source address.

CVE-2023-21670

Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode.

CVE-2023-21672

Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording sessions.

CVE-2023-21673

Improper Access to the VM resource manager can lead to Memory Corruption.

CVE-2023-22383

Memory Corruption in camera while installing a fd for a particular DMA buffer.

CVE-2023-22385

Memory Corruption in Data Modem while making a MO call or MT VOLTE call.

CVE-2023-22386

Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory.

CVE-2023-22387

Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption.

CVE-2023-22388

Memory Corruption in Multi-mode Call Processor while processing bit mask API.

CVE-2023-22666

Memory Corruption in Audio while playing amrwbplus clips with modified content.

CVE-2023-22667

Memory Corruption in Audio while allocating the ion buffer during the music playback.

CVE-2023-22668

Memory Corruption in Audio while invoking IOCTLs calls from the user-space.

CVE-2023-24843

Transient DOS in Modem while triggering a camping on an 5G cell.

CVE-2023-24844

Memory Corruption in Core while invoking a call to Access Control core library with hardware protected address range.

CVE-2023-24847

Transient DOS in Modem while allocating DSM items.

CVE-2023-24848

Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value.

CVE-2023-24849

Information Disclosure in data Modem while parsing an FMTP line in an SDP message.