Ricoh Company, Ltd. Security Vulnerabilities

CVE-2023-33055

Memory Corruption in Audio while invoking callback function in driver from...

CVE-2023-33056

Transient DOS in WLAN Firmware when firmware receives beacon including T2LM...

CVE-2023-33035

Memory corruption while invoking callback function of AFE from...

CVE-2023-33028

Memory corruption in WLAN Firmware while doing a memory copy of pmk...

CVE-2023-33027

Transient DOS in WLAN Firmware while parsing rsn...

CVE-2023-33020

Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA...

CVE-2023-33021

Memory corruption in Graphics while processing user packets for command...

CVE-2023-28584

Transient DOS in WLAN Host when a mobile station receives invalid channel in CSA IE while doing channel switch announcement...

CVE-2023-33015

Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon...

CVE-2023-28576

The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to...

CVE-2023-28572

Memory corruption in WLAN HOST while processing the WLAN scan descriptor...

CVE-2023-28570

Memory corruption while processing audio...

CVE-2023-28565

Memory corruption in WLAN HAL while handling command streams through WMI...

CVE-2023-28556

Cryptographic issue in HLOS during key...

CVE-2023-28545

Memory corruption in TZ Secure OS while loading an app...

CVE-2023-28543

A malformed DLC can trigger Memory Corruption in SNPE library due to out of bounds read, such as by loading an untrusted model (e.g. from a remote...

CVE-2023-28542

Memory Corruption in WLAN HOST while fetching TX status...

CVE-2023-24855

Memory corruption in Modem while processing security related configuration before AS Security...

CVE-2023-24850

Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted...

CVE-2023-22388

Memory Corruption in Multi-mode Call Processor while processing bit mask...

CVE-2023-22666

Memory Corruption in Audio while playing amrwbplus clips with modified...

CVE-2023-22667

Memory Corruption in Audio while allocating the ion buffer during the music...

CVE-2023-22386

Memory Corruption in WLAN HOST while processing WLAN FW request to allocate...

CVE-2022-25731 Incorrect Calculation of Buffer Size in MODEM

Information disclosure in modem due to buffer over-read while processing packets from DNS...

CVE-2023-22384

Memory Corruption in VR Service while sending data using Fast Message Queue...

CVE-2023-21664

Memory Corruption in Core Platform while printing the response buffer in...

CVE-2023-21654

Memory corruption in Audio during playback session with audio effects...

CVE-2023-21655

Memory corruption in Audio while validating and mapping...

CVE-2023-21656

Memory corruption in WLAN HOST while receiving an WMI event from...

CVE-2023-21656

Memory corruption in WLAN HOST while receiving an WMI event from...

CVE-2023-21646

Transient DOS in Modem while processing invalid System Information Block...

CVE-2023-21648

Memory corruption in RIL while trying to send apdu...

CVE-2023-21632

Memory corruption in Automotive GPU while querying a gsl memory...

CVE-2022-25678 Buffer Copy Without Checking Size of Input in MODEM

Memory correction in modem due to buffer overwrite during coap...

CVE-2023-21628

Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1...

CVE-2023-21627

Memory corruption in Trusted Execution Environment while calling service API with invalid...

CVE-2022-40538

Transient DOS due to reachable assertion in modem while processing sib with incorrect values from...

CVE-2022-40536

Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from...

CVE-2022-40531

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID...

CVE-2022-40530

Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization...

CVE-2022-40521

Transient DOS due to improper authorization in...

CVE-2022-40523

Information disclosure in Kernel due to indirect branch...

CVE-2022-40521

Transient DOS due to improper authorization in...

CVE-2022-40508

Transient DOS due to reachable assertion in Modem while processing config related to cross carrier scheduling, which is not...

CVE-2022-40505

Information disclosure due to buffer over-read in Modem while parsing DNS...

CVE-2022-33305

Transient DOS due to NULL pointer dereference in Modem while sending invalid messages in...

CVE-2022-33298

Memory corruption due to use after free in Modem while modem...

CVE-2022-33289

Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from...

CVE-2022-33287

Information disclosure in Modem due to buffer over-read while getting length of Unfragmented headers in an IPv6...

CVE-2022-33282

Memory corruption in Automotive Multimedia due to integer overflow to buffer overflow during IOCTL calls in video...