Ricoh Company, Ltd. Security Vulnerabilities

CVE-2022-33304

Transient DOS due to NULL pointer dereference in Modem while performing pullup for received TCP/UDP...

CVE-2022-33302

Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command...

CVE-2022-33296

Memory corruption due to integer overflow to buffer overflow in Modem while parsing Traffic Channel Neighbor List Update...

CVE-2022-33297

Information disclosure due to buffer overread in Linux...

CVE-2022-33294

Transient DOS in Modem due to NULL pointer dereference while receiving response of lwm2m registration/update/bootstrap request...

CVE-2022-33289

Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from...

CVE-2022-33282

Memory corruption in Automotive Multimedia due to integer overflow to buffer overflow during IOCTL calls in video...

CVE-2022-33280

Memory corruption due to access of uninitialized pointer in Bluetooth HOST while processing the AVRCP...

CVE-2022-33275

Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of...

CVE-2022-33275

Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of...

CVE-2022-33269

Memory corruption due to integer overflow or wraparound in Core while DDR memory...

CVE-2022-33245

Memory corruption in WLAN due to use after...

CVE-2022-33242

Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio...

CVE-2022-33231

Memory corruption due to double free in core while initializing the encryption...

CVE-2022-33228

Information disclosure sue to buffer over-read in modem while processing ipv6 packet with hop-by-hop or destination option in...

CVE-2022-33226

Memory corruption due to buffer copy without checking the size of input in Core while processing ioctl commands from diag client...

CVE-2022-33223

Transient DOS in Modem due to null pointer dereference while processing the incoming packet with http chunked...

CVE-2022-33223

Transient DOS in Modem due to null pointer dereference while processing the incoming packet with http chunked...

CVE-2022-33216

Transient Denial-of-service in Automotive due to improper input validation while parsing ELF...

CVE-2022-25747

Information disclosure in modem due to improper input validation during parsing of upcoming CoAP...

CVE-2022-25740

Memory corruption in modem due to buffer overwrite while building an IPv6 multicast address based on the MAC address of the...

CVE-2022-25735

Denial of service in modem due to missing null check while processing TCP or UDP packets from...

CVE-2022-25733

Denial of service in modem due to null pointer dereference while processing DNS...

CVE-2022-25709

Memory corruption in modem due to use of out of range pointer offset while processing qmi...

CVE-2022-25694

Memory corruption in Modem due to usage of Out-of-range pointer offset in...

CVE-2022-25694

Memory corruption in Modem due to usage of Out-of-range pointer offset in...

CVE-2022-22060

Assertion occurs while processing Reconfiguration message due to improper...

CVE-2023-33061

Transient DOS in WLAN Firmware while parsing WLAN beacon or probe-response...

CVE-2023-33061

Transient DOS in WLAN Firmware while parsing WLAN beacon or probe-response...

CVE-2023-33048

Transient DOS in WLAN Firmware while parsing t2lm...

CVE-2023-33047

Transient DOS in WLAN Firmware while parsing no-inherit...

CVE-2023-33039

Memory corruption in Automotive Display while destroying the image handle created using connected display...

CVE-2023-33039

Memory corruption in Automotive Display while destroying the image handle created using connected display...

CVE-2023-33031

Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data...

CVE-2023-33029

Memory corruption in DSP Service during a remote call from HLOS to...

CVE-2023-33034

Memory corruption while parsing the ADSP response...

CVE-2023-33019

Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA...

CVE-2023-28577

In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel...

CVE-2023-28573

Memory corruption in WLAN HAL while parsing WMI command...

CVE-2023-28573

Memory corruption in WLAN HAL while parsing WMI command...

CVE-2023-28569

Information disclosure in WLAN HAL while handling command through WMI...

CVE-2023-28570

Memory corruption while processing audio...

CVE-2023-28566

Information disclosure in WLAN HAL while handling the WMI state info...

CVE-2023-28566

Information disclosure in WLAN HAL while handling the WMI state info...

CVE-2023-28563

Information disclosure in IOE Firmware while handling WMI...

CVE-2023-28561

Memory corruption in QESL while processing payload from external ESL device to...

CVE-2023-28557

Memory corruption in WLAN HAL while processing command parameters from untrusted WMI...

CVE-2023-28554

Information Disclosure in Qualcomm IPC while reading values from shared memory in...

CVE-2023-28556

Cryptographic issue in HLOS during key...

CVE-2023-28553

Information Disclosure in WLAN Host when processing WMI event...