Lucene search
+L
QualcommQcs4490 Firmware

254 matches found

cve
cve
added 2025/06/03 6:42 a.m.366 views

CVE-2025-21479

CVE-2025-21479 is a memory corruption vulnerability in Qualcomm Adreno GPU drivers caused by unauthorized command execution in a GPU micronode during a specific command sequence. Public details indicate it affects Adreno A7xx devices (e.g., Snapdragon 8 Gen 1+ era) and can enable kernel memory re...

8.6CVSS8.9AI score0.00778EPSS
In wild
cve
cve
added 2023/12/05 3:4 a.m.360 views

CVE-2023-33063

CVE-2023-33063 is a Use-After-Free/memory corruption issue in Qualcomm DSP Services triggered by a remote call from HLOS to DSP. Affected: Qualcomm chipsets with DSP Services; root cause: memory corruption leading to potential unintended behavior. Documents indicate high impact (confidentiality, ...

7.8CVSS8.1AI score0.007EPSS
In wild
cve
cve
added 2023/12/05 3:4 a.m.357 views

CVE-2023-33106

CVE-2023-33106 is a memory corruption vulnerability in Qualcomm graphics drivers, caused by an out-of-range pointer offset when submitting a large list of sync points to IOCTL_KGSL_GPU_AUX_COMMAND. Affected component is Qualcomm chipsets’ graphics subsystem (KGSL driver). The issue is locally exp...

8.4CVSS8.3AI score0.00854EPSS
In wild
cve
cve
added 2023/12/05 3:4 a.m.352 views

CVE-2023-33107

CVE-2023-33107 is an integer overflow/memory-corruption vulnerability in Graphics Linux affecting Qualcomm display components. The flaw occurs when assigning a shared virtual memory region during an IOCTL, enabling local attacker access with low complexity and no user interaction; impact is rated...

8.4CVSS8.3AI score0.00892EPSS
In wild
cve
cve
added 2025/06/03 5:53 a.m.189 views

CVE-2025-21480

CVE-2025-21480 is reported as a memory corruption due to unauthorized command execution in the GPU micronode while executing a specific sequence of commands, affecting Qualcomm chipsets (notably Qualcomm FastConnect 7800 and other chipsets). The connected documents confirm this CVE is categorized...

8.6CVSS8.9AI score0.00435EPSS
In wild
cve
cve
added 2023/06/06 7:39 a.m.159 views

CVE-2023-21656

CVE-2023-21656 is a memory corruption issue in the WLAN HOST when receiving a WMI event from firmware, affecting Qualcomm chipsets (WLAN component). The primary sources list the vulnerability and its high impact (CVSS 3.1: AV=L/AC=L/PR=L/UI:N/S:U/C:H/I:H/A:H) but do not provide concrete product v...

7.8CVSS7.9AI score0.00116EPSS
cve
cve
added 2023/06/06 7:39 a.m.156 views

CVE-2023-21670

CVE-2023-21670 describes memory corruption in the Qualcomm GPU subsystem caused by arbitrary command execution from the GPU when operating in privileged mode. The CVE is documented with a HIGH impact (confidentiality, integrity, and availability) and a LOCAL attack vector with LOW complexity and ...

7.8CVSS7.8AI score0.00116EPSS
cve
cve
added 2024/07/01 2:17 p.m.149 views

CVE-2024-23380

CVE-2024-23380 is a memory corruption issue in Qualcomm’s graphics stack related to handling user packets during a VBO bind operation. The flaw is described as a local issue with high impact to confidentiality, integrity, and availability. The CVSS indicates local access with low attack complexit...

8.4CVSS8.2AI score0.00154EPSS
cve
cve
added 2024/02/06 5:47 a.m.142 views

CVE-2023-43513

CVE-2023-43513: Memory corruption in Qualcomm components due to an untrusted context read pointer during event-ring processing, which may be advanced with arbitrary values and point to the middle of a ring element. According to the provided data, the CVSS v3.1 base metrics are HIGH for Confidenti...

7.8CVSS7.7AI score0.0011EPSS
cve
cve
added 2024/07/01 2:17 p.m.141 views

CVE-2024-23373

CVE-2024-23373 is a memory corruption/Use-After-Free issue in Qualcomm graphics stack related to IOMMU unmap handling, where a failed unmap can cause DMA/anonymous buffers to be released. Public sources assign a HIGH impact with local attack requirements (no user interaction). The CVE is document...

8.4CVSS8.3AI score0.0015EPSS
cve
cve
added 2025/01/06 10:33 a.m.139 views

CVE-2024-21464

CVE-2024-21464 : Memory corruption in Qualcomm chipset kernels when processing IPA statistics with no active clients registered. Connected documents confirm it affects Qualcomm components (kernel) and is described as a memory corruption issue in multiple sources. Public technical details across s...

8.4CVSS8.6AI score0.00145EPSS
cve
cve
added 2023/07/04 4:46 a.m.135 views

CVE-2023-24851

CVE-2023-24851 is a memory corruption vulnerability in the WLAN HOST component when parsing a QMI response from firmware. It is listed for Qualcomm WLAN and appears in Qualcomm’s July 2023 bulletin; CVSS v3.1 base score 7.8 (LOCAL, LOW attack complexity, HIGH impact on confidentiality, integrity,...

7.8CVSS7.7AI score0.00116EPSS
cve
cve
added 2023/07/04 4:46 a.m.134 views

CVE-2023-22387

CVE-2023-22387 describes an arbitrary memory overwrite when a VM is compromised during a TX write, causing memory corruption. The most concrete details in the connected docs are: (1) it is listed under Qualcomm components, specifically in the Qualcomm kernel area, with a high impact and Local att...

7.8CVSS7.6AI score0.00116EPSS
cve
cve
added 2024/09/02 10:22 a.m.134 views

CVE-2024-38402

CVE-2024-38402 is a memory corruption via a refcount leak in the Qualcomm ADSPRPC DSP driver (fastrpc_get_process_gids). The vulnerability can enable use-after-free of the group_info structure, exposing kernel memory through a non-saturating refcount that can overflow with repeated calls. Disclos...

7.8CVSS7.9AI score0.0016EPSS
cve
cve
added 2023/12/05 3:3 a.m.132 views

CVE-2023-28588

CVE-2023-28588 (Qualcomm Bluetooth) : A transient DoS in the Bluetooth Host during RFC slot allocation affects Qualcomm Chipsets’ Bluetooth component. Public records describe an integer overflow/wraparound issue in the Bluetooth Host as the root cause. The CVSSv3.1 base score is 7.5 (High) with n...

7.5CVSS7.5AI score0.00522EPSS
cve
cve
added 2023/10/03 5:0 a.m.131 views

CVE-2023-33029

CVE-2023-33029 involves a memory corruption issue in the Qualcomm DSP Service when a remote call is made from HLOS to DSP. Reports consistently describe it as a DSP Service memory corruption vulnerability; CVSS metrics indicate local attack vector, low privileges, no user interaction, and high im...

8.4CVSS8AI score0.00111EPSS
cve
cve
added 2024/03/04 10:48 a.m.131 views

CVE-2023-43550

CVE-2023-43550 affects Qualcomm components, describing memory corruption when processing a QMI request to allocate memory from a DHMS‑supported subsystem. The CVSS v3.1 vector indicates a Local, Low‑Complexity, Privileged (low) exploit with no user interaction, and high impact to confidentiality,...

7.8CVSS7.9AI score0.0011EPSS
cve
cve
added 2024/07/01 2:17 p.m.130 views

CVE-2024-23372

CVE-2024-23372 is a memory corruption issue described as occurring when invoking an IOCTL for GPU memory allocation with a size parameter larger than expected. Multiple sources identify it in Qualcomm components and related display subsystems, with a high-impact profile (local attack, low privile...

8.4CVSS8.3AI score0.00131EPSS
cve
cve
added 2025/05/06 8:32 a.m.126 views

CVE-2025-21468

CVE-2025-21468 describes a memory corruption in Qualcomm chipset drivers when reading a response from firmware if the firmware changes the buffer size while the driver uses that size to append a null terminator. This is a local vulnerability with a CVSS 3.1 base score of 7.8 (High) and impact on ...

7.8CVSS8AI score0.00088EPSS
cve
cve
added 2024/07/01 2:17 p.m.123 views

CVE-2024-23368

CVE-2024-23368 is a memory corruption issue in Qualcomm’s embedded platform concerning the SMEM Partition Handler. The vulnerability arises when allocating and accessing an entry in an SMEM partition, effectively a classic buffer copy without proper input size checking, which can lead to memory c...

7.8CVSS7.9AI score0.00103EPSS
cve
cve
added 2023/12/05 3:4 a.m.122 views

CVE-2023-33087

CVE-2023-33087 describes a memory corruption in Core when processing RX intent requests in Qualcomm chipsets (buffer copy without checking input size). Reported base CVSSv3.1: 7.8 (HIGH) with LOCAL attack vector, LOW exploit complexity, and no user interaction; impacts confidentiality, integrity,...

7.8CVSS7.9AI score0.00157EPSS
cve
cve
added 2024/05/06 2:32 p.m.122 views

CVE-2024-23354

CVE-2024-23354 is a memory-corruption issue in Qualcomm chipsets triggered when an IOCTL is interrupted by a signal. Documented in Qualcomm security bulletins and reflected across sources (NVD, RH, CNNVD, OSV). The records do not specify affected models/versions or a confirmed patch; exploitation...

8.4CVSS7.1AI score0.00156EPSS
cve
cve
added 2023/09/05 6:24 a.m.121 views

CVE-2023-28584

CVE-2023-28584 describes a transient DoS in Qualcomm WLAN Host when a mobile station receives an invalid channel in the Channel Switch Announcement (CSA) Information Element during a CSA. Affected component: Qualcomm WLAN/closed‑source WLAN stack in Qualcomm chipsets mentioned in multiple records...

7.5CVSS7.5AI score0.003EPSS
cve
cve
added 2025/03/03 10:7 a.m.121 views

CVE-2024-53027

CVE-2024-53027 is a transient DoS vulnerability triggered while processing a malformed Country Information Element in Qualcomm WLAN firmware and Bluetooth stacks. Exploitation requires proximity (remote over Wi‑Fi/Bluetooth) and can crash the chipset firmware, potentially disrupting connectivity ...

7.5CVSS7.2AI score0.00276EPSS
cve
cve
added 2023/12/05 3:4 a.m.120 views

CVE-2023-33092

CVE-2023-33092 describes a memory corruption in the Bluetooth HOST path when processing a pin reply whose value from the APP layer exceeds the expected size. The issue is caused by a buffer copy without adequate input-size checks. Reported impact in sources indicates high/severe consequences with...

8.4CVSS8.1AI score0.00159EPSS
cve
cve
added 2024/01/02 5:38 a.m.120 views

CVE-2023-33113

CVE-2023-33113 affects Qualcomm kernel, where memory corruption occurs when the resource manager replies to the host kernel with multiple fragments. Public descriptions identify a classic buffer overflow style issue in the kernel component, with CVSS indicating local, low-privilege access and hig...

8.4CVSS7.7AI score0.00119EPSS
cve
cve
added 2024/09/02 10:22 a.m.120 views

CVE-2024-33042

CVE-2024-33042 describes a memory corruption in Qualcomm WLAN-related components when the Alternative Frequency offset is set to 255. Connected sources identify the issue as affecting Qualcomm chipsets (WLAN subcomponent) and classify it as a high-severity, local EoP-style vulnerability with pote...

7.8CVSS7.8AI score0.00127EPSS
cve
cve
added 2023/07/04 4:46 a.m.118 views

CVE-2023-22386

CVE-2023-22386 is a memory-corruption vulnerability in Qualcomm WLAN components. The issue occurs when processing WLAN firmware memory allocation requests, affecting Qualcomm WLAN subsystems embedded in devices running Android. The CVE is listed in Qualcomm’s July 2023 bulletin and tied to a High...

7.8CVSS7.6AI score0.00116EPSS
cve
cve
added 2024/03/04 10:48 a.m.118 views

CVE-2023-28582

CVE-2023-28582 is a memory corruption vulnerability in Qualcomm Data Modem triggered during the DTLS handshake when verifying the hello-verify message. Root cause: a buffer copy without checking input size. By sending crafted DTLS messages over the network, a remote attacker could potentially exe...

9.8CVSS9.7AI score0.00439EPSS
cve
cve
added 2024/05/06 2:32 p.m.118 views

CVE-2024-23351

CVE-2024-23351 is a memory corruption vulnerability affecting Qualcomm GPU/display components where GPU registers beyond the last protected range are accessible via LPAC submissions. The issue is described across multiple sources (NVD, Red Hat advisory, CVE lists) as memory corruption due to out-...

8.4CVSS7.1AI score0.00136EPSS
cve
cve
added 2024/09/02 10:22 a.m.116 views

CVE-2024-33060

CVE-2024-33060 is a use-after-free race in Qualcomm’s DSP/adsprpc driver (fastrpc_mmap) that can occur when global and local mappings are concurrently created and freed. The vulnerability centers on fastrpc_mmap_create, fastrpc_mmap_add, and related epilogue paths (mem_map_to_dsp, munmap/mmap_fre...

8.4CVSS8.2AI score0.00166EPSS
cve
cve
added 2024/11/04 10:4 a.m.116 views

CVE-2024-38415

CVE-2024-38415 corresponds to memory corruption during handling of firmware session errors in Qualcomm components (notably Qualcomm/Qualcomm Snapdragon Auto context appears in some feeds). The CVSS v3.1 metrics indicate a HIGH base score (7.8) with LOCAL attack vector, LOW privileges required, no...

7.8CVSS7.9AI score0.00103EPSS
cve
cve
added 2025/02/03 4:51 p.m.115 views

CVE-2024-49834

CVE-2024-49834 describes memory corruption during the power-up/power-down sequence of the camera sensor in Qualcomm-based devices. The entry indicates a LOCAL attack vector, LOW privileges required, and no user interaction, with HIGH impact on confidentiality, integrity, and availability per the ...

7.8CVSS7.9AI score0.00108EPSS
cve
cve
added 2025/02/03 4:51 p.m.115 views

CVE-2024-49838

CVE-2024-49838 is an information disclosure vulnerability in Qualcomm WLAN components (Qualcomm closed- and open-source areas) caused by parsing an OCI IE with invalid length. Connected sources indicate this CVE is tracked in Qualcomm security advisories and appears in the Android March 2025 bull...

8.2CVSS8.1AI score0.00259EPSS
cve
cve
added 2023/07/04 4:46 a.m.114 views

CVE-2023-24854

CVE-2023-24854 describes a memory corruption in the WLAN HOST component when parsing a QMI WLAN firmware response message. The entry is tied to Qualcomm WLAN, with CVSS v3.1: Local attack vector, low privileges required, no user interaction, and impacts to confidentiality, integrity, and availabi...

7.8CVSS7.7AI score0.00116EPSS
cve
cve
added 2025/02/03 4:51 p.m.114 views

CVE-2024-49833

CVE-2024-49833 is a memory corruption vulnerability in the camera triggered by an invalid CID, reported across Qualcomm components and Android security bulletins. Affected area is the camera stack from Qualcomm—details cite memory corruption as the underlying flaw with high impact (C:H, I:H, A:H)...

7.8CVSS7.9AI score0.00101EPSS
cve
cve
added 2025/03/03 10:7 a.m.114 views

CVE-2024-53024

CVE-2024-53024: Memory corruption in the Qualcomm display driver when detaching a device. Affected: Qualcomm display driver (closed-source component) with local attack vector and high impact on confidentiality, integrity, and availability (per CVSS v3.1). Root cause: memory corruption in the disp...

7.8CVSS7.4AI score0.00118EPSS
cve
cve
added 2025/05/06 8:32 a.m.114 views

CVE-2025-21453

CVE-2025-21453 describes memory corruption in Qualcomm components due to a use-after-free style issue when an iterator is accessed after removal, with the GPS HLOS driver specifically listed in CVE records. Public records (NVD/NCSC/Red Hat CVEs) corroborate the memory-corruption description and t...

7.8CVSS7.9AI score0.00089EPSS
cve
cve
added 2024/05/06 2:32 p.m.113 views

CVE-2024-21475

CVE-2024-21475 affects Qualcomm chipsets; memory corruption occurs when the firmware payload length does not match the expected protocol size, due to improper handling of payload length. Impact is high (C/H/I/A) with a local attack vector, low privileges required, and no user interaction. Remedia...

7.8CVSS7.2AI score0.0011EPSS
cve
cve
added 2024/09/02 10:22 a.m.112 views

CVE-2024-33045

CVE-2024-33045 involves memory corruption in the Qualcomm ADSP/BTFM pathway when the BTFM client sends new messages over Slimbus. The root cause, as detailed in connected documents, relates to improper handling of a local completion variable (done) in the Slimbus transfer paths (qcom slim ngd xfe...

8.4CVSS8.2AI score0.00121EPSS
cve
cve
added 2024/09/02 10:22 a.m.112 views

CVE-2024-33050

CVE-2024-33050 affects Qualcomm WLAN host components and describes a Transient Denial of Service during MBSSID processing when constructing new Information Elements in beacon/probe frames. Root cause is a missing/improper IE length check; impact is DoS with network access, no confidentiality/inte...

7.5CVSS7.6AI score0.00297EPSS
cve
cve
added 2024/05/06 2:32 p.m.111 views

CVE-2024-21471

CVE-2024-21471 concerns memory corruption that occurs when an IOMMU fails to unmap a GPU buffer in Linux. Multiple connected sources corroborate a memory corruption condition tied to IOMMU unmapping of GPU buffers, affecting Qualcomm-related components (as referenced in Qualcomm security discussi...

8.4CVSS7.2AI score0.00111EPSS
cve
cve
added 2026/03/02 4:53 p.m.111 views

CVE-2026-21385

CVE-2026-21385 is a memory corruption vulnerability in the Qualcomm Display component (graphics) used by Qualcomm chipsets, caused by memory alignment handling during allocation. Exploitation has been observed in the wild in a limited, targeted manner, with attackers able to push malicious data t...

7.8CVSS5.9AI score0.01068EPSS
In wild
cve
cve
added 2024/09/02 10:22 a.m.110 views

CVE-2024-33038

CVE-2024-33038 involves memory corruption when untrusted or corrupted pointers are passed from DSP to EVA in a Qualcomm/Camera-related Computer Vision path. The issue is characterized as local, with low attack complexity and high impact on confidentiality, integrity, and availability. Public refe...

7.8CVSS7.8AI score0.00103EPSS
cve
cve
added 2025/03/03 10:7 a.m.110 views

CVE-2024-53014

CVE-2024-53014 = memory corruption in Qualcomm’s Audio driver during validation of ports/channels. Root cause: improper input validation within the audio component (port/channel validation). Impact is high (CVE described as local, with high confidentiality, integrity, and availability impact; att...

7.8CVSS7.4AI score0.00118EPSS
cve
cve
added 2023/10/03 5:0 a.m.109 views

CVE-2023-33028

CVE-2023-33028 describes a memory corruption vulnerability in Qualcomm WLAN firmware during a pmk cache memory copy, classified as buffer copy without checking size. Public records indicate potential remote code execution with high impact on confidentiality, integrity, and availability (CVSS 3.1:...

9.8CVSS9AI score0.00539EPSS
cve
cve
added 2024/09/02 10:22 a.m.109 views

CVE-2024-33043

CVE-2024-33043 is a Qualcomm chipset issue described as a transient Denial of Service when handling a PS event with the Program Service name length offset set to 255. Documented impact is local DoS (CVSS v3.1: 5.5, Medium) with Local attack vector and Low privileges required; no exploit details o...

5.5CVSS5.5AI score0.00093EPSS
cve
cve
added 2023/11/07 5:26 a.m.108 views

CVE-2023-22388

CVE-2023-22388 describes memory corruption in the Qualcomm Multi-mode Call Processor when handling a bit mask API. The issue is documented with a CVSS v3.1 base score of 9.8 (CRITICAL) and is described as network-exploitable with no user interaction and no privileges required; impact spans confid...

9.8CVSS9.6AI score0.00353EPSS
cve
cve
added 2024/09/02 10:22 a.m.108 views

CVE-2024-33052

CVE-2024-33052 describes a memory corruption in the FM Host/HCI control path when data is provided for FM HCI commands. The vulnerability is tied to Qualcomm chipsets and is classified as local with low privileges and no user interaction, and the impact is rated high (confidentiality, integrity, ...

7.8CVSS8AI score0.00127EPSS
cve
cve
added 2024/01/02 5:38 a.m.107 views

CVE-2023-33025

CVE-2023-33025 is a memory corruption issue in the Qualcomm Data Modem that occurs when a non-standard SDP body is received during a VOLTE call. The vulnerability affects Qualcomm closed-source Data Modem components and is described as a high-severity fault with potential impact to confidentialit...

9.8CVSS9.5AI score0.00388EPSS
Total number of security vulnerabilities254