38 matches found
CVE-2023-33063
CVE-2023-33063 is a Use-After-Free/memory corruption issue in Qualcomm DSP Services triggered by a remote call from HLOS to DSP. Affected: Qualcomm chipsets with DSP Services; root cause: memory corruption leading to potential unintended behavior. Documents indicate high impact (confidentiality, ...
CVE-2023-33107
CVE-2023-33107 is an integer overflow/memory-corruption vulnerability in Graphics Linux affecting Qualcomm display components. The flaw occurs when assigning a shared virtual memory region during an IOCTL, enabling local attacker access with low complexity and no user interaction; impact is rated...
CVE-2023-43513
CVE-2023-43513: Memory corruption in Qualcomm components due to an untrusted context read pointer during event-ring processing, which may be advanced with arbitrary values and point to the middle of a ring element. According to the provided data, the CVSS v3.1 base metrics are HIGH for Confidenti...
CVE-2023-33059
Mode C: CVE-2023-33059 concerns memory corruption in the Audio component when processing VOC packet data from ADSP, affecting Qualcomm audio/ADSP stacks. Root cause cited across connected sources as a buffer/memory handling issue in VOC packet processing with high impact on confidentiality, integ...
CVE-2023-28588
CVE-2023-28588 (Qualcomm Bluetooth) : A transient DoS in the Bluetooth Host during RFC slot allocation affects Qualcomm Chipsets’ Bluetooth component. Public records describe an integer overflow/wraparound issue in the Bluetooth Host as the root cause. The CVSSv3.1 base score is 7.5 (High) with n...
CVE-2023-33110
The CVE-2023-33110 issue concerns the PCM host voice audio driver on Qualcomm chipsets, where a session index is initialized before PCM is opened, accessed in an event callback from ADSP, and reset on PCM close. This race can lead to memory corruption if callbacks occur as the session index is mo...
CVE-2024-33043
CVE-2024-33043 is a Qualcomm chipset issue described as a transient Denial of Service when handling a PS event with the Program Service name length offset set to 255. Documented impact is local DoS (CVSS v3.1: 5.5, Medium) with Local attack vector and Low privileges required; no exploit details o...
CVE-2023-22388
CVE-2023-22388 describes memory corruption in the Qualcomm Multi-mode Call Processor when handling a bit mask API. The issue is documented with a CVSS v3.1 base score of 9.8 (CRITICAL) and is described as network-exploitable with no user interaction and no privileges required; impact spans confid...
CVE-2024-38422
CVE-2024-38422 describes a memory corruption vulnerability in Qualcomm components related to audio processing, triggered when handling voice packets with arbitrary data received from the ADSP. The issue is evidenced in the CVE listing with a high impact (confidentiality, integrity, and availabili...
CVE-2024-43052
CVE-2024-43052 : Memory corruption while processing API calls to the NPU with invalid input. Connected sources corroborate a Qualcomm/NPU-origin issue affecting NPU API handling, with attack vector reported as local and low complexity but resulting in high impact on confidentiality, integrity, an...
CVE-2024-38423
CVE-2024-38423 = memory corruption while processing GPU page table switch in Qualcomm GPU/display stack. Exploitation would be local with low complexity and could impact confidentiality, integrity, and availability (CVSSv3.1: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Connected sources indicate Qualco...
CVE-2023-24849
CVE-2023-24849 affects Qualcomm closed‑source Data Modem; the issue is Information Disclosure caused by parsing FMTP lines in SDP messages. Root cause: a flaw in the FMTP parsing logic in the Data Modem leading to confidentiality impact (CVE exhibits High impact, with network attack vector and no...
CVE-2022-40521
CVE-2022-40521 is documented with concrete details in connected sources: a Transient Denial of Service due to improper authorization in Qualcomm baseband/modem components. The issue affects Qualcomm basebands and is described as a DoS vulnerability arising from improper authorization, with a Netw...
CVE-2023-24848
CVE-2023-24848 describes an information disclosure in the Qualcomm Data Modem during VoLTE calls when an undefined RTCP FB line value is observed. Public records here confirm the issue title and network-facing context, with CVE-2023-24848 listed in multiple feeds (NVD, CVE list) and linked to Qua...
CVE-2024-53026
CVE-2024-53026 describes an information-disclosure vulnerability triggered by receiving an invalid RTCP packet during a VoLTE/VoWiFi IMS call. Connected sources associate this with Qualcomm chipsets and note public advisories/patches refer to this issue; however, concrete technical details about ...
CVE-2022-33264
CVE-2022-33264 is a memory corruption issue in Qualcomm modem components caused by a stack-based buffer overflow during parsing of OTASP Key Generation Request Messages. Affects Qualcomm closed-source/modem firmware; CVSS base score ~7.8–7.9 HIGH with LOCAL exploit. The issue is discussed in Qual...
CVE-2023-33018
CVE-2023-33018 describes a memory corruption in the Qualcomm UIM (User Identity Module) related to the diag command used to retrieve the operator’s name. The CVE is rated HIGH with a CVSS v3.1 base score of 7.8 (LOCAL attack vector, LOW attack complexity, LOW privileges required, no user interact...
CVE-2022-22076
CVE-2022-22076 describes information disclosure caused by a cryptographic issue in the Core during RPMB read requests. Public sources in the provided documents (NVD, Red Hat Security Advisory, and other aggregations) state this cryptographic flaw leads to information leakage in Qualcomm-related c...
CVE-2023-24850
CVE-2023-24850 describes memory corruption in HLOS when importing a cryptographic key into the KeyMaster Trusted Application. The vulnerability is associated with Qualcomm closed-source components and is classified with a high impact (CVSS v3.1: AV=L/AC=L/PR=L/UI=N/S=U; C/H/I/A=HIGH). The descrip...
CVE-2023-28550
CVE-2023-28550 affects Qualcomm chipsets, describing memory corruption in MPP performance when accessing the DSM watermark via an external memory address. The vulnerability is tied to improper memory bounds handling within the MPP component, leading to potential high-severity impact (as indicated...
CVE-2023-33030
CVE-2023-33030 is a memory corruption issue in HLOS observed while running the PlayReady use-case on Qualcomm chipsets. Connected details indicate the underlying cause as buffer copy without checking the size of input, leading to potential corruption. Documented impact across sources emphasizes h...
CVE-2023-22385
CVE-2023-22385 is a memory corruption issue in the Qualcomm Data Modem that can occur during MO or MT VOLTE calls. Public documents consistently describe the affected component as the Data Modem and attribute the vulnerability to memory corruption in that subsystem. The CVE appears in multiple fe...
CVE-2023-33033
Technical details (affected products, versions, root cause, fixes) for CVE-2023-33033 are not publicly provided in the supplied connected documents; monitor updates from Qualcomm/Red Hat/NVD references.
CVE-2024-21461
CVE-2024-21461 is a memory-corruption issue in the Keymaster finish-HMAC path triggered when the context is freed by Keymaster. Public details in connected docs indicate the vulnerability affects Android/Keymaster workflows and is rated HIGH severity with local access requirements (per CVSS). Exp...
CVE-2024-53021
CVE-2024-53021 is a Qualcomm chipset vulnerability described in connected PT-2025-23579 and PT-2025-23577 as an information-disclosure issue that occurs while processing goodbye RTCP/RTP packets. The root cause is a buffer over-read in the data network stack during decoding/construction of RTCP h...
CVE-2023-28551
CVE-2023-28551 describes memory corruption in UTILS when the modem processes memory-specific Diag commands with arbitrary address values. The issue affects Qualcomm chipset components (Qualcomm closed-source/Qualcomm components) and is rated with CVSS v3.1: Local access, Low attack complexity, Lo...
CVE-2023-28546
CVE-2023-28546 corresponds to memory corruption in the SPS Application when exporting a public key in the sorter TA. The connected PT-2023-21794 entry confirms the issue is memory-corruption related with potential code execution, but it does not specify affected versions and provides no informati...
CVE-2024-53020
CVE-2024-53020 is reported as information disclosure that may occur when decoding RTP packets with an invalid header extension, linked to Qualcomm chipsets’ data/network stack. Connected sources describe a buffer over-read and information disclosure risk in the affected component but do not provi...
CVE-2025-21483
CVE-2025-21483 affects Qualcomm Snapdragon embedded platform firmware in the Data Network Stack & Connectivity component. It stems from a buffer overflow during RTP packet reassembly of NAL units, leading to memory corruption in the UE. The CVSS 3.1/3.1 vector is Network, Privileges=None, User in...
CVE-2024-23359
CVE-2024-23359: Information disclosure in Qualcomm chipsets occurs when decoding Tracking Area Update Accept or Attach Accept messages. Connected sources identify this as a information-disclosure issue in Qualcomm closed-source components (Multi Mode Call Processor). Exploitation details are not ...
CVE-2024-23385
CVE-2024-23385 affects Qualcomm closed‑source components. The issue is a Transient DoS where a modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is observed at the user equipment (UE). The connected sources confirm the affected vendor and the high availability impact, but do...
CVE-2025-21428
CVE-2025-21428 relates to memory corruption in Qualcomm chipsets when a station (STA) connects to an access point (AP) and an ADD TS request is initiated to establish a TSpec session. The vulnerability affects the WLAN host/stack in affected Qualcomm products and is classified with CVSS v3.1 vect...
CVE-2024-23358
CVE-2024-23358 affects Qualcomm closed-source modem components. The root cause is reported as incorrect ciphering key data during OTA registration, triggering a transient Denial of Service. The available documents do not specify affected firmware versions, exact product names, or a remediation/pa...
CVE-2024-23357
CVE-2024-23357 describes a transient DoS when importing a PKCS#8-encoded RSA key with a zero-byte modulus. Connected documents corroborate a Qualcomm/Android context and indicate remediation via security patches (Android patch levels 2024-08-01/05 and related Qualcomm bulletins). Public exploitat...
CVE-2024-23353
CVE-2024-23353 affects Qualcomm components (Multi Mode Call Processor) and describes a transient denial-of-service during decoding an attach reject message received by UE when IEI is set to ESM_IEI. CVSSv3.1 base score 7.5 (High) with network attack vector, no user interaction, and impact limited...
CVE-2025-21482
CVE-2025-21482 describes a cryptographic issue in Qualcomm closed‑source components related to RSA PKCS padding decoding. The CVE is listed as High severity with Local attack vector, Low attack complexity, Low privileges required, and no user interaction, with impacts on Confidentiality and Integ...
CVE-2025-21487
CVE-2025-21487 concerns information disclosure in Qualcomm closed‑source components due to incorrect handling of RTP payload length when decoding packets. The root cause is a buffer length mismatch that can lead to over-read and leakage of information from the UE. The vulnerability is categorized...
CVE-2025-27053
CVE-2025-27053 : A memory corruption issue occurs in the PlayReady APP while processing Trusted Application (TA) commands. The vulnerability affects the PlayReady component and can lead to system instability or compromise. The PT-2025-41342 entry (and related sources) notes the vulnerability and ...