43 matches found
CVE-2022-33291
CVE-2022-33291 : Information disclosure due to a buffer over-read in the Modem when receiving an IP header with a malformed length. Connected sources consistently describe “information disclosure” in Modem; no concrete details on affected vendors/models beyond the Modem context, nor on exploitabl...
CVE-2023-33110
The CVE-2023-33110 issue concerns the PCM host voice audio driver on Qualcomm chipsets, where a session index is initialized before PCM is opened, accessed in an event callback from ADSP, and reset on PCM close. This race can lead to memory corruption if callbacks occur as the session index is mo...
CVE-2023-22388
CVE-2023-22388 describes memory corruption in the Qualcomm Multi-mode Call Processor when handling a bit mask API. The issue is documented with a CVSS v3.1 base score of 9.8 (CRITICAL) and is described as network-exploitable with no user interaction and no privileges required; impact spans confid...
CVE-2022-40532
CVE-2022-40532 affects Qualcomm WLAN/WMI command handling, where memory corruption can occur due to an integer overflow or wraparound when sending a WMI command from the host to the target. The issue is tied to Qualcomm chipset/WLAN firmware and is described as memory corruption with potential hi...
CVE-2022-33302
CVE-2022-33302 describes a memory corruption in the Qualcomm User Identity Module caused by improper validation of an array index when the APN TLV length exceeds the command length. Documents reference this vulnerability across multiple feeds (NVD, Red Hat, PRION, CNNVD, CVE list) with the same d...
CVE-2023-33072
CVE-2023-33072 is a memory corruption issue affecting Core when processing control functions, with concrete mappings in connected records to Qualcomm closed‑source components and related “Core” memory‑corruption vectors. Public references describe the issue as memory corruption in Core and, in so...
CVE-2024-33016
CVE-2024-33016 pertains to Siemens SCALANCE W700, where the vulnerability is described as memory corruption that occurs when an invalid firehose patch command is invoked. The Tenable Nessus plugin explicitly identifies this CVE in the context of Siemens SCALANCE W700 and notes the affected asset ...
CVE-2022-40521
CVE-2022-40521 is documented with concrete details in connected sources: a Transient Denial of Service due to improper authorization in Qualcomm baseband/modem components. The issue affects Qualcomm basebands and is described as a DoS vulnerability arising from improper authorization, with a Netw...
CVE-2023-28556
Technical details for CVE-2023-28556 are not publicly provided in the supplied documents. No concrete affected products, versions, root cause or fixes are disclosed here. Monitor for updates from vendors and security bulletins.
CVE-2022-33289
Technical details about CVE-2022-33289 (affected products/versions/fix) are not provided in the supplied connected documents. Monitor for updates and additional authoritative disclosures.
CVE-2023-33018
CVE-2023-33018 describes a memory corruption in the Qualcomm UIM (User Identity Module) related to the diag command used to retrieve the operator’s name. The CVE is rated HIGH with a CVSS v3.1 base score of 7.8 (LOCAL attack vector, LOW attack complexity, LOW privileges required, no user interact...
CVE-2022-40507
CVE-2022-40507 describes memory corruption due to a double free in Core when mapping an HLOS address to the list, affecting Qualcomm closed‑source components. The issue has local attack vector with low privileges and no user interaction, with confidentiality, integrity, and availability impacts m...
CVE-2022-40523
CVE-2022-40523 describes information disclosure in the Kernel caused by indirect branch misprediction. The connected records corroborate a kernel‑level information leakage issue; Red Hat and NVD entries simply state the kernel disclosure, with no vendor/version specifics provided in these documen...
CVE-2022-22076
CVE-2022-22076 describes information disclosure caused by a cryptographic issue in the Core during RPMB read requests. Public sources in the provided documents (NVD, Red Hat Security Advisory, and other aggregations) state this cryptographic flaw leads to information leakage in Qualcomm-related c...
CVE-2023-24852
CVE-2023-24852 describes memory corruption in the Core component when a user performs secure memory access during modem image loading. The vulnerability is local and impacts confidentiality, integrity, and availability (per CVSS metrics with LOCAL access, LOW attack complexity, NONE user interact...
CVE-2023-28585
CVE-2023-28585 is a memory corruption issue in the TZ Secure OS/Tee Kernel triggered when loading an ELF segment. Multiple connected sources identify the root cause as memory corruption within the TEE Kernel during ELF segment loading, with the TZ Secure OS context (Qualcomm components) cited in ...
CVE-2023-28545
CVE-2023-28545 describes memory corruption in TZ Secure OS when loading an application ELF. Multiple sources confirm this is a local issue with high impact to confidentiality, integrity, and availability, per CVSS metrics (NVD). Exploitation is local and requires low attack complexity with low pr...
CVE-2022-33304
CVE-2022-33304 affects the Modem component and is caused by a NULL pointer dereference during the pullup for received TCP/UDP packets, leading to a transient Denial of Service. The CVSS v3.1 vector indicates network attack, low complexity, no user interaction, with availability impact but no conf...
CVE-2023-33030
CVE-2023-33030 is a memory corruption issue in HLOS observed while running the PlayReady use-case on Qualcomm chipsets. Connected details indicate the underlying cause as buffer copy without checking the size of input, leading to potential corruption. Documented impact across sources emphasizes h...
CVE-2023-28550
CVE-2023-28550 affects Qualcomm chipsets, describing memory corruption in MPP performance when accessing the DSM watermark via an external memory address. The vulnerability is tied to improper memory bounds handling within the MPP component, leading to potential high-severity impact (as indicated...
CVE-2023-22385
CVE-2023-22385 is a memory corruption issue in the Qualcomm Data Modem that can occur during MO or MT VOLTE calls. Public documents consistently describe the affected component as the Data Modem and attribute the vulnerability to memory corruption in that subsystem. The CVE appears in multiple fe...
CVE-2024-33056
CVE-2024-33056 describes a memory corruption issue in Qualcomm components involving sequential allocation/access of an entry in the SMEM partition. Affected are Qualcomm closed‑source components and related security processor context; root cause is memory corruption from continuous SMEM entry han...
CVE-2022-40505
CVE-2022-40505 is described across connected sources as a buffer‑over‑read in the Modem when parsing DNS hostnames, causing information disclosure in Qualcomm chipset Modems. The affected component is the Modem/DNS hostname parsing path; the root cause is a buffer over-read. Documented impact inc...
CVE-2023-33032
CVE-2023-33032 corresponds to memory corruption in TZ Secure OS when requesting a memory allocation from the TA region. The description is consistently reported across multiple sources (NVD, Red Hat, CVE listing, PRION, CNNVD) as a TZ Secure OS memory corruption issue. The initial entries do not ...
CVE-2023-33017
CVE-2023-33017 describes memory corruption in Boot during a ListVars test in the UEFI Menu on Qualcomm chipsets. The affected component is the UEFI/boot path, with the root cause cited as a memory corruption issue during boot testing. Documented impact scores indicate high potential for confident...
CVE-2023-33033
Technical details (affected products, versions, root cause, fixes) for CVE-2023-33033 are not publicly provided in the supplied connected documents; monitor updates from Qualcomm/Red Hat/NVD references.
CVE-2024-21465
CVE-2024-21465 : Memory corruption while processing a key blob passed by the user. Documents indicate this affects Qualcomm closed‑source components and is rated High impact (C:H, I:H, A:H) with LOCAL attacker access and LOW privileges required, no user interaction. The CVSS metrics imply local e...
CVE-2023-28586
CVE-2023-28586 concerns an information disclosure in Qualcomm-chipset TZ Secure OS when loading an ELF in a trusted execution environment (TEE). The root cause is described in sources as accessing trusted application metadata symbol addresses during ELF load, potentially exposing confidential dat...
CVE-2024-21469
CVE-2024-21469 is mapped to Qualcomm TZ Secure OS / embedded platform where memory corruption occurs when an invoke call and a TEE call are bound to the same trusted application. The Red Hat/Qualcomm/PT-Security entries describe the issue as memory corruption with potential for arbitrary code exe...
CVE-2022-33287
CVE-2022-33287 describes information disclosure in a Modem due to a buffer over-read while calculating the length of Unfragmented headers in an IPv6 packet. Connected sources reference a Modem/Qualcomm chipset context and reiterate the same description, but none provide concrete affected products...
CVE-2024-21461
CVE-2024-21461 is a memory-corruption issue in the Keymaster finish-HMAC path triggered when the context is freed by Keymaster. Public details in connected docs indicate the vulnerability affects Android/Keymaster workflows and is rated HIGH severity with local access requirements (per CVSS). Exp...
CVE-2023-28546
CVE-2023-28546 corresponds to memory corruption in the SPS Application when exporting a public key in the sorter TA. The connected PT-2023-21794 entry confirms the issue is memory-corruption related with potential code execution, but it does not specify affected versions and provides no informati...
CVE-2023-28551
CVE-2023-28551 describes memory corruption in UTILS when the modem processes memory-specific Diag commands with arbitrary address values. The issue affects Qualcomm chipset components (Qualcomm closed-source/Qualcomm components) and is rated with CVSS v3.1: Local access, Low attack complexity, Lo...
CVE-2024-23362
CVE-2024-23362 is a cryptographic issue in Qualcomm closed‑source components related to parsing RSA keys in the COBR format. The vulnerability is tied to the Trusted Execution Environment in Qualcomm chipsets and is tracked across multiple feeds (Red Hat, CVE databases, and vendor bulletins). The...
CVE-2024-21462
CVE-2024-21462 describes a Transient DoS issue when loading the TA ELF file in Qualcomm closed‑source components (TZ Secure OS). Public sources assign a Local attacker vector with Low complexity and Low privileges required, potentially causing an availability impact described as HIGH. The CVE is ...
CVE-2024-23359
CVE-2024-23359: Information disclosure in Qualcomm chipsets occurs when decoding Tracking Area Update Accept or Attach Accept messages. Connected sources identify this as a information-disclosure issue in Qualcomm closed-source components (Multi Mode Call Processor). Exploitation details are not ...
CVE-2024-43046
CVE-2024-43046 describes an information disclosure vulnerability affecting TZ Secure OS on Qualcomm chipsets, triggered by memory re-allocation where sensitive memory content may be exposed. The CVE notes a memory re-allocation issue but the provided documents do not specify affected product vers...
CVE-2024-23353
CVE-2024-23353 affects Qualcomm components (Multi Mode Call Processor) and describes a transient denial-of-service during decoding an attach reject message received by UE when IEI is set to ESM_IEI. CVSSv3.1 base score 7.5 (High) with network attack vector, no user interaction, and impact limited...
CVE-2025-21464
CVE-2025-21464 is documented in multiple sources as an information-disclosure (out-of-bounds read) issue affecting Qualcomm closed-source components, with the core vulnerability described as an information disclosure when reading data from an image using a specified offset and size. The CVE is li...
CVE-2025-21465
CVE-2025-21465 describes information disclosure arising from how a hash segment is processed in an MBN file within Qualcomm chipsets (closed-source components). The connected data confirm the issue is an information disclosure vulnerability in the MBN processing path, but do not provide concrete ...
CVE-2025-27053
CVE-2025-27053 : A memory corruption issue occurs in the PlayReady APP while processing Trusted Application (TA) commands. The vulnerability affects the PlayReady component and can lead to system instability or compromise. The PT-2025-41342 entry (and related sources) notes the vulnerability and ...
CVE-2025-21482
CVE-2025-21482 describes a cryptographic issue in Qualcomm closed‑source components related to RSA PKCS padding decoding. The CVE is listed as High severity with Local attack vector, Low attack complexity, Low privileges required, and no user interaction, with impacts on Confidentiality and Integ...
CVE-2025-27054
CVE-2025-27054 is a memory corruption issue reported in Qualcomm closed‑source components, triggered while processing a malformed license file during reboot. The CVE appears in multiple feeds (NVD/Red Hat/CVE.org), with Qualcomm listing a High severity for the affected closed‑source component. Co...