10 matches found
CVE-2024-21468
CVE-2024-21468 corresponds to a memory corruption issue that occurs when a GPU unmap operation fails, described across multiple sources as a memory corruption/Use-After-Free condition in Qualcomm kernel components. Affected: Qualcomm chipset GPUs and related kernel code paths. Root cause: failed ...
CVE-2024-33042
CVE-2024-33042 describes a memory corruption in Qualcomm WLAN-related components when the Alternative Frequency offset is set to 255. Connected sources identify the issue as affecting Qualcomm chipsets (WLAN subcomponent) and classify it as a high-severity, local EoP-style vulnerability with pote...
CVE-2023-33019
CVE-2023-33019 describes a Transient Denial of Service in the WLAN Host when a mobile station processes a Channel Switch Announcement (CSA) with an invalid channel. Public sources associate this CVE with Qualcomm WLAN components (high severity, CVSSv3.1: 7.5; network attack vector, no user intera...
CVE-2023-28541
CVE-2023-28541 affects Qualcomm Data Modem (WLAN), with memory corruption during DMA buffer release involving CFR data. CVSSv3.1 base score 7.8 (HIGH) via NVD/Qualcomm metrics; impact includes confidentiality, integrity, and availability. Connected sources confirm the issue under Qualcomm compone...
CVE-2024-33052
CVE-2024-33052 describes a memory corruption in the FM Host/HCI control path when data is provided for FM HCI commands. The vulnerability is tied to Qualcomm chipsets and is classified as local with low privileges and no user interaction, and the impact is rated high (confidentiality, integrity, ...
CVE-2023-21631
CVE-2023-21631 describes a weakness in Qualcomm modem firmware due to improper input validation when processing LTE security mode command messages from the network. The vulnerability affects the modem component and can lead to high-impact outcomes (as reflected in CVSS: high/critical with Confide...
CVE-2023-21629
CVE-2023-21629 refers to memory corruption in Qualcomm closed‑source modem components caused by a double free while parsing PKCS15 SIM files. The CVSSv3.1 base metrics (6.8, MEDIUM) from NVD indicate physical access is required with low attack complexity and no privileges, but high impact to conf...
CVE-2023-33066
CVE-2023-33066 describes a memory corruption in the Audio component of Qualcomm’s closed‑source stack, triggered while processing the RT proxy port register driver. The issue is linked to an out-of-range pointer offset in Audio (per VulnEnrichment), with Qualcomm’s March 2024 product-security bul...
CVE-2023-43551
The CVE-2023-43551 entry is confirmed in connected sources as a cryptographic/authentication issue occurring during LTE attach, where a rogue base station can skip the authentication phase and immediately issue the Security Mode Command. The vulnerability is attributed to Qualcomm closed‑source c...
CVE-2023-33020
CVE-2023-33020 corresponds to a transient denial-of-service in WLAN Hosts when an invalid channel (e.g., channel out of range) is received in STA during a Channel Switch Announcement (CSA) Information Element. The CVE is rated CVSS v3.1 base score 7.5 (HIGH) with NETWORK attack vector, LOW attack...