26 matches found
CVE-2022-40503
CVE-2022-40503 is a buffer over-read vulnerability in the Bluetooth Host during A2DP streaming, described as information disclosure. It affects Qualcomm components (Bluetooth) and is referenced in Qualcomm security bulletins; public details appear in NVD and Red Hat/CVE cross references. Remediat...
CVE-2023-33107
CVE-2023-33107 is an integer overflow/memory-corruption vulnerability in Graphics Linux affecting Qualcomm display components. The flaw occurs when assigning a shared virtual memory region during an IOCTL, enabling local attacker access with low complexity and no user interaction; impact is rated...
CVE-2023-21666
CVE-2023-21666 refers to memory corruption in graphics when accessing a buffer allocated through the graphics pool, tied to Qualcomm Adreno KGSL. The PacketStorm article documents a vulnerability class where, on KGSL builds without CONFIG_QCOM_KGSL_USE_SHMEM (or older KGSL versions without it), G...
CVE-2023-33120
CVE-2023-33120 affects Qualcomm ADSP Audio: memory corruption occurs when a memory map command is executed consecutively. This is described across multiple sources (NVD/Red Hat/RH advisories) as a memory corruption in Audio due to repeated memory-mapping commands. The CVSS-based description in th...
CVE-2023-33059
Mode C: CVE-2023-33059 concerns memory corruption in the Audio component when processing VOC packet data from ADSP, affecting Qualcomm audio/ADSP stacks. Root cause cited across connected sources as a buffer/memory handling issue in VOC packet processing with high impact on confidentiality, integ...
CVE-2023-33110
The CVE-2023-33110 issue concerns the PCM host voice audio driver on Qualcomm chipsets, where a session index is initialized before PCM is opened, accessed in an event callback from ADSP, and reset on PCM close. This race can lead to memory corruption if callbacks occur as the session index is mo...
CVE-2024-33043
CVE-2024-33043 is a Qualcomm chipset issue described as a transient Denial of Service when handling a PS event with the Program Service name length offset set to 255. Documented impact is local DoS (CVSS v3.1: 5.5, Medium) with Local attack vector and Low privileges required; no exploit details o...
CVE-2023-22388
CVE-2023-22388 describes memory corruption in the Qualcomm Multi-mode Call Processor when handling a bit mask API. The issue is documented with a CVSS v3.1 base score of 9.8 (CRITICAL) and is described as network-exploitable with no user interaction and no privileges required; impact spans confid...
CVE-2024-38422
CVE-2024-38422 describes a memory corruption vulnerability in Qualcomm components related to audio processing, triggered when handling voice packets with arbitrary data received from the ADSP. The issue is evidenced in the CVE listing with a high impact (confidentiality, integrity, and availabili...
CVE-2022-40532
CVE-2022-40532 affects Qualcomm WLAN/WMI command handling, where memory corruption can occur due to an integer overflow or wraparound when sending a WMI command from the host to the target. The issue is tied to Qualcomm chipset/WLAN firmware and is described as memory corruption with potential hi...
CVE-2024-43052
CVE-2024-43052 : Memory corruption while processing API calls to the NPU with invalid input. Connected sources corroborate a Qualcomm/NPU-origin issue affecting NPU API handling, with attack vector reported as local and low complexity but resulting in high impact on confidentiality, integrity, an...
CVE-2024-38423
CVE-2024-38423 = memory corruption while processing GPU page table switch in Qualcomm GPU/display stack. Exploitation would be local with low complexity and could impact confidentiality, integrity, and availability (CVSSv3.1: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Connected sources indicate Qualco...
CVE-2023-24849
CVE-2023-24849 affects Qualcomm closed‑source Data Modem; the issue is Information Disclosure caused by parsing FMTP lines in SDP messages. Root cause: a flaw in the FMTP parsing logic in the Data Modem leading to confidentiality impact (CVE exhibits High impact, with network attack vector and no...
CVE-2022-33302
CVE-2022-33302 describes a memory corruption in the Qualcomm User Identity Module caused by improper validation of an array index when the APN TLV length exceeds the command length. Documents reference this vulnerability across multiple feeds (NVD, Red Hat, PRION, CNNVD, CVE list) with the same d...
CVE-2022-40521
CVE-2022-40521 is documented with concrete details in connected sources: a Transient Denial of Service due to improper authorization in Qualcomm baseband/modem components. The issue affects Qualcomm basebands and is described as a DoS vulnerability arising from improper authorization, with a Netw...
CVE-2022-33289
Technical details about CVE-2022-33289 (affected products/versions/fix) are not provided in the supplied connected documents. Monitor for updates and additional authoritative disclosures.
CVE-2023-24848
CVE-2023-24848 describes an information disclosure in the Qualcomm Data Modem during VoLTE calls when an undefined RTCP FB line value is observed. Public records here confirm the issue title and network-facing context, with CVE-2023-24848 listed in multiple feeds (NVD, CVE list) and linked to Qua...
CVE-2023-33018
CVE-2023-33018 describes a memory corruption in the Qualcomm UIM (User Identity Module) related to the diag command used to retrieve the operator’s name. The CVE is rated HIGH with a CVSS v3.1 base score of 7.8 (LOCAL attack vector, LOW attack complexity, LOW privileges required, no user interact...
CVE-2022-33264
CVE-2022-33264 is a memory corruption issue in Qualcomm modem components caused by a stack-based buffer overflow during parsing of OTASP Key Generation Request Messages. Affects Qualcomm closed-source/modem firmware; CVSS base score ~7.8–7.9 HIGH with LOCAL exploit. The issue is discussed in Qual...
CVE-2023-33030
CVE-2023-33030 is a memory corruption issue in HLOS observed while running the PlayReady use-case on Qualcomm chipsets. Connected details indicate the underlying cause as buffer copy without checking the size of input, leading to potential corruption. Documented impact across sources emphasizes h...
CVE-2023-28550
CVE-2023-28550 affects Qualcomm chipsets, describing memory corruption in MPP performance when accessing the DSM watermark via an external memory address. The vulnerability is tied to improper memory bounds handling within the MPP component, leading to potential high-severity impact (as indicated...
CVE-2023-22385
CVE-2023-22385 is a memory corruption issue in the Qualcomm Data Modem that can occur during MO or MT VOLTE calls. Public documents consistently describe the affected component as the Data Modem and attribute the vulnerability to memory corruption in that subsystem. The CVE appears in multiple fe...
CVE-2023-33033
Technical details (affected products, versions, root cause, fixes) for CVE-2023-33033 are not publicly provided in the supplied connected documents; monitor updates from Qualcomm/Red Hat/NVD references.
CVE-2023-28551
CVE-2023-28551 describes memory corruption in UTILS when the modem processes memory-specific Diag commands with arbitrary address values. The issue affects Qualcomm chipset components (Qualcomm closed-source/Qualcomm components) and is rated with CVSS v3.1: Local access, Low attack complexity, Lo...
CVE-2024-45552
CVE-2024-45552 affects Qualcomm components (closed‑source) and involves an information-disclosure condition during a video call when a device resets due to a non-conforming RTCP packet that does not adhere to RFC standards. root cause: RTCP packet non-conformance leading to state reset and data e...
CVE-2024-23353
CVE-2024-23353 affects Qualcomm components (Multi Mode Call Processor) and describes a transient denial-of-service during decoding an attach reject message received by UE when IEI is set to ESM_IEI. CVSSv3.1 base score 7.5 (High) with network attack vector, no user interaction, and impact limited...