213 matches found
CVE-2022-40503
Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.
CVE-2022-33269
Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment.
CVE-2022-33298
Memory corruption due to use after free in Modem while modem initialization.
CVE-2023-33106
Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.
CVE-2023-33063
Memory corruption in DSP Services during a remote call from HLOS to DSP.
CVE-2023-33107
Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.
CVE-2022-22088
Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote
CVE-2022-33243
Memory corruption due to improper access control in Qualcomm IPC.
CVE-2023-21657
Memoru corruption in Audio when ADSP sends input during record use case.
CVE-2022-33213
Memory corruption in modem due to buffer overflow while processing a PPP packet
CVE-2023-21670
Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode.
CVE-2023-21656
Memory corruption in WLAN HOST while receiving an WMI event from firmware.
CVE-2023-21666
Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.
CVE-2022-33280
Memory corruption due to access of uninitialized pointer in Bluetooth HOST while processing the AVRCP packet.
CVE-2023-21669
Information Disclosure in WLAN HOST while sending DPP action frame to peer with an invalid source address.
CVE-2023-28588
Transient DOS in Bluetooth Host while rfc slot allocation.
CVE-2022-33255
Information disclosure due to buffer over-read in Bluetooth HOST while processing GetFolderItems and GetItemAttribute Cmds from peer device.
CVE-2023-28553
Information Disclosure in WLAN Host when processing WMI event command.
CVE-2022-40537
Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response.
CVE-2023-33021
Memory corruption in Graphics while processing user packets for command submission.
CVE-2023-22387
Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption.
CVE-2023-33029
Memory corruption in DSP Service during a remote call from HLOS to DSP.
CVE-2023-21665
Memory corruption in Graphics while importing a file.
CVE-2023-33079
Memory corruption in Audio while running invalid audio recording from ADSP.
CVE-2022-22075
Information Disclosure in Graphics during GPU context switch.
CVE-2023-24851
Memory Corruption in WLAN HOST while parsing QMI response message from firmware.
CVE-2023-33059
Memory corruption in Audio while processing the VOC packet data from ADSP.
CVE-2023-33031
Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer.
CVE-2023-33034
Memory corruption while parsing the ADSP response command.
CVE-2023-33053
Memory corruption in Kernel while parsing metadata.
CVE-2023-33055
Memory Corruption in Audio while invoking callback function in driver from ADSP.
CVE-2023-33035
Memory corruption while invoking callback function of AFE from ADSP.
CVE-2023-33087
Memory corruption in Core while processing RX intent request.
CVE-2023-28541
Memory Corruption in Data Modem while processing DMA buffer release event about CFR data.
CVE-2023-28542
Memory Corruption in WLAN HOST while fetching TX status information.
CVE-2023-28584
Transient DOS in WLAN Host when a mobile station receives invalid channel in CSA IE while doing channel switch announcement (CSA).
CVE-2023-33092
Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size.
CVE-2023-21672
Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording sessions.
CVE-2023-22386
Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory.
CVE-2023-24854
Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware response message.
CVE-2023-28577
In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel address.
CVE-2023-21649
Memory corruption in WLAN while running doDriverCmd for an unspecific command.
CVE-2022-33292
Memory corruption in Qualcomm IPC due to use after free while receiving the incoming packet and reposting it.
CVE-2023-21636
Memory Corruption due to improper validation of array index in Linux while updating adn record.
CVE-2022-33231
Memory corruption due to double free in core while initializing the encryption key.
CVE-2023-28575
The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to it.
CVE-2023-22388
Memory Corruption in Multi-mode Call Processor while processing bit mask API.
CVE-2023-28554
Information Disclosure in Qualcomm IPC while reading values from shared memory in VM.
CVE-2022-33245
Memory corruption in WLAN due to use after free
CVE-2022-40514
Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame.