CVE-2024-23373 – Use After Free in Graphics
https://notcve.org/view.php?id=CVE-2024-23373
Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released. Corrupción de la memoria cuando falla la operación de desasignación de IOMMU, se liberan los búferes DMA y anon. • https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html • CWE-416: Use After Free •
CVE-2024-21462 – Buffer Over-read in TZ Secure OS
https://notcve.org/view.php?id=CVE-2024-21462
Transient DOS while loading the TA ELF file. DOS transitorio mientras se carga el archivo TA ELF. • https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVE-2024-21461 – Double Free in HLOS
https://notcve.org/view.php?id=CVE-2024-21461
Memory corruption while performing finish HMAC operation when context is freed by keymaster. Corrupción de la memoria al realizar la operación de finalización de HMAC cuando Keymaster libera el contexto. • https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html • CWE-415: Double Free •
CVE-2023-43513 – Use of Out-of-range Pointer Offset in PCIe
https://notcve.org/view.php?id=CVE-2023-43513
Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element. Corrupción de la memoria al procesar el anillo de eventos, el puntero de lectura de contexto no es confiable para HLOS y cuando se pasa con valores arbitrarios, puede apuntar a la dirección en el medio del elemento del anillo. • https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin • CWE-787: Out-of-bounds Write CWE-823: Use of Out-of-range Pointer Offset •
CVE-2023-33077 – Buffer Copy Without Checking Size of Input in HLOS
https://notcve.org/view.php?id=CVE-2023-33077
Memory corruption in HLOS while converting from authorization token to HIDL vector. Corrupción de la memoria en HLOS al convertir del token de autorización al vector HIDL. • https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •