CVSS: 7.8EPSS: 0%CPEs: 112EXPL: 0CVE-2023-21654 – Improper Restriction of Operations within the Bounds of a Memory Buffer in Audio
https://notcve.org/view.php?id=CVE-2023-21654
05 Sep 2023 — Memory corruption in Audio during playback session with audio effects enabled. Corrupción de la memoria en audio durante la sesión de reproducción con efectos de audio habilitados. • https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 102EXPL: 0CVE-2023-21644 – Integer Overflow to Buffer Overflow in RIL
https://notcve.org/view.php?id=CVE-2023-21644
05 Sep 2023 — Memory corruption in RIL due to Integer Overflow while triggering qcril_uim_request_apdu request. Corrupción de memoria en RIL debido a un desbordamiento de enteros al lanzar la petición "qcril_uim_request_apdu request". • https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin • CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 102EXPL: 0CVE-2023-21636 – Improper Validation of Array Index in Linux
https://notcve.org/view.php?id=CVE-2023-21636
05 Sep 2023 — Memory Corruption due to improper validation of array index in Linux while updating adn record. orrupción de memoria debida a una validación incorrecta del índice de matriz en Linux mientras actualiza el registro adn. • https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin • CWE-129: Improper Validation of Array Index •
CVSS: 7.8EPSS: 0%CPEs: 76EXPL: 0CVE-2022-40524 – Buffer over-read in Modem
https://notcve.org/view.php?id=CVE-2022-40524
05 Sep 2023 — Memory corruption due to buffer over-read in Modem while processing SetNativeHandle RTP service. Corrupción de la memoria debido a una lectura excesiva del búfer en Modem mientras se procesa el servicio RTP SetNativeHandle. • https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 8.4EPSS: 0%CPEs: 518EXPL: 0CVE-2022-33275 – Improper validation of array index in WLAN HAL
https://notcve.org/view.php?id=CVE-2022-33275
05 Sep 2023 — Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of range. Corrupción de memoria debido a la validación incorrecta del índice de matriz en WLAN HAL cuando se recibe "lm_itemNum" estando fuera de rango. • https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin • CWE-129: Improper Validation of Array Index •
CVSS: 5.5EPSS: 0%CPEs: 90EXPL: 0CVE-2022-33220 – Buffer over-read in Automotive multimedia
https://notcve.org/view.php?id=CVE-2022-33220
05 Sep 2023 — Information disclosure in Automotive multimedia due to buffer over-read. Divulgación de información en Automotive multimedia debido a sobrelectura del búfer. • https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 7.8EPSS: 0%CPEs: 62EXPL: 0CVE-2023-28577 – Multiple Dmabuf Kernel Address UAF Vulnerability
https://notcve.org/view.php?id=CVE-2023-28577
08 Aug 2023 — In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel address. En la llamada a la función CAM_REQ_MGR_RELEASE_BUF no se comprueba si el buffer está siendo utilizado. Así que cuando una función llama a cam_mem_get_cpu_buf para obtener la va del kernel a utilizar, otro hilo puede llamar a... • https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin • CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 62EXPL: 0CVE-2023-28576 – Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Kernel Driver
https://notcve.org/view.php?id=CVE-2023-28576
08 Aug 2023 — The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to out-of-bounds read/write issues. El buffer obtenido de APIs del kernel como cam_mem_get_cpu_buf() puede ser legible/escribible en espacio de usuario después de que el kernel acceda a él. En otras palabras, el modo d... • https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 120EXPL: 0CVE-2023-28575 – Multiple Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2023-28575
08 Aug 2023 — The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to it. La función cam_get_device_priv no comprueba el tipo de manejador devuelto (device/session/link). Esto llevaría a un uso de tipo inválido si se le pasa un manejador incorrecto. • https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin • CWE-823: Use of Out-of-range Pointer Offset CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.4EPSS: 0%CPEs: 366EXPL: 0CVE-2023-28537 – Integer Overflow or Wraparound in Audio
https://notcve.org/view.php?id=CVE-2023-28537
08 Aug 2023 — Memory corruption while allocating memory in COmxApeDec module in Audio. Corrupción de memoria al asignar memoria en el módulo COmxApeDec en Audio. • https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •