CVSS: 7.8EPSS: 0%CPEs: 372EXPL: 0CVE-2023-28548 – Improper Validation of Array Index in WLAN HAL
https://notcve.org/view.php?id=CVE-2023-28548
05 Sep 2023 — Memory corruption in WLAN HAL while processing Tx/Rx commands from QDART. Corrupción de memoria en WLAN HAL al procesar comandos Tx/Rx desde QDART. • https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin • CWE-129: Improper Validation of Array Index •
CVSS: 7.8EPSS: 0%CPEs: 418EXPL: 0CVE-2023-28544 – Buffer Copy without Checking the Size of Input in WLAN Firmware
https://notcve.org/view.php?id=CVE-2023-28544
05 Sep 2023 — Memory corruption in WLAN while sending transmit command from HLOS to UTF handlers. Corrupción de memoria en WLAN al enviar comandos de transmisión desde HLOS a controladores UTF. • https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.4EPSS: 0%CPEs: 260EXPL: 0CVE-2023-28538 – Stack-based Buffer Overflow in WIN Product
https://notcve.org/view.php?id=CVE-2023-28538
05 Sep 2023 — Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region. Corrupción de la memoria en el producto WIN al invocar el controlador de actualización WinAcpi en la región UEFI. • https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 62EXPL: 0CVE-2023-28577 – Multiple Dmabuf Kernel Address UAF Vulnerability
https://notcve.org/view.php?id=CVE-2023-28577
08 Aug 2023 — In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel address. En la llamada a la función CAM_REQ_MGR_RELEASE_BUF no se comprueba si el buffer está siendo utilizado. Así que cuando una función llama a cam_mem_get_cpu_buf para obtener la va del kernel a utilizar, otro hilo puede llamar a... • https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin • CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 62EXPL: 0CVE-2023-28576 – Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Kernel Driver
https://notcve.org/view.php?id=CVE-2023-28576
08 Aug 2023 — The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to out-of-bounds read/write issues. El buffer obtenido de APIs del kernel como cam_mem_get_cpu_buf() puede ser legible/escribible en espacio de usuario después de que el kernel acceda a él. En otras palabras, el modo d... • https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 120EXPL: 0CVE-2023-28575 – Multiple Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2023-28575
08 Aug 2023 — The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to it. La función cam_get_device_priv no comprueba el tipo de manejador devuelto (device/session/link). Esto llevaría a un uso de tipo inválido si se le pasa un manejador incorrecto. • https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin • CWE-823: Use of Out-of-range Pointer Offset CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 376EXPL: 0CVE-2023-28542 – Buffer Over-read in WLAN HOST
https://notcve.org/view.php?id=CVE-2023-28542
04 Jul 2023 — Memory Corruption in WLAN HOST while fetching TX status information. • https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 7.8EPSS: 0%CPEs: 398EXPL: 0CVE-2023-28541 – Buffer Over-read in WLAN Host
https://notcve.org/view.php?id=CVE-2023-28541
04 Jul 2023 — Memory Corruption in Data Modem while processing DMA buffer release event about CFR data. • https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 7.8EPSS: 0%CPEs: 326EXPL: 0CVE-2023-24854 – Stack-based Buffer Overflow in WLAN HOST
https://notcve.org/view.php?id=CVE-2023-24854
04 Jul 2023 — Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware response message. • https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 382EXPL: 0CVE-2023-24851 – Buffer Copy Without Checking Size of Input in WLAN HOST
https://notcve.org/view.php?id=CVE-2023-24851
04 Jul 2023 — Memory Corruption in WLAN HOST while parsing QMI response message from firmware. • https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •