CVE-2023-21659 – Buffer Over-read in WLAN Firmware
https://notcve.org/view.php?id=CVE-2023-21659
Transient DOS in WLAN Firmware while processing frames with missing header fields. • https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVE-2023-21657 – Improper Input Validation in Audio
https://notcve.org/view.php?id=CVE-2023-21657
Memoru corruption in Audio when ADSP sends input during record use case. • https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin • CWE-20: Improper Input Validation •
CVE-2022-40533 – Untrusted Pointer Dereference in Core
https://notcve.org/view.php?id=CVE-2022-40533
Transient DOS due to untrusted Pointer Dereference in core while sending USB QMI request. • https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-822: Untrusted Pointer Dereference •
CVE-2022-40529 – Improper access control in Kernel
https://notcve.org/view.php?id=CVE-2022-40529
Memory corruption due to improper access control in kernel while processing a mapping request from root process. • https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVE-2022-40523 – Information exposure in Kernel
https://notcve.org/view.php?id=CVE-2022-40523
Information disclosure in Kernel due to indirect branch misprediction. • https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •