CVSS: 7.8EPSS: 0%CPEs: 542EXPL: 0CVE-2023-22387 – Use of Out-of-range Pointer Offset in Qualcomm IPC
https://notcve.org/view.php?id=CVE-2023-22387
Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption. • https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin • CWE-823: Use of Out-of-range Pointer Offset •
CVSS: 7.8EPSS: 0%CPEs: 402EXPL: 0CVE-2023-22386 – Buffer Copy Without Checking Size of Input in WLAN HOST
https://notcve.org/view.php?id=CVE-2023-22386
Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory. • https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 8.4EPSS: 0%CPEs: 114EXPL: 0CVE-2023-21672 – Use After Free in Audio
https://notcve.org/view.php?id=CVE-2023-21672
Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording sessions. • https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 44EXPL: 0CVE-2023-21639 – Buffer Copy Without Checking the Size of Input in Audio
https://notcve.org/view.php?id=CVE-2023-21639
Memory corruption in Audio while processing sva_model_serializer using memory size passed by HIDL client. • https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 368EXPL: 0CVE-2023-21670 – Improper Access control in GPU Subsystem
https://notcve.org/view.php?id=CVE-2023-21670
Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode. Qualcomm Adreno/KGSL suffers from an issue where code in user-writable mapping is executed in non-protected mode. • http://packetstormsecurity.com/files/173296/Qualcomm-Adreno-KGSL-Insecure-Execution.html https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •