CVE-2024-21473 – Improper Input Validation in WIN SON
https://notcve.org/view.php?id=CVE-2024-21473
Memory corruption while redirecting log file to any file location with any file name. Corrupción de la memoria al redirigir el archivo de registro a cualquier ubicación de archivo con cualquier nombre de archivo. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple Qualcomm chipsets. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Qualcomm LDB service. The issue results from the lack of proper validation of user-supplied data prior to further processing. • https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html • CWE-20: Improper Input Validation •
CVE-2024-21470 – Integer Overflow to Buffer Overflow in Graphics Windows
https://notcve.org/view.php?id=CVE-2024-21470
Memory corruption while allocating memory for graphics. Corrupción de la memoria al asignar memoria para gráficos. • https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html • CWE-680: Integer Overflow to Buffer Overflow •
CVE-2024-21468 – Use After Free in Kernel
https://notcve.org/view.php?id=CVE-2024-21468
Memory corruption when there is failed unmap operation in GPU. Corrupción de la memoria cuando falla la operación de desasignación en la GPU. • https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html • CWE-416: Use After Free •
CVE-2024-21463 – Buffer Copy Without Checking Size of Input in Audio
https://notcve.org/view.php?id=CVE-2024-21463
Memory corruption while processing Codec2 during v13k decoder pitch synthesis. Corrupción de la memoria al procesar Codec2 durante la síntesis del tono del decodificador v13k. • https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2024-21454 – Integer Overflow to Buffer Overflow in Automotive Telematics
https://notcve.org/view.php?id=CVE-2024-21454
Transient DOS while decoding the ToBeSignedMessage in Automotive Telematics. DOS transitorio mientras se decodifica el mensaje ToBeSignedMessage en telemática automotriz. • https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html • CWE-680: Integer Overflow to Buffer Overflow •