CVE-2023-33106 – Qualcomm Multiple Chipsets Use of Out-of-Range Pointer Offset Vulnerability
https://notcve.org/view.php?id=CVE-2023-33106
Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND. Corrupción de la memoria al enviar una lista grande de puntos de sincronización en un comando AUX al IOCTL_KGSL_GPU_AUX_COMMAND. Multiple Qualcomm chipsets contain a use of out-of-range pointer offset vulnerability due to memory corruption in Graphics while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND. • https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-823: Use of Out-of-range Pointer Offset •
CVE-2023-33092 – Buffer Copy Without Checking Size of Input in Bluetooth HOST
https://notcve.org/view.php?id=CVE-2023-33092
Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size. Corrupción de la memoria al procesar la respuesta del PIN en Bluetooth, cuando el código PIN recibido desde la capa de la APLICACIÓN es mayor que el tamaño esperado. • https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2023-28588 – Integer Overflow or Wraparound in Bluetooth Host
https://notcve.org/view.php?id=CVE-2023-28588
Transient DOS in Bluetooth Host while rfc slot allocation. DOS transitorio en el host Bluetooth mientras se asigna la ranura RFC. • https://github.com/Trinadh465/CVE-2023-28588 https://github.com/uthrasri/CVE-2023-28588 https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin • CWE-190: Integer Overflow or Wraparound •
CVE-2023-28551 – Improper Restriction of Operations within the Bounds of a Memory Buffer in UTILS
https://notcve.org/view.php?id=CVE-2023-28551
Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments. Corrupción de la memoria en UTILS cuando el módem procesa comandos Diag específicos de la memoria que tienen valores de dirección arbitrarios como argumentos de entrada. • https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2023-28550 – Improper Restriction of Operations within the Bounds of a Memory Buffer in MPP Performance
https://notcve.org/view.php?id=CVE-2023-28550
Memory corruption in MPP performance while accessing DSM watermark using external memory address. Corrupción de la memoria en el rendimiento de MPP al acceder a la marca de agua DSM mediante una dirección de memoria externa. • https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •