CVE-2023-21652 – Key Management Errors in HLOS
https://notcve.org/view.php?id=CVE-2023-21652
Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use. Problema criptográfico en HLOS ya que las claves derivadas utilizadas para cifrar/descifrar información están presentes en la pila después de su uso. • https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin • CWE-320: Key Management Errors CWE-798: Use of Hard-coded Credentials •
CVE-2023-21651 – Incorrect Type Conversion or Cast in Core
https://notcve.org/view.php?id=CVE-2023-21651
Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE. Corrupción de memoria en el Core debido a una conversión de tipo o cast incorrecto en la función secure_io_read/write en TEE. • https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin • CWE-704: Incorrect Type Conversion or Cast •
CVE-2023-21650 – Improper Validation of Array Index in GPS HLOS Driver
https://notcve.org/view.php?id=CVE-2023-21650
Memory Corruption in GPS HLOS Driver when injectFdclData receives data with invalid data length. Corrupción de memoria en el controlador GPS HLOS cuando injectFdclData recibe datos con una longitud de datos no válida. • https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin • CWE-129: Improper Validation of Array Index CWE-787: Out-of-bounds Write •
CVE-2023-21649 – Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in WLAN
https://notcve.org/view.php?id=CVE-2023-21649
Memory corruption in WLAN while running doDriverCmd for an unspecific command. Corrupción de memoria en WLAN al ejecutar doDriverCmd para un comando no específico. • https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVE-2023-21647 – Improper Input Validation in Bluetooth HOST
https://notcve.org/view.php?id=CVE-2023-21647
Information disclosure in Bluetooth when an GATT packet is received due to improper input validation. Revelación de información en Bluetooth cuando se recibe un paquete GATT debido a una validación de entrada incorrecta. • https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin • CWE-20: Improper Input Validation •