Page 34 of 468 results (0.005 seconds)

CVSS: 7.8EPSS: 0%CPEs: 92EXPL: 0

Memory corruption in core due to buffer copy without check9ing the size of input while processing ioctl queries. • https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.1EPSS: 0%CPEs: 696EXPL: 0

information disclosure due to cryptographic issue in Core during RPMB read request. • https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin • CWE-310: Cryptographic Issues •

CVSS: 7.5EPSS: 0%CPEs: 384EXPL: 0

Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network. • https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin • CWE-617: Reachable Assertion •

CVSS: 7.3EPSS: 0%CPEs: 204EXPL: 0

Information disclosure due to buffer over-read in Trusted Execution Environment while QRKS report generation. • https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •

CVSS: 8.4EPSS: 0%CPEs: 334EXPL: 0

Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool. On Qualcomm Adreno/KGSL builds where CONFIG_QCOM_KGSL_USE_SHMEM is not set (or on older KGSL versions without CONFIG_QCOM_KGSL_USE_SHMEM), KGSL allocates GPU-shared memory from its own page pool. Pages from this pool are inserted into VMAs that don't have any weird flags like VM_PFNMAP set, which means userspace can grab extra references to these pages through get_user_pages() (for example, using vmsplice()). But when GPU-shared memory is freed, KGSL puts the freed pages into its own page pool without checking the page refcount. This means that pages that are still accessible from userspace can be reallocated as GPU memory by another process. • http://packetstormsecurity.com/files/172664/Qualcomm-Adreno-KGSL-Data-Leakage.html https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin • CWE-401: Missing Release of Memory after Effective Lifetime •