CVE-2023-22387 – Use of Out-of-range Pointer Offset in Qualcomm IPC
https://notcve.org/view.php?id=CVE-2023-22387
Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption. • https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin • CWE-823: Use of Out-of-range Pointer Offset •
CVE-2023-22386 – Buffer Copy Without Checking Size of Input in WLAN HOST
https://notcve.org/view.php?id=CVE-2023-22386
Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory. • https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVE-2023-21672 – Use After Free in Audio
https://notcve.org/view.php?id=CVE-2023-21672
Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording sessions. • https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin • CWE-416: Use After Free •
CVE-2023-21641 – Permissions, Privileges, and Access Controls in Display
https://notcve.org/view.php?id=CVE-2023-21641
An app with non-privileged access can change global system brightness and cause undesired system behavior. • https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2023-21638 – Incorrect Type Conversion or Cast in Video
https://notcve.org/view.php?id=CVE-2023-21638
Memory corruption in Video while calling APIs with different instance ID than the one received in initialization. • https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin • CWE-704: Incorrect Type Conversion or Cast •