CVSS: 8.4EPSS: 3%CPEs: 484EXPL: 0CVE-2022-40507 – Double free in Core
https://notcve.org/view.php?id=CVE-2022-40507
06 Jun 2023 — Memory corruption due to double free in Core while mapping HLOS address to the list. • https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 98EXPL: 0CVE-2022-33263 – Use after free in Core
https://notcve.org/view.php?id=CVE-2022-33263
06 Jun 2023 — Memory corruption due to use after free in Core when multiple DCI clients register and deregister. • https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 92EXPL: 0CVE-2022-33224 – Buffer copy without checking the size of input in Core
https://notcve.org/view.php?id=CVE-2022-33224
06 Jun 2023 — Memory corruption in core due to buffer copy without check9ing the size of input while processing ioctl queries. • https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.1EPSS: 0%CPEs: 696EXPL: 0CVE-2022-22076 – Cryptographic issue in Core
https://notcve.org/view.php?id=CVE-2022-22076
06 Jun 2023 — information disclosure due to cryptographic issue in Core during RPMB read request. • https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin • CWE-310: Cryptographic Issues •
CVSS: 8.4EPSS: 0%CPEs: 334EXPL: 1CVE-2023-21666 – Improper Release of Memory Before Removing Last Reference (`Memory Leak`) in Graphics
https://notcve.org/view.php?id=CVE-2023-21666
02 May 2023 — Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool. On Qualcomm Adreno/KGSL builds where CONFIG_QCOM_KGSL_USE_SHMEM is not set (or on older KGSL versions without CONFIG_QCOM_KGSL_USE_SHMEM), KGSL allocates GPU-shared memory from its own page pool. Pages from this pool are inserted into VMAs that don't have any weird flags like VM_PFNMAP set, which means userspace can grab extra references to these pages through get_user_pages() (for example, using vmsplice()). But whe... • https://packetstorm.news/files/id/172664 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 8.4EPSS: 0%CPEs: 442EXPL: 1CVE-2023-21665 – Incorrect Type Conversion or Cast in Graphics
https://notcve.org/view.php?id=CVE-2023-21665
02 May 2023 — Memory corruption in Graphics while importing a file. Qualcomm Adreno/KGSL suffers from an unchecked cast of vma->vm_file->private_data in kgsl_setup_dmabuf_useraddr(). • https://packetstorm.news/files/id/172663 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 9.3EPSS: 0%CPEs: 438EXPL: 0CVE-2022-33231 – Double free in Core
https://notcve.org/view.php?id=CVE-2022-33231
04 Apr 2023 — Memory corruption due to double free in core while initializing the encryption key. • https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 92EXPL: 0CVE-2022-33260 – Stack based buffer overflow in Core
https://notcve.org/view.php?id=CVE-2022-33260
07 Mar 2023 — Memory corruption due to stack based buffer overflow in core while sending command from USB of large size. • https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 314EXPL: 0CVE-2022-33242 – Improper authentication in Qualcomm IPC
https://notcve.org/view.php?id=CVE-2022-33242
07 Mar 2023 — Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD. • https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin • CWE-287: Improper Authentication •
CVSS: 6.2EPSS: 0%CPEs: 366EXPL: 0CVE-2022-22075 – Information Exposure in Graphics
https://notcve.org/view.php?id=CVE-2022-22075
07 Mar 2023 — Information Disclosure in Graphics during GPU context switch. • https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •