CVSS: 7.8EPSS: 0%CPEs: 282EXPL: 0CVE-2023-33117 – Use After Free in Audio
https://notcve.org/view.php?id=CVE-2023-33117
02 Jan 2024 — Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command. Corrupción de la memoria cuando HLOS asigna el búfer de payload de respuesta para copiar los datos recibidos de ADSP en respuesta al comando AVCS_LOAD_MODULE. • https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin • CWE-416: Use After Free •
CVSS: 8.4EPSS: 0%CPEs: 224EXPL: 0CVE-2023-33114 – Use after free in Neural Processing Unit
https://notcve.org/view.php?id=CVE-2023-33114
02 Jan 2024 — Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time. Corrupción de la memoria al ejecutar NPU, cuando los comandos NETWORK_UNLOAD y (NETWORK_UNLOAD o NETWORK_EXECUTE_V2) se envían al mismo tiempo. • https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin • CWE-416: Use After Free •
CVSS: 8.4EPSS: 0%CPEs: 254EXPL: 0CVE-2023-33113 – Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Kernel
https://notcve.org/view.php?id=CVE-2023-33113
02 Jan 2024 — Memory corruption when resource manager sends the host kernel a reply message with multiple fragments. Corrupción de la memoria cuando el administrador de recursos envía al kernel del host un mensaje de respuesta con múltiples fragmentos. • https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 254EXPL: 0CVE-2023-33112 – Buffer Over-read in WLAN Firmware
https://notcve.org/view.php?id=CVE-2023-33112
02 Jan 2024 — Transient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA element. DOS transitorio cuando el firmware WLAN recibe una trama de "reassoc response" que incluye el elemento RIC_DATA. • https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin • CWE-126: Buffer Over-read •
CVSS: 7.8EPSS: 0%CPEs: 252EXPL: 0CVE-2023-33110 – Use of Out-of-range Pointer Offset in Audio
https://notcve.org/view.php?id=CVE-2023-33110
02 Jan 2024 — The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption. La variable de índice de sesión en el controlador de audio de voz del host PCM que se inicializa antes de abrir el PCM, a la que se accede durante la devolución de llamada de evento desde ADSP y se restablece durante el cierre de PCM puede prov... • https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-823: Use of Out-of-range Pointer Offset •
CVSS: 7.8EPSS: 0%CPEs: 626EXPL: 0CVE-2023-33109 – NULL Pointer Dereference in WLAN Firmware
https://notcve.org/view.php?id=CVE-2023-33109
02 Jan 2024 — Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host. DOS transitorio mientras se procesa un comando de inicio de escucha WMI P2P (0xD00A) enviado desde el host. • https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin • CWE-476: NULL Pointer Dereference •
CVSS: 8.4EPSS: 0%CPEs: 52EXPL: 0CVE-2023-33108 – Use After Free in Graphics
https://notcve.org/view.php?id=CVE-2023-33108
02 Jan 2024 — Memory corruption in Graphics Driver when destroying a context with KGSL_GPU_AUX_COMMAND_TIMELINE objects queued. Corrupción de la memoria en el controlador de gráficos al destruir un contexto con objetos KGSL_GPU_AUX_COMMAND_TIMELINE en cola. • https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin • CWE-416: Use After Free •
CVSS: 8.4EPSS: 0%CPEs: 250EXPL: 0CVE-2023-33094 – Use After Free in Linux Graphics
https://notcve.org/view.php?id=CVE-2023-33094
02 Jan 2024 — Memory corruption while running VK synchronization with KASAN enabled. Corrupción de la memoria al ejecutar la sincronización VK con KASAN habilitado. • https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 210EXPL: 0CVE-2023-33085 – Buffer Copy Without Checking Size of Input (Classic Buffer Overflow) in Wearables
https://notcve.org/view.php?id=CVE-2023-33085
02 Jan 2024 — Memory corruption in wearables while processing data from AON. Corrupción de la memoria en dispositivos portátiles al procesar datos de AON. • https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 586EXPL: 0CVE-2023-33062 – Buffer Over-read in WLAN Firmware
https://notcve.org/view.php?id=CVE-2023-33062
02 Jan 2024 — Transient DOS in WLAN Firmware while parsing a BTM request. DOS transitorio en el firmware WLAN mientras se analiza una solicitud BTM. • https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin • CWE-126: Buffer Over-read •