Page 4 of 20 results (0.005 seconds)

CVSS: 8.4EPSS: 0%CPEs: 334EXPL: 0

Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool. On Qualcomm Adreno/KGSL builds where CONFIG_QCOM_KGSL_USE_SHMEM is not set (or on older KGSL versions without CONFIG_QCOM_KGSL_USE_SHMEM), KGSL allocates GPU-shared memory from its own page pool. Pages from this pool are inserted into VMAs that don't have any weird flags like VM_PFNMAP set, which means userspace can grab extra references to these pages through get_user_pages() (for example, using vmsplice()). But when GPU-shared memory is freed, KGSL puts the freed pages into its own page pool without checking the page refcount. This means that pages that are still accessible from userspace can be reallocated as GPU memory by another process. • http://packetstormsecurity.com/files/172664/Qualcomm-Adreno-KGSL-Data-Leakage.html https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 8.4EPSS: 0%CPEs: 706EXPL: 0

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target. • https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin • CWE-190: Integer Overflow or Wraparound •

CVSS: 8.2EPSS: 0%CPEs: 370EXPL: 0

Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming. • https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •

CVSS: 7.8EPSS: 0%CPEs: 450EXPL: 0

Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length. • https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin • CWE-129: Improper Validation of Array Index •

CVSS: 6.8EPSS: 0%CPEs: 452EXPL: 0

Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card. • https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin • CWE-129: Improper Validation of Array Index •