CVE-2024-33028 – Use After Free in Automotive Telematics
https://notcve.org/view.php?id=CVE-2024-33028
Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released. • https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html • CWE-416: Use After Free •
CVE-2024-33027 – Improper Access Control in Graphics Linux
https://notcve.org/view.php?id=CVE-2024-33027
Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table. • https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html • CWE-284: Improper Access Control •
CVE-2024-33023 – Use After Free in Graphics Linux
https://notcve.org/view.php?id=CVE-2024-33023
Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events. • https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html • CWE-416: Use After Free •
CVE-2024-33022 – Integer Overflow or Wraparound in Automotive GPU
https://notcve.org/view.php?id=CVE-2024-33022
Memory corruption while allocating memory in HGSL driver. • https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html • CWE-190: Integer Overflow or Wraparound •
CVE-2024-33021 – Use of Uninitialized Variable in Automotive GPU
https://notcve.org/view.php?id=CVE-2024-33021
Memory corruption while processing IOCTL call to set metainfo. • https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html • CWE-457: Use of Uninitialized Variable •