CVE-2024-33060 – Use After Free in DSP Service
https://notcve.org/view.php?id=CVE-2024-33060
Memory corruption when two threads try to map and unmap a single node simultaneously. A condition exists when fastrpc_mmap_create creates a new globally visible mapping that can lead to a use-after-free. • https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html • CWE-416: Use After Free •
CVE-2024-33052 – Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in FM Host
https://notcve.org/view.php?id=CVE-2024-33052
Memory corruption when user provides data for FM HCI command control operations. • https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2024-33051 – Buffer Over-read in WLAN Firmware
https://notcve.org/view.php?id=CVE-2024-33051
Transient DOS while processing TIM IE from beacon frame as there is no check for IE length. • https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html • CWE-126: Buffer Over-read •
CVE-2024-33050 – Buffer Over-read in WLAN Host Communication
https://notcve.org/view.php?id=CVE-2024-33050
Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper. • https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html • CWE-126: Buffer Over-read •
CVE-2024-33048 – Buffer Over-read in WLAN Host
https://notcve.org/view.php?id=CVE-2024-33048
Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame. • https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html • CWE-126: Buffer Over-read •