CVE-2022-40515 – Double free in Video
https://notcve.org/view.php?id=CVE-2022-40515
Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms. • https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin • CWE-415: Double Free •
CVE-2022-33278 – Buffer copy without checking the size of input in HLOS
https://notcve.org/view.php?id=CVE-2022-33278
Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer capacity. • https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2022-33272 – Reachable assertion in Modem
https://notcve.org/view.php?id=CVE-2022-33272
Transient DOS in modem due to reachable assertion. • https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin • CWE-617: Reachable Assertion •
CVE-2022-33260 – Stack based buffer overflow in Core
https://notcve.org/view.php?id=CVE-2022-33260
Memory corruption due to stack based buffer overflow in core while sending command from USB of large size. • https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2022-33257 – Time-of-check time-of-use race condition in Core
https://notcve.org/view.php?id=CVE-2022-33257
Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone. • https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •