CVE-2024-23352 – Loop with Unreachable Exit Condition (`Infinite Loop`) in Multi Mode Call Processor
https://notcve.org/view.php?id=CVE-2024-23352
Transient DOS when NAS receives ODAC criteria of length 1 and type 1 in registration accept OTA. • https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2024-21481 – Improper Restriction of Operations within the Bounds of a Memory Buffer in Hypervisor
https://notcve.org/view.php?id=CVE-2024-21481
Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager. • https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2024-21479 – Buffer Over-read in Audio
https://notcve.org/view.php?id=CVE-2024-21479
Transient DOS during music playback of ALAC content. • https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html • CWE-126: Buffer Over-read •
CVE-2023-43555 – Buffer Over-read in Video
https://notcve.org/view.php?id=CVE-2023-43555
Information disclosure in Video while parsing mp2 clip with invalid section length. Divulgación de información en video al analizar un clip mp2 con una longitud de sección no válida. • https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2024-bulletin.html • CWE-126: Buffer Over-read •
CVE-2023-43551 – Improper Authentication in Multi-Mode Call Processor
https://notcve.org/view.php?id=CVE-2023-43551
Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command. Problema criptográfico al realizar la conexión con una red LTE, una estación base no autorizada puede omitir la fase de autenticación y enviar inmediatamente el comando del modo de seguridad. • https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2024-bulletin.html • CWE-287: Improper Authentication •