CVSS: 7.1EPSS: 0%CPEs: 370EXPL: 0CVE-2023-21626 – Improper Authentication in HLOS.
https://notcve.org/view.php?id=CVE-2023-21626
08 Aug 2023 — Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key. Problema criptográfico en HLOS debido a una autenticación incorrecta al realizar comprobaciones de velocidad de clave utilizando más de una clave. • https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin • CWE-287: Improper Authentication CWE-320: Key Management Errors •
CVSS: 10.0EPSS: 0%CPEs: 408EXPL: 0CVE-2022-40510 – Buffer copy without checking size of input in Audio.
https://notcve.org/view.php?id=CVE-2022-40510
08 Aug 2023 — Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder. Corrupción de memoria debida a la copia del búfer sin comprobar el tamaño de la entrada en Audio durante una llamada de voz con el vocoder EVS. • https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin • CWE-457: Use of Uninitialized Variable CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 540EXPL: 0CVE-2023-21659 – Buffer Over-read in WLAN Firmware
https://notcve.org/view.php?id=CVE-2023-21659
06 Jun 2023 — Transient DOS in WLAN Firmware while processing frames with missing header fields. • https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 8.4EPSS: 0%CPEs: 566EXPL: 0CVE-2023-21628 – Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in WLAN HAL
https://notcve.org/view.php?id=CVE-2023-21628
06 Jun 2023 — Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command. • https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 392EXPL: 0CVE-2022-40529 – Improper access control in Kernel
https://notcve.org/view.php?id=CVE-2022-40529
06 Jun 2023 — Memory corruption due to improper access control in kernel while processing a mapping request from root process. • https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 7.1EPSS: 0%CPEs: 370EXPL: 0CVE-2022-40523 – Information exposure in Kernel
https://notcve.org/view.php?id=CVE-2022-40523
06 Jun 2023 — Information disclosure in Kernel due to indirect branch misprediction. • https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 8.4EPSS: 3%CPEs: 484EXPL: 0CVE-2022-40507 – Double free in Core
https://notcve.org/view.php?id=CVE-2022-40507
06 Jun 2023 — Memory corruption due to double free in Core while mapping HLOS address to the list. • https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin • CWE-415: Double Free •
CVSS: 8.4EPSS: 0%CPEs: 220EXPL: 0CVE-2022-33307 – Double free in Automotive
https://notcve.org/view.php?id=CVE-2022-33307
06 Jun 2023 — Memory Corruption due to double free in automotive when a bad HLOS address for one of the lists to be mapped is passed. • https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin • CWE-415: Double Free •
CVSS: 7.1EPSS: 0%CPEs: 696EXPL: 0CVE-2022-22076 – Cryptographic issue in Core
https://notcve.org/view.php?id=CVE-2022-22076
06 Jun 2023 — information disclosure due to cryptographic issue in Core during RPMB read request. • https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin • CWE-310: Cryptographic Issues •
CVSS: 7.8EPSS: 0%CPEs: 384EXPL: 0CVE-2022-40504 – Reachable assertion in Modem
https://notcve.org/view.php?id=CVE-2022-40504
02 May 2023 — Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network. • https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin • CWE-617: Reachable Assertion •