Page 7 of 104 results (0.005 seconds)

CVSS: 8.4EPSS: 0%CPEs: 334EXPL: 0

Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool. On Qualcomm Adreno/KGSL builds where CONFIG_QCOM_KGSL_USE_SHMEM is not set (or on older KGSL versions without CONFIG_QCOM_KGSL_USE_SHMEM), KGSL allocates GPU-shared memory from its own page pool. Pages from this pool are inserted into VMAs that don't have any weird flags like VM_PFNMAP set, which means userspace can grab extra references to these pages through get_user_pages() (for example, using vmsplice()). But when GPU-shared memory is freed, KGSL puts the freed pages into its own page pool without checking the page refcount. This means that pages that are still accessible from userspace can be reallocated as GPU memory by another process. • http://packetstormsecurity.com/files/172664/Qualcomm-Adreno-KGSL-Data-Leakage.html https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 8.4EPSS: 0%CPEs: 442EXPL: 0

Memory corruption in Graphics while importing a file. Qualcomm Adreno/KGSL suffers from an unchecked cast of vma->vm_file->private_data in kgsl_setup_dmabuf_useraddr(). • http://packetstormsecurity.com/files/172663/Qualcomm-Adreno-KGSL-Unchecked-Cast-Type-Confusion.html https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin • CWE-704: Incorrect Type Conversion or Cast •

CVSS: 8.4EPSS: 0%CPEs: 706EXPL: 0

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target. • https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin • CWE-190: Integer Overflow or Wraparound •

CVSS: 8.2EPSS: 0%CPEs: 370EXPL: 0

Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming. • https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •

CVSS: 7.8EPSS: 0%CPEs: 450EXPL: 0

Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length. • https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin • CWE-129: Improper Validation of Array Index •