CVE-2024-23362 – Improper Input Validation in Trusted Execution Environment
https://notcve.org/view.php?id=CVE-2024-23362
Cryptographic issue while parsing RSA keys in COBR format. • https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html • CWE-20: Improper Input Validation •
CVE-2024-23359 – Buffer Over-read in Multi Mode Call Processor
https://notcve.org/view.php?id=CVE-2024-23359
Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network. • https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html • CWE-126: Buffer Over-read •
CVE-2024-23358 – Buffer Over-read in Multi Mode Call Processor
https://notcve.org/view.php?id=CVE-2024-23358
Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem. • https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html • CWE-126: Buffer Over-read •
CVE-2024-33034 – Use After Free in Graphics Linux
https://notcve.org/view.php?id=CVE-2024-33034
Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory buffers are performed at the same time. • https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html • CWE-416: Use After Free •
CVE-2024-33028 – Use After Free in Automotive Telematics
https://notcve.org/view.php?id=CVE-2024-33028
Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released. • https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html • CWE-416: Use After Free •