CVE-2022-33305 – Null pointer dereference in Modem
https://notcve.org/view.php?id=CVE-2022-33305
Transient DOS due to NULL pointer dereference in Modem while sending invalid messages in DCCH. • https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin • CWE-476: NULL Pointer Dereference •
CVE-2023-21630 – Integer Overflow in Multimedia Framework
https://notcve.org/view.php?id=CVE-2023-21630
Memory Corruption in Multimedia Framework due to integer overflow when synx bind is called along with synx signal. • https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin • CWE-190: Integer Overflow or Wraparound CWE-191: Integer Underflow (Wrap or Wraparound) •
CVE-2022-33231 – Double free in Core
https://notcve.org/view.php?id=CVE-2022-33231
Memory corruption due to double free in core while initializing the encryption key. • https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin • CWE-415: Double Free •
CVE-2022-40540 – Buffer copy without checking the size of input in Linux Kernel
https://notcve.org/view.php?id=CVE-2022-40540
Memory corruption due to buffer copy without checking the size of input while loading firmware in Linux Kernel. • https://bugzilla.suse.com/show_bug.cgi?id=1209597 https://security.netapp.com/advisory/ntap-20230616-0001 https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2022-40537 – Improper Validation of Array Index in Bluetooth HOST
https://notcve.org/view.php?id=CVE-2022-40537
Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response. • https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin • CWE-129: Improper Validation of Array Index •