CVSS: 6.7EPSS: 0%CPEs: 58EXPL: 0CVE-2024-33053 – Use After Free in Video
https://notcve.org/view.php?id=CVE-2024-33053
02 Dec 2024 — Memory corruption when multiple threads try to unregister the CVP buffer at the same time. Corrupción de memoria cuando varios subprocesos intentan anular el registro del búfer CVP al mismo tiempo. • https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2024-bulletin.html • CWE-416: Use After Free •
CVSS: 6.1EPSS: 0%CPEs: 53EXPL: 0CVE-2024-33037 – Buffer Over-read in Neural Processing Unit
https://notcve.org/view.php?id=CVE-2024-33037
02 Dec 2024 — Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesn`t validate the IPC message received from the firmware. La divulgación de información ya que el firmware de la NPU puede enviar un mensaje IPC no válido al controlador de la NPU ya que el controlador no valida el mensaje IPC recibido del firmware. • https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2024-bulletin.html • CWE-126: Buffer Over-read •
CVSS: 6.7EPSS: 0%CPEs: 54EXPL: 0CVE-2024-33036 – Use of Out-of-range Pointer Offset in Camera Driver
https://notcve.org/view.php?id=CVE-2024-33036
02 Dec 2024 — Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access. Corrupción de memoria al analizar paquetes de sensores en el controlador de la cámara, se utiliza una variable de espacio de usuario al asignar memoria en el kernel y analizar, lo que puede generar una asignación enorme o un acceso a memoria no válido. • https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2024-bulletin.html • CWE-823: Use of Out-of-range Pointer Offset •
CVSS: 7.8EPSS: 0%CPEs: 42EXPL: 0CVE-2024-38401 – Use After Free in Qualcomm IPC
https://notcve.org/view.php?id=CVE-2024-38401
02 Sep 2024 — Memory corruption while processing concurrent IOCTL calls. e.g. qrtr_bpf_filter_attach and qrtr_bpf_filter_detach. In the case of qrtr_bpf_filter_detach, the global pointer bpf_filter is fetched and freed while only holding a socket lock (and an irrelevant rcu_read_lock) - this may lead directly to double frees or use-after-free (kernel memory corruption) if a malicious user is able to call the QRTR_DETTACH_BPF ioctl on multiple AF_QIPCRTR sockets at once. Based on Android SELinux files, it appears this may... • https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html • CWE-416: Use After Free •
CVSS: 8.4EPSS: 0%CPEs: 444EXPL: 0CVE-2024-23373 – Use After Free in Graphics
https://notcve.org/view.php?id=CVE-2024-23373
01 Jul 2024 — Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released. Corrupción de la memoria cuando falla la operación de desasignación de IOMMU, se liberan los búferes DMA y anon. • https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 622EXPL: 0CVE-2024-21462 – Buffer Over-read in TZ Secure OS
https://notcve.org/view.php?id=CVE-2024-21462
01 Jul 2024 — Transient DOS while loading the TA ELF file. DOS transitorio mientras se carga el archivo TA ELF. • https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 8.4EPSS: 0%CPEs: 626EXPL: 0CVE-2024-21461 – Double Free in HLOS
https://notcve.org/view.php?id=CVE-2024-21461
01 Jul 2024 — Memory corruption while performing finish HMAC operation when context is freed by keymaster. Corrupción de la memoria al realizar la operación de finalización de HMAC cuando Keymaster libera el contexto. • https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 85EXPL: 0CVE-2023-43521 – Use After Free in HLOS
https://notcve.org/view.php?id=CVE-2023-43521
06 May 2024 — Memory corruption when multiple listeners are being registered with the same file descriptor. Corrupción de la memoria cuando se registran varios oyentes con el mismo descriptor de archivo. • https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2024-bulletin.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 534EXPL: 0CVE-2023-43513 – Use of Out-of-range Pointer Offset in PCIe
https://notcve.org/view.php?id=CVE-2023-43513
06 Feb 2024 — Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element. Corrupción de la memoria al procesar el anillo de eventos, el puntero de lectura de contexto no es confiable para HLOS y cuando se pasa con valores arbitrarios, puede apuntar a la dirección en el medio del elemento del anillo. • https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin • CWE-787: Out-of-bounds Write CWE-823: Use of Out-of-range Pointer Offset •
CVSS: 7.8EPSS: 0%CPEs: 192EXPL: 0CVE-2023-33077 – Buffer Copy Without Checking Size of Input in HLOS
https://notcve.org/view.php?id=CVE-2023-33077
06 Feb 2024 — Memory corruption in HLOS while converting from authorization token to HIDL vector. Corrupción de la memoria en HLOS al convertir del token de autorización al vector HIDL. • https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •