CVSS: 7.8EPSS: 0%CPEs: 686EXPL: 0CVE-2024-23368 – Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Qualcomm IPC
https://notcve.org/view.php?id=CVE-2024-23368
01 Jul 2024 — Memory corruption when allocating and accessing an entry in an SMEM partition. Corrupción de la memoria al asignar y acceder a una entrada en una partición SMEM. • https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 518EXPL: 0CVE-2024-21465 – Buffer Over-read in Trusted Execution Environment
https://notcve.org/view.php?id=CVE-2024-21465
01 Jul 2024 — Memory corruption while processing key blob passed by the user. Corrupción de la memoria al procesar el blob de claves pasado por el usuario. • https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 7.1EPSS: 0%CPEs: 622EXPL: 0CVE-2024-21462 – Buffer Over-read in TZ Secure OS
https://notcve.org/view.php?id=CVE-2024-21462
01 Jul 2024 — Transient DOS while loading the TA ELF file. DOS transitorio mientras se carga el archivo TA ELF. • https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 8.4EPSS: 0%CPEs: 626EXPL: 0CVE-2024-21461 – Double Free in HLOS
https://notcve.org/view.php?id=CVE-2024-21461
01 Jul 2024 — Memory corruption while performing finish HMAC operation when context is freed by keymaster. Corrupción de la memoria al realizar la operación de finalización de HMAC cuando Keymaster libera el contexto. • https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html • CWE-415: Double Free •
CVSS: 9.3EPSS: 0%CPEs: 240EXPL: 0CVE-2023-33032 – Integer Overflow or Wraparound in TZ Secure OS
https://notcve.org/view.php?id=CVE-2023-33032
02 Jan 2024 — Memory corruption in TZ Secure OS while requesting a memory allocation from TA region. Corrupción de la memoria en TZ Secure OS al solicitar una asignación de memoria de la región TA. • https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 602EXPL: 0CVE-2023-33030 – Buffer Copy without Checking Size of Input in HLOS
https://notcve.org/view.php?id=CVE-2023-33030
02 Jan 2024 — Memory corruption in HLOS while running playready use-case. Corrupción de la memoria en HLOS mientras se ejecuta el caso de uso de PlayReady. • https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 554EXPL: 0CVE-2023-33017 – Buffer Copy Without Checking Size of Input in Boot
https://notcve.org/view.php?id=CVE-2023-33017
05 Dec 2023 — Memory corruption in Boot while running a ListVars test in UEFI Menu during boot. Corrupción de la memoria en el arranque mientras se ejecuta una prueba ListVars en el menú UEFI durante el arranque. • https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 626EXPL: 0CVE-2023-28586 – Improper Restriction of Operation within the Bounds of a Memory Buffer in TZ Secure OS
https://notcve.org/view.php?id=CVE-2023-28586
05 Dec 2023 — Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. Divulgación de información cuando se accede a las direcciones de símbolos de metadatos de la aplicación confiable mientras se carga un ELF en TEE. • https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 562EXPL: 0CVE-2023-28585 – Integer Overflow to Buffer Overflow in TZ Secure OS
https://notcve.org/view.php?id=CVE-2023-28585
05 Dec 2023 — Memory corruption while loading an ELF segment in TEE Kernel. Corrupción de la memoria al cargar un segmento ELF en TEE Kernel. • https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 458EXPL: 0CVE-2023-28556 – Improper Authorization in HLOS
https://notcve.org/view.php?id=CVE-2023-28556
07 Nov 2023 — Cryptographic issue in HLOS during key management. Problema criptográfico en HLOS durante la gestión de claves. • https://www.qualcomm.com/company/product-security/bulletins/november-2023-bulletin • CWE-285: Improper Authorization •