CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2024-49840 – Use of Out-of-range Pointer Offset in WLAN Windows Host
https://notcve.org/view.php?id=CVE-2024-49840
03 Feb 2025 — Memory corruption while Invoking IOCTL calls from user-space to validate FIPS encryption or decryption functionality. • https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html • CWE-823: Use of Out-of-range Pointer Offset •
CVSS: 7.8EPSS: 0%CPEs: 120EXPL: 0CVE-2024-23369 – Improper Restriction of Operations within the Bounds of a Memory Buffer in HLOS
https://notcve.org/view.php?id=CVE-2024-23369
07 Oct 2024 — Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers. • https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 448EXPL: 0CVE-2024-21469 – Permissions, Privileges, and Access Control issues in TZ Secure OS
https://notcve.org/view.php?id=CVE-2024-21469
01 Jul 2024 — Memory corruption when an invoke call and a TEE call are bound for the same trusted application. Corrupción de la memoria cuando una llamada de invocación y una llamada TEE están vinculadas a la misma aplicación confiable. • https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html • CWE-264: Permissions, Privileges, and Access Controls CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 518EXPL: 0CVE-2024-21465 – Buffer Over-read in Trusted Execution Environment
https://notcve.org/view.php?id=CVE-2024-21465
01 Jul 2024 — Memory corruption while processing key blob passed by the user. Corrupción de la memoria al procesar el blob de claves pasado por el usuario. • https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 7.1EPSS: 0%CPEs: 622EXPL: 0CVE-2024-21462 – Buffer Over-read in TZ Secure OS
https://notcve.org/view.php?id=CVE-2024-21462
01 Jul 2024 — Transient DOS while loading the TA ELF file. DOS transitorio mientras se carga el archivo TA ELF. • https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 8.4EPSS: 0%CPEs: 626EXPL: 0CVE-2024-21461 – Double Free in HLOS
https://notcve.org/view.php?id=CVE-2024-21461
01 Jul 2024 — Memory corruption while performing finish HMAC operation when context is freed by keymaster. Corrupción de la memoria al realizar la operación de finalización de HMAC cuando Keymaster libera el contexto. • https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html • CWE-415: Double Free •
CVSS: 8.4EPSS: 0%CPEs: 12EXPL: 0CVE-2024-23360 – Improper Access Control in Graphics Windows
https://notcve.org/view.php?id=CVE-2024-23360
03 Jun 2024 — Memory corruption while creating a LPAC client as LPAC engine was allowed to access GPU registers. Corrupción de la memoria al crear un cliente LPAC, ya que al motor LPAC se le permitió acceder a los registros de GPU. • https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2024-bulletin.html • CWE-284: Improper Access Control •
CVSS: 8.4EPSS: 0%CPEs: 25EXPL: 0CVE-2024-21474 – Stack-based Buffer Overflow in PMIC
https://notcve.org/view.php?id=CVE-2024-21474
06 May 2024 — Memory corruption when size of buffer from previous call is used without validation or re-initialization. Corrupción de la memoria cuando se utiliza el tamaño del búfer de la llamada anterior sin validación o reinicialización. • https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2024-bulletin.html • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 624EXPL: 0CVE-2023-43536 – Buffer Over-read in WLAN Firmware
https://notcve.org/view.php?id=CVE-2023-43536
06 Feb 2024 — Transient DOS while parse fils IE with length equal to 1. DOS transitorio mientras analiza fils IE con una longitud igual a 1. • https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin • CWE-126: Buffer Over-read •
CVSS: 8.4EPSS: 0%CPEs: 26EXPL: 0CVE-2023-43535 – Improper Validation of Array Index in Display
https://notcve.org/view.php?id=CVE-2023-43535
06 Feb 2024 — Memory corruption when negative display IDs are sent as input while processing DISPLAYESCAPE event trigger. Corrupción de la memoria cuando se envían ID de visualización negativos como entrada mientras se procesa el activador del evento DISPLAYESCAPE. • https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin • CWE-129: Improper Validation of Array Index •