CVSS: 7.8EPSS: 0%CPEs: 120EXPL: 0CVE-2024-23369 – Improper Restriction of Operations within the Bounds of a Memory Buffer in HLOS
https://notcve.org/view.php?id=CVE-2024-23369
07 Oct 2024 — Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers. • https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 448EXPL: 0CVE-2024-21469 – Permissions, Privileges, and Access Control issues in TZ Secure OS
https://notcve.org/view.php?id=CVE-2024-21469
01 Jul 2024 — Memory corruption when an invoke call and a TEE call are bound for the same trusted application. Corrupción de la memoria cuando una llamada de invocación y una llamada TEE están vinculadas a la misma aplicación confiable. • https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html • CWE-264: Permissions, Privileges, and Access Controls CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 518EXPL: 0CVE-2024-21465 – Buffer Over-read in Trusted Execution Environment
https://notcve.org/view.php?id=CVE-2024-21465
01 Jul 2024 — Memory corruption while processing key blob passed by the user. Corrupción de la memoria al procesar el blob de claves pasado por el usuario. • https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 7.1EPSS: 0%CPEs: 622EXPL: 0CVE-2024-21462 – Buffer Over-read in TZ Secure OS
https://notcve.org/view.php?id=CVE-2024-21462
01 Jul 2024 — Transient DOS while loading the TA ELF file. DOS transitorio mientras se carga el archivo TA ELF. • https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 7.8EPSS: 0%CPEs: 624EXPL: 0CVE-2023-43536 – Buffer Over-read in WLAN Firmware
https://notcve.org/view.php?id=CVE-2023-43536
06 Feb 2024 — Transient DOS while parse fils IE with length equal to 1. DOS transitorio mientras analiza fils IE con una longitud igual a 1. • https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin • CWE-126: Buffer Over-read •
CVSS: 7.8EPSS: 0%CPEs: 482EXPL: 0CVE-2023-43533 – Buffer Over-read in WLAN Firmware
https://notcve.org/view.php?id=CVE-2023-43533
06 Feb 2024 — Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame. DOS transitorio en el firmware WLAN cuando la longitud de la baliza recibida es menor que la longitud de la frame de la baliza ieee802.11. • https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 7.8EPSS: 0%CPEs: 578EXPL: 0CVE-2023-43522 – NULL Pointer Dereference in WLAN Firmware
https://notcve.org/view.php?id=CVE-2023-43522
06 Feb 2024 — Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL. DOS transitorio durante el proceso de desencapsulación de claves, cuando la clave cifrada proporcionada está vacía o es NULL. • https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 308EXPL: 0CVE-2023-33076 – Configuration Issue in Core
https://notcve.org/view.php?id=CVE-2023-33076
06 Feb 2024 — Memory corruption in Core when updating rollback version for TA and OTA feature is enabled. La corrupción de la memoria en Core cuando se habilita la actualización de la versión de reversión para la función TA y OTA. • https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin • CWE-16: Configuration CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 496EXPL: 0CVE-2023-33072 – Buffer copy without checking size of Input in Core
https://notcve.org/view.php?id=CVE-2023-33072
06 Feb 2024 — Memory corruption in Core while processing control functions. Corrupción de la memoria en Core durante el procesamiento de funciones de control. • https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 98EXPL: 0CVE-2023-33046 – Time-of-check Time-of-use (TOCTOU) Race Condition in Trusted Execution Environment
https://notcve.org/view.php?id=CVE-2023-33046
06 Feb 2024 — Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation. Corrupción de la memoria en Trusted Execution Environment al desinicializar un objeto utilizado para la validación de la licencia. • https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-787: Out-of-bounds Write •