CVSS: 7.5EPSS: 0%CPEs: 103EXPL: 0CVE-2024-38405 – Buffer Over-read in WLAN Host
https://notcve.org/view.php?id=CVE-2024-38405
04 Nov 2024 — Transient DOS while processing the CU information from RNR IE. • https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2024-bulletin.html • CWE-126: Buffer Over-read •
CVSS: 6.7EPSS: 0%CPEs: 22EXPL: 0CVE-2024-33030 – Buffer Copy without Checking Size of Input (`Classic Buffer Overflow`) in Performance
https://notcve.org/view.php?id=CVE-2024-33030
04 Nov 2024 — Memory corruption while parsing IPC frequency table parameters for LPLH that has size greater than expected size. • https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2024-bulletin.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-33029 – Use After Free in DSP Services
https://notcve.org/view.php?id=CVE-2024-33029
04 Nov 2024 — Memory corruption while handling the PDR in driver for getting the remote heap maps. • https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2024-bulletin.html • CWE-416: Use After Free •
CVSS: 6.7EPSS: 0%CPEs: 20EXPL: 0CVE-2024-23378 – Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Audio
https://notcve.org/view.php?id=CVE-2024-23378
07 Oct 2024 — Memory corruption while invoking IOCTL calls for MSM module from the user space during audio playback and record. • https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.7EPSS: 0%CPEs: 26EXPL: 0CVE-2024-23374 – Stack-based Buffer Overflow in Power Management IC
https://notcve.org/view.php?id=CVE-2024-23374
07 Oct 2024 — Memory corruption is possible when an attempt is made from userspace or console to write some haptics effects pattern to the haptics debugfs file. • https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html • CWE-121: Stack-based Buffer Overflow •
CVSS: 6.7EPSS: 0%CPEs: 11EXPL: 0CVE-2024-23370 – Use After Free in Automotive Multimedia
https://notcve.org/view.php?id=CVE-2024-23370
07 Oct 2024 — Memory corruption when a process invokes IOCTL calls from user-space to create a HAB virtual channel and another process invokes IOCTL calls to destroy the same. • https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 120EXPL: 0CVE-2024-23369 – Improper Restriction of Operations within the Bounds of a Memory Buffer in HLOS
https://notcve.org/view.php?id=CVE-2024-23369
07 Oct 2024 — Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers. • https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 1CVE-2024-21455 – Untrusted Pointer Dereference in DSP Service
https://notcve.org/view.php?id=CVE-2024-21455
07 Oct 2024 — Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver. • https://packetstorm.news/files/id/182180 • CWE-822: Untrusted Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 42EXPL: 0CVE-2024-38401 – Use After Free in Qualcomm IPC
https://notcve.org/view.php?id=CVE-2024-38401
02 Sep 2024 — Memory corruption while processing concurrent IOCTL calls. e.g. qrtr_bpf_filter_attach and qrtr_bpf_filter_detach. In the case of qrtr_bpf_filter_detach, the global pointer bpf_filter is fetched and freed while only holding a socket lock (and an irrelevant rcu_read_lock) - this may lead directly to double frees or use-after-free (kernel memory corruption) if a malicious user is able to call the QRTR_DETTACH_BPF ioctl on multiple AF_QIPCRTR sockets at once. Based on Android SELinux files, it appears this may... • https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 95EXPL: 0CVE-2024-33020 – Buffer Over-read in WLAN HOST
https://notcve.org/view.php?id=CVE-2024-33020
05 Aug 2024 — Transient DOS while processing TID-to-link mapping IE elements. • https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html • CWE-126: Buffer Over-read •