Qualcomm, Inc. Snapdragon vQSM8250 - 100 CVEs

CVE-2024-33067

Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver.

MEDIUM CVSS 6.1 Published Jan 06, 2025

CVE-2024-43052

Memory corruption while processing API calls to NPU with invalid input.

HIGH CVSS 7.8 Published Dec 02, 2024

CVE-2024-33056

Memory corruption when allocating and accessing an entry in an SMEM partition continuously.

HIGH CVSS 8.4 Published Dec 02, 2024

CVE-2024-33053

Memory corruption when multiple threads try to unregister the CVP buffer at the same time.

MEDIUM CVSS 6.7 Published Dec 02, 2024

CVE-2024-33044

Memory corruption while Configuring the SMR/S2CR register in Bypass mode.

HIGH CVSS 8.4 Published Dec 02, 2024

CVE-2024-33037

Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesn`t validate the IPC message received from the firmware.

MEDIUM CVSS 6.1 Published Dec 02, 2024

CVE-2024-33036

Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access.

MEDIUM CVSS 6.7 Published Dec 02, 2024

CVE-2024-38423

Memory corruption while processing GPU page table switch.

HIGH CVSS 7.8 Published Nov 04, 2024

CVE-2024-38422

Memory corruption while processing voice packet with arbitrary data received from ADSP.

HIGH CVSS 7.8 Published Nov 04, 2024

CVE-2024-38415

Memory corruption while handling session errors from firmware.

HIGH CVSS 7.8 Published Nov 04, 2024

CVE-2024-38408

Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.

HIGH CVSS 8.2 Published Nov 04, 2024

CVE-2024-33032

Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it.

MEDIUM CVSS 6.7 Published Nov 04, 2024

CVE-2024-33051

Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.

HIGH CVSS 7.5 Published Sep 02, 2024

CVE-2024-33016

memory corruption when an invalid firehose patch command is invoked.

MEDIUM CVSS 6.8 Published Sep 02, 2024

CVE-2024-23364

Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon frame that is received from over-the-air (OTA).

HIGH CVSS 7.5 Published Sep 02, 2024

CVE-2024-21469

Memory corruption when an invoke call and a TEE call are bound for the same trusted application.

HIGH CVSS 7.3 Published Jul 01, 2024

CVE-2024-21462

Transient DOS while loading the TA ELF file.

HIGH CVSS 7.1 Published Jul 01, 2024

CVE-2024-21461

Memory corruption while performing finish HMAC operation when context is freed by keymaster.

HIGH CVSS 8.4 Published Jul 01, 2024

CVE-2024-21476

Memory corruption when the channel ID passed by user is not validated and further used.

HIGH CVSS 7.8 Published May 06, 2024

CVE-2024-21475

Memory corruption when the payload received from firmware is not as per the expected protocol size.

HIGH CVSS 7.8 Published May 06, 2024

CVE-2024-21468

Memory corruption when there is failed unmap operation in GPU.

HIGH CVSS 8.4 Published Apr 01, 2024

CVE-2023-33023

Memory corruption while processing finish_sign command to pass a rsp buffer.

HIGH CVSS 8.4 Published Apr 01, 2024

CVE-2023-28547

Memory corruption in SPS Application while requesting for public key in sorter TA.

HIGH CVSS 8.4 Published Apr 01, 2024

CVE-2023-33066

Memory corruption in Audio while processing RT proxy port register driver.

HIGH CVSS 8.4 Published Mar 04, 2024

CVE-2023-28578

Memory corruption in Core Services while executing the command for removing a single event listener.

CRITICAL CVSS 9.3 Published Mar 04, 2024

CVE-2023-43536

Transient DOS while parse fils IE with length equal to 1.

HIGH CVSS 7.5 Published Feb 06, 2024

CVE-2023-43533

Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame.

HIGH CVSS 7.5 Published Feb 06, 2024

CVE-2023-43522

Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL.

HIGH CVSS 7.5 Published Feb 06, 2024

CVE-2023-33072

Memory corruption in Core while processing control functions.

CRITICAL CVSS 9.3 Published Feb 06, 2024

CVE-2023-43511

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header.

HIGH CVSS 7.5 Published Jan 02, 2024

CVE-2023-33109

Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.

HIGH CVSS 7.5 Published Jan 02, 2024

CVE-2023-33062

Transient DOS in WLAN Firmware while parsing a BTM request.

HIGH CVSS 7.5 Published Jan 02, 2024

CVE-2023-33033

Memory corruption in Audio during playback with speaker protection.

HIGH CVSS 8.4 Published Jan 02, 2024

CVE-2023-33030

Memory corruption in HLOS while running playready use-case.

CRITICAL CVSS 9.3 Published Jan 02, 2024

CVE-2023-33107

Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.

HIGH CVSS 8.4 Published Dec 05, 2023

CVE-2023-33098

Transient DOS while parsing WPA IES, when it is passed with length more than expected size.

HIGH CVSS 7.5 Published Dec 05, 2023

CVE-2023-33089

Transient DOS when processing a NULL buffer while parsing WLAN vdev.

HIGH CVSS 7.5 Published Dec 05, 2023

CVE-2023-33088

Memory corruption when processing cmd parameters while parsing vdev.

HIGH CVSS 8.4 Published Dec 05, 2023

CVE-2023-33063

Memory corruption in DSP Services during a remote call from HLOS to DSP.

HIGH CVSS 7.8 Published Dec 05, 2023

CVE-2023-33022

Memory corruption in HLOS while invoking IOCTL calls from user-space.

HIGH CVSS 8.4 Published Dec 05, 2023

CVE-2023-33017

Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.

HIGH CVSS 7.8 Published Dec 05, 2023

CVE-2023-28586

Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.

MEDIUM CVSS 6.0 Published Dec 05, 2023

CVE-2023-28585

Memory corruption while loading an ELF segment in TEE Kernel.

HIGH CVSS 8.2 Published Dec 05, 2023

CVE-2023-28546

Memory Corruption in SPS Application while exporting public key in sorter TA.

HIGH CVSS 7.8 Published Dec 05, 2023

CVE-2023-22383

Memory Corruption in camera while installing a fd for a particular DMA buffer.

MEDIUM CVSS 6.7 Published Dec 05, 2023

CVE-2023-33059

Memory corruption in Audio while processing the VOC packet data from ADSP.

HIGH CVSS 7.8 Published Nov 07, 2023

CVE-2023-28556

Cryptographic issue in HLOS during key management.

HIGH CVSS 7.1 Published Nov 07, 2023

CVE-2023-28554

Information Disclosure in Qualcomm IPC while reading values from shared memory in VM.

MEDIUM CVSS 6.1 Published Nov 07, 2023

CVE-2023-28545

Memory corruption in TZ Secure OS while loading an app ELF.

HIGH CVSS 8.2 Published Nov 07, 2023

CVE-2023-24852

Memory Corruption in Core due to secure memory access by user while loading modem image.

HIGH CVSS 8.4 Published Nov 07, 2023

CVE-2023-33027

Transient DOS in WLAN Firmware while parsing rsn ies.

HIGH CVSS 7.5 Published Oct 03, 2023

CVE-2023-33015

Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon frame.

HIGH CVSS 7.5 Published Sep 05, 2023