Qualcomm, Inc. Snapdragon vQualcomm Video Collaboration VC5 Platform - 122 CVEs

CVE-2024-45553

Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise.

HIGH CVSS 7.8 Published Jan 06, 2025

CVE-2024-43052

Memory corruption while processing API calls to NPU with invalid input.

HIGH CVSS 7.8 Published Dec 02, 2024

CVE-2024-33063

Transient DOS while parsing the ML IE when a beacon with common info length of the ML IE greater than the ML IE inside which this element is present.

HIGH CVSS 7.5 Published Dec 02, 2024

CVE-2024-33056

Memory corruption when allocating and accessing an entry in an SMEM partition continuously.

HIGH CVSS 8.4 Published Dec 02, 2024

CVE-2024-33044

Memory corruption while Configuring the SMR/S2CR register in Bypass mode.

HIGH CVSS 8.4 Published Dec 02, 2024

CVE-2024-38422

Memory corruption while processing voice packet with arbitrary data received from ADSP.

HIGH CVSS 7.8 Published Nov 04, 2024

CVE-2024-38421

Memory corruption while processing GPU commands.

HIGH CVSS 7.8 Published Nov 04, 2024

CVE-2024-38419

Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node.

HIGH CVSS 7.8 Published Nov 04, 2024

CVE-2024-38415

Memory corruption while handling session errors from firmware.

HIGH CVSS 7.8 Published Nov 04, 2024

CVE-2024-38408

Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.

HIGH CVSS 8.2 Published Nov 04, 2024

CVE-2024-38405

Transient DOS while processing the CU information from RNR IE.

HIGH CVSS 7.5 Published Nov 04, 2024

CVE-2024-33068

Transient DOS while parsing fragments of MBSSID IE from beacon frame.

HIGH CVSS 7.5 Published Nov 04, 2024

CVE-2024-23377

Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system properties have been already sent to the EVA driver.

MEDIUM CVSS 6.7 Published Nov 04, 2024

CVE-2024-38397

Transient DOS while parsing probe response and assoc response frame.

HIGH CVSS 7.5 Published Oct 07, 2024

CVE-2024-33073

Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.

HIGH CVSS 8.2 Published Oct 07, 2024

CVE-2024-38402

Memory corruption while processing IOCTL call for getting group info.

HIGH CVSS 7.8 Published Sep 02, 2024

CVE-2024-33060

Memory corruption when two threads try to map and unmap a single node simultaneously.

HIGH CVSS 8.4 Published Sep 02, 2024

CVE-2024-33057

Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.

HIGH CVSS 7.5 Published Sep 02, 2024

CVE-2024-33052

Memory corruption when user provides data for FM HCI command control operations.

HIGH CVSS 7.8 Published Sep 02, 2024

CVE-2024-33051

Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.

HIGH CVSS 7.5 Published Sep 02, 2024

CVE-2024-33050

Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.

HIGH CVSS 7.5 Published Sep 02, 2024

CVE-2024-33048

Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.

HIGH CVSS 7.5 Published Sep 02, 2024

CVE-2024-33045

Memory corruption when BTFM client sends new messages over Slimbus to ADSP.

HIGH CVSS 8.4 Published Sep 02, 2024

CVE-2024-33043

Transient DOS while handling PS event when Program Service name length offset value is set to 255.

MEDIUM CVSS 5.5 Published Sep 02, 2024

CVE-2024-33042

Memory corruption when Alternative Frequency offset value is set to 255.

HIGH CVSS 7.8 Published Sep 02, 2024

CVE-2024-33016

memory corruption when an invalid firehose patch command is invoked.

MEDIUM CVSS 6.8 Published Sep 02, 2024

CVE-2024-23362

Cryptographic issue while parsing RSA keys in COBR format.

HIGH CVSS 7.1 Published Sep 02, 2024

CVE-2024-33034

Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory buffers are performed at the same time.

HIGH CVSS 8.4 Published Aug 05, 2024

CVE-2024-33028

Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released.

HIGH CVSS 8.4 Published Aug 05, 2024

CVE-2024-33026

Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33025

Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33024

Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33023

Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events.

HIGH CVSS 8.4 Published Aug 05, 2024

CVE-2024-33022

Memory corruption while allocating memory in HGSL driver.

HIGH CVSS 8.4 Published Aug 05, 2024

CVE-2024-33021

Memory corruption while processing IOCTL call to set metainfo.

HIGH CVSS 8.4 Published Aug 05, 2024

CVE-2024-33020

Transient DOS while processing TID-to-link mapping IE elements.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33015

Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33014

Transient DOS while parsing ESP IE from beacon/probe response frame.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33013

Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33012

Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33011

Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33010

Transient DOS while parsing fragments of MBSSID IE from beacon frame.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-23384

Memory corruption when the mapped pages in VBO are still mapped after reclaiming by shrinker.

HIGH CVSS 8.4 Published Aug 05, 2024

CVE-2024-23383

Memory corruption when kernel driver attempts to trigger hardware fences.

HIGH CVSS 8.4 Published Aug 05, 2024

CVE-2024-23382

Memory corruption while processing graphics kernel driver request to create DMA fence.

HIGH CVSS 8.4 Published Aug 05, 2024

CVE-2024-23381

Memory corruption when memory mapped in a VBO is not unmapped by the GPU SMMU.

HIGH CVSS 8.4 Published Aug 05, 2024

CVE-2024-23357

Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus.

MEDIUM CVSS 6.2 Published Aug 05, 2024

CVE-2024-23355

Memory corruption when keymaster operation imports a shared key.

HIGH CVSS 7.8 Published Aug 05, 2024

CVE-2024-23380

Memory corruption while handling user packets during VBO bind operation.

HIGH CVSS 8.4 Published Jul 01, 2024

CVE-2024-23373

Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.

HIGH CVSS 8.4 Published Jul 01, 2024

CVE-2024-23372

Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected size.

HIGH CVSS 8.4 Published Jul 01, 2024

CVE-2024-23368

Memory corruption when allocating and accessing an entry in an SMEM partition.

HIGH CVSS 7.8 Published Jul 01, 2024

CVE-2024-21469

Memory corruption when an invoke call and a TEE call are bound for the same trusted application.

HIGH CVSS 7.3 Published Jul 01, 2024

CVE-2024-21465

Memory corruption while processing key blob passed by the user.

HIGH CVSS 7.8 Published Jul 01, 2024

CVE-2024-21462

Transient DOS while loading the TA ELF file.

HIGH CVSS 7.1 Published Jul 01, 2024

CVE-2024-21461

Memory corruption while performing finish HMAC operation when context is freed by keymaster.

HIGH CVSS 8.4 Published Jul 01, 2024

CVE-2023-43556

Memory corruption in Hypervisor when platform information mentioned is not aligned.

CRITICAL CVSS 9.3 Published Jun 03, 2024

CVE-2023-43555

Information disclosure in Video while parsing mp2 clip with invalid section length.

HIGH CVSS 8.2 Published Jun 03, 2024

CVE-2023-43542

Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.

HIGH CVSS 7.8 Published Jun 03, 2024

CVE-2023-43537

Information disclosure while handling T2LM Action Frame in WLAN Host.

MEDIUM CVSS 6.5 Published Jun 03, 2024

CVE-2024-23354

Memory corruption when the IOCTL call is interrupted by a signal.

HIGH CVSS 8.4 Published May 06, 2024

CVE-2024-23351

Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions.

HIGH CVSS 8.4 Published May 06, 2024

CVE-2024-21475

Memory corruption when the payload received from firmware is not as per the expected protocol size.

HIGH CVSS 7.8 Published May 06, 2024

CVE-2024-21471

Memory corruption when IOMMU unmap of a GPU buffer fails in Linux.

HIGH CVSS 8.4 Published May 06, 2024

CVE-2024-21468

Memory corruption when there is failed unmap operation in GPU.

HIGH CVSS 8.4 Published Apr 01, 2024

CVE-2023-33115

Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.

HIGH CVSS 7.8 Published Apr 01, 2024

CVE-2023-28547

Memory corruption in SPS Application while requesting for public key in sorter TA.

HIGH CVSS 8.4 Published Apr 01, 2024

CVE-2023-43552

Memory corruption while processing MBSSID beacon containing several subelement IE.

CRITICAL CVSS 9.8 Published Mar 04, 2024

CVE-2023-43550

Memory corruption while processing a QMI request for allocating memory from a DHMS supported subsystem.

HIGH CVSS 7.8 Published Mar 04, 2024

CVE-2023-43547

Memory corruption while invoking IOCTLs calls in Automotive Multimedia.

HIGH CVSS 8.4 Published Mar 04, 2024

CVE-2023-43546

Memory corruption while invoking HGSL IOCTL context create.

HIGH CVSS 8.4 Published Mar 04, 2024

CVE-2023-33066

Memory corruption in Audio while processing RT proxy port register driver.

HIGH CVSS 8.4 Published Mar 04, 2024

CVE-2023-28578

Memory corruption in Core Services while executing the command for removing a single event listener.

CRITICAL CVSS 9.3 Published Mar 04, 2024

CVE-2023-43536

Transient DOS while parse fils IE with length equal to 1.

HIGH CVSS 7.5 Published Feb 06, 2024

CVE-2023-43534

Memory corruption while validating the TID to Link Mapping action request frame, when a station connects to an access point.

HIGH CVSS 8.6 Published Feb 06, 2024

CVE-2023-43520

Memory corruption when AP includes TID to link mapping IE in the beacons and STA is parsing the beacon TID to link mapping IE.

HIGH CVSS 8.6 Published Feb 06, 2024

CVE-2023-43518

Memory corruption in video while parsing invalid mp2 clip.

HIGH CVSS 7.3 Published Feb 06, 2024

CVE-2023-43513

Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element.

HIGH CVSS 7.8 Published Feb 06, 2024

CVE-2023-33072

Memory corruption in Core while processing control functions.

CRITICAL CVSS 9.3 Published Feb 06, 2024

CVE-2023-33046

Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation.

HIGH CVSS 7.8 Published Feb 06, 2024

CVE-2023-43514

Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem UNMAP.

HIGH CVSS 8.4 Published Jan 02, 2024

CVE-2023-43511

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header.

HIGH CVSS 7.5 Published Jan 02, 2024

CVE-2023-33120

Memory corruption in Audio when memory map command is executed consecutively in ADSP.

HIGH CVSS 7.8 Published Jan 02, 2024

CVE-2023-33118

Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL.

HIGH CVSS 7.8 Published Jan 02, 2024

CVE-2023-33117

Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command.

HIGH CVSS 7.8 Published Jan 02, 2024

CVE-2023-33114

Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time.

HIGH CVSS 8.4 Published Jan 02, 2024

CVE-2023-33113

Memory corruption when resource manager sends the host kernel a reply message with multiple fragments.

HIGH CVSS 8.4 Published Jan 02, 2024

CVE-2023-33110

The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.

HIGH CVSS 7.8 Published Jan 02, 2024

Version Qualcomm Video Collaboration VC5 Platform

Known Vulnerabilities

CVE-2024-45553

CVE-2024-43052

CVE-2024-33063

CVE-2024-33056

CVE-2024-33044

CVE-2024-38422

CVE-2024-38421

CVE-2024-38419

CVE-2024-38415

CVE-2024-38408

CVE-2024-38405

CVE-2024-33068

CVE-2024-23377

CVE-2024-38397

CVE-2024-33073

CVE-2024-38402

CVE-2024-33060

CVE-2024-33057

CVE-2024-33052

CVE-2024-33051

CVE-2024-33050

CVE-2024-33048

CVE-2024-33045

CVE-2024-33043

CVE-2024-33042

CVE-2024-33016

CVE-2024-23362

CVE-2024-33034

CVE-2024-33028

CVE-2024-33026

CVE-2024-33025

CVE-2024-33024

CVE-2024-33023

CVE-2024-33022

CVE-2024-33021

CVE-2024-33020

CVE-2024-33015

CVE-2024-33014

CVE-2024-33013

CVE-2024-33012

CVE-2024-33011

CVE-2024-33010

CVE-2024-23384

CVE-2024-23383

CVE-2024-23382

CVE-2024-23381

CVE-2024-23357

CVE-2024-23355

CVE-2024-23380

CVE-2024-23373

CVE-2024-23372

CVE-2024-23368

CVE-2024-21469

CVE-2024-21465

CVE-2024-21462

CVE-2024-21461

CVE-2023-43556

CVE-2023-43555

CVE-2023-43542

CVE-2023-43537

CVE-2024-23354

CVE-2024-23351

CVE-2024-21475

CVE-2024-21471

CVE-2024-21468

CVE-2023-33115

CVE-2023-28547

CVE-2023-43552

CVE-2023-43550

CVE-2023-43547

CVE-2023-43546

CVE-2023-33066

CVE-2023-28578

CVE-2023-43536

CVE-2023-43534

CVE-2023-43520

CVE-2023-43518

CVE-2023-43513