Qualcomm, Inc. Snapdragon vSD835 - 149 CVEs

CVE-2024-33067

Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver.

MEDIUM CVSS 6.1 Published Jan 06, 2025

CVE-2024-33056

Memory corruption when allocating and accessing an entry in an SMEM partition continuously.

HIGH CVSS 8.4 Published Dec 02, 2024

CVE-2018-11816

Crafted Binder Request Causes Heap UAF in MediaServer

HIGH CVSS 7.8 Published Nov 26, 2024

CVE-2024-38423

Memory corruption while processing GPU page table switch.

HIGH CVSS 7.8 Published Nov 04, 2024

CVE-2024-38422

Memory corruption while processing voice packet with arbitrary data received from ADSP.

HIGH CVSS 7.8 Published Nov 04, 2024

CVE-2024-23379

Memory corruption while unmapping the fastrpc map when two threads can free the same map in concurrent scenario.

MEDIUM CVSS 6.7 Published Oct 07, 2024

CVE-2024-33060

Memory corruption when two threads try to map and unmap a single node simultaneously.

HIGH CVSS 8.4 Published Sep 02, 2024

CVE-2024-33052

Memory corruption when user provides data for FM HCI command control operations.

HIGH CVSS 7.8 Published Sep 02, 2024

CVE-2024-33051

Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.

HIGH CVSS 7.5 Published Sep 02, 2024

CVE-2024-33048

Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.

HIGH CVSS 7.5 Published Sep 02, 2024

CVE-2024-33045

Memory corruption when BTFM client sends new messages over Slimbus to ADSP.

HIGH CVSS 8.4 Published Sep 02, 2024

CVE-2024-33043

Transient DOS while handling PS event when Program Service name length offset value is set to 255.

MEDIUM CVSS 5.5 Published Sep 02, 2024

CVE-2024-33042

Memory corruption when Alternative Frequency offset value is set to 255.

HIGH CVSS 7.8 Published Sep 02, 2024

CVE-2024-33016

memory corruption when an invalid firehose patch command is invoked.

MEDIUM CVSS 6.8 Published Sep 02, 2024

CVE-2024-23362

Cryptographic issue while parsing RSA keys in COBR format.

HIGH CVSS 7.1 Published Sep 02, 2024

CVE-2024-33014

Transient DOS while parsing ESP IE from beacon/probe response frame.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-23353

Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-21479

Transient DOS during music playback of ALAC content.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-23380

Memory corruption while handling user packets during VBO bind operation.

HIGH CVSS 8.4 Published Jul 01, 2024

CVE-2024-23373

Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.

HIGH CVSS 8.4 Published Jul 01, 2024

CVE-2024-23368

Memory corruption when allocating and accessing an entry in an SMEM partition.

HIGH CVSS 7.8 Published Jul 01, 2024

CVE-2024-21461

Memory corruption while performing finish HMAC operation when context is freed by keymaster.

HIGH CVSS 8.4 Published Jul 01, 2024

CVE-2023-43551

Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.

CRITICAL CVSS 9.1 Published Jun 03, 2024

CVE-2024-21471

Memory corruption when IOMMU unmap of a GPU buffer fails in Linux.

HIGH CVSS 8.4 Published May 06, 2024

CVE-2023-43528

Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size.

MEDIUM CVSS 6.1 Published May 06, 2024

CVE-2023-33119

Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache.

HIGH CVSS 8.4 Published May 06, 2024

CVE-2024-21468

Memory corruption when there is failed unmap operation in GPU.

HIGH CVSS 8.4 Published Apr 01, 2024

CVE-2023-33023

Memory corruption while processing finish_sign command to pass a rsp buffer.

HIGH CVSS 8.4 Published Apr 01, 2024

CVE-2023-28547

Memory corruption in SPS Application while requesting for public key in sorter TA.

HIGH CVSS 8.4 Published Apr 01, 2024

CVE-2023-43548

Memory corruption while parsing qcp clip with invalid chunk data size.

HIGH CVSS 7.3 Published Mar 04, 2024

CVE-2023-33066

Memory corruption in Audio while processing RT proxy port register driver.

HIGH CVSS 8.4 Published Mar 04, 2024

CVE-2023-28578

Memory corruption in Core Services while executing the command for removing a single event listener.

CRITICAL CVSS 9.3 Published Mar 04, 2024

CVE-2023-43533

Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame.

HIGH CVSS 7.5 Published Feb 06, 2024

CVE-2023-43519

Memory corruption in video while parsing the Videoinfo, when the size of atom is greater than the videoinfo size.

HIGH CVSS 7.3 Published Feb 06, 2024

CVE-2023-43518

Memory corruption in video while parsing invalid mp2 clip.

HIGH CVSS 7.3 Published Feb 06, 2024

CVE-2023-33077

Memory corruption in HLOS while converting from authorization token to HIDL vector.

MEDIUM CVSS 6.7 Published Feb 06, 2024

CVE-2023-33069

Memory corruption in Audio while processing the calibration data returned from ACDB loader.

MEDIUM CVSS 6.7 Published Feb 06, 2024

CVE-2023-33068

Memory corruption in Audio while processing IIR config data from AFE calibration block.

MEDIUM CVSS 6.7 Published Feb 06, 2024

CVE-2023-33067

Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points.

MEDIUM CVSS 6.7 Published Feb 06, 2024

CVE-2023-33065

Information disclosure in Audio while accessing AVCS services from ADSP payload.

MEDIUM CVSS 6.1 Published Feb 06, 2024

CVE-2023-33064

Transient DOS in Audio when invoking callback function of ASM driver.

MEDIUM CVSS 5.5 Published Feb 06, 2024

CVE-2023-43511

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header.

HIGH CVSS 7.5 Published Jan 02, 2024

CVE-2023-33120

Memory corruption in Audio when memory map command is executed consecutively in ADSP.

HIGH CVSS 7.8 Published Jan 02, 2024

The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.

HIGH CVSS 7.8 Published Jan 02, 2024

CVE-2023-33109

Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.

HIGH CVSS 7.5 Published Jan 02, 2024

CVE-2023-33033

Memory corruption in Audio during playback with speaker protection.

HIGH CVSS 8.4 Published Jan 02, 2024

CVE-2023-33030

Memory corruption in HLOS while running playready use-case.

CRITICAL CVSS 9.3 Published Jan 02, 2024

CVE-2023-33107

Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.

HIGH CVSS 8.4 Published Dec 05, 2023

CVE-2023-33092

Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size.

HIGH CVSS 8.4 Published Dec 05, 2023

CVE-2023-33080

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.

HIGH CVSS 7.5 Published Dec 05, 2023

CVE-2023-33063

Memory corruption in DSP Services during a remote call from HLOS to DSP.

HIGH CVSS 7.8 Published Dec 05, 2023

CVE-2023-33054

Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance data.

CRITICAL CVSS 9.1 Published Dec 05, 2023

CVE-2023-33024

Memory corruption while sending SMS from AP firmware.

MEDIUM CVSS 6.7 Published Dec 05, 2023

CVE-2023-33018

Memory corruption while using the UIM diag command to get the operators name.

HIGH CVSS 7.8 Published Dec 05, 2023

CVE-2023-33017

Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.

HIGH CVSS 7.8 Published Dec 05, 2023

CVE-2023-28588

Transient DOS in Bluetooth Host while rfc slot allocation.

HIGH CVSS 7.5 Published Dec 05, 2023

CVE-2023-28586

Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.

MEDIUM CVSS 6.0 Published Dec 05, 2023

CVE-2023-28551

Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.

HIGH CVSS 7.8 Published Dec 05, 2023

CVE-2023-28550

Memory corruption in MPP performance while accessing DSM watermark using external memory address.

HIGH CVSS 7.8 Published Dec 05, 2023

CVE-2023-28546

Memory Corruption in SPS Application while exporting public key in sorter TA.

HIGH CVSS 7.8 Published Dec 05, 2023

CVE-2023-21634

Memory Corruption in Radio Interface Layer while sending an SMS or writing an SMS to SIM.

MEDIUM CVSS 6.7 Published Dec 05, 2023

CVE-2023-33059

Memory corruption in Audio while processing the VOC packet data from ADSP.

HIGH CVSS 7.8 Published Nov 07, 2023

CVE-2023-28574

Memory corruption in core services when Diag handler receives a command to configure event listeners.

CRITICAL CVSS 9.0 Published Nov 07, 2023

CVE-2023-28570

Memory corruption while processing audio effects.

MEDIUM CVSS 6.7 Published Nov 07, 2023

CVE-2023-28569

Information disclosure in WLAN HAL while handling command through WMI interfaces.

MEDIUM CVSS 6.1 Published Nov 07, 2023

CVE-2023-28568

Information disclosure in WLAN HAL when reception status handler is called.

MEDIUM CVSS 6.1 Published Nov 07, 2023

CVE-2023-28566

Information disclosure in WLAN HAL while handling the WMI state info command.

MEDIUM CVSS 6.1 Published Nov 07, 2023

CVE-2023-28554

Information Disclosure in Qualcomm IPC while reading values from shared memory in VM.

MEDIUM CVSS 6.1 Published Nov 07, 2023

CVE-2023-22388

Memory Corruption in Multi-mode Call Processor while processing bit mask API.

CRITICAL CVSS 9.8 Published Nov 07, 2023

CVE-2023-33027

Transient DOS in WLAN Firmware while parsing rsn ies.

HIGH CVSS 7.5 Published Oct 03, 2023

CVE-2023-28571

Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan.

MEDIUM CVSS 6.1 Published Oct 03, 2023

CVE-2023-28539

Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command.

MEDIUM CVSS 6.6 Published Oct 03, 2023

CVE-2023-24849

Information Disclosure in data Modem while parsing an FMTP line in an SDP message.

HIGH CVSS 8.2 Published Oct 03, 2023

CVE-2023-24848

Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value.

HIGH CVSS 8.2 Published Oct 03, 2023

CVE-2023-24847

Transient DOS in Modem while allocating DSM items.

HIGH CVSS 7.5 Published Oct 03, 2023

CVE-2023-22385

Memory Corruption in Data Modem while making a MO call or MT VOLTE call.

HIGH CVSS 8.2 Published Oct 03, 2023

CVE-2023-33021

Memory corruption in Graphics while processing user packets for command submission.

HIGH CVSS 8.4 Published Sep 05, 2023

CVE-2023-28584

Transient DOS in WLAN Host when a mobile station receives invalid channel in CSA IE while doing channel switch announcement (CSA).

HIGH CVSS 7.5 Published Sep 05, 2023