Qualcomm, Inc. Snapdragon vSG8275P - 156 CVEs

CVE-2024-33059

Memory corruption while processing frame command IOCTL calls.

MEDIUM CVSS 6.7 Published Jan 06, 2025

CVE-2024-33055

Memory corruption while invoking IOCTL calls to unmap the DMA buffers.

MEDIUM CVSS 6.7 Published Jan 06, 2025

CVE-2024-33041

Memory corruption when input parameter validation for number of fences is missing for fence frame IOCTL calls,

MEDIUM CVSS 6.7 Published Jan 06, 2025

CVE-2024-43052

Memory corruption while processing API calls to NPU with invalid input.

HIGH CVSS 7.8 Published Dec 02, 2024

CVE-2024-33063

Transient DOS while parsing the ML IE when a beacon with common info length of the ML IE greater than the ML IE inside which this element is present.

HIGH CVSS 7.5 Published Dec 02, 2024

CVE-2024-33056

Memory corruption when allocating and accessing an entry in an SMEM partition continuously.

HIGH CVSS 8.4 Published Dec 02, 2024

CVE-2024-38424

Memory corruption during GNSS HAL process initialization.

HIGH CVSS 7.8 Published Nov 04, 2024

CVE-2024-38422

Memory corruption while processing voice packet with arbitrary data received from ADSP.

HIGH CVSS 7.8 Published Nov 04, 2024

CVE-2024-38419

Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node.

HIGH CVSS 7.8 Published Nov 04, 2024

CVE-2024-38415

Memory corruption while handling session errors from firmware.

HIGH CVSS 7.8 Published Nov 04, 2024

CVE-2024-38408

Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.

HIGH CVSS 8.2 Published Nov 04, 2024

CVE-2024-33068

Transient DOS while parsing fragments of MBSSID IE from beacon frame.

HIGH CVSS 7.5 Published Nov 04, 2024

CVE-2024-33033

Memory corruption while processing IOCTL calls to unmap the buffers.

MEDIUM CVSS 6.7 Published Nov 04, 2024

CVE-2024-23385

Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE.

HIGH CVSS 7.5 Published Nov 04, 2024

CVE-2024-23377

Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system properties have been already sent to the EVA driver.

MEDIUM CVSS 6.7 Published Nov 04, 2024

CVE-2024-38397

Transient DOS while parsing probe response and assoc response frame.

HIGH CVSS 7.5 Published Oct 07, 2024

CVE-2024-33073

Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.

HIGH CVSS 8.2 Published Oct 07, 2024

CVE-2024-38402

Memory corruption while processing IOCTL call for getting group info.

HIGH CVSS 7.8 Published Sep 02, 2024

CVE-2024-33060

Memory corruption when two threads try to map and unmap a single node simultaneously.

HIGH CVSS 8.4 Published Sep 02, 2024

CVE-2024-33057

Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.

HIGH CVSS 7.5 Published Sep 02, 2024

CVE-2024-33054

Memory corruption during the handshake between the Primary Virtual Machine and Trusted Virtual Machine.

HIGH CVSS 7.8 Published Sep 02, 2024

CVE-2024-33050

Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.

HIGH CVSS 7.5 Published Sep 02, 2024

CVE-2024-33048

Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.

HIGH CVSS 7.5 Published Sep 02, 2024

CVE-2024-33045

Memory corruption when BTFM client sends new messages over Slimbus to ADSP.

HIGH CVSS 8.4 Published Sep 02, 2024

CVE-2024-33038

Memory corruption while passing untrusted/corrupted pointers from DSP to EVA.

HIGH CVSS 7.8 Published Sep 02, 2024

CVE-2024-33016

memory corruption when an invalid firehose patch command is invoked.

MEDIUM CVSS 6.8 Published Sep 02, 2024

CVE-2024-23364

Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon frame that is received from over-the-air (OTA).

HIGH CVSS 7.5 Published Sep 02, 2024

CVE-2024-23362

Cryptographic issue while parsing RSA keys in COBR format.

HIGH CVSS 7.1 Published Sep 02, 2024

CVE-2024-23359

Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.

HIGH CVSS 8.2 Published Sep 02, 2024

CVE-2024-33034

Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory buffers are performed at the same time.

HIGH CVSS 8.4 Published Aug 05, 2024

CVE-2024-33028

Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released.

HIGH CVSS 8.4 Published Aug 05, 2024

CVE-2024-33026

Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33025

Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33024

Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33023

Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events.

HIGH CVSS 8.4 Published Aug 05, 2024

CVE-2024-33022

Memory corruption while allocating memory in HGSL driver.

HIGH CVSS 8.4 Published Aug 05, 2024

CVE-2024-33021

Memory corruption while processing IOCTL call to set metainfo.

HIGH CVSS 8.4 Published Aug 05, 2024

CVE-2024-33015

Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33014

Transient DOS while parsing ESP IE from beacon/probe response frame.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33013

Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33012

Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33011

Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33010

Transient DOS while parsing fragments of MBSSID IE from beacon frame.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-23384

Memory corruption when the mapped pages in VBO are still mapped after reclaiming by shrinker.

HIGH CVSS 8.4 Published Aug 05, 2024

CVE-2024-23382

Memory corruption while processing graphics kernel driver request to create DMA fence.

HIGH CVSS 8.4 Published Aug 05, 2024

CVE-2024-23357

Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus.

MEDIUM CVSS 6.2 Published Aug 05, 2024

CVE-2024-23356

Memory corruption during session sign renewal request calls in HLOS.

HIGH CVSS 7.8 Published Aug 05, 2024

CVE-2024-23355

Memory corruption when keymaster operation imports a shared key.

HIGH CVSS 7.8 Published Aug 05, 2024

CVE-2024-23353

Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-23352

Transient DOS when NAS receives ODAC criteria of length 1 and type 1 in registration accept OTA.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-21481

Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager.

HIGH CVSS 8.4 Published Aug 05, 2024

CVE-2024-23373

Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.

HIGH CVSS 8.4 Published Jul 01, 2024

CVE-2024-23372

Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected size.

HIGH CVSS 8.4 Published Jul 01, 2024

CVE-2024-23368

Memory corruption when allocating and accessing an entry in an SMEM partition.

HIGH CVSS 7.8 Published Jul 01, 2024

CVE-2024-21469

Memory corruption when an invoke call and a TEE call are bound for the same trusted application.

HIGH CVSS 7.3 Published Jul 01, 2024

CVE-2024-21465

Memory corruption while processing key blob passed by the user.

HIGH CVSS 7.8 Published Jul 01, 2024

CVE-2024-21462

Transient DOS while loading the TA ELF file.

HIGH CVSS 7.1 Published Jul 01, 2024

CVE-2024-21461

Memory corruption while performing finish HMAC operation when context is freed by keymaster.

HIGH CVSS 8.4 Published Jul 01, 2024

CVE-2024-21460

Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address space.

HIGH CVSS 7.1 Published Jul 01, 2024

CVE-2024-23363

Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame.

HIGH CVSS 7.5 Published Jun 03, 2024

CVE-2023-43551

Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.

CRITICAL CVSS 9.1 Published Jun 03, 2024

CVE-2023-43542

Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.

HIGH CVSS 7.8 Published Jun 03, 2024

CVE-2023-43538

Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization.

CRITICAL CVSS 9.3 Published Jun 03, 2024

CVE-2024-23354

Memory corruption when the IOCTL call is interrupted by a signal.

HIGH CVSS 8.4 Published May 06, 2024

CVE-2024-23351

Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions.

HIGH CVSS 8.4 Published May 06, 2024

CVE-2024-21480

Memory corruption while playing audio file having large-sized input buffer.

HIGH CVSS 7.3 Published May 06, 2024

CVE-2024-21477

Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame.

HIGH CVSS 7.5 Published May 06, 2024

CVE-2024-21475

Memory corruption when the payload received from firmware is not as per the expected protocol size.

HIGH CVSS 7.8 Published May 06, 2024

CVE-2024-21471

Memory corruption when IOMMU unmap of a GPU buffer fails in Linux.

HIGH CVSS 8.4 Published May 06, 2024

CVE-2023-43531

Memory corruption while verifying the serialized header when the key pairs are generated.

HIGH CVSS 8.4 Published May 06, 2024

CVE-2023-43529

Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received.

HIGH CVSS 7.5 Published May 06, 2024

CVE-2023-33119

Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache.

HIGH CVSS 8.4 Published May 06, 2024

CVE-2024-21472

Memory corruption in Kernel while handling GPU operations.

HIGH CVSS 8.4 Published Apr 01, 2024

CVE-2024-21463

Memory corruption while processing Codec2 during v13k decoder pitch synthesis.

HIGH CVSS 7.3 Published Apr 01, 2024

CVE-2023-33101

Transient DOS while processing DL NAS TRANSPORT message with payload length 0.

HIGH CVSS 7.5 Published Apr 01, 2024

CVE-2023-33100

Transient DOS while processing DL NAS Transport message when message ID is not defined in the 3GPP specification.

HIGH CVSS 7.5 Published Apr 01, 2024

CVE-2023-33099

Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR.

HIGH CVSS 7.5 Published Apr 01, 2024

CVE-2023-33023

Memory corruption while processing finish_sign command to pass a rsp buffer.

HIGH CVSS 8.4 Published Apr 01, 2024

CVE-2023-28547

Memory corruption in SPS Application while requesting for public key in sorter TA.

HIGH CVSS 8.4 Published Apr 01, 2024

CVE-2023-43552

Memory corruption while processing MBSSID beacon containing several subelement IE.

CRITICAL CVSS 9.8 Published Mar 04, 2024

CVE-2023-43549

Memory corruption while processing TPC target power table in FTM TPC.

HIGH CVSS 8.4 Published Mar 04, 2024

CVE-2023-43547

Memory corruption while invoking IOCTLs calls in Automotive Multimedia.

HIGH CVSS 8.4 Published Mar 04, 2024

CVE-2023-43546

Memory corruption while invoking HGSL IOCTL context create.

HIGH CVSS 8.4 Published Mar 04, 2024

CVE-2023-43539

Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol frame.

HIGH CVSS 7.5 Published Mar 04, 2024

CVE-2023-33105

Transient DOS in WLAN Host and Firmware when large number of open authentication frames are sent with an invalid transaction sequence number.

HIGH CVSS 7.5 Published Mar 04, 2024

CVE-2023-33104

Transient DOS while processing PDU Release command with a parameter PDU ID out of range.

HIGH CVSS 7.5 Published Mar 04, 2024

CVE-2023-33103

Transient DOS while processing CAG info IE received from NW.

HIGH CVSS 7.5 Published Mar 04, 2024

CVE-2023-33096

Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16.

HIGH CVSS 7.5 Published Mar 04, 2024

CVE-2023-33095

Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in NR.

HIGH CVSS 7.5 Published Mar 04, 2024

CVE-2023-33086

Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different identifiers.

HIGH CVSS 7.5 Published Mar 04, 2024

CVE-2023-33066

Memory corruption in Audio while processing RT proxy port register driver.

HIGH CVSS 8.4 Published Mar 04, 2024

CVE-2023-28578

Memory corruption in Core Services while executing the command for removing a single event listener.

CRITICAL CVSS 9.3 Published Mar 04, 2024

CVE-2023-43536

Transient DOS while parse fils IE with length equal to 1.

HIGH CVSS 7.5 Published Feb 06, 2024

CVE-2023-43523

Transient DOS while processing 11AZ RTT management action frame received through OTA.

HIGH CVSS 7.5 Published Feb 06, 2024

CVE-2023-43522

Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL.

HIGH CVSS 7.5 Published Feb 06, 2024

CVE-2023-43513

Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element.

HIGH CVSS 7.8 Published Feb 06, 2024

CVE-2023-33076

Memory corruption in Core when updating rollback version for TA and OTA feature is enabled.

MEDIUM CVSS 5.9 Published Feb 06, 2024

CVE-2023-33072

Memory corruption in Core while processing control functions.

CRITICAL CVSS 9.3 Published Feb 06, 2024

CVE-2023-33058

Information disclosure in Modem while processing SIB5.

HIGH CVSS 8.2 Published Feb 06, 2024

CVE-2023-33057

Transient DOS in Multi-Mode Call Processor while processing UE policy container.

HIGH CVSS 7.5 Published Feb 06, 2024

CVE-2023-33049

Transient DOS in Multi-Mode Call Processor due to UE failure because of heap leakage.

HIGH CVSS 7.5 Published Feb 06, 2024

CVE-2023-33046

Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation.

HIGH CVSS 7.8 Published Feb 06, 2024

CVE-2023-43514

Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem UNMAP.

HIGH CVSS 8.4 Published Jan 02, 2024

CVE-2023-43511

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header.

HIGH CVSS 7.5 Published Jan 02, 2024

CVE-2023-33120

Memory corruption in Audio when memory map command is executed consecutively in ADSP.

HIGH CVSS 7.8 Published Jan 02, 2024

CVE-2023-33118

Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL.

HIGH CVSS 7.8 Published Jan 02, 2024

CVE-2023-33117

Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command.

HIGH CVSS 7.8 Published Jan 02, 2024

CVE-2023-33113

Memory corruption when resource manager sends the host kernel a reply message with multiple fragments.

HIGH CVSS 8.4 Published Jan 02, 2024

CVE-2023-33112

Transient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA element.

HIGH CVSS 7.5 Published Jan 02, 2024

The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.

HIGH CVSS 7.8 Published Jan 02, 2024

Version SG8275P

Known Vulnerabilities

CVE-2024-33059

CVE-2024-33055

CVE-2024-33041

CVE-2024-43052

CVE-2024-33063

CVE-2024-33056

CVE-2024-38424

CVE-2024-38422

CVE-2024-38419

CVE-2024-38415

CVE-2024-38408

CVE-2024-33068

CVE-2024-33033

CVE-2024-23385

CVE-2024-23377

CVE-2024-38397

CVE-2024-33073

CVE-2024-38402

CVE-2024-33060

CVE-2024-33057

CVE-2024-33054

CVE-2024-33050

CVE-2024-33048

CVE-2024-33045

CVE-2024-33038

CVE-2024-33016

CVE-2024-23364

CVE-2024-23362

CVE-2024-23359

CVE-2024-33034

CVE-2024-33028

CVE-2024-33026

CVE-2024-33025

CVE-2024-33024

CVE-2024-33023

CVE-2024-33022

CVE-2024-33021

CVE-2024-33015

CVE-2024-33014

CVE-2024-33013

CVE-2024-33012

CVE-2024-33011

CVE-2024-33010

CVE-2024-23384

CVE-2024-23382

CVE-2024-23357

CVE-2024-23356

CVE-2024-23355

CVE-2024-23353

CVE-2024-23352

CVE-2024-21481

CVE-2024-23373

CVE-2024-23372

CVE-2024-23368

CVE-2024-21469

CVE-2024-21465

CVE-2024-21462

CVE-2024-21461

CVE-2024-21460

CVE-2024-23363

CVE-2023-43551

CVE-2023-43542

CVE-2023-43538

CVE-2024-23354

CVE-2024-23351

CVE-2024-21480

CVE-2024-21477

CVE-2024-21475

CVE-2024-21471

CVE-2023-43531

CVE-2023-43529

CVE-2023-33119

CVE-2024-21472

CVE-2024-21463

CVE-2023-33101

CVE-2023-33100

CVE-2023-33099

CVE-2023-33023