Qualcomm, Inc. Snapdragon vWCN3680B - 182 CVEs

CVE-2024-33067

Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver.

MEDIUM CVSS 6.1 Published Jan 06, 2025

CVE-2024-33061

Information disclosure while processing IOCTL call made for releasing a trusted VM process release or opening a channel without initializing the process.

MEDIUM CVSS 6.8 Published Jan 06, 2025

CVE-2024-43052

Memory corruption while processing API calls to NPU with invalid input.

HIGH CVSS 7.8 Published Dec 02, 2024

CVE-2024-33053

Memory corruption when multiple threads try to unregister the CVP buffer at the same time.

MEDIUM CVSS 6.7 Published Dec 02, 2024

CVE-2024-33044

Memory corruption while Configuring the SMR/S2CR register in Bypass mode.

HIGH CVSS 8.4 Published Dec 02, 2024

CVE-2024-33040

Memory corruption while invoking redundant release command to release one buffer from user space as race condition can occur in kernel space between buffer release and buffer access.

MEDIUM CVSS 6.7 Published Dec 02, 2024

CVE-2024-33037

Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesn`t validate the IPC message received from the firmware.

MEDIUM CVSS 6.1 Published Dec 02, 2024

CVE-2024-33036

Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access.

MEDIUM CVSS 6.7 Published Dec 02, 2024

CVE-2024-38423

Memory corruption while processing GPU page table switch.

HIGH CVSS 7.8 Published Nov 04, 2024

CVE-2024-38422

Memory corruption while processing voice packet with arbitrary data received from ADSP.

HIGH CVSS 7.8 Published Nov 04, 2024

CVE-2024-38415

Memory corruption while handling session errors from firmware.

HIGH CVSS 7.8 Published Nov 04, 2024

CVE-2024-38403

Transient DOS while parsing BTM ML IE when per STA profile is not included.

HIGH CVSS 7.5 Published Nov 04, 2024

CVE-2024-33032

Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it.

MEDIUM CVSS 6.7 Published Nov 04, 2024

CVE-2024-23385

Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE.

HIGH CVSS 7.5 Published Nov 04, 2024

CVE-2024-23375

Memory corruption during the network scan request.

MEDIUM CVSS 6.7 Published Oct 07, 2024

CVE-2024-38401

Memory corruption while processing concurrent IOCTL calls.

HIGH CVSS 7.8 Published Sep 02, 2024

CVE-2024-33060

Memory corruption when two threads try to map and unmap a single node simultaneously.

HIGH CVSS 8.4 Published Sep 02, 2024

CVE-2024-33052

Memory corruption when user provides data for FM HCI command control operations.

HIGH CVSS 7.8 Published Sep 02, 2024

CVE-2024-33043

Transient DOS while handling PS event when Program Service name length offset value is set to 255.

MEDIUM CVSS 5.5 Published Sep 02, 2024

CVE-2024-33042

Memory corruption when Alternative Frequency offset value is set to 255.

HIGH CVSS 7.8 Published Sep 02, 2024

CVE-2024-33016

memory corruption when an invalid firehose patch command is invoked.

MEDIUM CVSS 6.8 Published Sep 02, 2024

CVE-2024-23364

Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon frame that is received from over-the-air (OTA).

HIGH CVSS 7.5 Published Sep 02, 2024

CVE-2024-23359

Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.

HIGH CVSS 8.2 Published Sep 02, 2024

CVE-2024-23358

Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem.

HIGH CVSS 7.5 Published Sep 02, 2024

CVE-2024-33027

Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table.

HIGH CVSS 8.4 Published Aug 05, 2024

CVE-2024-23357

Transient DOS while importing a PKCS#8-encoded RSA key with zero bytes modulus.

MEDIUM CVSS 6.2 Published Aug 05, 2024

CVE-2024-23353

Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-21479

Transient DOS during music playback of ALAC content.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-23373

Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.

HIGH CVSS 8.4 Published Jul 01, 2024

CVE-2024-23368

Memory corruption when allocating and accessing an entry in an SMEM partition.

HIGH CVSS 7.8 Published Jul 01, 2024

CVE-2024-21461

Memory corruption while performing finish HMAC operation when context is freed by keymaster.

HIGH CVSS 8.4 Published Jul 01, 2024

CVE-2023-43555

Information disclosure in Video while parsing mp2 clip with invalid section length.

HIGH CVSS 8.2 Published Jun 03, 2024

CVE-2023-43551

Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.

CRITICAL CVSS 9.1 Published Jun 03, 2024

CVE-2024-21475

Memory corruption when the payload received from firmware is not as per the expected protocol size.

HIGH CVSS 7.8 Published May 06, 2024

CVE-2024-21471

Memory corruption when IOMMU unmap of a GPU buffer fails in Linux.

HIGH CVSS 8.4 Published May 06, 2024

CVE-2023-43528

Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size.

MEDIUM CVSS 6.1 Published May 06, 2024

CVE-2023-43527

Information disclosure while parsing dts header atom in Video.

MEDIUM CVSS 6.8 Published May 06, 2024

CVE-2023-43521

Memory corruption when multiple listeners are being registered with the same file descriptor.

MEDIUM CVSS 6.7 Published May 06, 2024

CVE-2024-21468

Memory corruption when there is failed unmap operation in GPU.

HIGH CVSS 8.4 Published Apr 01, 2024

CVE-2023-33111

Information disclosure when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibration command.

MEDIUM CVSS 5.5 Published Apr 01, 2024

CVE-2023-33023

Memory corruption while processing finish_sign command to pass a rsp buffer.

HIGH CVSS 8.4 Published Apr 01, 2024

CVE-2023-28547

Memory corruption in SPS Application while requesting for public key in sorter TA.

HIGH CVSS 8.4 Published Apr 01, 2024

CVE-2023-43548

Memory corruption while parsing qcp clip with invalid chunk data size.

HIGH CVSS 7.3 Published Mar 04, 2024

CVE-2023-33066

Memory corruption in Audio while processing RT proxy port register driver.

HIGH CVSS 8.4 Published Mar 04, 2024

CVE-2023-28578

Memory corruption in Core Services while executing the command for removing a single event listener.

CRITICAL CVSS 9.3 Published Mar 04, 2024

CVE-2023-43519

Memory corruption in video while parsing the Videoinfo, when the size of atom is greater than the videoinfo size.

HIGH CVSS 7.3 Published Feb 06, 2024

CVE-2023-43518

Memory corruption in video while parsing invalid mp2 clip.

HIGH CVSS 7.3 Published Feb 06, 2024

CVE-2023-43513

Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element.

HIGH CVSS 7.8 Published Feb 06, 2024

CVE-2023-33077

Memory corruption in HLOS while converting from authorization token to HIDL vector.

MEDIUM CVSS 6.7 Published Feb 06, 2024

CVE-2023-33069

Memory corruption in Audio while processing the calibration data returned from ACDB loader.

MEDIUM CVSS 6.7 Published Feb 06, 2024

CVE-2023-33068

Memory corruption in Audio while processing IIR config data from AFE calibration block.

MEDIUM CVSS 6.7 Published Feb 06, 2024

CVE-2023-33067

Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points.

MEDIUM CVSS 6.7 Published Feb 06, 2024

CVE-2023-33065

Information disclosure in Audio while accessing AVCS services from ADSP payload.

MEDIUM CVSS 6.1 Published Feb 06, 2024

CVE-2023-33064

Transient DOS in Audio when invoking callback function of ASM driver.

MEDIUM CVSS 5.5 Published Feb 06, 2024

CVE-2023-33120

Memory corruption in Audio when memory map command is executed consecutively in ADSP.

HIGH CVSS 7.8 Published Jan 02, 2024

CVE-2023-33118

Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL.

HIGH CVSS 7.8 Published Jan 02, 2024

CVE-2023-33117

Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command.

HIGH CVSS 7.8 Published Jan 02, 2024

CVE-2023-33114

Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time.

HIGH CVSS 8.4 Published Jan 02, 2024

The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.

HIGH CVSS 7.8 Published Jan 02, 2024

CVE-2023-33094

Memory corruption while running VK synchronization with KASAN enabled.

HIGH CVSS 8.4 Published Jan 02, 2024

CVE-2023-33085

Memory corruption in wearables while processing data from AON.

HIGH CVSS 7.8 Published Jan 02, 2024

CVE-2023-33038

Memory corruption while receiving a message in Bus Socket Transport Server.

MEDIUM CVSS 6.7 Published Jan 02, 2024

CVE-2023-33033

Memory corruption in Audio during playback with speaker protection.

HIGH CVSS 8.4 Published Jan 02, 2024

CVE-2023-33030

Memory corruption in HLOS while running playready use-case.

CRITICAL CVSS 9.3 Published Jan 02, 2024

CVE-2023-28583

Memory corruption when IPv6 prefix timer object`s lifetime expires which are created while Netmgr daemon gets an IPv6 address.

MEDIUM CVSS 6.7 Published Jan 02, 2024

CVE-2023-33107

Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.

HIGH CVSS 8.4 Published Dec 05, 2023

CVE-2023-33106

Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.

HIGH CVSS 8.4 Published Dec 05, 2023

CVE-2023-33092

Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size.

HIGH CVSS 8.4 Published Dec 05, 2023

CVE-2023-33080

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.

HIGH CVSS 7.5 Published Dec 05, 2023

CVE-2023-33079

Memory corruption in Audio while running invalid audio recording from ADSP.

HIGH CVSS 7.8 Published Dec 05, 2023

CVE-2023-33070

Transient DOS in Automotive OS due to improper authentication to the secure IO calls.

HIGH CVSS 7.1 Published Dec 05, 2023

CVE-2023-33063

Memory corruption in DSP Services during a remote call from HLOS to DSP.

HIGH CVSS 7.8 Published Dec 05, 2023

CVE-2023-33054

Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance data.

CRITICAL CVSS 9.1 Published Dec 05, 2023

CVE-2023-33024

Memory corruption while sending SMS from AP firmware.

MEDIUM CVSS 6.7 Published Dec 05, 2023

CVE-2023-33018

Memory corruption while using the UIM diag command to get the operators name.

HIGH CVSS 7.8 Published Dec 05, 2023

CVE-2023-33017

Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.

HIGH CVSS 7.8 Published Dec 05, 2023

CVE-2023-28588

Transient DOS in Bluetooth Host while rfc slot allocation.

HIGH CVSS 7.5 Published Dec 05, 2023

CVE-2023-28586

Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.

MEDIUM CVSS 6.0 Published Dec 05, 2023

CVE-2023-28580

Memory corruption in WLAN Host while setting the PMK length in PMK length in internal cache.

MEDIUM CVSS 6.7 Published Dec 05, 2023

CVE-2023-28579

Memory Corruption in WLAN Host while deserializing the input PMK bytes without checking the input PMK length.

MEDIUM CVSS 6.7 Published Dec 05, 2023

CVE-2023-28551

Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.

HIGH CVSS 7.8 Published Dec 05, 2023

CVE-2023-28550

Memory corruption in MPP performance while accessing DSM watermark using external memory address.

HIGH CVSS 7.8 Published Dec 05, 2023

CVE-2023-28546

Memory Corruption in SPS Application while exporting public key in sorter TA.

HIGH CVSS 7.8 Published Dec 05, 2023

CVE-2023-22383

Memory Corruption in camera while installing a fd for a particular DMA buffer.

MEDIUM CVSS 6.7 Published Dec 05, 2023

CVE-2023-21634

Memory Corruption in Radio Interface Layer while sending an SMS or writing an SMS to SIM.

MEDIUM CVSS 6.7 Published Dec 05, 2023

CVE-2023-33059

Memory corruption in Audio while processing the VOC packet data from ADSP.

HIGH CVSS 7.8 Published Nov 07, 2023

CVE-2023-33055

Memory Corruption in Audio while invoking callback function in driver from ADSP.

HIGH CVSS 7.8 Published Nov 07, 2023

CVE-2023-33031

Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer.

HIGH CVSS 7.8 Published Nov 07, 2023

CVE-2023-28570

Memory corruption while processing audio effects.

MEDIUM CVSS 6.7 Published Nov 07, 2023

CVE-2023-28554

Information Disclosure in Qualcomm IPC while reading values from shared memory in VM.

MEDIUM CVSS 6.1 Published Nov 07, 2023

CVE-2023-22388

Memory Corruption in Multi-mode Call Processor while processing bit mask API.

CRITICAL CVSS 9.8 Published Nov 07, 2023

CVE-2023-33035

Memory corruption while invoking callback function of AFE from ADSP.

HIGH CVSS 7.8 Published Oct 03, 2023

CVE-2023-28540

Cryptographic issue in Data Modem due to improper authentication during TLS handshake.

CRITICAL CVSS 9.1 Published Oct 03, 2023

CVE-2023-24850

Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application.

HIGH CVSS 7.8 Published Oct 03, 2023

CVE-2023-24849

Information Disclosure in data Modem while parsing an FMTP line in an SDP message.

HIGH CVSS 8.2 Published Oct 03, 2023

CVE-2023-24848

Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value.

HIGH CVSS 8.2 Published Oct 03, 2023

CVE-2023-22385

Memory Corruption in Data Modem while making a MO call or MT VOLTE call.

HIGH CVSS 8.2 Published Oct 03, 2023

CVE-2023-33021

Memory corruption in Graphics while processing user packets for command submission.

HIGH CVSS 8.4 Published Sep 05, 2023

CVE-2023-33020

Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE.

HIGH CVSS 7.5 Published Sep 05, 2023

CVE-2023-33019

Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE.

HIGH CVSS 7.5 Published Sep 05, 2023

CVE-2023-28565

Memory corruption in WLAN HAL while handling command streams through WMI interfaces.

HIGH CVSS 7.8 Published Sep 05, 2023

CVE-2023-28560

Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.

HIGH CVSS 7.8 Published Sep 05, 2023

CVE-2023-21667

Transient DOS in Bluetooth HOST while passing descriptor to validate the blacklisted BT keyboard.

MEDIUM CVSS 6.5 Published Sep 05, 2023

CVE-2023-21663

Memory Corruption while accessing metadata in Display.

MEDIUM CVSS 6.7 Published Sep 05, 2023

CVE-2023-21655

Memory corruption in Audio while validating and mapping metadata.

MEDIUM CVSS 6.7 Published Sep 05, 2023

CVE-2023-21654

Memory corruption in Audio during playback session with audio effects enabled.

MEDIUM CVSS 6.7 Published Sep 05, 2023

CVE-2023-21644

Memory corruption in RIL due to Integer Overflow while triggering qcril_uim_request_apdu request.

MEDIUM CVSS 6.7 Published Sep 05, 2023

CVE-2023-21636

Memory Corruption due to improper validation of array index in Linux while updating adn record.

MEDIUM CVSS 6.7 Published Sep 05, 2023

CVE-2022-40524

Memory corruption due to buffer over-read in Modem while processing SetNativeHandle RTP service.

MEDIUM CVSS 6.7 Published Sep 05, 2023

CVE-2023-28577

In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel address.

MEDIUM CVSS 6.7 Published Aug 08, 2023

CVE-2023-28576

The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to out-of-bounds read/write issues.

MEDIUM CVSS 6.4 Published Aug 08, 2023

Version WCN3680B

Known Vulnerabilities

CVE-2024-33067

CVE-2024-33061

CVE-2024-43052

CVE-2024-33053

CVE-2024-33044

CVE-2024-33040

CVE-2024-33037

CVE-2024-33036

CVE-2024-38423

CVE-2024-38422

CVE-2024-38415

CVE-2024-38403

CVE-2024-33032

CVE-2024-23385

CVE-2024-23375

CVE-2024-38401

CVE-2024-33060

CVE-2024-33052

CVE-2024-33043

CVE-2024-33042

CVE-2024-33016

CVE-2024-23364

CVE-2024-23359

CVE-2024-23358

CVE-2024-33027

CVE-2024-23357

CVE-2024-23353

CVE-2024-21479

CVE-2024-23373

CVE-2024-23368

CVE-2024-21461

CVE-2023-43555

CVE-2023-43551

CVE-2024-21475

CVE-2024-21471

CVE-2023-43528

CVE-2023-43527

CVE-2023-43521

CVE-2024-21468

CVE-2023-33111

CVE-2023-33023

CVE-2023-28547

CVE-2023-43548

CVE-2023-33066

CVE-2023-28578

CVE-2023-43519

CVE-2023-43518

CVE-2023-43513

CVE-2023-33077

CVE-2023-33069

CVE-2023-33068

CVE-2023-33067

CVE-2023-33065

CVE-2023-33064

CVE-2023-33120

CVE-2023-33118

CVE-2023-33117

CVE-2023-33114

CVE-2023-33110

CVE-2023-33094

CVE-2023-33085

CVE-2023-33038

CVE-2023-33033

CVE-2023-33030

CVE-2023-28583

CVE-2023-33107

CVE-2023-33106

CVE-2023-33092

CVE-2023-33080

CVE-2023-33079

CVE-2023-33070

CVE-2023-33063

CVE-2023-33054

CVE-2023-33024

CVE-2023-33018

CVE-2023-33017

CVE-2023-28588

CVE-2023-28586