qualcomm fastconnect_6800_firmware v0 - 101 CVEs

CVE-2024-43052

Memory corruption while processing API calls to NPU with invalid input.

HIGH CVSS 7.8 Published Dec 02, 2024

CVE-2024-43050

Memory corruption while invoking IOCTL calls from user space to issue factory test command inside WLAN driver.

HIGH CVSS 7.8 Published Dec 02, 2024

CVE-2024-33056

Memory corruption when allocating and accessing an entry in an SMEM partition continuously.

HIGH CVSS 8.4 Published Dec 02, 2024

CVE-2024-33053

Memory corruption when multiple threads try to unregister the CVP buffer at the same time.

MEDIUM CVSS 6.7 Published Dec 02, 2024

CVE-2024-33044

Memory corruption while Configuring the SMR/S2CR register in Bypass mode.

HIGH CVSS 8.4 Published Dec 02, 2024

CVE-2024-33040

Memory corruption while invoking redundant release command to release one buffer from user space as race condition can occur in kernel space between buffer release and buffer access.

MEDIUM CVSS 6.7 Published Dec 02, 2024

CVE-2024-33037

Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesn`t validate the IPC message received from the firmware.

MEDIUM CVSS 6.1 Published Dec 02, 2024

CVE-2024-33036

Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access.

MEDIUM CVSS 6.7 Published Dec 02, 2024

CVE-2024-38423

Memory corruption while processing GPU page table switch.

HIGH CVSS 7.8 Published Nov 04, 2024

CVE-2024-38422

Memory corruption while processing voice packet with arbitrary data received from ADSP.

HIGH CVSS 7.8 Published Nov 04, 2024

CVE-2024-38415

Memory corruption while handling session errors from firmware.

HIGH CVSS 7.8 Published Nov 04, 2024

CVE-2024-38408

Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.

HIGH CVSS 8.2 Published Nov 04, 2024

CVE-2024-38407

Memory corruption while processing input parameters for any IOCTL call in the JPEG Encoder driver.

HIGH CVSS 7.8 Published Nov 04, 2024

CVE-2024-38406

Memory corruption while handling IOCTL calls in JPEG Encoder driver.

HIGH CVSS 7.8 Published Nov 04, 2024

CVE-2024-33032

Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it.

MEDIUM CVSS 6.7 Published Nov 04, 2024

CVE-2024-43047

Memory corruption while maintaining memory maps of HLOS memory.

HIGH CVSS 7.8 Published Oct 07, 2024

CVE-2024-33069

Transient DOS when transmission of management frame sent by host is not successful and error status is received in the host.

HIGH CVSS 7.5 Published Oct 07, 2024

CVE-2024-33065

Memory corruption while taking snapshot when an offset variable is set by camera driver.

HIGH CVSS 8.4 Published Oct 07, 2024

CVE-2024-23369

Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers.

HIGH CVSS 7.8 Published Oct 07, 2024

CVE-2024-33060

Memory corruption when two threads try to map and unmap a single node simultaneously.

HIGH CVSS 8.4 Published Sep 02, 2024

CVE-2024-33052

Memory corruption when user provides data for FM HCI command control operations.

HIGH CVSS 7.8 Published Sep 02, 2024

CVE-2024-33051

Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.

HIGH CVSS 7.5 Published Sep 02, 2024

CVE-2024-33048

Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.

HIGH CVSS 7.5 Published Sep 02, 2024

CVE-2024-33042

Memory corruption when Alternative Frequency offset value is set to 255.

HIGH CVSS 7.8 Published Sep 02, 2024

CVE-2024-33035

Memory corruption while calculating total metadata size when a very high reserved size is requested by gralloc clients.

HIGH CVSS 8.4 Published Sep 02, 2024

CVE-2024-33016

memory corruption when an invalid firehose patch command is invoked.

MEDIUM CVSS 6.8 Published Sep 02, 2024

CVE-2024-23364

Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon frame that is received from over-the-air (OTA).

HIGH CVSS 7.5 Published Sep 02, 2024

CVE-2024-23362

Cryptographic issue while parsing RSA keys in COBR format.

HIGH CVSS 7.1 Published Sep 02, 2024

CVE-2024-23359

Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.

HIGH CVSS 8.2 Published Sep 02, 2024

CVE-2024-33025

Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33024

Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33023

Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events.

HIGH CVSS 8.4 Published Aug 05, 2024

CVE-2024-33020

Transient DOS while processing TID-to-link mapping IE elements.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-33014

Transient DOS while parsing ESP IE from beacon/probe response frame.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-23356

Memory corruption during session sign renewal request calls in HLOS.

HIGH CVSS 7.8 Published Aug 05, 2024

CVE-2024-23355

Memory corruption when keymaster operation imports a shared key.

HIGH CVSS 7.8 Published Aug 05, 2024

CVE-2024-23353

Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-23352

Transient DOS when NAS receives ODAC criteria of length 1 and type 1 in registration accept OTA.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-21481

Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager.

HIGH CVSS 8.4 Published Aug 05, 2024

CVE-2024-21479

Transient DOS during music playback of ALAC content.

HIGH CVSS 7.5 Published Aug 05, 2024

CVE-2024-21467

Information disclosure while handling beacon probe frame during scan entry generation in client side.

MEDIUM CVSS 6.5 Published Aug 05, 2024

CVE-2024-21459

Information disclosure while handling beacon or probe response frame in STA.

MEDIUM CVSS 6.5 Published Aug 05, 2024

CVE-2024-23373

Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.

HIGH CVSS 8.4 Published Jul 01, 2024

CVE-2024-23368

Memory corruption when allocating and accessing an entry in an SMEM partition.

HIGH CVSS 7.8 Published Jul 01, 2024

CVE-2024-21469

Memory corruption when an invoke call and a TEE call are bound for the same trusted application.

HIGH CVSS 7.3 Published Jul 01, 2024

CVE-2024-21465

Memory corruption while processing key blob passed by the user.

HIGH CVSS 7.8 Published Jul 01, 2024

CVE-2024-21461

Memory corruption while performing finish HMAC operation when context is freed by keymaster.

HIGH CVSS 8.4 Published Jul 01, 2024

CVE-2023-43554

Memory corruption while processing IOCTL handler in FastRPC.

HIGH CVSS 8.4 Published Jul 01, 2024

CVE-2023-43542

Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.

HIGH CVSS 7.8 Published Jun 03, 2024

CVE-2024-21471

Memory corruption when IOMMU unmap of a GPU buffer fails in Linux.

HIGH CVSS 8.4 Published May 06, 2024

CVE-2023-43531

Memory corruption while verifying the serialized header when the key pairs are generated.

HIGH CVSS 8.4 Published May 06, 2024

CVE-2023-43527

Information disclosure while parsing dts header atom in Video.

MEDIUM CVSS 6.8 Published May 06, 2024

CVE-2023-43521

Memory corruption when multiple listeners are being registered with the same file descriptor.

MEDIUM CVSS 6.7 Published May 06, 2024

CVE-2024-21470

Memory corruption while allocating memory for graphics.

HIGH CVSS 8.4 Published Apr 01, 2024

CVE-2024-21468

Memory corruption when there is failed unmap operation in GPU.

HIGH CVSS 8.4 Published Apr 01, 2024

CVE-2023-33115

Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.

HIGH CVSS 7.8 Published Apr 01, 2024

CVE-2023-33023

Memory corruption while processing finish_sign command to pass a rsp buffer.

HIGH CVSS 8.4 Published Apr 01, 2024

CVE-2023-28547

Memory corruption in SPS Application while requesting for public key in sorter TA.

HIGH CVSS 8.4 Published Apr 01, 2024

CVE-2023-43549

Memory corruption while processing TPC target power table in FTM TPC.

HIGH CVSS 8.4 Published Mar 04, 2024

CVE-2023-43548

Memory corruption while parsing qcp clip with invalid chunk data size.

HIGH CVSS 7.3 Published Mar 04, 2024

CVE-2023-43541

Memory corruption while invoking the SubmitCommands call on Gfx engine during the graphics render.

HIGH CVSS 8.4 Published Mar 04, 2024

CVE-2023-43540

Memory corruption while processing the IOCTL FM HCI WRITE request.

HIGH CVSS 8.4 Published Mar 04, 2024

CVE-2023-43539

Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol frame.

HIGH CVSS 7.5 Published Mar 04, 2024

CVE-2023-33104

Transient DOS while processing PDU Release command with a parameter PDU ID out of range.

HIGH CVSS 7.5 Published Mar 04, 2024

CVE-2023-33096

Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16.

HIGH CVSS 7.5 Published Mar 04, 2024

CVE-2023-33095

Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in NR.

HIGH CVSS 7.5 Published Mar 04, 2024

CVE-2023-33086

Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different identifiers.

HIGH CVSS 7.5 Published Mar 04, 2024

CVE-2023-33066

Memory corruption in Audio while processing RT proxy port register driver.

HIGH CVSS 8.4 Published Mar 04, 2024

CVE-2023-28578

Memory corruption in Core Services while executing the command for removing a single event listener.

CRITICAL CVSS 9.3 Published Mar 04, 2024

CVE-2023-43522

Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL.

HIGH CVSS 7.5 Published Feb 06, 2024

CVE-2023-43519

Memory corruption in video while parsing the Videoinfo, when the size of atom is greater than the videoinfo size.

HIGH CVSS 7.3 Published Feb 06, 2024

CVE-2023-43518

Memory corruption in video while parsing invalid mp2 clip.

HIGH CVSS 7.3 Published Feb 06, 2024

CVE-2023-33067

Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points.

MEDIUM CVSS 6.7 Published Feb 06, 2024

CVE-2023-33065

Information disclosure in Audio while accessing AVCS services from ADSP payload.

MEDIUM CVSS 6.1 Published Feb 06, 2024

CVE-2023-33107

Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.

HIGH CVSS 8.4 Published Dec 05, 2023

CVE-2023-33106

Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.

HIGH CVSS 8.4 Published Dec 05, 2023

CVE-2023-33063

Memory corruption in DSP Services during a remote call from HLOS to DSP.

HIGH CVSS 7.8 Published Dec 05, 2023

CVE-2023-33045

Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute.

CRITICAL CVSS 9.8 Published Nov 07, 2023

CVE-2023-33027

Transient DOS in WLAN Firmware while parsing rsn ies.

HIGH CVSS 7.5 Published Oct 03, 2023

CVE-2023-33026

Transient DOS in WLAN Firmware while parsing a NAN management frame.

HIGH CVSS 7.5 Published Oct 03, 2023

CVE-2023-24847

Transient DOS in Modem while allocating DSM items.

HIGH CVSS 7.5 Published Oct 03, 2023

CVE-2023-28558

Memory corruption in WLAN handler while processing PhyID in Tx status handler.

HIGH CVSS 7.8 Published Sep 05, 2023

CVE-2023-28557

Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload.

HIGH CVSS 7.8 Published Sep 05, 2023

In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel address.

MEDIUM CVSS 6.7 Published Aug 08, 2023

Version 0

Known Vulnerabilities

CVE-2024-43052

CVE-2024-43050

CVE-2024-33056

CVE-2024-33053

CVE-2024-33044

CVE-2024-33040

CVE-2024-33037

CVE-2024-33036

CVE-2024-38423

CVE-2024-38422

CVE-2024-38415

CVE-2024-38408

CVE-2024-38407

CVE-2024-38406

CVE-2024-33032

CVE-2024-43047

CVE-2024-33069

CVE-2024-33065

CVE-2024-23369

CVE-2024-33060

CVE-2024-33052

CVE-2024-33051

CVE-2024-33048

CVE-2024-33042

CVE-2024-33035

CVE-2024-33016

CVE-2024-23364

CVE-2024-23362

CVE-2024-23359

CVE-2024-33025

CVE-2024-33024

CVE-2024-33023

CVE-2024-33020

CVE-2024-33014

CVE-2024-23356

CVE-2024-23355

CVE-2024-23353

CVE-2024-23352

CVE-2024-21481

CVE-2024-21479

CVE-2024-21467

CVE-2024-21459

CVE-2024-23373

CVE-2024-23368

CVE-2024-21469

CVE-2024-21465

CVE-2024-21461

CVE-2023-43554

CVE-2023-43542

CVE-2024-21471

CVE-2023-43531

CVE-2023-43527

CVE-2023-43521

CVE-2024-21470

CVE-2024-21468

CVE-2023-33115

CVE-2023-33023

CVE-2023-28547

CVE-2023-43549

CVE-2023-43548

CVE-2023-43541

CVE-2023-43540

CVE-2023-43539

CVE-2023-33104

CVE-2023-33096

CVE-2023-33095

CVE-2023-33086

CVE-2023-33066

CVE-2023-28578

CVE-2023-43522

CVE-2023-43519

CVE-2023-43518

CVE-2023-33067

CVE-2023-33065

CVE-2023-33107

CVE-2023-33106

CVE-2023-33063

CVE-2023-33045