Vendor CVEs
Qualcomm
All CVEs
2,042 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-20018 | 0.00 | — | 0.01 | Mar 4, 2024 | In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00348479; Issue ID: MSV-1019. | |||
| CVE-2024-26597 | 0.00 | — | 0.00 | Feb 23, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: qualcomm: rmnet: fix global oob in rmnet_policy The variable rmnet_link_ops assign a *bigger* maxtype which leads to a global out-of-bounds read when parsing the netlink attributes. See bug trace below: … | |||
| CVE-2023-33077 | 0.00 | — | 0.00 | Feb 6, 2024 | Memory corruption in HLOS while converting from authorization token to HIDL vector. | |||
| CVE-2023-33068 | 0.00 | — | 0.00 | Feb 6, 2024 | Memory corruption in Audio while processing IIR config data from AFE calibration block. | |||
| CVE-2023-33065 | 0.00 | — | 0.00 | Feb 6, 2024 | Information disclosure in Audio while accessing AVCS services from ADSP payload. | |||
| CVE-2023-33057 | 0.00 | — | 0.00 | Feb 6, 2024 | Transient DOS in Multi-Mode Call Processor while processing UE policy container. | |||
| CVE-2023-33049 | 0.00 | — | 0.00 | Feb 6, 2024 | Transient DOS in Multi-Mode Call Processor due to UE failure because of heap leakage. | |||
| CVE-2023-33046 | 0.00 | — | 0.00 | Feb 6, 2024 | Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation. | |||
| CVE-2023-43511 | 0.00 | — | 0.00 | Jan 2, 2024 | Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. | |||
| CVE-2023-33118 | 0.00 | — | 0.00 | Jan 2, 2024 | Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL. | |||
| CVE-2023-33112 | 0.00 | — | 0.00 | Jan 2, 2024 | Transient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA element. | |||
| CVE-2023-33062 | 0.00 | — | 0.00 | Jan 2, 2024 | Transient DOS in WLAN Firmware while parsing a BTM request. | |||
| CVE-2023-33030 | 0.00 | — | 0.00 | Jan 2, 2024 | Memory corruption in HLOS while running playready use-case. | |||
| CVE-2023-33025 | 0.00 | — | 0.00 | Jan 2, 2024 | Memory corruption in Data Modem when a non-standard SDP body, during a VOLTE call. | |||
| CVE-2023-28583 | 0.00 | — | 0.00 | Jan 2, 2024 | Memory corruption when IPv6 prefix timer object`s lifetime expires which are created while Netmgr daemon gets an IPv6 address. | |||
| CVE-2023-32831 | 0.00 | — | 0.00 | Jan 2, 2024 | In wlan driver, there is a possible PIN crack due to use of insufficiently random values. This could lead to local information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00325055; Issue ID: MSV-868. | |||
| CVE-2023-33083 | 0.00 | — | 0.01 | Dec 5, 2023 | Memory corruption in WLAN Host while processing RRM beacon on the AP. | |||
| CVE-2023-33054 | 0.00 | — | 0.00 | Dec 5, 2023 | Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance data. | |||
| CVE-2023-28588 | 0.00 | — | 0.01 | Dec 5, 2023 | Transient DOS in Bluetooth Host while rfc slot allocation. | |||
| CVE-2023-28580 | 0.00 | — | 0.00 | Dec 5, 2023 | Memory corruption in WLAN Host while setting the PMK length in PMK length in internal cache. | |||
| CVE-2023-28579 | 0.00 | — | 0.00 | Dec 5, 2023 | Memory Corruption in WLAN Host while deserializing the input PMK bytes without checking the input PMK length. | |||
| CVE-2023-28546 | 0.00 | — | 0.00 | Dec 5, 2023 | Memory Corruption in SPS Application while exporting public key in sorter TA. | |||
| CVE-2023-21634 | 0.00 | — | 0.00 | Dec 5, 2023 | Memory Corruption in Radio Interface Layer while sending an SMS or writing an SMS to SIM. | |||
| CVE-2023-33061 | 0.00 | — | 0.00 | Nov 7, 2023 | Transient DOS in WLAN Firmware while parsing WLAN beacon or probe-response frame. | |||
| CVE-2023-33059 | 0.00 | — | 0.00 | Nov 7, 2023 | Memory corruption in Audio while processing the VOC packet data from ADSP. | |||
| CVE-2023-33055 | 0.00 | — | 0.00 | Nov 7, 2023 | Memory Corruption in Audio while invoking callback function in driver from ADSP. | |||
| CVE-2023-28568 | 0.00 | — | 0.00 | Nov 7, 2023 | Information disclosure in WLAN HAL when reception status handler is called. | |||
| CVE-2023-28566 | 0.00 | — | 0.00 | Nov 7, 2023 | Information disclosure in WLAN HAL while handling the WMI state info command. | |||
| CVE-2023-28554 | 0.00 | — | 0.00 | Nov 7, 2023 | Information Disclosure in Qualcomm IPC while reading values from shared memory in VM. | |||
| CVE-2023-28553 | 0.00 | — | 0.00 | Nov 7, 2023 | Information Disclosure in WLAN Host when processing WMI event command. | |||
| CVE-2023-22388 | 0.00 | — | 0.00 | Nov 7, 2023 | Memory Corruption in Multi-mode Call Processor while processing bit mask API. | |||
| CVE-2023-33039 | 0.00 | — | 0.00 | Oct 3, 2023 | Memory corruption in Automotive Display while destroying the image handle created using connected display driver. | |||
| CVE-2023-33029 | 0.00 | — | 0.00 | Oct 3, 2023 | Memory corruption in DSP Service during a remote call from HLOS to DSP. | |||
| CVE-2023-33027 | 0.00 | — | 0.00 | Oct 3, 2023 | Transient DOS in WLAN Firmware while parsing rsn ies. | |||
| CVE-2023-33026 | 0.00 | — | 0.00 | Oct 3, 2023 | Transient DOS in WLAN Firmware while parsing a NAN management frame. | |||
| CVE-2023-28571 | 0.00 | — | 0.00 | Oct 3, 2023 | Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan. | |||
| CVE-2023-28540 | 0.00 | — | 0.00 | Oct 3, 2023 | Cryptographic issue in Data Modem due to improper authentication during TLS handshake. | |||
| CVE-2023-28539 | 0.00 | — | 0.00 | Oct 3, 2023 | Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command. | |||
| CVE-2023-28543 | 0.00 | — | 0.00 | Sep 5, 2023 | A malformed DLC can trigger Memory Corruption in SNPE library due to out of bounds read, such as by loading an untrusted model (e.g. from a remote source). | |||
| CVE-2023-33019 | 0.00 | — | 0.00 | Sep 5, 2023 | Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE. | |||
| CVE-2023-33016 | 0.00 | — | 0.00 | Sep 5, 2023 | Transient DOS in WLAN firmware while parsing MLO (multi-link operation). | |||
| CVE-2023-33015 | 0.00 | — | 0.00 | Sep 5, 2023 | Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon frame. | |||
| CVE-2023-28581 | 0.00 | — | 0.00 | Sep 5, 2023 | Memory corruption in WLAN Firmware while parsing receieved GTK Keys in GTK KDE. | |||
| CVE-2023-28573 | 0.00 | — | 0.00 | Sep 5, 2023 | Memory corruption in WLAN HAL while parsing WMI command parameters. | |||
| CVE-2023-28565 | 0.00 | — | 0.00 | Sep 5, 2023 | Memory corruption in WLAN HAL while handling command streams through WMI interfaces. | |||
| CVE-2023-28564 | 0.00 | — | 0.00 | Sep 5, 2023 | Memory corruption in WLAN HAL while passing command parameters through WMI interfaces. | |||
| CVE-2023-28560 | 0.00 | — | 0.00 | Sep 5, 2023 | Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload. | |||
| CVE-2023-28557 | 0.00 | — | 0.00 | Sep 5, 2023 | Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload. | |||
| CVE-2023-28549 | 0.00 | — | 0.00 | Sep 5, 2023 | Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV payload. | |||
| CVE-2023-28548 | 0.00 | — | 0.00 | Sep 5, 2023 | Memory corruption in WLAN HAL while processing Tx/Rx commands from QDART. |
- CVE-2024-20018Mar 4, 2024risk 0.00cvss —epss 0.01
In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00348479; Issue ID: MSV-1019.
- CVE-2024-26597Feb 23, 2024risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: net: qualcomm: rmnet: fix global oob in rmnet_policy The variable rmnet_link_ops assign a *bigger* maxtype which leads to a global out-of-bounds read when parsing the netlink attributes. See bug trace below: …
- CVE-2023-33077Feb 6, 2024risk 0.00cvss —epss 0.00
Memory corruption in HLOS while converting from authorization token to HIDL vector.
- CVE-2023-33068Feb 6, 2024risk 0.00cvss —epss 0.00
Memory corruption in Audio while processing IIR config data from AFE calibration block.
- CVE-2023-33065Feb 6, 2024risk 0.00cvss —epss 0.00
Information disclosure in Audio while accessing AVCS services from ADSP payload.
- CVE-2023-33057Feb 6, 2024risk 0.00cvss —epss 0.00
Transient DOS in Multi-Mode Call Processor while processing UE policy container.
- CVE-2023-33049Feb 6, 2024risk 0.00cvss —epss 0.00
Transient DOS in Multi-Mode Call Processor due to UE failure because of heap leakage.
- CVE-2023-33046Feb 6, 2024risk 0.00cvss —epss 0.00
Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation.
- CVE-2023-43511Jan 2, 2024risk 0.00cvss —epss 0.00
Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header.
- CVE-2023-33118Jan 2, 2024risk 0.00cvss —epss 0.00
Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL.
- CVE-2023-33112Jan 2, 2024risk 0.00cvss —epss 0.00
Transient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA element.
- CVE-2023-33062Jan 2, 2024risk 0.00cvss —epss 0.00
Transient DOS in WLAN Firmware while parsing a BTM request.
- CVE-2023-33030Jan 2, 2024risk 0.00cvss —epss 0.00
Memory corruption in HLOS while running playready use-case.
- CVE-2023-33025Jan 2, 2024risk 0.00cvss —epss 0.00
Memory corruption in Data Modem when a non-standard SDP body, during a VOLTE call.
- CVE-2023-28583Jan 2, 2024risk 0.00cvss —epss 0.00
Memory corruption when IPv6 prefix timer object`s lifetime expires which are created while Netmgr daemon gets an IPv6 address.
- CVE-2023-32831Jan 2, 2024risk 0.00cvss —epss 0.00
In wlan driver, there is a possible PIN crack due to use of insufficiently random values. This could lead to local information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00325055; Issue ID: MSV-868.
- CVE-2023-33083Dec 5, 2023risk 0.00cvss —epss 0.01
Memory corruption in WLAN Host while processing RRM beacon on the AP.
- CVE-2023-33054Dec 5, 2023risk 0.00cvss —epss 0.00
Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance data.
- CVE-2023-28588Dec 5, 2023risk 0.00cvss —epss 0.01
Transient DOS in Bluetooth Host while rfc slot allocation.
- CVE-2023-28580Dec 5, 2023risk 0.00cvss —epss 0.00
Memory corruption in WLAN Host while setting the PMK length in PMK length in internal cache.
- CVE-2023-28579Dec 5, 2023risk 0.00cvss —epss 0.00
Memory Corruption in WLAN Host while deserializing the input PMK bytes without checking the input PMK length.
- CVE-2023-28546Dec 5, 2023risk 0.00cvss —epss 0.00
Memory Corruption in SPS Application while exporting public key in sorter TA.
- CVE-2023-21634Dec 5, 2023risk 0.00cvss —epss 0.00
Memory Corruption in Radio Interface Layer while sending an SMS or writing an SMS to SIM.
- CVE-2023-33061Nov 7, 2023risk 0.00cvss —epss 0.00
Transient DOS in WLAN Firmware while parsing WLAN beacon or probe-response frame.
- CVE-2023-33059Nov 7, 2023risk 0.00cvss —epss 0.00
Memory corruption in Audio while processing the VOC packet data from ADSP.
- CVE-2023-33055Nov 7, 2023risk 0.00cvss —epss 0.00
Memory Corruption in Audio while invoking callback function in driver from ADSP.
- CVE-2023-28568Nov 7, 2023risk 0.00cvss —epss 0.00
Information disclosure in WLAN HAL when reception status handler is called.
- CVE-2023-28566Nov 7, 2023risk 0.00cvss —epss 0.00
Information disclosure in WLAN HAL while handling the WMI state info command.
- CVE-2023-28554Nov 7, 2023risk 0.00cvss —epss 0.00
Information Disclosure in Qualcomm IPC while reading values from shared memory in VM.
- CVE-2023-28553Nov 7, 2023risk 0.00cvss —epss 0.00
Information Disclosure in WLAN Host when processing WMI event command.
- CVE-2023-22388Nov 7, 2023risk 0.00cvss —epss 0.00
Memory Corruption in Multi-mode Call Processor while processing bit mask API.
- CVE-2023-33039Oct 3, 2023risk 0.00cvss —epss 0.00
Memory corruption in Automotive Display while destroying the image handle created using connected display driver.
- CVE-2023-33029Oct 3, 2023risk 0.00cvss —epss 0.00
Memory corruption in DSP Service during a remote call from HLOS to DSP.
- CVE-2023-33027Oct 3, 2023risk 0.00cvss —epss 0.00
Transient DOS in WLAN Firmware while parsing rsn ies.
- CVE-2023-33026Oct 3, 2023risk 0.00cvss —epss 0.00
Transient DOS in WLAN Firmware while parsing a NAN management frame.
- CVE-2023-28571Oct 3, 2023risk 0.00cvss —epss 0.00
Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan.
- CVE-2023-28540Oct 3, 2023risk 0.00cvss —epss 0.00
Cryptographic issue in Data Modem due to improper authentication during TLS handshake.
- CVE-2023-28539Oct 3, 2023risk 0.00cvss —epss 0.00
Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command.
- CVE-2023-28543Sep 5, 2023risk 0.00cvss —epss 0.00
A malformed DLC can trigger Memory Corruption in SNPE library due to out of bounds read, such as by loading an untrusted model (e.g. from a remote source).
- CVE-2023-33019Sep 5, 2023risk 0.00cvss —epss 0.00
Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE.
- CVE-2023-33016Sep 5, 2023risk 0.00cvss —epss 0.00
Transient DOS in WLAN firmware while parsing MLO (multi-link operation).
- CVE-2023-33015Sep 5, 2023risk 0.00cvss —epss 0.00
Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon frame.
- CVE-2023-28581Sep 5, 2023risk 0.00cvss —epss 0.00
Memory corruption in WLAN Firmware while parsing receieved GTK Keys in GTK KDE.
- CVE-2023-28573Sep 5, 2023risk 0.00cvss —epss 0.00
Memory corruption in WLAN HAL while parsing WMI command parameters.
- CVE-2023-28565Sep 5, 2023risk 0.00cvss —epss 0.00
Memory corruption in WLAN HAL while handling command streams through WMI interfaces.
- CVE-2023-28564Sep 5, 2023risk 0.00cvss —epss 0.00
Memory corruption in WLAN HAL while passing command parameters through WMI interfaces.
- CVE-2023-28560Sep 5, 2023risk 0.00cvss —epss 0.00
Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.
- CVE-2023-28557Sep 5, 2023risk 0.00cvss —epss 0.00
Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload.
- CVE-2023-28549Sep 5, 2023risk 0.00cvss —epss 0.00
Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV payload.
- CVE-2023-28548Sep 5, 2023risk 0.00cvss —epss 0.00
Memory corruption in WLAN HAL while processing Tx/Rx commands from QDART.
Page 18 of 41