Qualcomm Inc Snapdragon vulnerabilities

CVE-2024-33056 [HIGH] CWE-126 CVE-2024-33056: Memory corruption when allocating and accessing an entry in an SMEM partition continuously. Memory corruption when allocating and accessing an entry in an SMEM partition continuously.

CVE-2024-43053 [HIGH] CWE-119 CVE-2024-43053: Memory corruption while invoking IOCTL calls from user space to read WLAN target diagnostic informat Memory corruption while invoking IOCTL calls from user space to read WLAN target diagnostic information.

CVE-2024-43049 [HIGH] CWE-119 CVE-2024-43049: Memory corruption while invoking IOCTL calls from user space to set generic private command inside W Memory corruption while invoking IOCTL calls from user space to set generic private command inside WLAN driver.

CVE-2024-33044 [HIGH] CWE-129 CVE-2024-33044: Memory corruption while Configuring the SMR/S2CR register in Bypass mode. Memory corruption while Configuring the SMR/S2CR register in Bypass mode.

CVE-2024-43052 [HIGH] CWE-20 CVE-2024-43052: Memory corruption while processing API calls to NPU with invalid input. Memory corruption while processing API calls to NPU with invalid input.

CVE-2024-33037 [MEDIUM] CWE-126 CVE-2024-33037: Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver does Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesn`t validate the IPC message received from the firmware.

CVE-2024-33053 [MEDIUM] CWE-416 CVE-2024-33053: Memory corruption when multiple threads try to unregister the CVP buffer at the same time. Memory corruption when multiple threads try to unregister the CVP buffer at the same time.

CVE-2024-33036 [MEDIUM] CWE-823 CVE-2024-33036: Memory corruption while parsing sensor packets in camera driver, user-space variable is used while a Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access.

CVE-2024-33039 [MEDIUM] CWE-822 CVE-2024-33039: Memory corruption when PAL client calls PAL service APIs by passing a random value as handle and the Memory corruption when PAL client calls PAL service APIs by passing a random value as handle and the handle is not validated by the service.

CVE-2017-17772 [CRITICAL] CWE-126 CVE-2017-17772: In multiple functions that process 802.11 frames, out-of-bounds reads can occur due to insufficient In multiple functions that process 802.11 frames, out-of-bounds reads can occur due to insufficient validation.

CVE-2017-11076 [CRITICAL] CWE-823 CVE-2017-11076: On some hardware revisions where VP9 decoding is hardware-accelerated, the frame size is not program On some hardware revisions where VP9 decoding is hardware-accelerated, the frame size is not programmed correctly into the decoder hardware which can lead to an invalid memory access by the decoder.

CVE-2017-15832 [HIGH] CWE-20 CVE-2017-15832: Buffer overwrite in the WLAN host driver by leveraging a compromised WLAN FW Buffer overwrite in the WLAN host driver by leveraging a compromised WLAN FW

CVE-2018-5852 [HIGH] CWE-126 CVE-2018-5852: An unsigned integer underflow vulnerability in IPA driver result into a buffer over-read while readi An unsigned integer underflow vulnerability in IPA driver result into a buffer over-read while reading NAT entry using debugfs command 'cat /sys/kernel/debug/ipa/ip4_nat'

CVE-2016-10408 [HIGH] CWE-284 CVE-2016-10408: QSEE will randomly experience a fatal error during execution due to speculative instruction fetches QSEE will randomly experience a fatal error during execution due to speculative instruction fetches from device memory. Device memory is not valid executable memory.

CVE-2016-10394 [HIGH] CWE-287 CVE-2016-10394: Initial xbl_sec revision does not have all the debug policy features and critical checks. Initial xbl_sec revision does not have all the debug policy features and critical checks.

CVE-2017-18153 [HIGH] CWE-416 CVE-2017-18153: A race condition exists in a driver potentially leading to a use-after-free condition. A race condition exists in a driver potentially leading to a use-after-free condition.

CVE-2018-11952 [HIGH] CWE-287 CVE-2018-11952: An image with a version lower than the fuse version may potentially be booted lead to improper authe An image with a version lower than the fuse version may potentially be booted lead to improper authentication.

CVE-2018-11816 [HIGH] CWE-416 CVE-2018-11816: Crafted Binder Request Causes Heap UAF in MediaServer Crafted Binder Request Causes Heap UAF in MediaServer

CVE-2017-18306 [MEDIUM] CWE-200 CVE-2017-18306: Information disclosure due to uninitialized variable. Information disclosure due to uninitialized variable.

CVE-2018-11922 [MEDIUM] CWE-16 CVE-2018-11922: Wrong configuration in Touch Pal application can collect user behavior data without awareness by the Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user.