Qualcomm Inc Snapdragon vulnerabilities

CVE-2024-33031 [MEDIUM] CWE-20 CVE-2024-33031: Memory corruption while processing the update SIM PB records request. Memory corruption while processing the update SIM PB records request.

CVE-2024-23377 [MEDIUM] CWE-823 CVE-2024-23377: Memory corruption while invoking IOCTL command from user-space, when a user modifies the original pa Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system properties have been already sent to the EVA driver.

CVE-2024-33030 [MEDIUM] CWE-120 CVE-2024-33030: Memory corruption while parsing IPC frequency table parameters for LPLH that has size greater than e Memory corruption while parsing IPC frequency table parameters for LPLH that has size greater than expected size.

CVE-2024-23385 [MEDIUM] CWE-617 CVE-2024-23385: Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE.

CVE-2024-23386 [MEDIUM] CWE-20 CVE-2024-23386: memory corruption when WiFi display APIs are invoked with large random inputs. memory corruption when WiFi display APIs are invoked with large random inputs.

CVE-2024-33066 [CRITICAL] CWE-20 CVE-2024-33066: Memory corruption while redirecting log file to any file location with any file name. Memory corruption while redirecting log file to any file location with any file name.

CVE-2024-33065 [HIGH] CWE-20 CVE-2024-33065: Memory corruption while taking snapshot when an offset variable is set by camera driver. Memory corruption while taking snapshot when an offset variable is set by camera driver.

CVE-2024-21455 [HIGH] CWE-822 CVE-2024-21455: Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a dri Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver.

CVE-2024-23369 [HIGH] CWE-119 CVE-2024-23369: Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers. Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers.

CVE-2024-33049 [HIGH] CWE-126 CVE-2024-33049: Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame.

CVE-2024-38397 [HIGH] CWE-126 CVE-2024-38397: Transient DOS while parsing probe response and assoc response frame. Transient DOS while parsing probe response and assoc response frame.

CVE-2024-38399 [HIGH] CWE-416 CVE-2024-38399: Memory corruption while processing user packets to generate page faults. Memory corruption while processing user packets to generate page faults.

CVE-2024-33069 [HIGH] CWE-416 CVE-2024-33069: Transient DOS when transmission of management frame sent by host is not successful and error status Transient DOS when transmission of management frame sent by host is not successful and error status is received in the host.

CVE-2024-33071 [HIGH] CWE-126 CVE-2024-33071: Transient DOS while parsing the MBSSID IE from the beacons when IE length is 0. Transient DOS while parsing the MBSSID IE from the beacons when IE length is 0.

CVE-2024-43047 [HIGH] CWE-416 CVE-2024-43047: Memory corruption while maintaining memory maps of HLOS memory. Memory corruption while maintaining memory maps of HLOS memory.

CVE-2024-33073 [HIGH] CWE-126 CVE-2024-33073: Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of th Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.

CVE-2024-33064 [HIGH] CWE-126 CVE-2024-33064: Information disclosure while parsing the multiple MBSSID IEs from the beacon. Information disclosure while parsing the multiple MBSSID IEs from the beacon.

CVE-2024-33070 [HIGH] CWE-126 CVE-2024-33070: Transient DOS while parsing ESP IE from beacon/probe response frame. Transient DOS while parsing ESP IE from beacon/probe response frame.

CVE-2024-23376 [MEDIUM] CWE-416 CVE-2024-23376: Memory corruption while sending the persist buffer command packet from the user-space to the kernel Memory corruption while sending the persist buffer command packet from the user-space to the kernel space through the IOCTL call.

CVE-2024-23379 [MEDIUM] CWE-415 CVE-2024-23379: Memory corruption while unmapping the fastrpc map when two threads can free the same map in concurre Memory corruption while unmapping the fastrpc map when two threads can free the same map in concurrent scenario.