Qualcomm Inc Snapdragon vulnerabilities

CVE-2024-38425 [MEDIUM] CWE-285 CVE-2024-38425: Information disclosure while sending implicit broadcast containing APP launch information. Information disclosure while sending implicit broadcast containing APP launch information.

CVE-2024-23370 [MEDIUM] CWE-416 CVE-2024-23370: Memory corruption when a process invokes IOCTL calls from user-space to create a HAB virtual channel Memory corruption when a process invokes IOCTL calls from user-space to create a HAB virtual channel and another process invokes IOCTL calls to destroy the same.

CVE-2024-23375 [MEDIUM] CWE-120 CVE-2024-23375: Memory corruption during the network scan request. Memory corruption during the network scan request.

CVE-2024-23378 [MEDIUM] CWE-120 CVE-2024-23378: Memory corruption while invoking IOCTL calls for MSM module from the user space during audio playbac Memory corruption while invoking IOCTL calls for MSM module from the user space during audio playback and record.

CVE-2024-23374 [MEDIUM] CWE-121 CVE-2024-23374: Memory corruption is possible when an attempt is made from userspace or console to write some haptic Memory corruption is possible when an attempt is made from userspace or console to write some haptics effects pattern to the haptics debugfs file.

CVE-2024-33051 [HIGH] CWE-126 CVE-2024-33051: Transient DOS while processing TIM IE from beacon frame as there is no check for IE length. Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.

CVE-2024-23362 [HIGH] CWE-20 CVE-2024-23362: Cryptographic issue while parsing RSA keys in COBR format. Cryptographic issue while parsing RSA keys in COBR format.

CVE-2024-23365 [HIGH] CWE-416 CVE-2024-23365: Memory corruption while releasing shared resources in MinkSocket listener thread. Memory corruption while releasing shared resources in MinkSocket listener thread.

CVE-2024-33035 [HIGH] CWE-190 CVE-2024-33035: Memory corruption while calculating total metadata size when a very high reserved size is requested Memory corruption while calculating total metadata size when a very high reserved size is requested by gralloc clients.

CVE-2024-33047 [HIGH] CWE-126 CVE-2024-33047: Memory corruption when the captureRead QDCM command is invoked from user-space. Memory corruption when the captureRead QDCM command is invoked from user-space.

CVE-2024-38402 [HIGH] CWE-416 CVE-2024-38402: Memory corruption while processing IOCTL call for getting group info. Memory corruption while processing IOCTL call for getting group info.

CVE-2024-23358 [HIGH] CWE-126 CVE-2024-23358: Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem.

CVE-2024-33042 [HIGH] CWE-120 CVE-2024-33042: Memory corruption when Alternative Frequency offset value is set to 255. Memory corruption when Alternative Frequency offset value is set to 255.

CVE-2024-23364 [HIGH] CWE-126 CVE-2024-23364: Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSS Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon frame that is received from over-the-air (OTA).

CVE-2024-33057 [HIGH] CWE-126 CVE-2024-33057: Transient DOS while parsing the multi-link element Control field when common information length chec Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.

CVE-2024-38401 [HIGH] CWE-416 CVE-2024-38401: Memory corruption while processing concurrent IOCTL calls. Memory corruption while processing concurrent IOCTL calls.

CVE-2024-33038 [HIGH] CWE-822 CVE-2024-33038: Memory corruption while passing untrusted/corrupted pointers from DSP to EVA. Memory corruption while passing untrusted/corrupted pointers from DSP to EVA.

CVE-2024-33048 [HIGH] CWE-126 CVE-2024-33048: Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame. Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.

CVE-2024-33054 [HIGH] CWE-120 CVE-2024-33054: Memory corruption during the handshake between the Primary Virtual Machine and Trusted Virtual Machi Memory corruption during the handshake between the Primary Virtual Machine and Trusted Virtual Machine.

CVE-2024-33060 [HIGH] CWE-416 CVE-2024-33060: Memory corruption when two threads try to map and unmap a single node simultaneously. Memory corruption when two threads try to map and unmap a single node simultaneously.