Qualcomm Inc Snapdragon vulnerabilities

CVE-2024-33052 [HIGH] CWE-120 CVE-2024-33052: Memory corruption when user provides data for FM HCI command control operations. Memory corruption when user provides data for FM HCI command control operations.

CVE-2024-33050 [HIGH] CWE-126 CVE-2024-33050: Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length che Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.

CVE-2024-33045 [HIGH] CWE-562 CVE-2024-33045: Memory corruption when BTFM client sends new messages over Slimbus to ADSP. Memory corruption when BTFM client sends new messages over Slimbus to ADSP.

CVE-2024-23359 [HIGH] CWE-126 CVE-2024-23359: Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.

CVE-2024-33016 [MEDIUM] CWE-119 CVE-2024-33016: memory corruption when an invalid firehose patch command is invoked. memory corruption when an invalid firehose patch command is invoked.

CVE-2024-33043 [MEDIUM] CWE-126 CVE-2024-33043: Transient DOS while handling PS event when Program Service name length offset value is set to 255. Transient DOS while handling PS event when Program Service name length offset value is set to 255.

CVE-2024-23353 [HIGH] CWE-126 CVE-2024-23353: Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI. Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.

CVE-2024-33019 [HIGH] CWE-126 CVE-2024-33019: Transient DOS while parsing the received TID-to-link mapping action frame. Transient DOS while parsing the received TID-to-link mapping action frame.

CVE-2024-21467 [HIGH] CWE-126 CVE-2024-21467: Information disclosure while handling beacon probe frame during scan entry generation in client side Information disclosure while handling beacon probe frame during scan entry generation in client side.

CVE-2024-33023 [HIGH] CWE-416 CVE-2024-33023: Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timel Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events.

CVE-2024-33028 [HIGH] CWE-416 CVE-2024-33028: Memory corruption as fence object may still be accessed in timeline destruct after isync fence is re Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released.

CVE-2024-33011 [HIGH] CWE-126 CVE-2024-33011: Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero. Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero.

CVE-2024-23381 [HIGH] CWE-416 CVE-2024-23381: Memory corruption when memory mapped in a VBO is not unmapped by the GPU SMMU. Memory corruption when memory mapped in a VBO is not unmapped by the GPU SMMU.

CVE-2024-33012 [HIGH] CWE-126 CVE-2024-33012: Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.

CVE-2024-21481 [HIGH] CWE-119 CVE-2024-21481: Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager. Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager.

CVE-2024-33027 [HIGH] CWE-284 CVE-2024-33027: Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table.

CVE-2024-23382 [HIGH] CWE-416 CVE-2024-23382: Memory corruption while processing graphics kernel driver request to create DMA fence. Memory corruption while processing graphics kernel driver request to create DMA fence.

CVE-2024-23356 [HIGH] CWE-119 CVE-2024-23356: Memory corruption during session sign renewal request calls in HLOS. Memory corruption during session sign renewal request calls in HLOS.

CVE-2024-33034 [HIGH] CWE-416 CVE-2024-33034: Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory buffers are performed at the same time.

CVE-2024-33015 [HIGH] CWE-126 CVE-2024-33015: Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the las Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report.