Qualcomm Inc Snapdragon vulnerabilities

CVE-2024-21465 [HIGH] CWE-126 CVE-2024-21465: Memory corruption while processing key blob passed by the user. Memory corruption while processing key blob passed by the user.

CVE-2023-43554 [HIGH] CWE-119 CVE-2023-43554: Memory corruption while processing IOCTL handler in FastRPC. Memory corruption while processing IOCTL handler in FastRPC.

CVE-2024-21469 [HIGH] CWE-264 CVE-2024-21469: Memory corruption when an invoke call and a TEE call are bound for the same trusted application. Memory corruption when an invoke call and a TEE call are bound for the same trusted application.

CVE-2024-21461 [HIGH] CWE-415 CVE-2024-21461: Memory corruption while performing finish HMAC operation when context is freed by keymaster. Memory corruption while performing finish HMAC operation when context is freed by keymaster.

CVE-2024-21457 [HIGH] CWE-126 CVE-2024-21457: INformation disclosure while handling Multi-link IE in beacon frame. INformation disclosure while handling Multi-link IE in beacon frame.

CVE-2024-21458 [HIGH] CWE-126 CVE-2024-21458: Information disclosure while handling SA query action frame. Information disclosure while handling SA query action frame.

CVE-2024-23380 [HIGH] CWE-416 CVE-2024-23380: Memory corruption while handling user packets during VBO bind operation. Memory corruption while handling user packets during VBO bind operation.

CVE-2024-23368 [HIGH] CWE-120 CVE-2024-23368: Memory corruption when allocating and accessing an entry in an SMEM partition. Memory corruption when allocating and accessing an entry in an SMEM partition.

CVE-2024-21482 [HIGH] CWE-119 CVE-2024-21482: Memory corruption during the secure boot process, when the `bootm` command is used, it bypasses the Memory corruption during the secure boot process, when the `bootm` command is used, it bypasses the authentication of the kernel/rootfs image.

CVE-2024-21462 [HIGH] CWE-126 Buffer Over-read in TZ Secure OS Buffer Over-read in TZ Secure OS Transient DOS while loading the TA ELF file.

CVE-2024-23372 [HIGH] CWE-190 CVE-2024-23372: Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected size.

CVE-2024-23373 [HIGH] CWE-416 CVE-2024-23373: Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released. Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.

CVE-2024-21460 [MEDIUM] CWE-330 CVE-2024-21460: Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address space.

CVE-2023-43551 [HIGH] CWE-287 CVE-2023-43551: Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the au Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.

CVE-2023-43545 [HIGH] CWE-190 CVE-2023-43545: Memory corruption when more scan frequency list or channels are sent from the user space. Memory corruption when more scan frequency list or channels are sent from the user space.

CVE-2023-43544 [HIGH] CWE-416 CVE-2023-43544: Memory corruption when IPC callback handle is used after it has been released during register callba Memory corruption when IPC callback handle is used after it has been released during register callback by another thread.

CVE-2023-43555 [HIGH] CWE-126 CVE-2023-43555: Information disclosure in Video while parsing mp2 clip with invalid section length. Information disclosure in Video while parsing mp2 clip with invalid section length.

CVE-2024-23360 [HIGH] CWE-284 CVE-2024-23360: Memory corruption while creating a LPAC client as LPAC engine was allowed to access GPU registers. Memory corruption while creating a LPAC client as LPAC engine was allowed to access GPU registers.

CVE-2023-43542 [HIGH] CWE-120 CVE-2023-43542: Memory corruption while copying a keyblob`s material when the key material`s size is not accurately Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.

CVE-2023-43543 [HIGH] CWE-416 CVE-2023-43543: Memory corruption in Audio during a playback or a recording due to race condition between allocation Memory corruption in Audio during a playback or a recording due to race condition between allocation and deallocation of graph object.