Qualcomm Inc Snapdragon vulnerabilities

CVE-2023-28576 [HIGH] CWE-367 CVE-2023-28576: The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in users The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to out-of-bounds read/write issues.

CVE-2023-21652 [HIGH] CWE-320 CVE-2023-21652: Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use.

CVE-2023-21651 [HIGH] CWE-704 CVE-2023-21651: Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.

CVE-2023-28537 [HIGH] CWE-190 CVE-2023-28537: Memory corruption while allocating memory in COmxApeDec module in Audio. Memory corruption while allocating memory in COmxApeDec module in Audio.

CVE-2023-28555 [HIGH] CWE-126 CVE-2023-28555: Transient DOS in Audio while remapping channel buffer in media codec decoding. Transient DOS in Audio while remapping channel buffer in media codec decoding.

CVE-2023-21627 [HIGH] CWE-20 CVE-2023-21627: Memory corruption in Trusted Execution Environment while calling service API with invalid address. Memory corruption in Trusted Execution Environment while calling service API with invalid address.

CVE-2023-21626 [HIGH] CWE-320 CVE-2023-21626: Cryptographic issue in HLOS due to improper authentication while performing key velocity checks usin Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key.

CVE-2023-28575 [HIGH] CWE-823 CVE-2023-28575: The cam_get_device_priv function does not check the type of handle being returned (device/session/li The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to it.

CVE-2023-21647 [MEDIUM] CWE-20 CVE-2023-21647: Information disclosure in Bluetooth when an GATT packet is received due to improper input validation Information disclosure in Bluetooth when an GATT packet is received due to improper input validation.

CVE-2023-21631 [CRITICAL] CWE-20 CVE-2023-21631: Weak Configuration due to improper input validation in Modem while processing LTE security mode comm Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network.

CVE-2023-21640 [HIGH] CWE-120 CVE-2023-21640: Memory corruption in Linux when the file upload API is called with parameters having large buffer. Memory corruption in Linux when the file upload API is called with parameters having large buffer.

CVE-2023-22386 [HIGH] CWE-120 CVE-2023-22386: Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory. Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory.

CVE-2023-21639 [HIGH] CWE-120 CVE-2023-21639: Memory corruption in Audio while processing sva_model_serializer using memory size passed by HIDL cl Memory corruption in Audio while processing sva_model_serializer using memory size passed by HIDL client.

CVE-2023-21635 [HIGH] CWE-120 CVE-2023-21635: Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony. Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony.

CVE-2023-21641 [HIGH] CWE-264 CVE-2023-21641: An app with non-privileged access can change global system brightness and cause undesired system beh An app with non-privileged access can change global system brightness and cause undesired system behavior.

CVE-2023-22387 [HIGH] CWE-823 CVE-2023-22387: Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption. Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption.

CVE-2023-21637 [HIGH] CWE-119 CVE-2023-21637: Memory corruption in Linux while calling system configuration APIs. Memory corruption in Linux while calling system configuration APIs.

CVE-2023-24851 [HIGH] CWE-120 CVE-2023-24851: Memory Corruption in WLAN HOST while parsing QMI response message from firmware. Memory Corruption in WLAN HOST while parsing QMI response message from firmware.

CVE-2023-24854 [HIGH] CWE-121 CVE-2023-24854: Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware response message. Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware response message.

CVE-2023-21672 [HIGH] CWE-416 CVE-2023-21672: Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunne Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording sessions.