Qualcomm Inc Snapdragon vulnerabilities

CVE-2022-40521 [HIGH] CWE-285 CVE-2022-40521: Transient DOS due to improper authorization in Modem Transient DOS due to improper authorization in Modem

CVE-2022-33230 [HIGH] CWE-120 CVE-2022-33230: Memory corruption in FM Host due to buffer copy without checking the size of input in FM Host Memory corruption in FM Host due to buffer copy without checking the size of input in FM Host

CVE-2022-40529 [HIGH] CWE-284 CVE-2022-40529: Memory corruption due to improper access control in kernel while processing a mapping request from r Memory corruption due to improper access control in kernel while processing a mapping request from root process.

CVE-2023-21632 [HIGH] CWE-121 CVE-2023-21632: Memory corruption in Automotive GPU while querying a gsl memory node. Memory corruption in Automotive GPU while querying a gsl memory node.

CVE-2023-21660 [HIGH] CWE-126 CVE-2023-21660: Transient DOS in WLAN Firmware while parsing FT Information Elements. Transient DOS in WLAN Firmware while parsing FT Information Elements.

CVE-2022-33251 [HIGH] CWE-617 CVE-2022-33251: Transient DOS due to reachable assertion in Modem because of invalid network configuration. Transient DOS due to reachable assertion in Modem because of invalid network configuration.

CVE-2023-21661 [HIGH] CWE-126 CVE-2023-21661: Transient DOS while parsing WLAN beacon or probe-response frame. Transient DOS while parsing WLAN beacon or probe-response frame.

CVE-2022-33267 [HIGH] CWE-119 CVE-2022-33267: Memory corruption in Linux while sending DRM request. Memory corruption in Linux while sending DRM request.

CVE-2022-40522 [HIGH] CWE-415 CVE-2022-40522: Memory corruption in Linux Networking due to double free while handling a hyp-assign. Memory corruption in Linux Networking due to double free while handling a hyp-assign.

CVE-2022-33263 [HIGH] CWE-416 CVE-2022-33263: Memory corruption due to use after free in Core when multiple DCI clients register and deregister. Memory corruption due to use after free in Core when multiple DCI clients register and deregister.

CVE-2023-21656 [HIGH] CWE-20 CVE-2023-21656: Memory corruption in WLAN HOST while receiving an WMI event from firmware. Memory corruption in WLAN HOST while receiving an WMI event from firmware.

CVE-2022-40536 [HIGH] CWE-285 CVE-2022-40536: Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from network.

CVE-2022-33307 [HIGH] CWE-415 CVE-2022-33307: Memory Corruption due to double free in automotive when a bad HLOS address for one of the lists to b Memory Corruption due to double free in automotive when a bad HLOS address for one of the lists to be mapped is passed.

CVE-2022-33264 [HIGH] CWE-121 CVE-2022-33264: Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Req Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.

CVE-2022-40525 [MEDIUM] CWE-200 CVE-2022-40525: Information disclosure in Linux Networking Firmware due to unauthorized information leak during side Information disclosure in Linux Networking Firmware due to unauthorized information leak during side channel analysis.

CVE-2022-40523 [MEDIUM] CWE-200 CVE-2022-40523: Information disclosure in Kernel due to indirect branch misprediction. Information disclosure in Kernel due to indirect branch misprediction.

CVE-2022-40533 [MEDIUM] CWE-822 CVE-2022-40533: Transient DOS due to untrusted Pointer Dereference in core while sending USB QMI request. Transient DOS due to untrusted Pointer Dereference in core while sending USB QMI request.

CVE-2022-22076 [MEDIUM] CWE-310 CVE-2022-22076: information disclosure due to cryptographic issue in Core during RPMB read request. information disclosure due to cryptographic issue in Core during RPMB read request.

CVE-2022-33303 [MEDIUM] CWE-400 CVE-2022-33303: Transient DOS due to uncontrolled resource consumption in Linux kernel when malformed messages are s Transient DOS due to uncontrolled resource consumption in Linux kernel when malformed messages are sent from the Gunyah Resource Manager message queue.

CVE-2022-40505 [HIGH] CWE-126 CVE-2022-40505: Information disclosure due to buffer over-read in Modem while parsing DNS hostname. Information disclosure due to buffer over-read in Modem while parsing DNS hostname.