Qualcomm Snapdragon XR2 5G Firmware -

CPE Details

Qualcomm Snapdragon XR2 5G Firmware -
-
2023-07-10
08h49 +00:00
2023-09-02
00h30 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:o:qualcomm:snapdragon_xr2_5g_firmware:-:*:*:*:*:*:*:*

Informations

Vendor

qualcomm

Product

snapdragon_xr2_5g_firmware

Version

-

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-53027 2025-03-03 10h07 +00:00 Transient DOS may occur while processing the country IE.
7.5
Haute
CVE-2024-53014 2025-03-03 10h07 +00:00 Memory corruption may occur while validating ports and channels in Audio driver.
7.8
Haute
CVE-2024-43051 2025-03-03 10h07 +00:00 Information disclosure while deriving keys for a session for any Widevine use case.
5.5
Moyen
CVE-2024-49838 2025-02-03 16h51 +00:00 Information disclosure while parsing the OCI IE with invalid length.
8.2
Haute
CVE-2024-38420 2025-02-03 16h51 +00:00 Memory corruption while configuring a Hypervisor based input virtual device.
8.8
Haute
CVE-2024-38418 2025-02-03 16h51 +00:00 Memory corruption while parsing the memory map info in IOCTL calls.
7.8
Haute
CVE-2024-33067 2025-01-06 10h33 +00:00 Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver.
6.1
Moyen
CVE-2024-43047 2024-10-07 12h59 +00:00 Memory corruption while maintaining memory maps of HLOS memory.
7.8
Haute
CVE-2024-33060 2024-09-02 10h22 +00:00 Memory corruption when two threads try to map and unmap a single node simultaneously.
8.4
Haute
CVE-2024-33052 2024-09-02 10h22 +00:00 Memory corruption when user provides data for FM HCI command control operations.
7.8
Haute
CVE-2024-33051 2024-09-02 10h22 +00:00 Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.
7.5
Haute
CVE-2024-33042 2024-09-02 10h22 +00:00 Memory corruption when Alternative Frequency offset value is set to 255.
7.8
Haute
CVE-2023-43555 2024-06-03 10h05 +00:00 Information disclosure in Video while parsing mp2 clip with invalid section length.
8.2
Haute
CVE-2023-43551 2024-06-03 10h05 +00:00 Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.
9.1
Critique
CVE-2023-43542 2024-06-03 10h05 +00:00 Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.
7.8
Haute
CVE-2023-43538 2024-06-03 10h05 +00:00 Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization.
9.3
Critique
CVE-2024-21480 2024-05-06 14h32 +00:00 Memory corruption while playing audio file having large-sized input buffer.
9.8
Critique
CVE-2024-21476 2024-05-06 14h32 +00:00 Memory corruption when the channel ID passed by user is not validated and further used.
7.8
Haute
CVE-2024-21475 2024-05-06 14h32 +00:00 Memory corruption when the payload received from firmware is not as per the expected protocol size.
7.8
Haute
CVE-2024-21471 2024-05-06 14h32 +00:00 Memory corruption when IOMMU unmap of a GPU buffer fails in Linux.
8.4
Haute
CVE-2023-43531 2024-05-06 14h32 +00:00 Memory corruption while verifying the serialized header when the key pairs are generated.
8.4
Haute
CVE-2023-43530 2024-05-06 14h32 +00:00 Memory corruption in HLOS while checking for the storage type.
7.8
Haute
CVE-2023-43529 2024-05-06 14h32 +00:00 Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received.
7.5
Haute
CVE-2023-43528 2024-05-06 14h32 +00:00 Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size.
6.1
Moyen
CVE-2023-43527 2024-05-06 14h32 +00:00 Information disclosure while parsing dts header atom in Video.
6.8
Moyen
CVE-2023-43521 2024-05-06 14h32 +00:00 Memory corruption when multiple listeners are being registered with the same file descriptor.
7.8
Haute
CVE-2023-33119 2024-05-06 14h32 +00:00 Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache.
8.4
Haute
CVE-2024-21468 2024-04-01 15h06 +00:00 Memory corruption when there is failed unmap operation in GPU.
8.4
Haute
CVE-2024-21463 2024-04-01 15h06 +00:00 Memory corruption while processing Codec2 during v13k decoder pitch synthesis.
9.8
Critique
CVE-2023-33115 2024-04-01 15h05 +00:00 Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.
7.8
Haute
CVE-2023-33111 2024-04-01 15h05 +00:00 Information disclosure when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibration command.
5.5
Moyen
CVE-2023-33101 2024-04-01 15h05 +00:00 Transient DOS while processing DL NAS TRANSPORT message with payload length 0.
7.5
Haute
CVE-2023-33099 2024-04-01 15h05 +00:00 Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR.
7.5
Haute
CVE-2023-33023 2024-04-01 15h05 +00:00 Memory corruption while processing finish_sign command to pass a rsp buffer.
8.4
Haute
CVE-2023-28547 2024-04-01 15h05 +00:00 Memory corruption in SPS Application while requesting for public key in sorter TA.
8.4
Haute
CVE-2023-43549 2024-03-04 10h48 +00:00 Memory corruption while processing TPC target power table in FTM TPC.
8.4
Haute
CVE-2023-43548 2024-03-04 10h48 +00:00 Memory corruption while parsing qcp clip with invalid chunk data size.
9.8
Critique
CVE-2023-43539 2024-03-04 10h48 +00:00 Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol frame.
7.5
Haute
CVE-2023-33104 2024-03-04 10h48 +00:00 Transient DOS while processing PDU Release command with a parameter PDU ID out of range.
7.5
Haute
CVE-2023-33096 2024-03-04 10h48 +00:00 Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16.
7.5
Haute
CVE-2023-33095 2024-03-04 10h48 +00:00 Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in NR.
7.5
Haute
CVE-2023-33090 2024-03-04 10h48 +00:00 Transient DOS while processing channel information for speaker protection v2 module in ADSP.
5.5
Moyen
CVE-2023-33086 2024-03-04 10h48 +00:00 Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different identifiers.
7.5
Haute
CVE-2023-33066 2024-03-04 10h48 +00:00 Memory corruption in Audio while processing RT proxy port register driver.
8.4
Haute
CVE-2023-28578 2024-03-04 10h48 +00:00 Memory corruption in Core Services while executing the command for removing a single event listener.
9.3
Critique
CVE-2023-33021 2023-09-05 06h24 +00:00 Memory corruption in Graphics while processing user packets for command submission.
8.4
Haute
CVE-2023-33015 2023-09-05 06h24 +00:00 Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon frame.
7.5
Haute
CVE-2023-28581 2023-09-05 06h24 +00:00 Memory corruption in WLAN Firmware while parsing receieved GTK Keys in GTK KDE.
9.8
Critique
CVE-2023-28573 2023-09-05 06h24 +00:00 Memory corruption in WLAN HAL while parsing WMI command parameters.
7.8
Haute
CVE-2023-28567 2023-09-05 06h24 +00:00 Memory corruption in WLAN HAL while handling command through WMI interfaces.
7.8
Haute
CVE-2023-28577 2023-08-08 09h15 +00:00 In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel address.
7.8
Haute
CVE-2023-28576 2023-08-08 09h15 +00:00 The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to out-of-bounds read/write issues.
7
Haute
CVE-2023-28575 2023-08-08 09h15 +00:00 The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to it.
7.8
Haute
CVE-2023-28542 2023-07-04 04h46 +00:00 Memory Corruption in WLAN HOST while fetching TX status information.
7.8
Haute
CVE-2023-28541 2023-07-04 04h46 +00:00 Memory Corruption in Data Modem while processing DMA buffer release event about CFR data.
7.8
Haute
CVE-2023-24854 2023-07-04 04h46 +00:00 Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware response message.
7.8
Haute
CVE-2023-24851 2023-07-04 04h46 +00:00 Memory Corruption in WLAN HOST while parsing QMI response message from firmware.
7.8
Haute
CVE-2023-22667 2023-07-04 04h46 +00:00 Memory Corruption in Audio while allocating the ion buffer during the music playback.
8.4
Haute
CVE-2023-22387 2023-07-04 04h46 +00:00 Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption.
7.8
Haute
CVE-2023-22386 2023-07-04 04h46 +00:00 Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory.
7.8
Haute
CVE-2023-21672 2023-07-04 04h46 +00:00 Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording sessions.
8.4
Haute
CVE-2023-21638 2023-07-04 04h46 +00:00 Memory corruption in Video while calling APIs with different instance ID than the one received in initialization.
7.8
Haute
CVE-2023-21637 2023-07-04 04h46 +00:00 Memory corruption in Linux while calling system configuration APIs.
7.8
Haute
CVE-2023-21635 2023-07-04 04h46 +00:00 Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony.
7.8
Haute
CVE-2023-21633 2023-07-04 04h46 +00:00 Memory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage request.
7.8
Haute
CVE-2023-21631 2023-07-04 04h46 +00:00 Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network.
9.8
Critique
CVE-2023-21629 2023-07-04 04h46 +00:00 Memory Corruption in Modem due to double free while parsing the PKCS15 sim files.
6.8
Moyen
CVE-2023-21624 2023-07-04 04h46 +00:00 Information disclosure in DSP Services while loading dynamic module.
6.2
Moyen