qca4004 (qualcomm) — Vulnerabilities

Memory corruption while using the UIM diag command to get the operators name.

CVE-2023-33017HIGH 7.8

Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.

CVE-2023-28586MEDIUM 6.0

Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.

CVE-2023-28585HIGH 8.2

Memory corruption while loading an ELF segment in TEE Kernel.

CVE-2023-28551HIGH 7.8

Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.

CVE-2023-28550HIGH 7.8

Memory corruption in MPP performance while accessing DSM watermark using external memory address.

CVE-2023-28546HIGH 7.8

Memory Corruption in SPS Application while exporting public key in sorter TA.

CVE-2023-28563MEDIUM 6.1

Information disclosure in IOE Firmware while handling WMI command.

CVE-2023-28556HIGH 7.1

Cryptographic issue in HLOS during key management.

CVE-2023-28545HIGH 8.2

Memory corruption in TZ Secure OS while loading an app ELF.

CVE-2023-24852HIGH 8.4

CVE-2023-22388CRITICAL 9.8

Memory Corruption in Core due to secure memory access by user while loading modem image.

CVE-2023-21651CRITICAL 9.3

Memory Corruption in Multi-mode Call Processor while processing bit mask API.

CVE-2023-22385HIGH 8.2

Oct 3, 2023

Memory Corruption in Data Modem while making a MO call or MT VOLTE call.

CVE-2023-28565HIGH 7.8

Sep 5, 2023

Memory corruption in WLAN HAL while handling command streams through WMI interfaces.

CVE-2023-28560HIGH 7.8

Sep 5, 2023

Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.

Aug 8, 2023

Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.

CVE-2023-21626HIGH 7.1

Aug 8, 2023

Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key.

CVE-2023-21625HIGH 8.2

Aug 8, 2023

Information disclosure in Network Services due to buffer over-read while the device receives DNS response.

CVE-2023-21631HIGH 7.5

Jul 4, 2023

Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network.

CVE-2022-40523HIGH 7.1

Information disclosure in Kernel due to indirect branch misprediction.

CVE-2022-40521HIGH 7.5

Transient DOS due to improper authorization in Modem

CVE-2022-40507HIGH 8.4

Memory corruption due to double free in Core while mapping HLOS address to the list.

CVE-2022-22076HIGH 7.1

information disclosure due to cryptographic issue in Core during RPMB read request.

CVE-2022-40505HIGH 8.2

May 2, 2023

Information disclosure due to buffer over-read in Modem while parsing DNS hostname.

CVE-2022-33304HIGH 7.5

May 2, 2023

Transient DOS due to NULL pointer dereference in Modem while performing pullup for received TCP/UDP packet.

CVE-2022-40532HIGH 8.4

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

CVE-2022-33302MEDIUM 6.8

Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.

CVE-2022-33295HIGH 8.2

Information disclosure in Modem due to buffer over-read while parsing the wms message received given the buffer and its length.

CVE-2022-33294HIGH 7.5

Transient DOS in Modem due to NULL pointer dereference while receiving response of lwm2m registration/update/bootstrap request message.

CVE-2022-33291HIGH 8.2

Information disclosure in Modem due to buffer over-read while receiving a IP header with malformed length.

CVE-2022-33289MEDIUM 6.8

Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card.

CVE-2022-33287HIGH 8.2

CVE-2022-33259CRITICAL 9.8

Information disclosure in Modem due to buffer over-read while getting length of Unfragmented headers in an IPv6 packet.

Memory corruption due to buffer copy without checking the size of input in modem while decoding raw SMS received.

CVE-2022-33258HIGH 8.2

CVE-2022-33231CRITICAL 9.3

Information disclosure due to buffer over-read in modem while reading configuration parameters.

Memory corruption due to double free in core while initializing the encryption key.

CVE-2022-33228HIGH 8.2

Information disclosure sue to buffer over-read in modem while processing ipv6 packet with hop-by-hop or destination option in header.

CVE-2022-33223HIGH 7.5

Transient DOS in Modem due to null pointer dereference while processing the incoming packet with http chunked encoding.

CVE-2022-33222HIGH 8.2

CVE-2022-33211CRITICAL 9.8

Information disclosure due to buffer over-read while parsing DNS response packets in Modem.

memory corruption in modem due to improper check while calculating size of serialized CoAP message

CVE-2022-25747HIGH 8.2

CVE-2022-25745CRITICAL 9.8

Information disclosure in modem due to improper input validation during parsing of upcoming CoAP message

CVE-2022-25740CRITICAL 9.8

Memory corruption in modem due to improper input validation while handling the incoming CoAP message

Memory corruption in modem due to buffer overwrite while building an IPv6 multicast address based on the MAC address of the iface

CVE-2022-25739HIGH 7.5

Denial of service in modem due to missing null check while processing the ipv6 packet received during ECM call

CVE-2022-25737HIGH 7.5

Information disclosure in modem due to missing NULL check while reading packets received from local network

CVE-2022-25731HIGH 7.5

Information disclosure in modem due to buffer over-read while processing packets from DNS server

CVE-2022-25730HIGH 8.2

Information disclosure in modem due to improper check of IP type while processing DNS server query

CVE-2022-25726HIGH 8.2

CVE-2022-25678CRITICAL 9.8

Information disclosure in modem data due to array out of bound access while handling the incoming DNS response packet

Memory correction in modem due to buffer overwrite during coap connection

CVE-2022-40531HIGH 8.4

CVE-2022-33257CRITICAL 9.3

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.

Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone.

CVE-2022-33213HIGH 7.5

Memory corruption in modem due to buffer overflow while processing a PPP packet

CVE-2022-25705HIGH 7.8

Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response

CVE-2022-25694HIGH 8.4

Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM

CVE-2022-33233HIGH 7.8

Memory corruption due to configuration weakness in modem wile sending command to write protected files.

CVE-2022-33229HIGH 8.2

Information disclosure due to buffer over-read in Modem while using static array to process IPv4 packets.

CVE-2022-25738HIGH 8.2

Information disclosure in modem due to buffer over-red while performing checksum of packet received

CVE-2022-25735HIGH 7.5

Denial of service in modem due to missing null check while processing TCP or UDP packets from server

CVE-2022-25734HIGH 7.5

Denial of service in modem due to missing null check while processing IP packets with padding

CVE-2022-25733HIGH 7.5

Denial of service in modem due to null pointer dereference while processing DNS packets

CVE-2022-25732HIGH 8.2

CVE-2022-25729CRITICAL 9.8

Information disclosure in modem due to buffer over read in dns client due to missing length check

Memory corruption in modem due to improper length check while copying into memory

CVE-2022-25728HIGH 8.2

Information disclosure in modem due to buffer over-read while processing response from DNS server

CVE-2022-40520HIGH 8.4

Memory corruption due to stack-based buffer overflow in Core

CVE-2022-40519MEDIUM 6.8

Information disclosure due to buffer overread in Core

CVE-2022-40518MEDIUM 6.8

Information disclosure due to buffer overread in Core

CVE-2022-40517HIGH 8.4

Memory corruption in core due to stack-based buffer overflow

CVE-2022-40516HIGH 8.4