wcn785x-1 (qualcomm) — Vulnerabilities

CVE-2023-33083CRITICAL 9.8

Memory corruption in Core while processing RX intent request.

CVE-2023-33082CRITICAL 9.8

Memory corruption in WLAN Host while processing RRM beacon on the AP.

Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO IE.

CVE-2023-33081HIGH 7.5

Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast.

CVE-2023-33080HIGH 7.5

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.

CVE-2023-33079HIGH 7.8

CVE-2023-33063HIGH 7.8KEV

Memory corruption in Audio while running invalid audio recording from ADSP.

CVE-2023-33054CRITICAL 9.1

Memory corruption in DSP Services during a remote call from HLOS to DSP.

Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance data.

CVE-2023-33053HIGH 8.4

Memory corruption in Kernel while parsing metadata.

CVE-2023-33044HIGH 7.5

Transient DOS in Data modem while handling TLB control messages from the Network.

CVE-2023-33043HIGH 7.5

Transient DOS in Modem when a Beam switch request is made with a non-configured BWP.

CVE-2023-33042HIGH 7.5

Transient DOS in Modem after RRC Setup message is received.

CVE-2023-33041HIGH 7.5

Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids.

CVE-2023-33024MEDIUM 6.7

Memory corruption while sending SMS from AP firmware.

CVE-2023-33022HIGH 8.4

Memory corruption in HLOS while invoking IOCTL calls from user-space.

CVE-2023-33018HIGH 7.8

Memory corruption while using the UIM diag command to get the operators name.

CVE-2023-33017HIGH 7.8

Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.

CVE-2023-33074HIGH 8.4

Memory corruption in Audio when SSR event is triggered after music playback is stopped.

CVE-2023-33061HIGH 7.5

Transient DOS in WLAN Firmware while parsing WLAN beacon or probe-response frame.

CVE-2023-33059HIGH 7.8

Memory corruption in Audio while processing the VOC packet data from ADSP.

CVE-2023-33056HIGH 7.5

Transient DOS in WLAN Firmware when firmware receives beacon including T2LM IE.

CVE-2023-33055HIGH 7.8

Memory Corruption in Audio while invoking callback function in driver from ADSP.

CVE-2023-33048HIGH 7.5

Transient DOS in WLAN Firmware while parsing t2lm buffers.

CVE-2023-33047HIGH 7.5

CVE-2023-33045CRITICAL 9.8

Transient DOS in WLAN Firmware while parsing no-inherit IES.

Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute.

CVE-2023-33031HIGH 7.8

CVE-2023-28574CRITICAL 9.0

Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer.

Memory corruption in core services when Diag handler receives a command to configure event listeners.

CVE-2023-33035HIGH 7.8

Memory corruption while invoking callback function of AFE from ADSP.

CVE-2023-33029HIGH 8.4

CVE-2023-33028CRITICAL 9.8

Memory corruption in DSP Service during a remote call from HLOS to DSP.

Memory corruption in WLAN Firmware while doing a memory copy of pmk cache.

CVE-2023-33027HIGH 7.5

Transient DOS in WLAN Firmware while parsing rsn ies.

CVE-2023-33026HIGH 7.5

Transient DOS in WLAN Firmware while parsing a NAN management frame.

CVE-2023-28571MEDIUM 6.1

CVE-2023-28540CRITICAL 9.1

Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan.

Cryptographic issue in Data Modem due to improper authentication during TLS handshake.

CVE-2023-28560HIGH 7.8

Sep 5, 2023

Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload.

CVE-2022-40534HIGH 8.4

Sep 5, 2023

Memory corruption due to improper validation of array index in Audio.

CVE-2022-33275HIGH 8.4

Sep 5, 2023

Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of range.

CVE-2023-28555HIGH 7.5

Aug 8, 2023

Transient DOS in Audio while remapping channel buffer in media codec decoding.

CVE-2023-21670HIGH 7.8

Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode.

CVE-2023-21661HIGH 7.5

Transient DOS while parsing WLAN beacon or probe-response frame.

CVE-2023-21660HIGH 7.5

Transient DOS in WLAN Firmware while parsing FT Information Elements.

CVE-2023-21659HIGH 7.5

Transient DOS in WLAN Firmware while processing frames with missing header fields.

CVE-2023-21658HIGH 7.5

Transient DOS in WLAN Firmware while processing the received beacon or probe response frame.

CVE-2023-21657HIGH 7.8

Memoru corruption in Audio when ADSP sends input during record use case.

CVE-2023-21656HIGH 7.8

Memory corruption in WLAN HOST while receiving an WMI event from firmware.

CVE-2022-40538HIGH 7.5

Transient DOS due to reachable assertion in modem while processing sib with incorrect values from network.

CVE-2022-40536HIGH 7.5

Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from network.

CVE-2022-40533MEDIUM 6.2

Transient DOS due to untrusted Pointer Dereference in core while sending USB QMI request.

CVE-2022-40529HIGH 7.1

Memory corruption due to improper access control in kernel while processing a mapping request from root process.

CVE-2022-40523HIGH 7.1

Information disclosure in Kernel due to indirect branch misprediction.

CVE-2022-40521HIGH 7.5

Transient DOS due to improper authorization in Modem

CVE-2022-40507HIGH 8.4

Memory corruption due to double free in Core while mapping HLOS address to the list.

CVE-2022-33307HIGH 8.4

Memory Corruption due to double free in automotive when a bad HLOS address for one of the lists to be mapped is passed.

CVE-2022-33303MEDIUM 5.5

Transient DOS due to uncontrolled resource consumption in Linux kernel when malformed messages are sent from the Gunyah Resource Manager message queue.

CVE-2022-33264HIGH 7.9

Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.

CVE-2022-33263MEDIUM 6.7

Memory corruption due to use after free in Core when multiple DCI clients register and deregister.

CVE-2022-33251HIGH 7.5

Transient DOS due to reachable assertion in Modem because of invalid network configuration.

CVE-2022-33226MEDIUM 6.7

Memory corruption due to buffer copy without checking the size of input in Core while processing ioctl commands from diag client applications.

CVE-2022-33224MEDIUM 6.7

Memory corruption in core due to buffer copy without check9ing the size of input while processing ioctl queries.

CVE-2022-22076HIGH 7.1

information disclosure due to cryptographic issue in Core during RPMB read request.

CVE-2022-22060HIGH 7.5

Assertion occurs while processing Reconfiguration message due to improper validation

CVE-2022-40504HIGH 7.5

Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network.

CVE-2022-33273HIGH 7.3

Information disclosure due to buffer over-read in Trusted Execution Environment while QRKS report generation.

CVE-2022-40508HIGH 7.5

Transient DOS due to reachable assertion in Modem while processing config related to cross carrier scheduling, which is not supported.

CVE-2022-34144HIGH 7.5

Transient DOS due to reachable assertion in Modem during OSI decode scheduling.

CVE-2022-33305HIGH 7.5

Transient DOS due to NULL pointer dereference in Modem while sending invalid messages in DCCH.

CVE-2022-33304HIGH 7.5

Transient DOS due to NULL pointer dereference in Modem while performing pullup for received TCP/UDP packet.

CVE-2022-33281MEDIUM 6.7

Memory corruption due to improper validation of array index in computer vision while testing EVA kernel without sending any frames.

CVE-2023-21630HIGH 8.4

Memory Corruption in Multimedia Framework due to integer overflow when synx bind is called along with synx signal.

CVE-2022-40532HIGH 8.4

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

CVE-2022-40503HIGH 8.2

Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.

CVE-2022-33302MEDIUM 6.8

Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.

CVE-2022-33296MEDIUM 5.9

Memory corruption due to integer overflow to buffer overflow in Modem while parsing Traffic Channel Neighbor List Update message.

CVE-2022-33291HIGH 8.2

CVE-2022-33288CRITICAL 9.3

Information disclosure in Modem due to buffer over-read while receiving a IP header with malformed length.

Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection information.

CVE-2022-33287HIGH 8.2

Information disclosure in Modem due to buffer over-read while getting length of Unfragmented headers in an IPv6 packet.

CVE-2022-33270HIGH 7.5

CVE-2022-33269CRITICAL 9.3

Transient DOS due to time-of-check time-of-use race condition in Modem while processing RRC Reconfiguration message.

CVE-2022-33231CRITICAL 9.3

Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment.

Memory corruption due to double free in core while initializing the encryption key.

CVE-2022-25739HIGH 7.5

Denial of service in modem due to missing null check while processing the ipv6 packet received during ECM call

CVE-2022-25730HIGH 8.2

Information disclosure in modem due to improper check of IP type while processing DNS server query

CVE-2022-25726HIGH 8.2