Vulnerabilities > Qualcomm > Qfw7114 Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2024-11-04 CVE-2024-38419 Use After Free vulnerability in Qualcomm products
Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node.
local
low complexity
qualcomm CWE-416
7.8
2024-11-04 CVE-2024-38422 Unspecified vulnerability in Qualcomm products
Memory corruption while processing voice packet with arbitrary data received from ADSP.
local
low complexity
qualcomm
7.8
2024-11-04 CVE-2024-38424 Use After Free vulnerability in Qualcomm products
Memory corruption during GNSS HAL process initialization.
local
low complexity
qualcomm CWE-416
7.8
2024-10-07 CVE-2024-23369 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products
Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers.
local
low complexity
qualcomm CWE-119
7.8
2024-10-07 CVE-2024-33073 Out-of-bounds Read vulnerability in Qualcomm products
Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.
network
low complexity
qualcomm CWE-125
8.2
2024-10-07 CVE-2024-38397 Out-of-bounds Read vulnerability in Qualcomm products
Transient DOS while parsing probe response and assoc response frame.
network
low complexity
qualcomm CWE-125
7.5
2024-09-02 CVE-2024-33048 Out-of-bounds Read vulnerability in Qualcomm products
Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.
network
low complexity
qualcomm CWE-125
7.5
2024-09-02 CVE-2024-33050 Out-of-bounds Read vulnerability in Qualcomm products
Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.
network
low complexity
qualcomm CWE-125
7.5
2024-09-02 CVE-2024-33051 Out-of-bounds Read vulnerability in Qualcomm products
Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.
network
low complexity
qualcomm CWE-125
7.5
2024-09-02 CVE-2024-33057 Out-of-bounds Read vulnerability in Qualcomm products
Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.
network
low complexity
qualcomm CWE-125
7.5