Vulnerabilities > Qualcomm > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-06 | CVE-2024-23366 | Out-of-bounds Read vulnerability in Qualcomm products Information Disclosure while invoking the mailbox write API when message received from user is larger than mailbox size. | 5.5 |
| 2025-01-06 | CVE-2024-33061 | Out-of-bounds Read vulnerability in Qualcomm products Information disclosure while processing IOCTL call made for releasing a trusted VM process release or opening a channel without initializing the process. | 5.5 |
| 2025-01-06 | CVE-2024-33067 | Out-of-bounds Read vulnerability in Qualcomm products Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver. | 5.5 |
| 2025-01-06 | CVE-2024-43063 | Out-of-bounds Read vulnerability in Qualcomm products information disclosure while invoking the mailbox read API. | 5.5 |
| 2025-01-06 | CVE-2024-43064 | Allocation of Resources Without Limits or Throttling vulnerability in Qualcomm products Uncontrolled resource consumption when a driver, an application or a SMMU client tries to access the global registers through SMMU. | 4.7 |
| 2025-01-06 | CVE-2024-45559 | Out-of-bounds Read vulnerability in Qualcomm products Transient DOS can occur when GVM sends a specific message type to the Vdev-FastRPC backend. | 5.5 |
| 2024-12-02 | CVE-2024-33036 | Use of Out-of-range Pointer Offset vulnerability in Qualcomm products Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access. | 6.7 |
| 2024-12-02 | CVE-2024-33037 | Buffer Over-read vulnerability in Qualcomm products Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesn`t validate the IPC message received from the firmware. | 6.1 |
| 2024-12-02 | CVE-2024-33039 | Untrusted Pointer Dereference vulnerability in Qualcomm products Memory corruption when PAL client calls PAL service APIs by passing a random value as handle and the handle is not validated by the service. | 6.7 |
| 2024-12-02 | CVE-2024-33053 | Use After Free vulnerability in Qualcomm products Memory corruption when multiple threads try to unregister the CVP buffer at the same time. | 6.7 |