Vulnerabilities > Qualcomm > Wcd9370 Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-11-04 CVE-2024-23377 Unspecified vulnerability in Qualcomm products
Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system properties have been already sent to the EVA driver.
local
low complexity
qualcomm
6.7
2024-11-04 CVE-2024-23385 Reachable Assertion vulnerability in Qualcomm products
Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE.
network
low complexity
qualcomm CWE-617
6.5
2024-11-04 CVE-2024-33032 Improper Validation of Array Index vulnerability in Qualcomm products
Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it.
local
low complexity
qualcomm CWE-129
6.7
2024-11-04 CVE-2024-33068 Use After Free vulnerability in Qualcomm products
Transient DOS while parsing fragments of MBSSID IE from beacon frame.
network
low complexity
qualcomm CWE-416
6.5
2024-11-04 CVE-2024-38403 Out-of-bounds Read vulnerability in Qualcomm products
Transient DOS while parsing BTM ML IE when per STA profile is not included.
network
low complexity
qualcomm CWE-125
6.5
2024-11-04 CVE-2024-38405 Out-of-bounds Read vulnerability in Qualcomm products
Transient DOS while processing the CU information from RNR IE.
network
low complexity
qualcomm CWE-125
6.5
2024-07-01 CVE-2024-21462 Out-of-bounds Read vulnerability in Qualcomm products
Transient DOS while loading the TA ELF file.
local
low complexity
qualcomm CWE-125
5.5
2024-02-06 CVE-2023-33060 Out-of-bounds Read vulnerability in Qualcomm products
Transient DOS in Core when DDR memory check is called while DDR is not initialized.
local
low complexity
qualcomm CWE-125
5.5
2024-02-06 CVE-2023-33064 Out-of-bounds Read vulnerability in Qualcomm products
Transient DOS in Audio when invoking callback function of ASM driver.
local
low complexity
qualcomm CWE-125
5.5
2024-01-02 CVE-2023-33014 Improper Input Validation vulnerability in Qualcomm products
Information disclosure in Core services while processing a Diag command.
low complexity
qualcomm CWE-20
6.8