Qca6391 Firmware

qca6391_firmware

Vendor: Qualcomm • 939 CVEs

CVEs (939)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-28577 1Qualcomm 30Fastconnect 6800 Firmware Fastconnect 6900 FirmwareFastconnect 7800 Firmware+27 more Nov 21, 2024 Aug 8, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEAS...Show more In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel address.Show less
CVE-2023-28576 1Qualcomm 30Fastconnect 6800 Firmware Fastconnect 6900 FirmwareFastconnect 7800 Firmware+27 more Nov 21, 2024 Aug 8, 2023 N/A· v4 7.0 HIGH· v3 N/A· v2 The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), caus...Show more The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to out-of-bounds read/write issues.Show less
CVE-2023-28575 1Qualcomm 59205 Firmware 215 FirmwareAqt1000 Firmware+56 more Nov 21, 2024 Aug 8, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to it.
CVE-2023-28537 1Qualcomm 183315 5g Iot Modem Firmware 8098 Firmware8998 Firmware+180 more Nov 21, 2024 Aug 8, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption while allocating memory in COmxApeDec module in Audio.
CVE-2023-22666 1Qualcomm 172Apq8009 Firmware Apq8017 FirmwareApq8096au Firmware+169 more Nov 21, 2024 Aug 8, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory Corruption in Audio while playing amrwbplus clips with modified content.
CVE-2023-21652 1Qualcomm 120Aqt1000 Firmware Ar8035 FirmwareCsra6620 Firmware+117 more Nov 21, 2024 Aug 8, 2023 N/A· v4 7.1 HIGH· v3 N/A· v2 Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use.
CVE-2023-21651 1Qualcomm 140Aqt1000 Firmware Ar8031 FirmwareAr8035 Firmware+137 more Nov 21, 2024 Aug 8, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.
CVE-2023-21650 1Qualcomm 51Aqt1000 Firmware Csrb31024 FirmwareQam8295p Firmware+48 more Nov 21, 2024 Aug 8, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory Corruption in GPS HLOS Driver when injectFdclData receives data with invalid data length.
CVE-2023-21649 1Qualcomm 65Apq8096au Firmware Aqt1000 FirmwareMdm9628 Firmware+62 more Nov 21, 2024 Aug 8, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in WLAN while running doDriverCmd for an unspecific command.
CVE-2023-21648 1Qualcomm 34Aqt1000 Firmware Qca6391 FirmwareQca6420 Firmware+31 more Nov 21, 2024 Aug 8, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in RIL while trying to send apdu packet.
CVE-2023-21647 1Qualcomm 43Qca6390 Firmware Qca6391 FirmwareQca6426 Firmware+40 more Nov 21, 2024 Aug 8, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Information disclosure in Bluetooth when an GATT packet is received due to improper input validation.
CVE-2023-21627 1Qualcomm 48Aqt1000 Firmware Qca6390 FirmwareQca6391 Firmware+45 more Nov 21, 2024 Aug 8, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in Trusted Execution Environment while calling service API with invalid address.
CVE-2023-21626 1Qualcomm 185Apq8009 Firmware Apq8017 FirmwareApq8037 Firmware+182 more Nov 21, 2024 Aug 8, 2023 N/A· v4 7.1 HIGH· v3 N/A· v2 Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key.
CVE-2022-40510 1Qualcomm 204Apq8009 Firmware Apq8009w FirmwareApq8017 Firmware+201 more Nov 21, 2024 Aug 8, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.
CVE-2023-28542 1Qualcomm 183315 5g Iot Firmware Apq8064au FirmwareAqt1000 Firmware+180 more Aug 11, 2025 Jul 4, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory Corruption in WLAN HOST while fetching TX status information.
CVE-2023-28541 1Qualcomm 198Aqt1000 Firmware Ar8031 FirmwareAr9380 Firmware+195 more Aug 11, 2025 Jul 4, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory Corruption in Data Modem while processing DMA buffer release event about CFR data.
CVE-2023-24854 1Qualcomm 158215 Firmware Ar8035 FirmwareCsra6620 Firmware+155 more Aug 11, 2025 Jul 4, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware response message.
CVE-2023-24851 1Qualcomm 186Ar8035 Firmware Csr8811 FirmwareCsra6620 Firmware+183 more Aug 11, 2025 Jul 4, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory Corruption in WLAN HOST while parsing QMI response message from firmware.
CVE-2023-22667 1Qualcomm 200205 Firmware 215 Firmware315 5g Iot Firmware+197 more Aug 11, 2025 Jul 4, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory Corruption in Audio while allocating the ion buffer during the music playback.
CVE-2023-22387 1Qualcomm 266205 Firmware 215 Firmware315 5g Iot Firmware+263 more Aug 11, 2025 Jul 4, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption.

Previous 1...222324...47 Next