Filtered by vendor Qualcomm
Subscriptions
Filtered by product Fastconnect 7800
Subscriptions
Total
392 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-28584 | 1 Qualcomm | 144 Aqt1000, Aqt1000 Firmware, Csrb31024 and 141 more | 2024-11-21 | 7.5 High |
| Transient DOS in WLAN Host when a mobile station receives invalid channel in CSA IE while doing channel switch announcement (CSA). | ||||
| CVE-2023-28577 | 1 Qualcomm | 66 Fastconnect 6800, Fastconnect 6800 Firmware, Fastconnect 6900 and 63 more | 2024-11-21 | 6.7 Medium |
| In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel address. | ||||
| CVE-2023-28576 | 1 Qualcomm | 62 Fastconnect 6800, Fastconnect 6800 Firmware, Fastconnect 6900 and 59 more | 2024-11-21 | 6.4 Medium |
| The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to out-of-bounds read/write issues. | ||||
| CVE-2023-28575 | 1 Qualcomm | 120 205, 205 Firmware, 215 and 117 more | 2024-11-21 | 6.7 Medium |
| The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to it. | ||||
| CVE-2023-28573 | 1 Qualcomm | 398 315 5g Iot, 315 5g Iot Firmware, Aqt1000 and 395 more | 2024-11-21 | 7.8 High |
| Memory corruption in WLAN HAL while parsing WMI command parameters. | ||||
| CVE-2023-28572 | 1 Qualcomm | 110 Csrb31024, Csrb31024 Firmware, Fastconnect 6800 and 107 more | 2024-11-21 | 6.6 Medium |
| Memory corruption in WLAN HOST while processing the WLAN scan descriptor list. | ||||
| CVE-2023-28558 | 1 Qualcomm | 399 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 396 more | 2024-11-21 | 7.8 High |
| Memory corruption in WLAN handler while processing PhyID in Tx status handler. | ||||
| CVE-2023-28557 | 1 Qualcomm | 556 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 553 more | 2024-11-21 | 7.8 High |
| Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload. | ||||
| CVE-2023-28553 | 1 Qualcomm | 288 Ar8035, Ar8035 Firmware, Ar9380 and 285 more | 2024-11-21 | 6.1 Medium |
| Information Disclosure in WLAN Host when processing WMI event command. | ||||
| CVE-2023-22668 | 1 Qualcomm | 112 Aqt1000, Aqt1000 Firmware, Ar8035 and 109 more | 2024-11-21 | 6.7 Medium |
| Memory Corruption in Audio while invoking IOCTLs calls from the user-space. | ||||
| CVE-2023-21672 | 1 Qualcomm | 114 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 111 more | 2024-11-21 | 8.4 High |
| Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording sessions. | ||||
| CVE-2023-21641 | 1 Qualcomm | 30 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 27 more | 2024-11-21 | 6.6 Medium |
| An app with non-privileged access can change global system brightness and cause undesired system behavior. | ||||
| CVE-2023-21638 | 1 Qualcomm | 72 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 69 more | 2024-11-21 | 6.7 Medium |
| Memory corruption in Video while calling APIs with different instance ID than the one received in initialization. | ||||
| CVE-2024-33014 | 1 Qualcomm | 653 315 5g Iot Modem, 315 5g Iot Modem Firmware, 860 Mobile Platform and 650 more | 2024-11-20 | 7.5 High |
| Transient DOS while parsing ESP IE from beacon/probe response frame. | ||||
| CVE-2024-33015 | 1 Qualcomm | 393 Ar8035, Ar8035 Firmware, Csr8811 and 390 more | 2024-11-20 | 7.5 High |
| Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report. | ||||
| CVE-2024-33025 | 1 Qualcomm | 340 Csr8811, Csr8811 Firmware, Fastconnect 6800 and 337 more | 2024-11-20 | 7.5 High |
| Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE. | ||||
| CVE-2024-33024 | 1 Qualcomm | 364 Ar8035, Ar8035 Firmware, Csr8811 and 361 more | 2024-11-20 | 7.5 High |
| Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length. | ||||
| CVE-2024-33018 | 1 Qualcomm | 303 Ar8035, Ar8035 Firmware, Csr8811 and 300 more | 2024-11-20 | 7.5 High |
| Transient DOS while parsing the received TID-to-link mapping element of the TID-to-link mapping action frame. | ||||
| CVE-2024-33026 | 1 Qualcomm | 332 Ar8035, Ar8035 Firmware, Csr8811 and 329 more | 2024-11-20 | 7.5 High |
| Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp. | ||||
| CVE-2024-33023 | 1 Qualcomm | 317 Ar8035, Ar8035 Firmware, Csra6620 and 314 more | 2024-11-20 | 8.4 High |
| Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events. | ||||