Qualcomm Security Vulnerabilities (CVEs)

This vulnerability allows an attacker to cause a denial-of-service (DoS) condition by sending specially crafted beacon or probe response frames to aff...

This vulnerability allows memory corruption when the BTFM client sends new messages over Slimbus to the ADSP in Qualcomm chipsets. Attackers could pot...

CVE-2024-33042 is a memory corruption vulnerability in Qualcomm chipsets that occurs when the Alternative Frequency offset value is set to 255. This c...

This vulnerability allows memory corruption in Qualcomm's gralloc memory allocator when clients request extremely high reserved sizes. Attackers could...

CVE-2024-23365 is a use-after-free vulnerability in Qualcomm's MinkSocket component that allows memory corruption when releasing shared resources. Suc...

This vulnerability involves a cryptographic issue in RSA key parsing in COBR format, potentially allowing attackers to bypass cryptographic protection...

This vulnerability in Qualcomm modems allows a transient denial-of-service (DoS) condition when the device receives a registration accept OTA (Over-Th...

This CVE describes a use-after-free vulnerability in Qualcomm graphics drivers where a fence object may still be accessed after being released during ...

This vulnerability allows an attacker to cause a denial-of-service condition in affected Qualcomm Wi-Fi components by sending specially crafted probe ...

This vulnerability allows an attacker to cause a Denial of Service (DoS) by sending specially crafted Wi-Fi beacon frames with malformed Multi-Link (M...

This vulnerability allows memory corruption in the HGSL driver when allocating memory, potentially leading to arbitrary code execution or system crash...

This vulnerability in Qualcomm chipsets allows attackers to cause a denial-of-service condition by sending specially crafted TID-to-link mapping IE el...

This vulnerability allows an attacker to cause a denial-of-service (DoS) condition by sending specially crafted TID-to-link mapping action frames to a...

This vulnerability allows an attacker to cause a Denial of Service (DoS) by sending specially crafted beacon or probe response frames containing malfo...

This vulnerability allows attackers to cause a denial-of-service (DoS) condition in Wi-Fi systems by sending specially crafted beacon frames with malf...

This vulnerability allows attackers to cause a denial-of-service (DoS) condition by sending specially crafted MBSSID Information Element fragments in ...

CVE-2024-23383 is a use-after-free vulnerability in Qualcomm kernel drivers that allows memory corruption when hardware fences are triggered. This cou...

This vulnerability involves memory corruption when GPU SMMU fails to unmap memory mapped in a Vertex Buffer Object (VBO), potentially allowing attacke...

This vulnerability allows an attacker to cause a denial of service (DoS) by providing a specially crafted PKCS#8-encoded RSA key with a zero-byte modu...

This vulnerability allows memory corruption in Qualcomm's keymaster component when importing shared keys, potentially leading to arbitrary code execut...

This vulnerability allows attackers to cause a denial of service (DoS) in NAS (Network Access Stratum) implementations by sending specially crafted OD...

This vulnerability allows attackers to cause a permanent denial-of-service condition in Qualcomm cellular modems by sending specially crafted NAS tran...

This vulnerability allows attackers to cause a Denial of Service (DoS) condition by exploiting a buffer over-read (CWE-126) in Apple Lossless Audio Co...

This vulnerability allows information disclosure when handling beacon probe frames during scan entry generation on client devices. It affects devices ...

This vulnerability allows memory corruption when IOMMU unmap operations fail, leading to improper release of DMA and anonymous buffers. It affects sys...

This CVE describes a memory corruption vulnerability in Qualcomm's Shared Memory (SMEM) subsystem that could allow attackers to execute arbitrary code...

This vulnerability involves memory corruption when an invoke call and a TEE (Trusted Execution Environment) call target the same trusted application s...

This vulnerability allows information disclosure when parsing sub-IE length during new IE generation in Qualcomm components. It affects devices using ...

This vulnerability allows a denial-of-service attack when loading Trusted Application (TA) ELF files on Qualcomm chipsets. It affects devices using Qu...

This vulnerability in Qualcomm chipsets allows information disclosure when Address Space Layout Randomization (ASLR) fails to properly randomize memor...

This vulnerability allows information disclosure when handling Multi-link Information Elements in Wi-Fi beacon frames. It affects devices with Qualcom...

This vulnerability allows memory corruption through improper input validation in FastRPC's IOCTL handler. Attackers could potentially execute arbitrar...

This vulnerability allows memory corruption when creating an LPAC client because the LPAC engine could access GPU registers. It affects devices with Q...

This CVE describes a memory corruption vulnerability in Qualcomm components where sending excessive scan frequency lists or channels from user space c...

This CVE describes a use-after-free vulnerability in Qualcomm audio components where a race condition between allocation and deallocation of graph obj...

This vulnerability allows memory corruption when an IOCTL call is interrupted by a signal in Qualcomm components, potentially leading to arbitrary cod...

This vulnerability allows memory corruption when processing audio files with large input buffers, potentially leading to arbitrary code execution. It ...

CVE-2024-21476 is a memory corruption vulnerability in Qualcomm components where improper validation of user-supplied channel IDs can lead to arbitrar...

This CVE describes a memory corruption vulnerability in Qualcomm components where a buffer size from a previous function call is reused without proper...

This vulnerability allows memory corruption during cryptographic key pair generation when verifying serialized headers. It affects systems using Qualc...

This vulnerability allows attackers to cause a denial-of-service condition in IKEv2 implementations by sending malformed fragment packets. It affects ...

This vulnerability allows attackers to access sensitive information from memory when parsing dts header atoms in video files. It affects devices using...

CVE-2023-43525 is a buffer overflow vulnerability in Qualcomm audio drivers that allows memory corruption when copying sound model data from user to k...

This CVE describes a use-after-free vulnerability in Qualcomm components where registering multiple listeners with the same file descriptor can cause ...

This vulnerability involves memory corruption in the kernel when handling GPU operations, allowing attackers to potentially execute arbitrary code wit...

CVE-2024-21468 is a use-after-free vulnerability in Qualcomm GPU drivers where failed memory unmapping operations can lead to memory corruption. This ...