SB20240805111 - Multiple vulnerabilities in Qualcomm chipsets
Published: August 5, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 32 secuirty vulnerabilities.
1) NULL Pointer Dereference (CVE-ID: CVE-2024-23357)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in HLOS. A local application can perform a denial of service (DoS) attack.
2) Buffer over-read (CVE-ID: CVE-2024-33026)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Host. A remote attacker can perform a denial of service (DoS) attack.
3) Buffer over-read (CVE-ID: CVE-2024-33025)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Host. A remote attacker can perform a denial of service (DoS) attack.
4) Integer overflow (CVE-ID: CVE-2024-33024)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Host. A remote attacker can perform a denial of service (DoS) attack.
5) Integer overflow (CVE-ID: CVE-2024-33022)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Automotive GPU. A local application can execute arbitrary code.
6) Use of Uninitialized Variable (CVE-ID: CVE-2024-33021)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Automotive GPU. A local application can execute arbitrary code.
7) Buffer over-read (CVE-ID: CVE-2024-33020)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN HOST. A remote attacker can perform a denial of service (DoS) attack.
8) Buffer over-read (CVE-ID: CVE-2024-33019)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Host. A remote attacker can perform a denial of service (DoS) attack.
9) Buffer over-read (CVE-ID: CVE-2024-33018)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Host. A remote attacker can perform a denial of service (DoS) attack.
10) Buffer over-read (CVE-ID: CVE-2024-33015)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Host. A remote attacker can perform a denial of service (DoS) attack.
11) Buffer over-read (CVE-ID: CVE-2024-33014)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Host. A remote attacker can perform a denial of service (DoS) attack.
12) Buffer over-read (CVE-ID: CVE-2024-33013)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Host. A remote attacker can perform a denial of service (DoS) attack.
13) Buffer over-read (CVE-ID: CVE-2024-33012)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Host. A remote attacker can perform a denial of service (DoS) attack.
14) Buffer over-read (CVE-ID: CVE-2024-33011)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Host. A remote attacker can perform a denial of service (DoS) attack.
15) Use After Free (CVE-ID: CVE-2024-33010)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Host. A remote attacker can perform a denial of service (DoS) attack.
16) Memory corruption (CVE-ID: CVE-2024-23356)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in HLOS. A local application can execute arbitrary code.
17) Use After Free (CVE-ID: CVE-2024-23381)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Graphics Linux. A local application can execute arbitrary code.
18) Use After Free (CVE-ID: CVE-2024-33028)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Automotive Telematics. A local application can execute arbitrary code.
19) Use After Free (CVE-ID: CVE-2024-23382)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Graphics Linux. A local application can execute arbitrary code.
20) Use After Free (CVE-ID: CVE-2024-23383)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Graphics Linux. A local application can execute arbitrary code.
21) Use After Free (CVE-ID: CVE-2024-23384)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Graphics Linux. A local application can execute arbitrary code.
22) Use After Free (CVE-ID: CVE-2024-33034)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Graphics Linux. A local application can execute arbitrary code.
23) Use After Free (CVE-ID: CVE-2024-33023)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Graphics Linux. A local application can execute arbitrary code.
24) Improper Access Control (CVE-ID: CVE-2024-33027)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Graphics Linux. A local application can execute arbitrary code.
25) Buffer over-read (CVE-ID: CVE-2024-21459)
The vulnerability allows a remote attacker to read memory contents or crash the system.
The vulnerability exists due to improper input validation in WLAN HOST. A remote attacker can read memory contents or crash the system.
26) Memory corruption (CVE-ID: CVE-2024-23355)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Automotive. A local application can execute arbitrary code.
27) Buffer over-read (CVE-ID: CVE-2024-21467)
The vulnerability allows a remote attacker to read memory contents or crash the system.
The vulnerability exists due to improper input validation in WLAN Host Communication. A remote attacker can read memory contents or crash the system.
28) Buffer over-read (CVE-ID: CVE-2024-21479)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in Audio. A remote attacker can perform a denial of service (DoS) attack.
29) Reachable Assertion (CVE-ID: CVE-2024-23350)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in Multi Mode Call Processor. A remote attacker can perform a denial of service (DoS) attack.
30) Memory corruption (CVE-ID: CVE-2024-21481)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Hypervisor. A local application can execute arbitrary code.
31) Loop with Unreachable Exit Condition ('Infinite Loop') (CVE-ID: CVE-2024-23352)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in Multi Mode Call Processor. A remote attacker can perform a denial of service (DoS) attack.
32) Buffer over-read (CVE-ID: CVE-2024-23353)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in Multi Mode Call Processor. A remote attacker can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.